Blue Screen beim Anmelden oder auch während der Nutzung des PC's

villakarow · 24.01.2012, 08:58

Hallo Helfer,

ich habe sehr oft beim Hochfahren des PC's einen Blue Sreen und dann folgende Fehlermeldung (mal die eine, mal die andere): "Page fault in non page area" oder irgendwas mit "nvmf6232.sys" (konnte nicht so schnell lesen). Ich habe zunächst gedacht, dass dies daran liegt, weil mein Systemlaufwerk voll war (nur noch ein paar MB frei). Das habe ich dann jedoch erweitert und der Fehler tritt weiterhin auf. Ich habe dann per google euch gefunden und auch bereits die Scans gemacht. Bedanke mich bereits jetzt für eure Hilfe.

Hier die OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.01.2012 00:11:42 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 75,90% Memory free
6,00 Gb Paging File | 5,41 Gb Available in Paging File | 90,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 257,01 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
Drive F: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 14,65 Gb Total Space | 12,24 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 393,01 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive Y: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: CSC-CACHE
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PS3 Media Server) --  File not found
SRV - (Radio.fx) -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (StarMoney 7.0 OnlineUpdate) -- G:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (CLKMSVC10_E1A16B3C) -- G:\Program Files\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (SONICWALL_NetExtender) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\system32\drivers\WinUSB.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (NinjaUSB) -- C:\Windows\System32\drivers\NinjaUSB.sys ()
DRV - (NxDrv) -- C:\Windows\System32\drivers\NxDrv.sys (SonicWALL Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys (SiSoftware)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (FireDTV_DVBS2) -- C:\Windows\System32\drivers\FireDTV_BDA_DVBS2.sys (digital everywhere)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\Windows\System32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 0B 0A 86 3F 34 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.12.06 21:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 03:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 03:24:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
 
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.19 22:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.26 12:36:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.20 19:14:57 | 000,000,000 | ---D | M] (Vodafone Video Plugin for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\vodafone_video_plugin@vodafone.com
[2011.11.13 14:06:24 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\11-suche.xml
[2010.07.17 14:38:43 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\conduit.xml
[2011.11.13 14:06:24 | 000,002,226 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\englische-ergebnisse.xml
[2011.11.13 14:06:24 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\gmx-suche.xml
[2011.11.13 14:06:24 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\lastminute.xml
[2011.11.13 14:06:24 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\webde-suche.xml
[2012.01.08 03:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.06 21:02:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.01.08 03:24:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.15 23:57:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.15 23:57:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.15 23:57:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.15 23:57:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.15 23:57:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.15 23:57:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] G:\Program Files\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LGODDFU] G:\Program Files\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [RemoteControl9] G:\Program Files\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mysap.com ([tcs]  in Local intranet)
O15 - HKCU\..Trusted Domains: mysap.com ([tcs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*]  in Local intranet)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656]  in Local intranet)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26FD08B-C89E-4C7B-BB14-75191404BEDB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (AirfoilInject3.dll) -C:\Windows\System32\AirfoilInject3.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell - "" = AutoRun
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.24 00:01:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.19 23:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.19 23:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.19 23:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.16 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SonicWALL SSL-VPN NetExtender
[2012.01.16 14:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\SonicWALL
[2012.01.15 19:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\ProgDVB
[2012.01.15 18:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.01.15 18:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.01.15 18:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.01.15 18:09:45 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2012.01.15 17:18:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.01.15 17:18:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.01.15 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ECE5F498-1FE2-4D5D-80D7-2D7D0119A693}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{17E6614C-5078-4717-8A54-35BFC711C460}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{08FCFB46-B553-48A7-BFE5-9303BA82F62E}
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2012.01.13 22:08:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.13 22:08:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.13 21:58:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.08 16:20:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.08 16:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.01.08 16:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012.01.08 13:53:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2012.01.07 23:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.01 19:02:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Seas0nPass
[2012.01.01 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\***\CyberLink
[2012.01.01 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2012.01.01 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go
[2012.01.01 15:52:51 | 000,000,000 | ---D | C] -- C:\Temp
[2012.01.01 15:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2012.01.01 15:51:36 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6KO.DLL
[2012.01.01 15:51:36 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemdisp.tlb
[2012.01.01 15:51:35 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2012.01.01 15:45:12 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2012.01.01 15:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.01.01 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2012.01.01 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2012.01.01 15:36:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.01.01 15:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012.01.01 15:36:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.01.01 15:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011.12.29 14:04:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{476EF0BB-04D2-4678-8A2C-67248D68924A}
[2011.12.29 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0DC5FC1E-84E2-49E0-9598-025BDD6B7509}
[2011.12.29 12:02:32 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011.12.29 11:43:13 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.12.29 11:43:12 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011.12.29 11:43:04 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.12.29 11:39:47 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 00:10:13 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:05 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.23 23:49:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.23 23:35:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.23 23:35:20 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.23 07:49:37 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.23 07:49:37 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 00:53:27 | 000,007,595 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.17 23:01:01 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.17 23:01:01 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.17 23:01:01 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.17 23:01:01 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.16 14:46:24 | 000,014,976 | ---- | M] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 14:43:16 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2012.01.16 11:10:53 | 000,668,751 | ---- | M] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.16 08:27:42 | 000,302,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.15 18:32:41 | 000,266,087 | ---- | M] () -- C:\Windows\hpwins23.dat
[2012.01.15 18:15:43 | 000,002,029 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.08 18:37:39 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2012.01.01 16:03:54 | 000,000,750 | ---- | M] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:56:10 | 000,000,283 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:53:52 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:35:09 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2011.12.29 12:00:18 | 000,000,020 | ---- | M] () -- C:\Windows\ÈùZ
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.24 00:10:13 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:16 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.16 14:46:21 | 000,014,976 | ---- | C] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 10:13:24 | 000,668,751 | ---- | C] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.15 18:15:43 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.15 18:13:28 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.01.15 18:07:33 | 000,266,087 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012.01.02 23:52:52 | 000,262,526 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012.01.01 15:52:43 | 000,000,750 | ---- | C] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:51:54 | 000,000,283 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:35:09 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2011.12.29 12:01:37 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.12.29 12:00:33 | 000,001,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.12.29 12:00:16 | 000,000,020 | ---- | C] () -- C:\Windows\ÈùZ
[2011.12.08 23:46:58 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.10.19 21:25:26 | 000,162,440 | ---- | C] () -- C:\Windows\System32\AirfoilInject3.dll
[2011.07.24 17:01:20 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.06.13 13:30:30 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.13 13:29:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.05 21:09:48 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.01.07 19:15:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.07 19:15:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.07 19:15:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.07 19:15:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.07 19:15:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.07 19:15:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.07 19:15:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.07 19:15:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.07 19:15:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.07 19:15:31 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.07 19:15:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.07 19:15:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.07 19:15:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.07 19:15:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.07 19:15:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.21 03:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.17 17:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.12.06 16:20:31 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010.11.01 16:41:15 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p15].bmp
[2010.11.01 16:41:08 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p14].bmp
[2010.11.01 16:41:02 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p13].bmp
[2010.11.01 16:40:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p12].bmp
[2010.11.01 16:40:50 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p11].bmp
[2010.11.01 16:40:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p10].bmp
[2010.11.01 16:40:36 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p09].bmp
[2010.11.01 16:40:26 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p08].bmp
[2010.11.01 16:40:17 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p07].bmp
[2010.11.01 16:40:07 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p06].bmp
[2010.11.01 16:39:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p05].bmp
[2010.11.01 16:39:49 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p04].bmp
[2010.11.01 16:39:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p03].bmp
[2010.11.01 16:39:38 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p02].bmp
[2010.09.07 16:48:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.26 23:32:11 | 000,000,133 | ---- | C] () -- C:\Windows\MUSCDPL.INI
[2010.08.26 23:24:27 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.08.26 22:16:29 | 000,000,061 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.03 20:38:25 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.08.03 19:46:37 | 012,939,264 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.07.15 18:08:13 | 000,023,699 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.07.10 22:51:57 | 000,007,595 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.05.02 15:51:38 | 000,019,647 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.05.01 11:15:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.03 19:14:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.02.11 21:02:19 | 000,024,704 | ---- | C] () -- C:\Windows\System32\drivers\NinjaUSB.sys
[2010.01.23 00:25:05 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.12.31 09:49:40 | 000,023,040 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.29 18:32:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.27 13:59:34 | 000,001,092 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009.12.27 13:41:44 | 000,000,739 | ---- | C] () -- C:\Windows\wiso.ini
[2009.12.27 12:51:29 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.11.06 10:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,302,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
 
========== LOP Check ==========
 
[2011.11.20 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2009.12.27 13:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2010.11.15 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.09.12 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DScaler4
[2010.07.29 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.23 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.01.23 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.11.26 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.07.02 12:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MonkeyTunes
[2012.01.08 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.11 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.07.10 23:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2009.12.27 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.03.04 14:52:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.01.30 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2012.01.11 23:55:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2010.11.21 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.08.06 14:44:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2010.02.14 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.01.23 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2011.11.23 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
[2011.11.26 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2011.11.07 22:22:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Hier die Extras.txt:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.01.2012 00:11:42 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 75,90% Memory free
6,00 Gb Paging File | 5,41 Gb Available in Paging File | 90,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 257,01 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
Drive F: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 14,65 Gb Total Space | 12,24 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 393,01 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive Y: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: CSC-CACHE
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{291D8FE1-ED05-4934-80CE-A5F6B7A8718D}" = MySQL Server 5.1
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5285987F-41E8-49B5-9143-72FE789C3FC8}_is1" = MonkeyTunes 1.5.2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C056FA6-E362-467B-8160-062E9474FEE5}" = SlimDX Redistributable for .NET 2.0 (March 2011)
"{7C68B60E-D6E6-4A9A-A181-A9D59133F8D0}" = StarMoney 7.0 
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour-Druckdienste
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EF06A6A8-6B81-4A09-8223-789953972FFF}" = SonicWALL SSL-VPN NetExtender
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Airfoil" = Airfoil
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FileZilla Client" = FileZilla Client 3.5.3
"Free Studio_is1" = Free Studio version 4.8
"Freemake Video Converter_is1" = Freemake Video Converter version 1.1.6
"HandBrake" = HandBrake 0.9.5
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"MediaInfo" = MediaInfo 0.7.52
"MediaMonkey_is1" = MediaMonkey 3.2
"MediaPortal" = MediaPortal
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.49a
"NVIDIA Drivers" = NVIDIA Drivers
"Power Tab Editor 1.7" = Power Tab Editor 1.7
"Power TabV1" = Power Tab - Beta 0.98
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 6 Host" = TeamViewer 6 Host
"Tobit Radio.fx Server" = Radio.fx
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 04.12.2010 14:06:56 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:23:23 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:24:01 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:57:57 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:57:57 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 14:57:57 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 15:01:52 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 16:05:54 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 17:03:28 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.12.2010 17:54:37 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Hier die defogger_disable.txt

Code:

ATTFilter

 
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:10 on 24/01/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Und schließlich gmer.txt:
[code]
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-24 08:34:19
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000068 SAMSUNG_ rev.CR10
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\ugloipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1           82277369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2  822B0D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000053       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                 aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 25.01.2012, 12:40

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

villakarow · 28.01.2012, 22:31

Hi Arne,

habe die Scans gemacht. Hier die mbmam.txt:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.28.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

28.01.2012 13:07:39
mbam-log-2012-01-28 (13-07-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 563568
Laufzeit: 2 Stunde(n), 26 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier die log.txt von ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cfc396c07e28d742a69c0bb39e58d7cf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 07:01:11
# local_time=2012-01-28 08:01:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 35442338 35442338 0 0
# compatibility_mode=5893 16776573 100 94 12194 79396398 0 0
# compatibility_mode=8192 67108863 100 0 151 151 0 0
# scanned=392081
# found=0
# cleaned=0
# scan_time=12064

Vielen Dank schon mal bis hierher.
Heiko

cosinus · 29.01.2012, 18:53

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

villakarow · 30.01.2012, 00:39

Nein, malewarebytes kannte ich bisher nicht, also noch nie vorher benutzt.

cosinus · 30.01.2012, 10:32

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

villakarow · 30.01.2012, 23:02

Hi Arne,

habe neu gescannt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.01.2012 21:07:02 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,28% Memory free
6,00 Gb Paging File | 4,68 Gb Available in Paging File | 78,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,55 Gb Total Space | 61,64 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 257,52 Gb Free Space | 90,93% Space Free | Partition Type: NTFS
Drive G: | 14,65 Gb Total Space | 12,24 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 372,18 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - G:\Program Files\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
PRC - G:\Program Files\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\System32\AirfoilInject3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - G:\Program Files\Power2Go\CLMLSvcPS.dll ()
MOD - G:\Program Files\Power2Go\CLMediaLibrary.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PS3 Media Server) --  File not found
SRV - (Radio.fx) -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (StarMoney 7.0 OnlineUpdate) -- G:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (CLKMSVC10_E1A16B3C) -- G:\Program Files\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (SONICWALL_NetExtender) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\system32\drivers\WinUSB.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (NinjaUSB) -- C:\Windows\System32\drivers\NinjaUSB.sys ()
DRV - (NxDrv) -- C:\Windows\System32\drivers\NxDrv.sys (SonicWALL Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys (SiSoftware)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (FireDTV_DVBS2) -- C:\Windows\System32\drivers\FireDTV_BDA_DVBS2.sys (digital everywhere)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\Windows\System32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 0B 0A 86 3F 34 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.12.06 21:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 03:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 03:24:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
 
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.28 16:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.26 12:36:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.20 19:14:57 | 000,000,000 | ---D | M] (Vodafone Video Plugin for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\vodafone_video_plugin@vodafone.com
[2011.11.13 14:06:24 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\11-suche.xml
[2010.07.17 14:38:43 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\conduit.xml
[2011.11.13 14:06:24 | 000,002,226 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\englische-ergebnisse.xml
[2011.11.13 14:06:24 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\gmx-suche.xml
[2011.11.13 14:06:24 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\lastminute.xml
[2011.11.13 14:06:24 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\webde-suche.xml
[2012.01.08 03:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.06 21:02:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.01.08 03:24:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.15 23:57:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.15 23:57:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.15 23:57:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.15 23:57:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.15 23:57:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.15 23:57:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] G:\Program Files\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LGODDFU] G:\Program Files\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl9] G:\Program Files\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mysap.com ([tcs]  in Local intranet)
O15 - HKCU\..Trusted Domains: mysap.com ([tcs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*]  in Local intranet)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656]  in Local intranet)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26FD08B-C89E-4C7B-BB14-75191404BEDB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (AirfoilInject3.dll) -C:\Windows\System32\AirfoilInject3.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell - "" = AutoRun
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iTunes.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0 HD Edition.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - C:\Program Files\WISO\Sparbuch 2010\meinsparbuchheute.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - G:\Program Files\WISO2011\mshaktuell.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: AirPort Base Station Agent - hkey= - key= - C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= -  File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: MDS_Menu - hkey= - key= - G:\Program Files\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: NeroCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - G:\Program Files\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - G:\Program Files\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - G:\Program Files\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - G:\Program Files\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.29 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.29 12:49:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gsmartcontrol
[2012.01.29 12:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2012.01.29 12:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2012.01.29 12:32:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy
[2012.01.28 16:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.28 16:37:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.01.28 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.01.28 13:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.28 13:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.28 13:05:47 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.28 13:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.24 00:01:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.19 23:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.19 23:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.19 23:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.16 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SonicWALL SSL-VPN NetExtender
[2012.01.16 14:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\SonicWALL
[2012.01.15 19:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\ProgDVB
[2012.01.15 18:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.01.15 18:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.01.15 18:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.01.15 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ECE5F498-1FE2-4D5D-80D7-2D7D0119A693}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{17E6614C-5078-4717-8A54-35BFC711C460}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{08FCFB46-B553-48A7-BFE5-9303BA82F62E}
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2012.01.08 16:20:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.08 16:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.01.08 16:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012.01.08 13:53:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2012.01.07 23:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.01 19:02:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Seas0nPass
[2012.01.01 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\***\CyberLink
[2012.01.01 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2012.01.01 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go
[2012.01.01 15:52:51 | 000,000,000 | ---D | C] -- C:\Temp
[2012.01.01 15:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2012.01.01 15:51:35 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2012.01.01 15:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.01.01 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2012.01.01 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2012.01.01 15:36:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.01.01 15:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012.01.01 15:36:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.01.01 15:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.30 18:32:45 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.30 18:32:45 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.30 18:32:45 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.30 18:32:45 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.30 16:32:04 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.30 16:32:04 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.30 16:24:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.30 16:24:12 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.30 00:46:26 | 403,615,835 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.29 01:15:33 | 000,302,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.28 16:36:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.01.28 13:05:51 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.24 00:10:13 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:05 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.23 23:49:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.21 00:53:27 | 000,007,595 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.16 14:46:24 | 000,014,976 | ---- | M] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 14:43:16 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2012.01.16 11:10:53 | 000,668,751 | ---- | M] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.15 18:32:41 | 000,266,087 | ---- | M] () -- C:\Windows\hpwins23.dat
[2012.01.15 18:15:43 | 000,002,029 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.01 16:03:54 | 000,000,750 | ---- | M] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:56:10 | 000,000,283 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:53:52 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:35:09 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.30 00:46:26 | 403,615,835 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.28 13:05:51 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.24 00:10:13 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:16 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.16 14:46:21 | 000,014,976 | ---- | C] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 10:13:24 | 000,668,751 | ---- | C] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.15 18:15:43 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.15 18:13:28 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.01.15 18:07:33 | 000,266,087 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012.01.02 23:52:52 | 000,262,526 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012.01.01 15:52:43 | 000,000,750 | ---- | C] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:51:54 | 000,000,283 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:35:09 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2011.12.08 23:46:58 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.10.19 21:25:26 | 000,162,440 | ---- | C] () -- C:\Windows\System32\AirfoilInject3.dll
[2011.07.24 17:01:20 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.06.13 13:30:30 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.13 13:29:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.05 21:09:48 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.01.07 19:15:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.07 19:15:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.07 19:15:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.07 19:15:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.07 19:15:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.07 19:15:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.07 19:15:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.07 19:15:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.07 19:15:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.07 19:15:31 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.07 19:15:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.07 19:15:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.07 19:15:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.07 19:15:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.07 19:15:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.21 03:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.17 17:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.12.06 16:20:31 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010.11.01 16:41:15 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p15].bmp
[2010.11.01 16:41:08 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p14].bmp
[2010.11.01 16:41:02 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p13].bmp
[2010.11.01 16:40:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p12].bmp
[2010.11.01 16:40:50 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p11].bmp
[2010.11.01 16:40:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p10].bmp
[2010.11.01 16:40:36 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p09].bmp
[2010.11.01 16:40:26 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p08].bmp
[2010.11.01 16:40:17 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p07].bmp
[2010.11.01 16:40:07 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p06].bmp
[2010.11.01 16:39:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p05].bmp
[2010.11.01 16:39:49 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p04].bmp
[2010.11.01 16:39:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p03].bmp
[2010.11.01 16:39:38 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p02].bmp
[2010.09.07 16:48:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.26 23:32:11 | 000,000,133 | ---- | C] () -- C:\Windows\MUSCDPL.INI
[2010.08.26 23:24:27 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.08.26 22:16:29 | 000,000,061 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.03 20:38:25 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.08.03 19:46:37 | 012,939,264 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.07.15 18:08:13 | 000,023,699 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.07.10 22:51:57 | 000,007,595 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.05.02 15:51:38 | 000,019,647 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.05.01 11:15:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.03 19:14:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.02.11 21:02:19 | 000,024,704 | ---- | C] () -- C:\Windows\System32\drivers\NinjaUSB.sys
[2010.01.23 00:25:05 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.12.31 09:49:40 | 000,023,040 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.29 18:32:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.27 13:59:34 | 000,001,092 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009.12.27 13:41:44 | 000,000,739 | ---- | C] () -- C:\Windows\wiso.ini
[2009.12.27 12:51:29 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.11.06 10:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,302,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
 
========== LOP Check ==========
 
[2011.11.20 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2009.12.27 13:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2010.11.15 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.09.12 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DScaler4
[2010.07.29 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.23 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.01.23 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.29 12:53:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gsmartcontrol
[2011.11.26 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.07.02 12:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MonkeyTunes
[2012.01.08 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.11 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.07.10 23:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.01.29 12:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2009.12.27 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.03.04 14:52:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.01.30 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2012.01.11 23:55:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2010.11.21 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.08.06 14:44:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2010.02.14 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.01.23 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2011.11.23 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
[2011.11.26 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.01.24 22:56:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.03 15:18:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.01.28 13:03:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahead
[2011.11.20 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.01.03 01:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2010.08.03 20:50:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2009.12.27 13:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2012.01.08 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2010.05.26 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.11.15 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.09.12 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DScaler4
[2012.01.19 00:12:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2010.07.29 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.23 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.01.23 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.29 12:53:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gsmartcontrol
[2011.11.26 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.07.31 17:57:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HP
[2012.01.02 23:38:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HpUpdate
[2009.12.27 12:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.01.07 19:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2009.12.27 12:46:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.01.28 13:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.08.05 23:50:01 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.07.02 12:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MonkeyTunes
[2012.01.29 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.01.08 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.11 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.07.10 23:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.01.29 12:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2009.12.27 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.03.04 14:52:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.01.30 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2010.01.02 21:44:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2012.01.11 23:55:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2010.11.09 19:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2010.11.09 19:05:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.11.21 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.08.06 14:44:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2010.02.14 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.01.23 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2012.01.14 01:55:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.11.23 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
[2011.11.26 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2010.02.26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010.05.08 11:33:08 | 000,089,831 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.09.06 22:03:32 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.12.29 05:16:44 | 028,994,072 | ---- | M] (TuneUp Media, Inc.) -- C:\Users\***\AppData\Roaming\OpenCandy\BBC06AB6447543E480F923E8312A9C09\TuneUp_OpenCandy_PC_2.2.7_CMPID-276.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2009.08.04 16:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sataraid\nvstor32.sys
[2009.08.04 16:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sataraid\nvstor32.sys
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sata_ide\nvstor32.sys
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sata_ide\nvstor32.sys
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_40ee9c3d357e7b66\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

Beste Grüße
Heiko

cosinus · 31.01.2012, 08:34

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=14597
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.web.de/tb/mff_startpage_home"
FF - prefs.js..keyword.URL: "http://go.web.de/tb/mff_keyurl_search/?su="
[2010.07.17 14:38:43 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\conduit.xml
O4 - HKLM..\Run: []  File not found
O20 - AppInit_DLLs: (AirfoilInject3.dll) -C:\Windows\System32\AirfoilInject3.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell - "" = AutoRun
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell\AutoRun\command - "" = G:\pushinst.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

villakarow · 31.01.2012, 10:30

OTL Fix ist gemacht.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://go.web.de/tb/mff_startpage_home" removed from browser.startup.homepage
Prefs.js: "hxxp://go.web.de/tb/mff_keyurl_search/?su=" removed from keyword.URL
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:AirfoilInject3.dll deleted successfully.
File pInit_DLLs: (AirfoilInject3.dll) -C:\Windows\System32\AirfoilInject3.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46b40bec-f2dc-11de-a292-0019665398bd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46b40bec-f2dc-11de-a292-0019665398bd}\ not found.
File G:\pushinst.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Heiko
->Temp folder emptied: 1451191 bytes
->Temporary Internet Files folder emptied: 1593707 bytes
->Java cache emptied: 28762954 bytes
->FireFox cache emptied: 380464684 bytes
->Flash cache emptied: 1633 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 438816 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196694 bytes
RecycleBin emptied: 213478780 bytes
 
Total Files Cleaned = 597,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01312012_101915

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Vielen Dank.
Beste Grüße
Heiko

cosinus · 31.01.2012, 12:30

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

villakarow · 01.02.2012, 07:58

tdss ist auch gemacht.

Code:

ATTFilter

07:49:44.0223 3164	TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
07:49:44.0536 3164	============================================================
07:49:44.0536 3164	Current date / time: 2012/02/01 07:49:44.0536
07:49:44.0536 3164	SystemInfo:
07:49:44.0536 3164	
07:49:44.0536 3164	OS Version: 6.1.7601 ServicePack: 1.0
07:49:44.0536 3164	Product type: Workstation
07:49:44.0536 3164	ComputerName: HEIKO-PC
07:49:44.0536 3164	UserName: Heiko
07:49:44.0536 3164	Windows directory: C:\Windows
07:49:44.0536 3164	System windows directory: C:\Windows
07:49:44.0536 3164	Processor architecture: Intel x86
07:49:44.0536 3164	Number of processors: 1
07:49:44.0536 3164	Page size: 0x1000
07:49:44.0536 3164	Boot type: Normal boot
07:49:44.0536 3164	============================================================
07:49:45.0653 3164	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:49:45.0653 3164	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:49:45.0668 3164	\Device\Harddisk0\DR0:
07:49:45.0668 3164	MBR used
07:49:45.0668 3164	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7186F8
07:49:45.0668 3164	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC718800, BlocksNum 0x23668000
07:49:45.0684 3164	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38639000, BlocksNum 0x1D4C000
07:49:45.0684 3164	\Device\Harddisk1\DR1:
07:49:45.0684 3164	MBR used
07:49:45.0684 3164	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74704D70
07:49:45.0856 3164	Initialize success
07:49:45.0856 3164	============================================================
07:50:07.0074 3020	============================================================
07:50:07.0074 3020	Scan started
07:50:07.0074 3020	Mode: Manual; SigCheck; TDLFS; 
07:50:07.0074 3020	============================================================
07:50:08.0042 3020	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
07:50:08.0136 3020	1394ohci - ok
07:50:08.0199 3020	61883           (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
07:50:08.0230 3020	61883 - ok
07:50:08.0277 3020	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
07:50:08.0308 3020	ACPI - ok
07:50:08.0339 3020	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
07:50:08.0386 3020	AcpiPmi - ok
07:50:08.0496 3020	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
07:50:08.0511 3020	adp94xx - ok
07:50:08.0542 3020	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
07:50:08.0574 3020	adpahci - ok
07:50:08.0605 3020	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
07:50:08.0621 3020	adpu320 - ok
07:50:08.0699 3020	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
07:50:08.0746 3020	AFD - ok
07:50:08.0777 3020	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
07:50:08.0777 3020	agp440 - ok
07:50:08.0824 3020	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
07:50:08.0839 3020	aic78xx - ok
07:50:08.0902 3020	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
07:50:08.0917 3020	aliide - ok
07:50:08.0980 3020	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
07:50:08.0980 3020	amdagp - ok
07:50:09.0027 3020	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
07:50:09.0027 3020	amdide - ok
07:50:09.0074 3020	amdiox86 - ok
07:50:09.0136 3020	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
07:50:09.0167 3020	AmdK8 - ok
07:50:09.0402 3020	amdkmdag        (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
07:50:09.0621 3020	amdkmdag - ok
07:50:09.0683 3020	amdkmdap        (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
07:50:09.0714 3020	amdkmdap - ok
07:50:09.0761 3020	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
07:50:09.0808 3020	AmdPPM - ok
07:50:09.0871 3020	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
07:50:09.0886 3020	amdsata - ok
07:50:09.0917 3020	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
07:50:09.0933 3020	amdsbs - ok
07:50:09.0980 3020	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
07:50:09.0980 3020	amdxata - ok
07:50:10.0027 3020	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
07:50:10.0089 3020	AppID - ok
07:50:10.0183 3020	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
07:50:10.0214 3020	arc - ok
07:50:10.0246 3020	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
07:50:10.0261 3020	arcsas - ok
07:50:10.0339 3020	aswFsBlk        (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
07:50:10.0386 3020	aswFsBlk - ok
07:50:10.0433 3020	aswMonFlt       (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
07:50:10.0433 3020	aswMonFlt - ok
07:50:10.0464 3020	aswRdr          (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
07:50:10.0496 3020	aswRdr - ok
07:50:10.0558 3020	aswSnx          (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
07:50:10.0589 3020	aswSnx - ok
07:50:10.0636 3020	aswSP           (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
07:50:10.0667 3020	aswSP - ok
07:50:10.0699 3020	aswTdi          (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
07:50:10.0714 3020	aswTdi - ok
07:50:10.0746 3020	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
07:50:10.0792 3020	AsyncMac - ok
07:50:10.0824 3020	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
07:50:10.0839 3020	atapi - ok
07:50:10.0928 3020	AtiHDAudioService (35207458c90f55c61247de139a6a243a) C:\Windows\system32\drivers\AtihdW73.sys
07:50:10.0944 3020	AtiHDAudioService - ok
07:50:11.0022 3020	AtiHdmiService  (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
07:50:11.0038 3020	AtiHdmiService - ok
07:50:11.0288 3020	atikmdag        (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
07:50:11.0459 3020	atikmdag - ok
07:50:11.0616 3020	Avc             (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
07:50:11.0631 3020	Avc - ok
07:50:11.0678 3020	AVCSTRM         (1983e63a12427f8f26d625ceb5cd01fc) C:\Windows\system32\DRIVERS\avcstrm.sys
07:50:11.0725 3020	AVCSTRM - ok
07:50:11.0756 3020	avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
07:50:11.0788 3020	avmeject ( UnsignedFile.Multi.Generic ) - warning
07:50:11.0788 3020	avmeject - detected UnsignedFile.Multi.Generic (1)
07:50:11.0850 3020	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
07:50:11.0897 3020	b06bdrv - ok
07:50:11.0959 3020	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
07:50:11.0975 3020	b57nd60x - ok
07:50:12.0022 3020	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
07:50:12.0069 3020	Beep - ok
07:50:12.0116 3020	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
07:50:12.0147 3020	blbdrive - ok
07:50:12.0225 3020	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
07:50:12.0256 3020	bowser - ok
07:50:12.0288 3020	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:50:12.0334 3020	BrFiltLo - ok
07:50:12.0366 3020	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:50:12.0397 3020	BrFiltUp - ok
07:50:12.0444 3020	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
07:50:12.0475 3020	Brserid - ok
07:50:12.0522 3020	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
07:50:12.0538 3020	BrSerWdm - ok
07:50:12.0584 3020	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:50:12.0616 3020	BrUsbMdm - ok
07:50:12.0647 3020	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
07:50:12.0678 3020	BrUsbSer - ok
07:50:12.0725 3020	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
07:50:12.0756 3020	BTHMODEM - ok
07:50:12.0819 3020	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
07:50:12.0866 3020	cdfs - ok
07:50:12.0948 3020	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
07:50:12.0965 3020	cdrom - ok
07:50:13.0012 3020	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
07:50:13.0043 3020	circlass - ok
07:50:13.0106 3020	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
07:50:13.0122 3020	CLFS - ok
07:50:13.0215 3020	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
07:50:13.0247 3020	CmBatt - ok
07:50:13.0278 3020	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
07:50:13.0293 3020	cmdide - ok
07:50:13.0356 3020	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
07:50:13.0387 3020	CNG - ok
07:50:13.0418 3020	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
07:50:13.0418 3020	Compbatt - ok
07:50:13.0497 3020	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
07:50:13.0528 3020	CompositeBus - ok
07:50:13.0590 3020	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
07:50:13.0590 3020	crcdisk - ok
07:50:13.0668 3020	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
07:50:13.0715 3020	CSC - ok
07:50:13.0793 3020	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
07:50:13.0840 3020	DfsC - ok
07:50:13.0887 3020	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
07:50:13.0950 3020	discache - ok
07:50:13.0997 3020	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
07:50:14.0012 3020	Disk - ok
07:50:14.0090 3020	Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
07:50:14.0122 3020	Dot4 - ok
07:50:14.0184 3020	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:50:14.0231 3020	Dot4Print - ok
07:50:14.0278 3020	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
07:50:14.0309 3020	dot4usb - ok
07:50:14.0356 3020	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
07:50:14.0372 3020	drmkaud - ok
07:50:14.0418 3020	DSDrv4 - ok
07:50:14.0497 3020	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
07:50:14.0528 3020	DXGKrnl - ok
07:50:14.0653 3020	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
07:50:14.0762 3020	ebdrv - ok
07:50:14.0856 3020	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
07:50:14.0887 3020	elxstor - ok
07:50:14.0934 3020	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
07:50:14.0965 3020	ErrDev - ok
07:50:15.0028 3020	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
07:50:15.0075 3020	exfat - ok
07:50:15.0106 3020	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
07:50:15.0153 3020	fastfat - ok
07:50:15.0231 3020	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
07:50:15.0262 3020	fdc - ok
07:50:15.0293 3020	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
07:50:15.0309 3020	FileInfo - ok
07:50:15.0356 3020	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
07:50:15.0403 3020	Filetrace - ok
07:50:15.0465 3020	FireDTV_DVBS2   (c12c61b294d0f9f02819622d6b28766d) C:\Windows\system32\DRIVERS\FireDTV_BDA_DVBS2.sys
07:50:15.0481 3020	FireDTV_DVBS2 ( UnsignedFile.Multi.Generic ) - warning
07:50:15.0481 3020	FireDTV_DVBS2 - detected UnsignedFile.Multi.Generic (1)
07:50:15.0512 3020	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
07:50:15.0543 3020	flpydisk - ok
07:50:15.0590 3020	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
07:50:15.0606 3020	FltMgr - ok
07:50:15.0668 3020	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
07:50:15.0668 3020	FsDepends - ok
07:50:15.0700 3020	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
07:50:15.0715 3020	Fs_Rec - ok
07:50:15.0778 3020	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
07:50:15.0793 3020	fvevol - ok
07:50:15.0840 3020	FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
07:50:15.0887 3020	FWLANUSB - ok
07:50:15.0918 3020	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:50:15.0934 3020	gagp30kx - ok
07:50:16.0012 3020	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:50:16.0012 3020	GEARAspiWDM - ok
07:50:16.0059 3020	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
07:50:16.0090 3020	hcw85cir - ok
07:50:16.0153 3020	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
07:50:16.0200 3020	HdAudAddService - ok
07:50:16.0247 3020	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
07:50:16.0262 3020	HDAudBus - ok
07:50:16.0309 3020	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
07:50:16.0340 3020	HidBatt - ok
07:50:16.0372 3020	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
07:50:16.0418 3020	HidBth - ok
07:50:16.0481 3020	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
07:50:16.0497 3020	HidIr - ok
07:50:16.0559 3020	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
07:50:16.0575 3020	HidUsb - ok
07:50:16.0668 3020	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
07:50:16.0684 3020	HpSAMD - ok
07:50:16.0762 3020	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
07:50:16.0825 3020	HTTP - ok
07:50:16.0872 3020	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
07:50:16.0887 3020	hwpolicy - ok
07:50:16.0918 3020	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
07:50:16.0934 3020	i8042prt - ok
07:50:17.0000 3020	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
07:50:17.0032 3020	iaStorV - ok
07:50:17.0094 3020	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
07:50:17.0094 3020	iirsp - ok
07:50:17.0344 3020	IntcAzAudAddService (441a9adce9394e18ff6c23f77c983c04) C:\Windows\system32\drivers\RTKVHDA.sys
07:50:17.0469 3020	IntcAzAudAddService - ok
07:50:17.0500 3020	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
07:50:17.0516 3020	intelide - ok
07:50:17.0594 3020	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
07:50:17.0610 3020	intelppm - ok
07:50:17.0657 3020	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:50:17.0704 3020	IpFilterDriver - ok
07:50:17.0766 3020	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
07:50:17.0797 3020	IPMIDRV - ok
07:50:17.0829 3020	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
07:50:17.0875 3020	IPNAT - ok
07:50:17.0938 3020	irda            (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
07:50:17.0985 3020	irda - ok
07:50:18.0016 3020	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
07:50:18.0047 3020	IRENUM - ok
07:50:18.0110 3020	irsir           (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
07:50:18.0141 3020	irsir - ok
07:50:18.0188 3020	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
07:50:18.0188 3020	isapnp - ok
07:50:18.0235 3020	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\DRIVERS\msiscsi.sys
07:50:18.0266 3020	iScsiPrt - ok
07:50:18.0297 3020	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
07:50:18.0313 3020	kbdclass - ok
07:50:18.0360 3020	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
07:50:18.0391 3020	kbdhid - ok
07:50:18.0438 3020	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
07:50:18.0469 3020	KSecDD - ok
07:50:18.0516 3020	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
07:50:18.0532 3020	KSecPkg - ok
07:50:18.0641 3020	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
07:50:18.0688 3020	lltdio - ok
07:50:18.0750 3020	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:50:18.0766 3020	LSI_FC - ok
07:50:18.0797 3020	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:50:18.0813 3020	LSI_SAS - ok
07:50:18.0829 3020	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:50:18.0860 3020	LSI_SAS2 - ok
07:50:18.0891 3020	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:50:18.0907 3020	LSI_SCSI - ok
07:50:18.0954 3020	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
07:50:19.0016 3020	luafv - ok
07:50:19.0072 3020	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
07:50:19.0120 3020	MBAMProtector - ok
07:50:19.0166 3020	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
07:50:19.0182 3020	megasas - ok
07:50:19.0213 3020	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
07:50:19.0245 3020	MegaSR - ok
07:50:19.0276 3020	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
07:50:19.0323 3020	Modem - ok
07:50:19.0385 3020	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
07:50:19.0416 3020	monitor - ok
07:50:19.0463 3020	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
07:50:19.0479 3020	mouclass - ok
07:50:19.0541 3020	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
07:50:19.0557 3020	mouhid - ok
07:50:19.0604 3020	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
07:50:19.0620 3020	mountmgr - ok
07:50:19.0651 3020	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
07:50:19.0666 3020	mpio - ok
07:50:19.0698 3020	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
07:50:19.0760 3020	mpsdrv - ok
07:50:19.0807 3020	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
07:50:19.0854 3020	MRxDAV - ok
07:50:19.0901 3020	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:50:19.0932 3020	mrxsmb - ok
07:50:19.0979 3020	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:50:20.0010 3020	mrxsmb10 - ok
07:50:20.0060 3020	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:50:20.0076 3020	mrxsmb20 - ok
07:50:20.0107 3020	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
07:50:20.0138 3020	msahci - ok
07:50:20.0169 3020	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
07:50:20.0169 3020	msdsm - ok
07:50:20.0248 3020	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
07:50:20.0279 3020	Msfs - ok
07:50:20.0310 3020	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
07:50:20.0357 3020	mshidkmdf - ok
07:50:20.0388 3020	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
07:50:20.0404 3020	msisadrv - ok
07:50:20.0466 3020	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
07:50:20.0529 3020	MSKSSRV - ok
07:50:20.0560 3020	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
07:50:20.0607 3020	MSPCLOCK - ok
07:50:20.0638 3020	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
07:50:20.0685 3020	MSPQM - ok
07:50:20.0716 3020	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
07:50:20.0748 3020	MsRPC - ok
07:50:20.0794 3020	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
07:50:20.0794 3020	mssmbios - ok
07:50:20.0826 3020	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
07:50:20.0873 3020	MSTEE - ok
07:50:20.0904 3020	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
07:50:20.0935 3020	MTConfig - ok
07:50:20.0966 3020	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
07:50:20.0982 3020	Mup - ok
07:50:21.0061 3020	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
07:50:21.0077 3020	NativeWifiP - ok
07:50:21.0155 3020	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
07:50:21.0170 3020	NDIS - ok
07:50:21.0217 3020	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
07:50:21.0280 3020	NdisCap - ok
07:50:21.0311 3020	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
07:50:21.0358 3020	NdisTapi - ok
07:50:21.0405 3020	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
07:50:21.0452 3020	Ndisuio - ok
07:50:21.0514 3020	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
07:50:21.0561 3020	NdisWan - ok
07:50:21.0624 3020	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
07:50:21.0670 3020	NDProxy - ok
07:50:21.0733 3020	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
07:50:21.0811 3020	NetBIOS - ok
07:50:21.0874 3020	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
07:50:21.0920 3020	NetBT - ok
07:50:22.0061 3020	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
07:50:22.0077 3020	nfrd960 - ok
07:50:22.0139 3020	NinjaUSB        (16220ba146234625b50c055f413edf03) C:\Windows\system32\drivers\NinjaUSB.sys
07:50:22.0170 3020	NinjaUSB ( UnsignedFile.Multi.Generic ) - warning
07:50:22.0170 3020	NinjaUSB - detected UnsignedFile.Multi.Generic (1)
07:50:22.0217 3020	nmwcd - ok
07:50:22.0233 3020	nmwcdc - ok
07:50:22.0264 3020	nmwcdnsu - ok
07:50:22.0311 3020	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
07:50:22.0358 3020	Npfs - ok
07:50:22.0389 3020	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
07:50:22.0436 3020	nsiproxy - ok
07:50:22.0530 3020	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
07:50:22.0577 3020	Ntfs - ok
07:50:22.0608 3020	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
07:50:22.0655 3020	Null - ok
07:50:22.0702 3020	NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
07:50:22.0733 3020	NVENETFD - ok
07:50:22.0811 3020	NVNET           (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
07:50:22.0827 3020	NVNET - ok
07:50:22.0874 3020	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
07:50:22.0889 3020	nvraid - ok
07:50:22.0920 3020	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
07:50:22.0936 3020	nvstor - ok
07:50:22.0999 3020	nvstor32        (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
07:50:23.0014 3020	nvstor32 - ok
07:50:23.0061 3020	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
07:50:23.0083 3020	nv_agp - ok
07:50:23.0153 3020	NxDrv           (cdf2a5f20509593140f8b3b965448c5b) C:\Windows\system32\DRIVERS\NxDrv.sys
07:50:23.0168 3020	NxDrv - ok
07:50:23.0200 3020	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
07:50:23.0215 3020	ohci1394 - ok
07:50:23.0293 3020	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
07:50:23.0325 3020	Parport - ok
07:50:23.0387 3020	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
07:50:23.0387 3020	partmgr - ok
07:50:23.0418 3020	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
07:50:23.0465 3020	Parvdm - ok
07:50:23.0512 3020	pccsmcfd - ok
07:50:23.0543 3020	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
07:50:23.0575 3020	pci - ok
07:50:23.0590 3020	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
07:50:23.0606 3020	pciide - ok
07:50:23.0653 3020	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
07:50:23.0668 3020	pcmcia - ok
07:50:23.0700 3020	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
07:50:23.0715 3020	pcw - ok
07:50:23.0762 3020	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
07:50:23.0825 3020	PEAUTH - ok
07:50:23.0997 3020	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
07:50:24.0043 3020	PptpMiniport - ok
07:50:24.0090 3020	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
07:50:24.0122 3020	Processor - ok
07:50:24.0231 3020	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
07:50:24.0278 3020	Psched - ok
07:50:24.0356 3020	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
07:50:24.0403 3020	ql2300 - ok
07:50:24.0434 3020	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
07:50:24.0450 3020	ql40xx - ok
07:50:24.0497 3020	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
07:50:24.0512 3020	QWAVEdrv - ok
07:50:24.0559 3020	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
07:50:24.0606 3020	RasAcd - ok
07:50:24.0653 3020	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:50:24.0700 3020	RasAgileVpn - ok
07:50:24.0747 3020	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:50:24.0778 3020	Rasl2tp - ok
07:50:24.0825 3020	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
07:50:24.0887 3020	RasPppoe - ok
07:50:24.0934 3020	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
07:50:24.0965 3020	RasSstp - ok
07:50:25.0028 3020	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
07:50:25.0075 3020	rdbss - ok
07:50:25.0122 3020	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
07:50:25.0137 3020	rdpbus - ok
07:50:25.0184 3020	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:50:25.0247 3020	RDPCDD - ok
07:50:25.0293 3020	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
07:50:25.0325 3020	RDPDR - ok
07:50:25.0372 3020	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
07:50:25.0418 3020	RDPENCDD - ok
07:50:25.0450 3020	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
07:50:25.0481 3020	RDPREFMP - ok
07:50:25.0543 3020	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
07:50:25.0575 3020	RdpVideoMiniport - ok
07:50:25.0606 3020	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
07:50:25.0653 3020	RDPWD - ok
07:50:25.0715 3020	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
07:50:25.0747 3020	rdyboost - ok
07:50:25.0856 3020	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
07:50:25.0887 3020	rspndr - ok
07:50:25.0934 3020	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
07:50:25.0981 3020	s3cap - ok
07:50:26.0090 3020	SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
07:50:26.0137 3020	SANDRA - ok
07:50:26.0184 3020	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
07:50:26.0200 3020	sbp2port - ok
07:50:26.0247 3020	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
07:50:26.0293 3020	scfilter - ok
07:50:26.0387 3020	SCR3XX2K        (624795df1993b955b0c0a03a4612f2ec) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
07:50:26.0403 3020	SCR3XX2K - ok
07:50:26.0450 3020	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:50:26.0497 3020	secdrv - ok
07:50:26.0575 3020	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
07:50:26.0590 3020	Serenum - ok
07:50:26.0637 3020	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
07:50:26.0668 3020	Serial - ok
07:50:26.0715 3020	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
07:50:26.0731 3020	sermouse - ok
07:50:26.0809 3020	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
07:50:26.0825 3020	sffdisk - ok
07:50:26.0856 3020	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
07:50:26.0903 3020	sffp_mmc - ok
07:50:26.0950 3020	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
07:50:26.0981 3020	sffp_sd - ok
07:50:27.0012 3020	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
07:50:27.0043 3020	sfloppy - ok
07:50:27.0106 3020	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
07:50:27.0122 3020	sisagp - ok
07:50:27.0168 3020	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:50:27.0184 3020	SiSRaid2 - ok
07:50:27.0215 3020	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
07:50:27.0215 3020	SiSRaid4 - ok
07:50:27.0262 3020	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
07:50:27.0309 3020	Smb - ok
07:50:27.0387 3020	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
07:50:27.0403 3020	spldr - ok
07:50:27.0481 3020	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
07:50:27.0528 3020	srv - ok
07:50:27.0590 3020	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
07:50:27.0637 3020	srv2 - ok
07:50:27.0668 3020	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
07:50:27.0684 3020	srvnet - ok
07:50:27.0778 3020	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
07:50:27.0793 3020	stexstor - ok
07:50:27.0840 3020	StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
07:50:27.0872 3020	StillCam - ok
07:50:27.0934 3020	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
07:50:27.0950 3020	storflt - ok
07:50:27.0981 3020	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
07:50:28.0012 3020	storvsc - ok
07:50:28.0059 3020	SWDUMon         (e170114e6262b1d019f85669179a9982) C:\Windows\system32\DRIVERS\SWDUMon.sys
07:50:28.0075 3020	SWDUMon - ok
07:50:28.0106 3020	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
07:50:28.0122 3020	swenum - ok
07:50:28.0153 3020	Synth3dVsc - ok
07:50:28.0278 3020	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
07:50:28.0325 3020	Tcpip - ok
07:50:28.0403 3020	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
07:50:28.0434 3020	TCPIP6 - ok
07:50:28.0497 3020	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
07:50:28.0543 3020	tcpipreg - ok
07:50:28.0606 3020	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
07:50:28.0637 3020	TDPIPE - ok
07:50:28.0668 3020	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
07:50:28.0715 3020	TDTCP - ok
07:50:28.0778 3020	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
07:50:28.0825 3020	tdx - ok
07:50:28.0918 3020	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
07:50:28.0934 3020	TermDD - ok
07:50:29.0012 3020	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:50:29.0059 3020	tssecsrv - ok
07:50:29.0106 3020	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
07:50:29.0153 3020	TsUsbFlt - ok
07:50:29.0194 3020	tsusbhub - ok
07:50:29.0257 3020	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
07:50:29.0289 3020	tunnel - ok
07:50:29.0335 3020	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
07:50:29.0351 3020	uagp35 - ok
07:50:29.0414 3020	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
07:50:29.0460 3020	udfs - ok
07:50:29.0523 3020	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
07:50:29.0554 3020	uliagpkx - ok
07:50:29.0601 3020	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
07:50:29.0617 3020	umbus - ok
07:50:29.0664 3020	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
07:50:29.0695 3020	UmPass - ok
07:50:29.0742 3020	upperdev - ok
07:50:29.0789 3020	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
07:50:29.0804 3020	USBAAPL - ok
07:50:29.0851 3020	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
07:50:29.0898 3020	usbaudio - ok
07:50:29.0945 3020	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
07:50:29.0976 3020	usbccgp - ok
07:50:30.0054 3020	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
07:50:30.0070 3020	usbcir - ok
07:50:30.0132 3020	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
07:50:30.0196 3020	usbehci - ok
07:50:30.0243 3020	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
07:50:30.0274 3020	usbhub - ok
07:50:30.0321 3020	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
07:50:30.0352 3020	usbohci - ok
07:50:30.0399 3020	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
07:50:30.0430 3020	usbprint - ok
07:50:30.0477 3020	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
07:50:30.0508 3020	usbscan - ok
07:50:30.0571 3020	usbser          (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
07:50:30.0618 3020	usbser - ok
07:50:30.0665 3020	UsbserFilt - ok
07:50:30.0696 3020	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:50:30.0711 3020	USBSTOR - ok
07:50:30.0758 3020	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
07:50:30.0774 3020	usbuhci - ok
07:50:30.0836 3020	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
07:50:30.0852 3020	vdrvroot - ok
07:50:30.0899 3020	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
07:50:30.0930 3020	vga - ok
07:50:30.0977 3020	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
07:50:31.0008 3020	VgaSave - ok
07:50:31.0040 3020	VGPU - ok
07:50:31.0071 3020	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
07:50:31.0086 3020	vhdmp - ok
07:50:31.0133 3020	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
07:50:31.0149 3020	viaagp - ok
07:50:31.0180 3020	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
07:50:31.0228 3020	ViaC7 - ok
07:50:31.0275 3020	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
07:50:31.0291 3020	viaide - ok
07:50:31.0322 3020	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
07:50:31.0337 3020	vmbus - ok
07:50:31.0384 3020	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
07:50:31.0416 3020	VMBusHID - ok
07:50:31.0462 3020	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
07:50:31.0478 3020	volmgr - ok
07:50:31.0525 3020	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
07:50:31.0541 3020	volmgrx - ok
07:50:31.0587 3020	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
07:50:31.0603 3020	volsnap - ok
07:50:31.0650 3020	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
07:50:31.0666 3020	vsmraid - ok
07:50:31.0712 3020	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
07:50:31.0744 3020	vwifibus - ok
07:50:31.0822 3020	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
07:50:31.0884 3020	WacomPen - ok
07:50:31.0978 3020	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:32.0025 3020	WANARP - ok
07:50:32.0041 3020	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:32.0072 3020	Wanarpv6 - ok
07:50:32.0181 3020	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
07:50:32.0212 3020	Wd - ok
07:50:32.0291 3020	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:50:32.0306 3020	Wdf01000 - ok
07:50:32.0431 3020	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
07:50:32.0478 3020	WfpLwf - ok
07:50:32.0525 3020	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
07:50:32.0541 3020	WIMMount - ok
07:50:32.0681 3020	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.sys
07:50:32.0712 3020	WinUsb - ok
07:50:32.0775 3020	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
07:50:32.0775 3020	WmiAcpi - ok
07:50:32.0869 3020	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
07:50:32.0931 3020	ws2ifsl - ok
07:50:33.0009 3020	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
07:50:33.0041 3020	WSDPrintDevice - ok
07:50:33.0134 3020	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
07:50:33.0166 3020	WudfPf - ok
07:50:33.0197 3020	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:50:33.0251 3020	WUDFRd - ok
07:50:33.0325 3020	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:50:33.0387 3020	\Device\Harddisk0\DR0 - ok
07:50:33.0434 3020	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
07:50:33.0528 3020	\Device\Harddisk1\DR1 - ok
07:50:33.0543 3020	Boot (0x1200)   (a11cfed18139b59dc341dc9544783ffa) \Device\Harddisk0\DR0\Partition0
07:50:33.0543 3020	\Device\Harddisk0\DR0\Partition0 - ok
07:50:33.0575 3020	Boot (0x1200)   (a53a1d4a951a27cecd5ba0d91bf45654) \Device\Harddisk0\DR0\Partition1
07:50:33.0575 3020	\Device\Harddisk0\DR0\Partition1 - ok
07:50:33.0606 3020	Boot (0x1200)   (89aeecf08a7900763fa0aa26da4de842) \Device\Harddisk0\DR0\Partition2
07:50:33.0606 3020	\Device\Harddisk0\DR0\Partition2 - ok
07:50:33.0637 3020	Boot (0x1200)   (92d6dda1262f58b1afe315b4ac1768b3) \Device\Harddisk1\DR1\Partition0
07:50:33.0653 3020	\Device\Harddisk1\DR1\Partition0 - ok
07:50:33.0653 3020	============================================================
07:50:33.0653 3020	Scan finished
07:50:33.0653 3020	============================================================
07:50:33.0684 5388	Detected object count: 3
07:50:33.0684 5388	Actual detected object count: 3
07:50:56.0209 5388	avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:56.0209 5388	avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:50:56.0225 5388	FireDTV_DVBS2 ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:56.0225 5388	FireDTV_DVBS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:50:56.0225 5388	NinjaUSB ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:56.0225 5388	NinjaUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

Vielen Dank.
Beste Grüße
Heiko

villakarow · 08.02.2012, 07:40

Hallo Arne,

wollte mal nachfragen wie es weitergeht.

Außerdem hatte ich heute wieder einen Blue Screen mit dem Fehlerhinweis
"Bad Pool Header".

Bin ratlos.

Vielen Dank.
Heiko

cosinus · 08.02.2012, 11:36

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

villakarow · 08.02.2012, 18:14

Alles gemacht.

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-08.01 - Heiko 08.02.2012  17:52:19.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.1770 [GMT 1:00]
ausgeführt von:: c:\users\Heiko\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml9C51.tmp
c:\programdata\xml9DB9.tmp
c:\programdata\xml9E56.tmp
c:\users\Heiko\4.0
c:\windows\system32\smtp.ocx
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-08 bis 2012-02-08  ))))))))))))))))))))))))))))))
.
.
2012-02-08 17:06 . 2012-02-08 17:06	--------	d-----w-	c:\users\Heiko\AppData\Local\temp
2012-02-08 17:06 . 2012-02-08 17:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-08 16:52 . 2012-02-08 16:52	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E7B155-99E8-4D41-93EB-4B8CB1736958}\offreg.dll
2012-02-07 20:11 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E7B155-99E8-4D41-93EB-4B8CB1736958}\mpengine.dll
2012-02-04 17:18 . 2012-02-04 17:18	--------	d-----w-	c:\program files\watchmi
2012-02-04 17:18 . 2012-02-04 17:18	--------	d-----w-	c:\programdata\TvdPersonal
2012-01-31 09:19 . 2012-01-31 09:19	--------	d-----w-	C:\_OTL
2012-01-29 11:49 . 2012-01-29 11:53	--------	d-----w-	c:\users\Heiko\AppData\Roaming\gsmartcontrol
2012-01-29 11:34 . 2012-01-29 14:08	--------	d-----w-	c:\program files\TuneUpMedia
2012-01-29 11:33 . 2012-01-29 14:08	--------	d-----w-	c:\programdata\TuneUpMedia
2012-01-29 11:32 . 2012-01-29 11:32	--------	d-----w-	c:\users\Heiko\AppData\Roaming\OpenCandy
2012-01-28 15:37 . 2012-01-28 15:37	--------	d-----w-	c:\program files\ESET
2012-01-28 12:05 . 2012-01-28 12:05	--------	d-----w-	c:\users\Heiko\AppData\Roaming\Malwarebytes
2012-01-28 12:05 . 2012-01-28 12:05	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-28 12:05 . 2012-01-28 12:05	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-28 12:05 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-19 22:35 . 2012-01-19 22:35	--------	d-----w-	c:\program files\iPod
2012-01-19 22:35 . 2012-01-29 11:34	--------	d-----w-	c:\program files\iTunes
2012-01-16 13:31 . 2012-01-16 13:31	--------	d-----w-	c:\program files\SonicWALL
2012-01-15 18:40 . 2012-01-16 13:42	--------	d-----w-	c:\program files\ProgDVB
2012-01-15 17:14 . 2012-01-15 17:14	--------	d-----w-	c:\programdata\HP Product Assistant
2012-01-15 17:11 . 2012-01-15 17:11	--------	d-----w-	c:\program files\Common Files\HP
2012-01-15 17:09 . 2009-10-16 05:55	271704	----a-w-	c:\windows\system32\hpzids01.dll
2012-01-15 16:18 . 2011-11-17 05:41	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-01-15 16:18 . 2011-11-17 05:34	224768	----a-w-	c:\windows\system32\schannel.dll
2012-01-15 16:18 . 2011-11-17 05:41	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-15 16:18 . 2011-11-17 05:39	369352	----a-w-	c:\windows\system32\drivers\cng.sys
2012-01-15 16:18 . 2011-11-17 05:35	314880	----a-w-	c:\windows\system32\webio.dll
2012-01-15 16:18 . 2011-11-17 05:32	1038848	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-15 16:18 . 2011-11-17 05:29	22528	----a-w-	c:\windows\system32\lsass.exe
2012-01-15 16:18 . 2011-11-17 05:34	15872	----a-w-	c:\windows\system32\sspisrv.dll
2012-01-15 16:18 . 2011-11-17 05:34	100352	----a-w-	c:\windows\system32\sspicli.dll
2012-01-15 16:18 . 2011-11-17 05:34	22016	----a-w-	c:\windows\system32\secur32.dll
2012-01-14 11:35 . 2012-01-14 11:35	--------	d-----w-	c:\program files\MediaInfo
2012-01-13 21:08 . 2011-11-17 05:38	1288472	----a-w-	c:\windows\system32\ntdll.dll
2012-01-13 21:08 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\system32\quartz.dll
2012-01-13 21:08 . 2011-10-26 04:32	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-01-13 20:58 . 2011-11-19 14:01	67072	----a-w-	c:\windows\system32\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-12-27 11:58	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-19 11:15 . 2010-01-22 23:25	3537752	----a-w-	c:\windows\RXSUnins.exe
2012-01-19 11:15 . 2010-01-22 23:25	3537752	----a-w-	c:\windows\RXCUnins.exe
2012-01-15 23:30 . 2010-05-19 20:38	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-08 17:37 . 2012-01-01 14:45	29480	----a-w-	c:\windows\system32\msxml3a.dll
2012-01-08 17:37 . 2009-12-27 11:37	505128	----a-w-	c:\windows\system32\msvcp71.dll
2012-01-08 17:37 . 2009-12-27 11:37	353576	----a-w-	c:\windows\system32\msvcr71.dll
2012-01-01 14:53 . 2012-01-01 14:51	16384	----a-w-	c:\windows\system32\lgfwunis.exe
2011-12-29 10:49 . 2011-12-29 10:50	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-28 18:01 . 2010-12-14 10:33	41184	----a-w-	c:\windows\avastSS.scr
2011-11-28 18:01 . 2009-12-27 11:37	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-05-28 16:25	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2009-12-27 11:37	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2009-12-27 11:37	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2009-12-27 11:37	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2009-12-27 11:37	55128	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2009-12-27 11:37	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-11-26 15:07 . 2010-05-11 11:05	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-24 04:25 . 2011-12-15 20:31	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-11-21 21:24 . 2011-05-19 21:00	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-01 22:38 . 2011-11-15 22:57	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2012-01-18 2057048]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"CLMLServer"="g:\program files\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"RemoteControl9"="g:\program files\PowerDVD9\PDVD9Serv.exe" [2010-08-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]
"LGODDFU"="g:\program files\fwupdate.exe" [2012-01-01 557056]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-06-22 1103744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
watchmi tray.lnk - c:\windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_STARTUP_F1540F35F9254DF584F2487D88448402.exe [2012-2-4 300928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iTunes.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk
backup=c:\windows\pss\iTunes.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0 HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.0 HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
2009-11-11 14:17	771360	----a-w-	c:\program files\AirPort\APAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 00:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41	49208	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2010-04-22 12:10	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2009-02-25 13:40	218408	------w-	g:\program files\MediaShow4\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-08-06 18:03	155648	----a-w-	c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-02 20:42	198160	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-19 21:16	222504	------w-	g:\program files\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2009-05-19 21:16	222504	------w-	g:\program files\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2008-12-03 21:15	218408	------w-	g:\program files\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2010-06-02 12:54	222504	------w-	g:\program files\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe
.
R2 CLKMSVC10_E1A16B3C;CyberLink Product - 2012/01/08 18:39;g:\program files\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 watchmi;watchmi service;c:\program files\watchmi\TvdService.exe [2012-01-31 70144]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-26 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
R3 NinjaUSB;Freecom Turbo USB 2.0;c:\windows\system32\drivers\NinjaUSB.sys [2010-02-11 24704]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-08-07 12984]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [x]
R4 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;g:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2012-01-26 3665752]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2345848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
S3 FireDTV_DVBS2;DVBS2 Service;c:\windows\system32\DRIVERS\FireDTV_BDA_DVBS2.sys [2009-07-21 35712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2009-10-21 22600]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2011-09-07 59776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_E1A16B3C
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 12:09	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mysap.com\tcs
Trusted Zone: sap-ag.de\*
Trusted Zone: sapbydesign.com\my020656
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVMWlanClient - c:\program files\avmwlanstick\FRITZWLANMini.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-iTunesHelper - d:\itunes\iTunesHelper.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-08  18:11:07
ComboFix-quarantined-files.txt  2012-02-08 17:11
.
Vor Suchlauf: 14 Verzeichnis(se), 64.999.129.088 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 64.950.505.472 Bytes frei
.
- - End Of File - - 03D14EFE6662AC7F5C0E23A6E1455622

Vielen Dank
Heiko

cosinus · 09.02.2012, 11:31

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

29.01.2012, 18:53	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Blue Screen beim Anmelden oder auch während der Nutzung des PC's Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

Blue Screen beim Anmelden oder auch während der Nutzung des PC's

Log-Analyse und Auswertung: Blue Screen beim Anmelden oder auch während der Nutzung des PC's