Gema Trojaner & Windows Security Center Trojaner

mobo6new · 15.03.2012, 00:54

Halloan alle,
ich habe diese 2 blöden Trojaner auf meinem Computer.
Habe den Computer im Abgesicherten Modus gestartet,sogar da geht der Gema Trojaner auf läßt sich aber über den Task-Manager schließen.
Habe schon ein wenig hier im Forum gelesen und mir Malwarebytes runtergeladen und laufen lassen.Ich kenne mich nicht mit den ganzen Programmier Sachen aus und wäre dankbar wenn mir bitte jemand helfen könnte meinen Pc wieder in gang zu bringen.Was soll ich nun tun

mfg mobo6new

cosinus · 16.03.2012, 17:49

Zitat:

Habe schon ein wenig hier im Forum gelesen und mir Malwarebytes runtergeladen und laufen lassen.

Log davon posten, alle. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

mobo6new · 17.03.2012, 10:50

Ist das Richtig?

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.14.07

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.18702
Mone :: PUPPSIE [Administrator]

Schutz: Deaktiviert

15.03.2012 00:37:24
mbam-log-2012-03-15 (00-37-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 307144
Laufzeit: 2 Stunde(n), 19 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.RansomP.Gen) -> Daten: C:\DOKUME~1\Mone\LOKALE~1\Temp\mor.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Temp\mor.exe (Trojan.RansomP.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Anscheinend sind die Trojaner weg der Computer läuft wieder normal!
Grüße

cosinus · 17.03.2012, 15:06

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

mobo6new · 17.03.2012, 21:19

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.17.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mone :: PUPPSIE [Administrator]

Schutz: Aktiviert

17.03.2012 20:22:31
mbam-log-2012-03-17 (20-22-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214030
Laufzeit: 36 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,) Gut: (userinit.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\WINDOWS\system32\xmldm (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\WINDOWS\system32\loaupdt.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\AcroIEHelpe.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

mehr hab ich nicht.
Danke für die schnelle reaktion

cosinus · 19.03.2012, 15:46

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

mobo6new · 20.03.2012, 11:34

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ff5e106faaf488409abf6436da345433
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-20 01:08:08
# local_time=2012-03-20 02:08:08 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 14731 14731 0 0
# compatibility_mode=8192 67108863 100 0 4529 4529 0 0
# scanned=179896
# found=5
# cleaned=0
# scan_time=16541
C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54\1e297eb6-6a447853	Java/Exploit.Blacole.AN trojan (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\Cache(2)\0EF082BDd01	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\WINDOWS\system32\10017\components\AcroFF.dll	probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)	00000000000000000000000000000000	I
H:\Sicherung festplatte alterPC\Mone\Anwendungsdaten\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
J:\$RECYCLE.BIN\S-1-5-21-3261699862-2530787969-3527148967-1001\$RJ3RHPM\Office 2010 x64 GER.iso	Win32/HackKMS.A application (unable to clean)	00000000000000000000000000000000

Habe alles erledigt,was ist der nächste schritt?
Bin wirklich dankbar für die hilfe.
Grüße

cosinus · 20.03.2012, 16:30

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

mobo6new · 21.03.2012, 09:05

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.03.2012 00:50:28 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\Mone\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,20% Memory free
3,84 Gb Paging File | 3,17 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 37,02 Gb Free Space | 49,68% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 104,68 Gb Free Space | 70,23% Space Free | Partition Type: NTFS
Drive G: | 7,38 Gb Total Space | 5,91 Gb Free Space | 80,10% Space Free | Partition Type: FAT32
Drive H: | 465,75 Gb Total Space | 83,10 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Drive J: | 1397,26 Gb Total Space | 155,19 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
 
Computer Name: PUPPSIE | User Name: Mone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.20 20:41:23 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mone\Desktop\OTL.exe
PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.05.07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010.05.07 17:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.31 08:56:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.05.07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 17:36:20 | 000,921,944 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010.05.07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.05.07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\MpEngineStore\MpKsl1f947b4b.sys -- (MpKsl1f947b4b)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aybzhhsl)
DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.10.29 23:09:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010.07.27 09:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010.07.27 09:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2010.07.27 09:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.07.27 09:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.05.07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.04.28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010.04.06 17:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.29 12:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.04.06 08:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009.04.06 08:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.03.25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2007.04.24 10:33:46 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.24 10:33:46 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex)
DRV - [2007.04.24 10:33:44 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007.04.24 10:33:42 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007.04.24 10:33:34 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007.04.23 14:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.23 14:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007.04.23 14:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007.04.23 14:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007.04.23 14:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\URLSearchHook: {6778613D-616B-4A6C-9856-65DE943CF424} - No CLSID value found
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{4ED572E1-A188-4C35-A43F-C24B08E847BC}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.payback.de/pb/id/105532/?s_ixcid=11_300_102#"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.7
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.9
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.3
FF - prefs.js..extensions.enabledItems: {38fc2fbc-9500-46e7-8bc5-b128acd9e143}:1.5.0
FF - prefs.js..extensions.enabledItems: {31ea9703-204e-4307-8815-e9a3e087b91a}:1.4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ebD9e131-818f-4298-bb90-5acac9e21ab8}:3.0.3
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.2.4
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.8
FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.4
FF - prefs.js..keyword.URL: "hxxp://rs.mediapimp.com/s/?src=addrbar&browser=ff&category=web&partner_id=229&toolbar_id=3&toolbar_version=8.0&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.14 13:29:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 23:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012.03.17 09:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.18 10:27:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.12 15:23:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012.03.17 09:33:35 | 000,000,000 | ---D | M]
 
[2010.04.21 11:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Extensions
[2012.03.20 20:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions
[2011.12.09 17:34:34 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.03.16 08:52:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.06.01 10:36:51 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2010.05.29 22:23:17 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}(2)
[2012.03.04 18:35:37 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.10.25 23:50:33 | 000,000,000 | ---D | M] (eBay Worldwide) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{ebD9e131-818f-4298-bb90-5acac9e21ab8}
[2010.05.29 15:39:14 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}(2)
[2011.12.11 00:38:58 | 000,000,000 | ---D | M] (Myibidder (Myibay) Bid Sniper for eBay) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\firefox1@myibay.com
[2011.04.14 14:44:16 | 000,000,000 | ---D | M] (Personas) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\personas@christopher.beard
[2012.01.13 09:58:56 | 000,001,666 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\searchplugins\mp3-downloads.xml
[2010.06.07 22:30:32 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\searchplugins\youtube-videosuche.xml
[2012.01.13 21:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.29 22:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{31EA9703-204E-4307-8815-E9A3E087B91A}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{38FC2FBC-9500-46E7-8BC5-B128ACD9E143}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{BA2430E0-5B72-4CAC-BC9E-7D1AACA75D3D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\DEVELOPMENT@BIDBAG.DE.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2011.12.16 23:23:27 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010.06.06 22:20:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.05.29 22:18:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.17 09:33:35 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\10017
[2012.03.18 10:27:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.15 15:11:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.15 15:11:43 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.15 15:11:43 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 15:11:43 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 15:11:43 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 15:11:43 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DelReg] C:\Programme\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide File not found
O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271845369968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54413FD6-6A38-41A8-A065-532A8E2DEA4B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-527237240-1580818891-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.21 11:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.12.14 10:59:44 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2009.04.27 10:19:02 | 000,000,274 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell - "" = AutoRun
O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta
O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell - "" = AutoRun
O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 20:41:21 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mone\Desktop\OTL.exe
[2012.03.19 21:16:58 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.03.19 18:35:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Avira
[2012.03.19 18:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.03.19 18:27:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.03.19 18:27:35 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.03.19 18:27:35 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.03.19 18:27:35 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.03.19 18:26:56 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.03.19 18:26:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.03.17 10:04:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012.03.17 09:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10017
[2012.03.17 09:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2012.03.15 00:04:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Malwarebytes
[2012.03.15 00:04:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.15 00:04:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.15 00:04:16 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.15 00:04:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.08 02:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva
[2012.03.08 02:19:09 | 000,000,000 | ---D | C] -- C:\Programme\Recuva
[2012.03.05 22:36:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema
[2012.03.05 22:36:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2012.03.02 23:15:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\FormatFactory
[2012.02.29 16:42:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Startmenü\Programme\PhotoZoom Pro 4
[2012.02.29 16:42:25 | 000,000,000 | ---D | C] -- C:\Programme\PhotoZoom Pro 4
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.21 01:46:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.21 00:48:38 | 000,183,789 | -H-- | M] () -- C:\treeinfo.wc
[2012.03.20 20:41:23 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mone\Desktop\OTL.exe
[2012.03.20 02:46:01 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.19 21:15:47 | 002,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Desktop\esetsmartinstaller_enu.exe
[2012.03.19 18:29:01 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.03.19 17:58:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.19 17:56:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.18 23:08:06 | 087,227,952 | ---- | M] () -- C:\avira_free_antivirus_de1200898.exe
[2012.03.18 23:05:01 | 012,038,144 | ---- | M] () -- C:\Ad-Aware_9.6_Install.exe
[2012.03.18 08:32:19 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.17 19:14:04 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat
[2012.03.17 19:11:04 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012.03.15 18:54:38 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2012.03.15 10:32:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.15 00:31:16 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.14 22:06:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.03.14 16:05:59 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.14 16:05:59 | 000,450,642 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.14 16:05:59 | 000,099,896 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.14 16:05:59 | 000,075,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.09 21:51:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012.03.09 21:51:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012.03.08 02:19:14 | 000,001,476 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Recuva.lnk
[2012.03.08 02:14:17 | 000,044,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.05 20:33:23 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2012.03.02 23:22:20 | 000,002,469 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Desktop\Pop Art Studio 6.0.lnk
[2012.02.29 16:42:49 | 000,004,440 | ---- | M] () -- C:\WINDOWS\jcqfhzm24.ini
[2012.02.29 16:42:39 | 000,000,740 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Desktop\PhotoZoom Pro 4.lnk
[2012.02.28 11:53:46 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.02.21 08:43:16 | 002,837,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012625.JPG
[2012.02.21 08:42:44 | 002,846,268 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012624.JPG
[2012.02.21 08:42:34 | 003,329,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012623.JPG
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.19 21:15:45 | 002,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Desktop\esetsmartinstaller_enu.exe
[2012.03.19 18:29:01 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.03.18 23:07:14 | 087,227,952 | ---- | C] () -- C:\avira_free_antivirus_de1200898.exe
[2012.03.18 23:05:01 | 012,038,144 | ---- | C] () -- C:\Ad-Aware_9.6_Install.exe
[2012.03.17 19:14:04 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2012.03.17 09:33:17 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012.03.15 18:54:21 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
[2012.03.15 00:04:25 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.08 02:19:14 | 000,001,476 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Recuva.lnk
[2012.02.29 16:42:49 | 000,004,440 | ---- | C] () -- C:\WINDOWS\jcqfhzm24.ini
[2012.02.29 16:42:38 | 000,000,740 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Desktop\PhotoZoom Pro 4.lnk
[2012.02.21 09:52:42 | 002,846,268 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012624.JPG
[2012.02.21 09:52:41 | 003,329,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012623.JPG
[2012.02.21 09:52:41 | 002,837,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012625.JPG
[2012.02.15 11:38:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.04.14 13:14:24 | 000,197,308 | ---- | C] () -- C:\WINDOWS\hpwins27.dat
[2011.04.14 13:14:24 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat
[2011.03.29 22:37:22 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2011.02.24 20:43:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2010.12.09 14:58:06 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2010.11.14 13:06:13 | 000,044,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.15 12:30:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.10.15 12:30:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.10.15 12:29:50 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.10.15 12:29:50 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.07.27 09:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010.07.27 09:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010.07.27 09:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010.05.18 21:32:58 | 000,000,117 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010.05.14 01:02:06 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.05.07 17:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010.05.07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010.05.06 21:14:07 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010.05.03 12:58:42 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.04.27 20:55:19 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.24 11:43:03 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.04.23 19:00:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.04.22 12:25:45 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010.04.22 11:14:16 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.04.21 11:57:33 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2010.04.21 11:54:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.04.21 11:53:04 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.21 11:29:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.21 11:21:43 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010.04.21 11:17:31 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.04.21 11:05:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.04.21 11:00:20 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2010.11.28 20:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astroburn Lite
[2011.04.14 14:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2010.10.13 22:24:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2011.10.11 09:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2010.10.29 23:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.03.15 00:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2010.05.29 22:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2010.07.14 10:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2011.06.22 20:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.11.17 12:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Age of Japan II
[2010.11.28 20:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Astroburn Lite
[2010.10.14 21:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Azureus
[2010.11.02 23:47:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DAEMON Tools Lite
[2011.12.17 10:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DDMSettings
[2012.01.13 11:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoft
[2012.01.13 11:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.07.01 22:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Free MP3 WMA Cutter
[2011.06.20 08:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\FreeFLVConverter
[2012.03.15 00:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema
[2012.01.13 22:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\GHISLER
[2011.12.04 23:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gtk-2.0
[2010.04.24 11:44:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Leadertech
[2012.02.29 22:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\MyPhoneExplorer
[2010.06.11 16:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH
[2010.05.29 22:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\QuickStoresToolbar
[2010.07.14 11:18:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony
[2010.07.14 11:12:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony Setup
[2010.07.14 10:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Teleca
[2010.05.31 11:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Uniblue
[2010.08.09 12:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Windows Desktop Search
[2010.08.20 11:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.29 09:45:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Adobe
[2010.04.22 12:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\AdobeUM
[2010.11.17 12:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Age of Japan II
[2010.10.10 23:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Ahead
[2010.12.31 17:16:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Apple Computer
[2010.11.28 20:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Astroburn Lite
[2012.03.19 18:35:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Avira
[2010.10.14 21:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Azureus
[2010.11.02 23:47:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DAEMON Tools Lite
[2011.12.17 10:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DDMSettings
[2010.04.21 20:02:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DivX
[2012.02.21 22:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\dvdcss
[2012.01.13 11:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoft
[2012.01.13 11:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.07.01 22:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Free MP3 WMA Cutter
[2011.06.20 08:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\FreeFLVConverter
[2012.03.15 00:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema
[2012.01.13 22:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\GHISLER
[2011.07.17 23:26:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Google
[2011.12.04 23:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gtk-2.0
[2010.04.22 10:48:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Help
[2011.04.14 15:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\HP
[2012.03.12 18:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\HPAppData
[2011.09.14 16:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\HpUpdate
[2010.04.21 11:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Identities
[2010.04.24 11:44:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Leadertech
[2010.04.21 12:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Macromedia
[2012.03.15 00:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Malwarebytes
[2012.01.26 19:22:21 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft
[2010.04.21 11:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla
[2012.02.29 22:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\MyPhoneExplorer
[2010.06.11 16:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH
[2010.05.29 22:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\QuickStoresToolbar
[2012.03.13 09:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Skype
[2011.08.26 07:04:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\skypePM
[2010.07.14 11:18:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony
[2010.07.14 10:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony Ericsson
[2010.07.14 11:12:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony Setup
[2010.06.06 22:19:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sun
[2010.07.14 10:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Teleca
[2010.07.09 11:20:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\U3
[2010.05.31 11:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Uniblue
[2012.02.21 22:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\vlc
[2010.08.09 12:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Windows Desktop Search
[2010.08.20 11:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Windows Search
[2010.04.22 11:24:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.14 20:58:55 | 009,038,776 | ---- | M] (Vuze Inc.) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Azureus\tmp\AZU3514820647951625853.tmp\Vuze_4.5.1.0a_win32.exe
[2010.10.19 10:14:31 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.09.07 20:48:25 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.11.10 21:33:26 | 000,013,094 | R--- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{FA0980C9-F697-41EF-A279-DCDD7133C688}\_58925C2FF4B65C0526B8E1.exe
[2011.11.10 21:33:26 | 000,013,094 | R--- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{FA0980C9-F697-41EF-A279-DCDD7133C688}\_6FEFF9B68218417F98F549.exe
[2011.11.10 21:33:26 | 000,013,094 | R--- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{FA0980C9-F697-41EF-A279-DCDD7133C688}\_D3EFA49C5227650FA0722B.exe
[2012.03.20 20:41:12 | 000,158,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\FlashGot.exe
[2010.11.17 19:04:13 | 012,500,632 | ---- | M] (                                                            ) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH\phonostar-Player\update.exe
[1 C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH\phonostar-Player\*.tmp files -> C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH\phonostar-Player\*.tmp -> ]
[2010.05.06 21:43:19 | 000,704,248 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\QuickStoresToolbar\unins000.exe
[2010.03.03 14:00:50 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\QuickStoresToolbar\Update.exe
[2010.07.14 11:13:12 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
[2012.03.18 23:05:01 | 012,038,144 | ---- | M] () -- C:\Ad-Aware_9.6_Install.exe
[2012.01.12 10:00:04 | 000,883,840 | ---- | M] () -- C:\Avira-DE-Cleaner.exe
[2012.03.18 23:08:06 | 087,227,952 | ---- | M] () -- C:\avira_free_antivirus_de1200898.exe
[2012.01.13 11:01:17 | 066,566,416 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\FreeStudio.exe
[2012.01.13 10:57:53 | 019,850,888 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\FreeVideoToMP3Converter504.exe
[2012.01.05 10:38:33 | 004,629,040 | ---- | M] () -- C:\MyPhoneExplorer_Setup_1.8.2-uni.exe
[2001.05.24 11:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
< MD5 for: AGP440.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.10.29 23:09:58 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2010.04.21 12:52:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.04.21 12:52:18 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.04.21 12:52:18 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 21.03.2012 00:50:28 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\Mone\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,20% Memory free
3,84 Gb Paging File | 3,17 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 37,02 Gb Free Space | 49,68% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 104,68 Gb Free Space | 70,23% Space Free | Partition Type: NTFS
Drive G: | 7,38 Gb Total Space | 5,91 Gb Free Space | 80,10% Space Free | Partition Type: FAT32
Drive H: | 465,75 Gb Total Space | 83,10 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Drive J: | 1397,26 Gb Total Space | 155,19 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
 
Computer Name: PUPPSIE | User Name: Mone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0980C9-F697-41EF-A279-DCDD7133C688}" = Pop Art Studio 6.0
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Astroburn Lite" = Astroburn Lite
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"DualCoreCenter_is1" = DualCoreCenter
"FormatFactory" = FormatFactory 2.70
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 2.0
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"Free MP3 WMA Cutter_is1" = Free MP3 WMA Cutter 3.7.2.5
"Free Studio_is1" = Free Studio version 5.3.3
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.4.1228
"Free Video to Sony Phones Converter_is1" = Free Video to Sony Phones Converter version 5.0.2.1125
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Full)
"Liveupdate4_is1" = Liveupdate4
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Nero BurnRights!UninstallKey" = Nero BurnRights (Ahead Software)
"NMPUninstallKey" = Ahead NeroMediaPlayer
"Picasa 3" = Picasa 3
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Recuva" = Recuva
"SCREEN2EXE_is1" = SCREEN2EXE 3.2 (build:2498)
"Shop for HP Supplies" = Shop for HP Supplies
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.10
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoZoom Pro 4" = BenVista PhotoZoom Pro 4.1.2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2012 14:37:37 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.61, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.03.2012 14:42:57 | Computer Name = PUPPSIE | Source = Windows Search Service | ID = 3013
Description = Eintrag <MAPI://{S-1-5-21-527237240-1580818891-839522115-1003}/PERSÖNLICHE
 ORDNER($10CDF5DA)/X/POSTEINGANG/????????????????????????> in der Hash-Zuordnung
 kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:
	Ein
 an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 16.03.2012 04:42:33 | Computer Name = PUPPSIE | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MONE\RECENT\STAFFEL 6.LNK>
 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex
 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

 
Error - 16.03.2012 04:42:33 | Computer Name = PUPPSIE | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MONE\RECENT\STAFFEL 6.LNK>
 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex
 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

 
Error - 17.03.2012 18:23:44 | Computer Name = PUPPSIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 0.9541032774843773h7i.exe, Version 5.0.2134.1,
 fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x008c9538.
 
Error - 17.03.2012 20:10:36 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung 24960-OTL.exe, Version 3.2.36.3, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.03.2012 21:02:02 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung 24960-OTL.exe, Version 3.2.36.3, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.03.2012 21:02:02 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung 24960-OTL.exe, Version 3.2.36.3, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 18.03.2012 18:23:53 | Computer Name = PUPPSIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung divx plus player.exe, Version 10.3.2.6, 
fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x04f35693.
 
Error - 20.03.2012 15:44:48 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.39.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 15.03.2012 05:46:46 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
 Update-Dienst (gupdate).
 
Error - 15.03.2012 05:46:46 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 15.03.2012 06:26:40 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 15.03.2012 06:26:40 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 17.03.2012 18:34:28 | Computer Name = PUPPSIE | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 17.03.2012 18:35:09 | Computer Name = PUPPSIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 17.03.2012 18:35:14 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avgio  avipbb  Fips  intelppm  sptd  ssmdrv
 
Error - 17.03.2012 19:00:03 | Computer Name = PUPPSIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 19.03.2012 12:58:22 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 19.03.2012 12:58:22 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >

--- --- ---

cosinus · 21.03.2012, 15:42

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\URLSearchHook: {6778613D-616B-4A6C-9856-65DE943CF424} - No CLSID value found
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{4ED572E1-A188-4C35-A43F-C24B08E847BC}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://rs.mediapimp.com/s/?src=addrbar&browser=ff&category=web&partner_id=229&toolbar_id=3&toolbar_version=8.0&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2011.12.16 23:23:27 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010.05.29 22:18:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DelReg] C:\Programme\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.21 11:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.12.14 10:59:44 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2009.04.27 10:19:02 | 000,000,274 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell - "" = AutoRun
O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta
O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell - "" = AutoRun
O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta
[2012.03.17 10:04:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012.03.17 09:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10017
[2012.03.17 09:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2012.03.05 22:36:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema
[2012.03.05 22:36:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mobo6new · 25.03.2012, 23:34

hallo habe alles so gemacht wie du geschrieben hast.
Das OTL mit kopiert und "FIX" gedrückt aber dann hat otl nur gesagt "wait untill killing" der Pc hat sich dann aufgehängt.Habe ihn dann neu gestartet alle programme im hintergtund geschlossen aber es passierte das selbe wieder.Habe ich doch was falsch gemacht?
mfg

cosinus · 26.03.2012, 15:02

Wiederhol den Fix im abgesicherten Modus bitte

mobo6new · 26.03.2012, 17:04

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6778613D-616B-4A6C-9856-65DE943CF424} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6778613D-616B-4A6C-9856-65DE943CF424}\ not found.
HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{4ED572E1-A188-4C35-A43F-C24B08E847BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED572E1-A188-4C35-A43F-C24B08E847BC}\ not found.
Registry key HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Prefs.js: "Bing" removed from browser.search.defaultenginename
Prefs.js: "Bigpoint Games DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://rs.mediapimp.com/s/?src=addrbar&browser=ff&category=web&partner_id=229&toolbar_id=3&toolbar_version=8.0&q=" removed from keyword.URL
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
C:\Programme\DivX\DivX OVS Helper\npovshelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll moved successfully.
C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content\images folder moved successfully.
C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content folder moved successfully.
C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome folder moved successfully.
C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
File move failed. C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DelReg deleted successfully.
C:\Programme\MSI\DualCoreCenter\DelReg.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Lexmark X1100 Series deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogitechQuickCamRibbon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File  not found.
File G:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta not found.
C:\WINDOWS\System32\UAs folder moved successfully.
C:\WINDOWS\System32\10017\components folder moved successfully.
C:\WINDOWS\System32\10017 folder moved successfully.
C:\WINDOWS\System32\kock folder moved successfully.
C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3411269 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2766215 bytes
->Flash cache emptied: 321 bytes
 
User: Martin
 
User: Mone
->Temp folder emptied: 112017665774 bytes
->Temporary Internet Files folder emptied: 371388926 bytes
->Java cache emptied: 3983545 bytes
->FireFox cache emptied: 835660862 bytes
->Google Chrome cache emptied: 7709709 bytes
->Flash cache emptied: 92691316 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2502606 bytes
->Flash cache emptied: 2788 bytes
 
User: tayler
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2188044 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9797882 bytes
RecycleBin emptied: 4897663981 bytes
 
Total Files Cleaned = 112.770,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.1 log created on 03262012_173351

Files\Folders moved on Reboot...
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll moved successfully.
File\Folder C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Temp\plugtmp-68\plugin-xml;sz=10x1;deliver=clipkit;pos=1;vpos=1;zz=10x1;u=pos=1,vpos=1,tile=2,zz=10x1,upc=EMI_5099973095651,r1=1,r3=1,d1=2,d15=0,v1=0,v2=0,d4=3,d8=2,d9=3,d10=1,d12=4,i2=4,i3=4,i12=4,i13=4,i21=3,i26=3,i28=4,i4 not found!
File\Folder C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Temp\plugtmp-68\plugin-xml;sz=10x1;pos=1;vpos=1;zz=10x1;player=MTV;vtype=1;u=pos=1,vpos=1,tile=2,zz=10x1,upc=EMI_5099973095651,r1=1,r3=1,d1=2,d15=0,v1=0,v2=0,d4=3,d8=2,d9=3,d10=1,d12=4,i2=4,i3=4,i12=4,i13=4,i21=3,i26=3,i28=4 not found!

Registry entries deleted on Reboot...

Danke diesmal hat s gklappt!
Vielen vielen dank für sie schnelle hilfe!
mfg simone

cosinus · 26.03.2012, 18:33

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

mobo6new · 27.03.2012, 10:42

Code:

ATTFilter

 11:29:32.0437 3308	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:29:32.0500 3308	============================================================
11:29:32.0500 3308	Current date / time: 2012/03/27 11:29:32.0500
11:29:32.0500 3308	SystemInfo:
11:29:32.0500 3308	
11:29:32.0500 3308	OS Version: 5.1.2600 ServicePack: 3.0
11:29:32.0500 3308	Product type: Workstation
11:29:32.0500 3308	ComputerName: PUPPSIE
11:29:32.0500 3308	UserName: Mone
11:29:32.0500 3308	Windows directory: C:\WINDOWS
11:29:32.0500 3308	System windows directory: C:\WINDOWS
11:29:32.0500 3308	Processor architecture: Intel x86
11:29:32.0500 3308	Number of processors: 2
11:29:32.0500 3308	Page size: 0x1000
11:29:32.0500 3308	Boot type: Normal boot
11:29:32.0500 3308	============================================================
11:29:35.0171 3308	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:29:35.0171 3308	Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:29:35.0187 3308	Drive \Device\Harddisk2\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:29:35.0203 3308	\Device\Harddisk0\DR0:
11:29:35.0203 3308	MBR used
11:29:35.0203 3308	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
11:29:35.0203 3308	\Device\Harddisk1\DR2:
11:29:35.0203 3308	MBR used
11:29:35.0203 3308	\Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41
11:29:35.0203 3308	\Device\Harddisk2\DR3:
11:29:35.0203 3308	MBR used
11:29:35.0203 3308	\Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
11:29:35.0828 3308	Initialize success
11:29:35.0828 3308	============================================================
11:29:37.0687 3368	============================================================
11:29:37.0687 3368	Scan started
11:29:37.0687 3368	Mode: Manual; 
11:29:37.0687 3368	============================================================
11:29:39.0328 3368	Abiosdsk - ok
11:29:39.0859 3368	abp480n5 - ok
11:29:40.0468 3368	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:29:40.0484 3368	ACPI - ok
11:29:40.0890 3368	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:29:40.0890 3368	ACPIEC - ok
11:29:41.0265 3368	adpu160m - ok
11:29:41.0718 3368	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:29:41.0781 3368	aec - ok
11:29:42.0234 3368	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:29:42.0296 3368	AFD - ok
11:29:42.0687 3368	Aha154x - ok
11:29:43.0078 3368	aic78u2 - ok
11:29:43.0453 3368	aic78xx - ok
11:29:43.0812 3368	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
11:29:43.0828 3368	Alerter - ok
11:29:44.0203 3368	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
11:29:44.0203 3368	ALG - ok
11:29:44.0593 3368	AliIde - ok
11:29:45.0703 3368	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:29:46.0437 3368	Ambfilt - ok
11:29:46.0875 3368	amsint - ok
11:29:47.0046 3368	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
11:29:47.0046 3368	AntiVirSchedulerService - ok
11:29:47.0218 3368	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:29:47.0234 3368	AntiVirService - ok
11:29:47.0359 3368	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:29:47.0375 3368	Apple Mobile Device - ok
11:29:47.0765 3368	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
11:29:47.0843 3368	AppMgmt - ok
11:29:48.0203 3368	asc - ok
11:29:48.0562 3368	asc3350p - ok
11:29:48.0921 3368	asc3550 - ok
11:29:49.0171 3368	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:29:49.0250 3368	aspnet_state - ok
11:29:49.0656 3368	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:29:49.0671 3368	AsyncMac - ok
11:29:50.0093 3368	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:29:50.0093 3368	atapi - ok
11:29:50.0468 3368	Atdisk - ok
11:29:50.0906 3368	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:29:50.0937 3368	Atmarpc - ok
11:29:51.0703 3368	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
11:29:51.0703 3368	AudioSrv - ok
11:29:52.0312 3368	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:29:52.0312 3368	audstub - ok
11:29:52.0765 3368	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:29:52.0765 3368	avgntflt - ok
11:29:53.0218 3368	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:29:53.0218 3368	avipbb - ok
11:29:53.0640 3368	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:29:53.0640 3368	avkmgr - ok
11:29:54.0062 3368	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:29:54.0062 3368	Beep - ok
11:29:54.0578 3368	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
11:29:54.0906 3368	BITS - ok
11:29:55.0187 3368	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
11:29:55.0203 3368	Bonjour Service - ok
11:29:55.0625 3368	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
11:29:55.0640 3368	Browser - ok
11:29:56.0078 3368	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:29:56.0078 3368	cbidf2k - ok
11:29:56.0515 3368	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:29:56.0515 3368	CCDECODE - ok
11:29:56.0921 3368	cd20xrnt - ok
11:29:57.0343 3368	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:29:57.0359 3368	Cdaudio - ok
11:29:57.0812 3368	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:29:57.0843 3368	Cdfs - ok
11:29:58.0265 3368	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:29:58.0296 3368	Cdrom - ok
11:29:58.0687 3368	Changer - ok
11:29:59.0062 3368	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
11:29:59.0062 3368	CiSvc - ok
11:29:59.0468 3368	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
11:29:59.0484 3368	ClipSrv - ok
11:29:59.0765 3368	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:29:59.0875 3368	clr_optimization_v2.0.50727_32 - ok
11:30:00.0250 3368	CmdIde - ok
11:30:00.0593 3368	COMSysApp - ok
11:30:01.0000 3368	Cpqarray - ok
11:30:01.0390 3368	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
11:30:01.0390 3368	CryptSvc - ok
11:30:01.0765 3368	dac2w2k - ok
11:30:02.0125 3368	dac960nt - ok
11:30:02.0734 3368	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:30:02.0750 3368	DcomLaunch - ok
11:30:03.0234 3368	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
11:30:03.0234 3368	Dhcp - ok
11:30:03.0671 3368	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:30:03.0687 3368	Disk - ok
11:30:04.0031 3368	dmadmin - ok
11:30:04.0765 3368	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:30:05.0093 3368	dmboot - ok
11:30:05.0593 3368	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:30:05.0656 3368	dmio - ok
11:30:06.0093 3368	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:30:06.0109 3368	dmload - ok
11:30:06.0484 3368	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
11:30:06.0484 3368	dmserver - ok
11:30:06.0921 3368	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:30:06.0937 3368	DMusic - ok
11:30:07.0343 3368	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
11:30:07.0343 3368	Dnscache - ok
11:30:07.0750 3368	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
11:30:07.0812 3368	Dot3svc - ok
11:30:08.0218 3368	dpti2o - ok
11:30:08.0640 3368	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:30:08.0640 3368	drmkaud - ok
11:30:09.0046 3368	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
11:30:09.0062 3368	EapHost - ok
11:30:09.0453 3368	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
11:30:09.0453 3368	ERSvc - ok
11:30:09.0890 3368	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:30:09.0906 3368	Eventlog - ok
11:30:10.0375 3368	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
11:30:10.0406 3368	EventSystem - ok
11:30:11.0000 3368	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:30:11.0078 3368	Fastfat - ok
11:30:11.0500 3368	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:30:11.0500 3368	FastUserSwitchingCompatibility - ok
11:30:11.0921 3368	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:30:11.0937 3368	Fdc - ok
11:30:12.0390 3368	FilterService   (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
11:30:12.0390 3368	FilterService - ok
11:30:12.0828 3368	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:30:12.0828 3368	Fips - ok
11:30:13.0234 3368	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:30:13.0250 3368	Flpydisk - ok
11:30:13.0718 3368	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:30:13.0781 3368	FltMgr - ok
11:30:14.0062 3368	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:30:14.0109 3368	FontCache3.0.0.0 - ok
11:30:14.0546 3368	fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
11:30:14.0546 3368	fssfltr - ok
11:30:15.0000 3368	fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe
11:30:15.0281 3368	fsssvc - ok
11:30:15.0718 3368	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:30:15.0718 3368	Fs_Rec - ok
11:30:16.0218 3368	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:30:16.0265 3368	Ftdisk - ok
11:30:16.0687 3368	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:30:16.0687 3368	GEARAspiWDM - ok
11:30:17.0093 3368	ggflt           (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
11:30:17.0109 3368	ggflt - ok
11:30:17.0562 3368	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
11:30:17.0578 3368	ggsemc - ok
11:30:18.0000 3368	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:30:18.0015 3368	Gpc - ok
11:30:18.0187 3368	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
11:30:18.0187 3368	gupdate - ok
11:30:18.0281 3368	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
11:30:18.0281 3368	gupdatem - ok
11:30:18.0421 3368	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
11:30:18.0484 3368	gusvc - ok
11:30:18.0968 3368	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:30:18.0968 3368	HDAudBus - ok
11:30:19.0171 3368	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:30:19.0171 3368	helpsvc - ok
11:30:19.0625 3368	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
11:30:19.0625 3368	HidServ - ok
11:30:20.0046 3368	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:30:20.0046 3368	hidusb - ok
11:30:20.0468 3368	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
11:30:20.0500 3368	hkmsvc - ok
11:30:20.0906 3368	hpn - ok
11:30:21.0156 3368	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
11:30:21.0156 3368	hpqcxs08 - ok
11:30:21.0359 3368	hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
11:30:21.0359 3368	hpqddsvc - ok
11:30:21.0812 3368	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:30:21.0828 3368	HPZid412 - ok
11:30:22.0234 3368	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:30:22.0250 3368	HPZipr12 - ok
11:30:22.0703 3368	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:30:22.0718 3368	HPZius12 - ok
11:30:23.0250 3368	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:30:23.0250 3368	HTTP - ok
11:30:23.0640 3368	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
11:30:23.0656 3368	HTTPFilter - ok
11:30:24.0031 3368	i2omgmt - ok
11:30:24.0421 3368	i2omp - ok
11:30:24.0843 3368	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:30:24.0875 3368	i8042prt - ok
11:30:27.0750 3368	ialm            (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:30:30.0156 3368	ialm - ok
11:30:30.0765 3368	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:30:31.0156 3368	idsvc - ok
11:30:31.0640 3368	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:30:31.0656 3368	Imapi - ok
11:30:32.0109 3368	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
11:30:32.0109 3368	ImapiService - ok
11:30:32.0500 3368	ini910u - ok
11:30:35.0312 3368	IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:30:35.0359 3368	IntcAzAudAddService - ok
11:30:35.0734 3368	IntelIde - ok
11:30:36.0125 3368	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:30:36.0125 3368	intelppm - ok
11:30:36.0562 3368	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:30:36.0578 3368	Ip6Fw - ok
11:30:37.0000 3368	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:30:37.0000 3368	IpFilterDriver - ok
11:30:37.0390 3368	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:30:37.0406 3368	IpInIp - ok
11:30:37.0875 3368	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:30:37.0875 3368	IpNat - ok
11:30:38.0281 3368	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe
11:30:38.0281 3368	iPod Service - ok
11:30:38.0750 3368	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:30:38.0781 3368	IPSec - ok
11:30:39.0218 3368	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:30:39.0218 3368	IRENUM - ok
11:30:39.0671 3368	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:30:39.0687 3368	isapnp - ok
11:30:39.0875 3368	JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
11:30:39.0875 3368	JavaQuickStarterService - ok
11:30:40.0296 3368	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:30:40.0312 3368	Kbdclass - ok
11:30:40.0734 3368	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:30:40.0734 3368	kbdhid - ok
11:30:41.0218 3368	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:30:41.0218 3368	kmixer - ok
11:30:41.0703 3368	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:30:41.0734 3368	KSecDD - ok
11:30:42.0140 3368	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
11:30:42.0140 3368	lanmanserver - ok
11:30:42.0578 3368	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
11:30:42.0578 3368	lanmanworkstation - ok
11:30:42.0953 3368	lbrtfdc - ok
11:30:43.0328 3368	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
11:30:43.0328 3368	LmHosts - ok
11:30:43.0781 3368	lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
11:30:43.0828 3368	lvpopflt - ok
11:30:44.0265 3368	LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
11:30:44.0265 3368	LVPr2Mon - ok
11:30:44.0453 3368	LVPrcSrv        (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
11:30:44.0453 3368	LVPrcSrv - ok
11:30:45.0000 3368	LVRS            (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
11:30:45.0000 3368	LVRS - ok
11:30:48.0218 3368	LVUVC           (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
11:30:48.0281 3368	LVUVC - ok
11:30:48.0703 3368	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:30:48.0703 3368	MBAMProtector - ok
11:30:49.0062 3368	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
11:30:49.0078 3368	MBAMService - ok
11:30:49.0515 3368	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:30:49.0531 3368	MBAMSwissArmy - ok
11:30:49.0750 3368	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
11:30:49.0750 3368	MDM - ok
11:30:50.0156 3368	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
11:30:50.0171 3368	Messenger - ok
11:30:50.0609 3368	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:30:50.0609 3368	mnmdd - ok
11:30:50.0984 3368	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
11:30:51.0000 3368	mnmsrvc - ok
11:30:51.0406 3368	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:30:51.0421 3368	Modem - ok
11:30:52.0609 3368	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:30:53.0187 3368	Monfilt - ok
11:30:53.0625 3368	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:30:53.0625 3368	Mouclass - ok
11:30:54.0046 3368	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:30:54.0046 3368	mouhid - ok
11:30:54.0500 3368	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:30:54.0546 3368	MountMgr - ok
11:30:54.0906 3368	MpKsl1f947b4b - ok
11:30:55.0359 3368	mraid35x - ok
11:30:55.0859 3368	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:30:55.0937 3368	MRxDAV - ok
11:30:56.0562 3368	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:30:56.0765 3368	MRxSmb - ok
11:30:57.0156 3368	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
11:30:57.0156 3368	MSDTC - ok
11:30:57.0609 3368	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:30:57.0625 3368	Msfs - ok
11:30:57.0953 3368	MSIServer - ok
11:30:58.0359 3368	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:30:58.0359 3368	MSKSSRV - ok
11:30:58.0796 3368	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:30:58.0796 3368	MSPCLOCK - ok
11:30:59.0218 3368	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:30:59.0218 3368	MSPQM - ok
11:30:59.0781 3368	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:30:59.0781 3368	mssmbios - ok
11:31:00.0265 3368	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:31:00.0281 3368	MSTEE - ok
11:31:00.0953 3368	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:31:01.0015 3368	Mup - ok
11:31:01.0859 3368	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:31:01.0890 3368	NABTSFEC - ok
11:31:02.0437 3368	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
11:31:02.0671 3368	napagent - ok
11:31:03.0265 3368	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:31:03.0343 3368	NDIS - ok
11:31:03.0906 3368	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:31:03.0937 3368	NdisIP - ok
11:31:04.0687 3368	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:31:04.0703 3368	NdisTapi - ok
11:31:05.0187 3368	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:31:05.0187 3368	Ndisuio - ok
11:31:05.0828 3368	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:31:05.0875 3368	NdisWan - ok
11:31:06.0437 3368	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:31:06.0453 3368	NDProxy - ok
11:31:06.0921 3368	Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
11:31:06.0937 3368	Net Driver HPZ12 - ok
11:31:07.0609 3368	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:31:07.0625 3368	NetBIOS - ok
11:31:08.0109 3368	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:31:08.0171 3368	NetBT - ok
11:31:08.0781 3368	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:31:08.0859 3368	NetDDE - ok
11:31:08.0906 3368	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:31:08.0906 3368	NetDDEdsdm - ok
11:31:09.0296 3368	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:31:09.0296 3368	Netlogon - ok
11:31:09.0796 3368	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
11:31:09.0812 3368	Netman - ok
11:31:10.0187 3368	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:31:10.0312 3368	NetTcpPortSharing - ok
11:31:11.0031 3368	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
11:31:11.0046 3368	Nla - ok
11:31:11.0875 3368	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:31:11.0906 3368	Npfs - ok
11:31:12.0890 3368	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:31:13.0187 3368	Ntfs - ok
11:31:13.0812 3368	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:31:13.0812 3368	NtLmSsp - ok
11:31:14.0359 3368	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
11:31:14.0640 3368	NtmsSvc - ok
11:31:15.0062 3368	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:31:15.0062 3368	Null - ok
11:31:15.0515 3368	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:31:15.0562 3368	NwlnkFlt - ok
11:31:15.0984 3368	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:31:16.0000 3368	NwlnkFwd - ok
11:31:16.0468 3368	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
11:31:16.0500 3368	Parport - ok
11:31:17.0046 3368	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:31:17.0062 3368	PartMgr - ok
11:31:17.0515 3368	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:31:17.0531 3368	ParVdm - ok
11:31:18.0093 3368	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:31:18.0125 3368	PCI - ok
11:31:18.0515 3368	PCIDump - ok
11:31:19.0078 3368	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:31:19.0078 3368	PCIIde - ok
11:31:19.0578 3368	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:31:19.0671 3368	Pcmcia - ok
11:31:20.0046 3368	PDCOMP - ok
11:31:20.0437 3368	PDFRAME - ok
11:31:20.0921 3368	PDRELI - ok
11:31:21.0312 3368	PDRFRAME - ok
11:31:21.0750 3368	perc2 - ok
11:31:22.0125 3368	perc2hib - ok
11:31:22.0937 3368	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:31:22.0937 3368	PlugPlay - ok
11:31:23.0328 3368	Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
11:31:23.0328 3368	Pml Driver HPZ12 - ok
11:31:23.0703 3368	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:31:23.0703 3368	PolicyAgent - ok
11:31:24.0250 3368	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:31:24.0265 3368	PptpMiniport - ok
11:31:24.0718 3368	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:31:24.0718 3368	ProtectedStorage - ok
11:31:25.0296 3368	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:31:25.0328 3368	PSched - ok
11:31:26.0093 3368	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:31:26.0109 3368	Ptilink - ok
11:31:26.0546 3368	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:31:26.0609 3368	PxHelp20 - ok
11:31:27.0171 3368	ql1080 - ok
11:31:27.0562 3368	Ql10wnt - ok
11:31:28.0421 3368	ql12160 - ok
11:31:29.0390 3368	ql1240 - ok
11:31:30.0406 3368	ql1280 - ok
11:31:31.0421 3368	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:31:31.0453 3368	RasAcd - ok
11:31:32.0031 3368	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
11:31:32.0062 3368	RasAuto - ok
11:31:32.0921 3368	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:31:32.0968 3368	Rasl2tp - ok
11:31:33.0421 3368	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
11:31:33.0421 3368	RasMan - ok
11:31:34.0046 3368	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:31:34.0078 3368	RasPppoe - ok
11:31:34.0500 3368	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:31:34.0515 3368	Raspti - ok
11:31:35.0953 3368	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:31:36.0062 3368	Rdbss - ok
11:31:36.0609 3368	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:31:36.0609 3368	RDPCDD - ok
11:31:37.0359 3368	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:31:37.0453 3368	rdpdr - ok
11:31:38.0375 3368	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:31:38.0453 3368	RDPWD - ok
11:31:39.0203 3368	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
11:31:39.0265 3368	RDSessMgr - ok
11:31:39.0843 3368	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:31:39.0859 3368	redbook - ok
11:31:40.0343 3368	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
11:31:40.0359 3368	RemoteAccess - ok
11:31:40.0843 3368	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
11:31:40.0843 3368	RemoteRegistry - ok
11:31:41.0265 3368	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
11:31:41.0296 3368	RpcLocator - ok
11:31:42.0000 3368	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:31:42.0015 3368	RpcSs - ok
11:31:44.0250 3368	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
11:31:44.0390 3368	RSVP - ok
11:31:46.0765 3368	RTLE8023xp      (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:31:46.0875 3368	RTLE8023xp - ok
11:31:48.0625 3368	s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
11:31:48.0671 3368	s1018bus - ok
11:31:49.0156 3368	s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
11:31:49.0156 3368	s1018mdfl - ok
11:31:49.0828 3368	s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
11:31:49.0875 3368	s1018mdm - ok
11:31:50.0328 3368	s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
11:31:50.0406 3368	s1018mgmt - ok
11:31:51.0078 3368	s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
11:31:51.0078 3368	s1018nd5 - ok
11:31:51.0640 3368	s1018obex       (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
11:31:51.0687 3368	s1018obex - ok
11:31:52.0156 3368	s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
11:31:52.0203 3368	s1018unic - ok
11:31:53.0093 3368	s115bus         (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
11:31:53.0140 3368	s115bus - ok
11:31:53.0609 3368	s115mdfl        (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
11:31:53.0609 3368	s115mdfl - ok
11:31:54.0062 3368	s115mdm         (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys
11:31:54.0109 3368	s115mdm - ok
11:31:54.0609 3368	s115mgmt        (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
11:31:54.0656 3368	s115mgmt - ok
11:31:55.0140 3368	s115obex        (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys
11:31:55.0187 3368	s115obex - ok
11:31:55.0640 3368	s125bus         (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
11:31:55.0671 3368	s125bus - ok
11:31:56.0390 3368	s125mdfl        (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
11:31:56.0406 3368	s125mdfl - ok
11:31:56.0875 3368	s125mdm         (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
11:31:56.0921 3368	s125mdm - ok
11:31:57.0500 3368	s125mgmt        (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
11:31:57.0546 3368	s125mgmt - ok
11:31:58.0046 3368	s125obex        (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
11:31:58.0109 3368	s125obex - ok
11:31:58.0546 3368	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:31:58.0562 3368	SamSs - ok
11:31:58.0984 3368	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
11:31:59.0031 3368	SCardSvr - ok
11:31:59.0734 3368	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
11:31:59.0750 3368	Schedule - ok
11:32:00.0171 3368	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:32:00.0171 3368	Secdrv - ok
11:32:00.0531 3368	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
11:32:00.0531 3368	seclogon - ok
11:32:00.0906 3368	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
11:32:00.0906 3368	SENS - ok
11:32:01.0437 3368	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:32:01.0437 3368	serenum - ok
11:32:01.0890 3368	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:32:01.0906 3368	Serial - ok
11:32:02.0359 3368	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:32:02.0359 3368	Sfloppy - ok
11:32:02.0875 3368	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
11:32:02.0921 3368	SharedAccess - ok
11:32:03.0343 3368	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:32:03.0343 3368	ShellHWDetection - ok
11:32:03.0984 3368	Simbad - ok
11:32:04.0546 3368	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:32:04.0562 3368	SLIP - ok
11:32:04.0921 3368	Sparrow - ok
11:32:05.0343 3368	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:32:05.0359 3368	splitter - ok
11:32:05.0734 3368	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:32:05.0734 3368	Spooler - ok
11:32:06.0421 3368	sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
11:32:06.0437 3368	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
11:32:06.0437 3368	sptd ( LockedFile.Multi.Generic ) - warning
11:32:06.0437 3368	sptd - detected LockedFile.Multi.Generic (1)
11:32:06.0921 3368	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:32:06.0953 3368	sr - ok
11:32:07.0406 3368	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
11:32:07.0406 3368	srservice - ok
11:32:07.0984 3368	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:32:08.0156 3368	Srv - ok
11:32:08.0562 3368	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
11:32:08.0562 3368	SSDPSRV - ok
11:32:09.0328 3368	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:32:09.0328 3368	ssmdrv - ok
11:32:09.0843 3368	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
11:32:09.0906 3368	stisvc - ok
11:32:10.0343 3368	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:32:10.0359 3368	streamip - ok
11:32:10.0781 3368	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:32:10.0781 3368	swenum - ok
11:32:11.0203 3368	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:32:11.0218 3368	swmidi - ok
11:32:11.0640 3368	SwPrv - ok
11:32:12.0125 3368	symc810 - ok
11:32:12.0515 3368	symc8xx - ok
11:32:13.0046 3368	sym_hi - ok
11:32:13.0468 3368	sym_u3 - ok
11:32:13.0875 3368	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:32:13.0906 3368	sysaudio - ok
11:32:14.0375 3368	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
11:32:14.0406 3368	SysmonLog - ok
11:32:14.0890 3368	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
11:32:14.0890 3368	TapiSrv - ok
11:32:15.0453 3368	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS
11:32:15.0625 3368	Tcpip - ok
11:32:16.0031 3368	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:32:16.0031 3368	TDPIPE - ok
11:32:16.0718 3368	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:32:16.0734 3368	TDTCP - ok
11:32:17.0140 3368	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:32:17.0156 3368	TermDD - ok
11:32:17.0625 3368	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
11:32:17.0671 3368	TermService - ok
11:32:18.0062 3368	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:32:18.0078 3368	Themes - ok
11:32:18.0468 3368	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
11:32:18.0500 3368	TlntSvr - ok
11:32:18.0937 3368	TosIde - ok
11:32:19.0437 3368	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
11:32:19.0437 3368	TrkWks - ok
11:32:19.0859 3368	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:32:19.0875 3368	Udfs - ok
11:32:20.0250 3368	ultra - ok
11:32:20.0812 3368	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:32:20.0968 3368	Update - ok
11:32:21.0406 3368	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
11:32:21.0500 3368	upnphost - ok
11:32:21.0890 3368	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
11:32:21.0906 3368	UPS - ok
11:32:22.0359 3368	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:32:22.0390 3368	usbaudio - ok
11:32:22.0796 3368	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:32:22.0812 3368	usbccgp - ok
11:32:23.0234 3368	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:32:23.0250 3368	usbehci - ok
11:32:23.0703 3368	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:32:23.0718 3368	usbhub - ok
11:32:24.0328 3368	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:32:24.0343 3368	usbprint - ok
11:32:24.0750 3368	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:32:24.0765 3368	usbscan - ok
11:32:25.0171 3368	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
11:32:25.0187 3368	usbser - ok
11:32:25.0593 3368	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:32:25.0609 3368	USBSTOR - ok
11:32:26.0031 3368	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:32:26.0031 3368	usbuhci - ok
11:32:26.0546 3368	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:32:26.0625 3368	usbvideo - ok
11:32:27.0031 3368	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:32:27.0046 3368	VgaSave - ok
11:32:27.0421 3368	ViaIde - ok
11:32:27.0843 3368	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:32:27.0859 3368	VolSnap - ok
11:32:28.0359 3368	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
11:32:28.0468 3368	VSS - ok
11:32:28.0921 3368	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
11:32:28.0921 3368	W32Time - ok
11:32:29.0359 3368	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:32:29.0375 3368	Wanarp - ok
11:32:29.0953 3368	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:32:30.0171 3368	Wdf01000 - ok
11:32:30.0562 3368	WDICA - ok
11:32:31.0109 3368	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:32:31.0187 3368	wdmaud - ok
11:32:31.0578 3368	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
11:32:31.0593 3368	WebClient - ok
11:32:32.0015 3368	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:32:32.0031 3368	winmgmt - ok
11:32:32.0406 3368	WmdmPmSN        (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
11:32:32.0421 3368	WmdmPmSN - ok
11:32:33.0031 3368	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
11:32:33.0046 3368	Wmi - ok
11:32:33.0546 3368	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:32:33.0546 3368	WmiApSrv - ok
11:32:34.0109 3368	WMPNetworkSvc   (d3dbd6e76f4be9bee67eb631488b5f29) C:\Programme\Windows Media Player\WMPNetwk.exe
11:32:34.0593 3368	WMPNetworkSvc - ok
11:32:35.0031 3368	WpdUsb          (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:32:35.0046 3368	WpdUsb - ok
11:32:35.0468 3368	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
11:32:35.0468 3368	wscsvc - ok
11:32:35.0890 3368	WSearch - ok
11:32:36.0359 3368	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:32:36.0375 3368	WSTCODEC - ok
11:32:36.0765 3368	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
11:32:36.0781 3368	wuauserv - ok
11:32:37.0203 3368	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:32:37.0234 3368	WudfPf - ok
11:32:37.0656 3368	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:32:37.0687 3368	WudfRd - ok
11:32:38.0109 3368	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:32:38.0109 3368	WudfSvc - ok
11:32:38.0781 3368	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
11:32:38.0921 3368	WZCSVC - ok
11:32:39.0343 3368	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
11:32:39.0421 3368	xmlprov - ok
11:32:39.0843 3368	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
11:32:40.0203 3368	\Device\Harddisk0\DR0 - ok
11:32:40.0234 3368	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
11:32:40.0234 3368	\Device\Harddisk1\DR2 - ok
11:32:40.0250 3368	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR3
11:32:40.0250 3368	\Device\Harddisk2\DR3 - ok
11:32:40.0343 3368	Boot (0x1200)   (c26e33a19b326a21b3bdfabf27f1031c) \Device\Harddisk0\DR0\Partition0
11:32:40.0390 3368	\Device\Harddisk0\DR0\Partition0 - ok
11:32:40.0390 3368	Boot (0x1200)   (afa5273584d158ddd2c8bc72c1aee70f) \Device\Harddisk1\DR2\Partition0
11:32:40.0406 3368	\Device\Harddisk1\DR2\Partition0 - ok
11:32:40.0406 3368	Boot (0x1200)   (cacc095ab2ebfa29e6482702ec7448d7) \Device\Harddisk2\DR3\Partition0
11:32:40.0421 3368	\Device\Harddisk2\DR3\Partition0 - ok
11:32:40.0421 3368	============================================================
11:32:40.0421 3368	Scan finished
11:32:40.0421 3368	============================================================
11:32:40.0421 0472	Detected object count: 1
11:32:40.0421 0472	Actual detected object count: 1
11:33:23.0796 0472	sptd ( LockedFile.Multi.Generic ) - skipped by user
11:33:23.0796 0472	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
11:33:35.0781 3708	============================================================
11:33:35.0781 3708	Scan started
11:33:35.0781 3708	Mode: Manual; SigCheck; TDLFS; 
11:33:35.0781 3708	============================================================
11:33:36.0453 3708	Abiosdsk - ok
11:33:36.0953 3708	abp480n5 - ok
11:33:37.0468 3708	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:33:45.0000 3708	ACPI - ok
11:33:45.0484 3708	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:33:45.0734 3708	ACPIEC - ok
11:33:46.0109 3708	adpu160m - ok
11:33:46.0640 3708	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:33:46.0812 3708	aec - ok
11:33:47.0296 3708	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:33:47.0468 3708	AFD - ok
11:33:47.0875 3708	Aha154x - ok
11:33:48.0281 3708	aic78u2 - ok
11:33:48.0671 3708	aic78xx - ok
11:33:49.0062 3708	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
11:33:49.0250 3708	Alerter - ok
11:33:49.0718 3708	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
11:33:49.0968 3708	ALG - ok
11:33:50.0359 3708	AliIde - ok
11:33:51.0500 3708	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:33:57.0312 3708	Ambfilt - ok
11:33:57.0703 3708	amsint - ok
11:33:57.0859 3708	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
11:33:57.0875 3708	AntiVirSchedulerService - ok
11:33:58.0062 3708	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:33:58.0093 3708	AntiVirService - ok
11:33:58.0218 3708	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:33:58.0250 3708	Apple Mobile Device - ok
11:33:58.0718 3708	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
11:33:58.0968 3708	AppMgmt - ok
11:33:59.0375 3708	asc - ok
11:33:59.0765 3708	asc3350p - ok
11:34:00.0250 3708	asc3550 - ok
11:34:00.0890 3708	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:34:01.0093 3708	aspnet_state - ok
11:34:01.0546 3708	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:34:01.0765 3708	AsyncMac - ok
11:34:02.0296 3708	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:34:02.0515 3708	atapi - ok
11:34:02.0906 3708	Atdisk - ok
11:34:03.0343 3708	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:34:03.0515 3708	Atmarpc - ok
11:34:04.0015 3708	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
11:34:04.0250 3708	AudioSrv - ok
11:34:04.0671 3708	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:34:04.0859 3708	audstub - ok
11:34:05.0375 3708	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:34:05.0421 3708	avgntflt - ok
11:34:06.0046 3708	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:34:06.0078 3708	avipbb - ok
11:34:06.0546 3708	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:34:06.0562 3708	avkmgr - ok
11:34:07.0015 3708	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:34:07.0203 3708	Beep - ok
11:34:07.0921 3708	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
11:34:08.0265 3708	BITS - ok
11:34:08.0578 3708	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
11:34:08.0718 3708	Bonjour Service - ok
11:34:09.0156 3708	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
11:34:09.0390 3708	Browser - ok
11:34:09.0796 3708	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:34:10.0015 3708	cbidf2k - ok
11:34:10.0625 3708	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:34:10.0828 3708	CCDECODE - ok
11:34:11.0218 3708	cd20xrnt - ok
11:34:11.0671 3708	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:34:11.0906 3708	Cdaudio - ok
11:34:12.0359 3708	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:34:12.0562 3708	Cdfs - ok
11:34:13.0140 3708	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:34:13.0359 3708	Cdrom - ok
11:34:13.0781 3708	Changer - ok
11:34:14.0187 3708	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
11:34:14.0437 3708	CiSvc - ok
11:34:14.0828 3708	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
11:34:15.0062 3708	ClipSrv - ok
11:34:15.0421 3708	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:34:15.0437 3708	clr_optimization_v2.0.50727_32 - ok
11:34:15.0843 3708	CmdIde - ok
11:34:16.0187 3708	COMSysApp - ok
11:34:16.0578 3708	Cpqarray - ok
11:34:16.0984 3708	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
11:34:17.0187 3708	CryptSvc - ok
11:34:17.0625 3708	dac2w2k - ok
11:34:18.0109 3708	dac960nt - ok
11:34:18.0640 3708	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:34:18.0859 3708	DcomLaunch - ok
11:34:19.0296 3708	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
11:34:19.0531 3708	Dhcp - ok
11:34:19.0968 3708	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:34:20.0187 3708	Disk - ok
11:34:20.0531 3708	dmadmin - ok
11:34:21.0250 3708	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:34:21.0750 3708	dmboot - ok
11:34:22.0281 3708	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:34:22.0484 3708	dmio - ok
11:34:23.0015 3708	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:34:23.0218 3708	dmload - ok
11:34:23.0609 3708	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
11:34:23.0843 3708	dmserver - ok
11:34:24.0312 3708	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:34:24.0781 3708	DMusic - ok
11:34:25.0203 3708	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
11:34:25.0328 3708	Dnscache - ok
11:34:25.0765 3708	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
11:34:25.0953 3708	Dot3svc - ok
11:34:26.0328 3708	dpti2o - ok
11:34:26.0937 3708	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:34:27.0187 3708	drmkaud - ok
11:34:27.0859 3708	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
11:34:28.0062 3708	EapHost - ok
11:34:28.0687 3708	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
11:34:28.0921 3708	ERSvc - ok
11:34:29.0593 3708	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:34:29.0640 3708	Eventlog - ok
11:34:30.0109 3708	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
11:34:30.0171 3708	EventSystem - ok
11:34:30.0812 3708	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:34:31.0015 3708	Fastfat - ok
11:34:31.0562 3708	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:34:31.0656 3708	FastUserSwitchingCompatibility - ok
11:34:32.0093 3708	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:34:32.0296 3708	Fdc - ok
11:34:32.0875 3708	FilterService   (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
11:34:32.0921 3708	FilterService - ok
11:34:33.0578 3708	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:34:33.0781 3708	Fips - ok
11:34:34.0203 3708	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:34:34.0421 3708	Flpydisk - ok
11:34:34.0921 3708	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:34:35.0140 3708	FltMgr - ok
11:34:35.0515 3708	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:34:35.0546 3708	FontCache3.0.0.0 - ok
11:34:35.0984 3708	fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
11:34:36.0000 3708	fssfltr - ok
11:34:36.0406 3708	fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe
11:34:36.0656 3708	fsssvc - ok
11:34:37.0062 3708	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:34:37.0234 3708	Fs_Rec - ok
11:34:37.0921 3708	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:34:38.0093 3708	Ftdisk - ok
11:34:38.0500 3708	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:34:38.0515 3708	GEARAspiWDM - ok
11:34:38.0921 3708	ggflt           (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
11:34:38.0921 3708	ggflt - ok
11:34:39.0375 3708	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
11:34:39.0375 3708	ggsemc - ok
11:34:39.0812 3708	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:34:40.0125 3708	Gpc - ok
11:34:40.0281 3708	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
11:34:40.0312 3708	gupdate - ok
11:34:40.0375 3708	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
11:34:40.0390 3708	gupdatem - ok
11:34:40.0562 3708	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
11:34:40.0578 3708	gusvc - ok
11:34:41.0078 3708	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:34:41.0234 3708	HDAudBus - ok
11:34:41.0453 3708	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:34:41.0593 3708	helpsvc - ok
11:34:41.0953 3708	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
11:34:42.0109 3708	HidServ - ok
11:34:42.0687 3708	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:34:42.0812 3708	hidusb - ok
11:34:43.0187 3708	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
11:34:43.0343 3708	hkmsvc - ok
11:34:43.0718 3708	hpn - ok
11:34:43.0953 3708	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
11:34:43.0984 3708	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
11:34:43.0984 3708	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
11:34:44.0171 3708	hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
11:34:44.0171 3708	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
11:34:44.0171 3708	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
11:34:44.0718 3708	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:34:44.0937 3708	HPZid412 - ok
11:34:45.0343 3708	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:34:45.0375 3708	HPZipr12 - ok
11:34:45.0796 3708	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:34:45.0859 3708	HPZius12 - ok
11:34:46.0375 3708	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:34:46.0484 3708	HTTP - ok
11:34:46.0968 3708	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
11:34:47.0203 3708	HTTPFilter - ok
11:34:47.0578 3708	i2omgmt - ok
11:34:47.0937 3708	i2omp - ok
11:34:48.0343 3708	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:34:48.0515 3708	i8042prt - ok
11:34:51.0671 3708	ialm            (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:34:54.0531 3708	ialm - ok
11:34:55.0109 3708	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:34:55.0468 3708	idsvc - ok
11:34:55.0890 3708	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:34:56.0031 3708	Imapi - ok
11:34:56.0718 3708	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
11:34:56.0890 3708	ImapiService - ok
11:34:57.0265 3708	ini910u - ok
11:35:00.0093 3708	IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:35:02.0765 3708	IntcAzAudAddService - ok
11:35:03.0125 3708	IntelIde - ok
11:35:03.0640 3708	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:35:03.0812 3708	intelppm - ok
11:35:04.0218 3708	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:35:04.0375 3708	Ip6Fw - ok
11:35:04.0812 3708	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:35:04.0984 3708	IpFilterDriver - ok
11:35:05.0375 3708	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:35:05.0515 3708	IpInIp - ok
11:35:06.0031 3708	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:35:06.0171 3708	IpNat - ok
11:35:06.0562 3708	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe
11:35:06.0812 3708	iPod Service - ok
11:35:07.0234 3708	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:35:07.0390 3708	IPSec - ok
11:35:07.0812 3708	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:35:08.0000 3708	IRENUM - ok
11:35:08.0421 3708	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:35:08.0593 3708	isapnp - ok
11:35:08.0765 3708	JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
11:35:08.0781 3708	JavaQuickStarterService - ok
11:35:09.0187 3708	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:35:09.0328 3708	Kbdclass - ok
11:35:09.0750 3708	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:35:09.0890 3708	kbdhid - ok
11:35:10.0531 3708	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:35:10.0671 3708	kmixer - ok
11:35:11.0109 3708	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:35:11.0203 3708	KSecDD - ok
11:35:11.0625 3708	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
11:35:11.0703 3708	lanmanserver - ok
11:35:12.0109 3708	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
11:35:12.0187 3708	lanmanworkstation - ok
11:35:12.0578 3708	lbrtfdc - ok
11:35:12.0937 3708	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
11:35:13.0078 3708	LmHosts - ok
11:35:13.0515 3708	lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
11:35:13.0546 3708	lvpopflt - ok
11:35:13.0984 3708	LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
11:35:13.0984 3708	LVPr2Mon - ok
11:35:14.0156 3708	LVPrcSrv        (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
11:35:14.0171 3708	LVPrcSrv - ok
11:35:14.0781 3708	LVRS            (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
11:35:14.0796 3708	LVRS - ok
11:35:17.0953 3708	LVUVC           (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
11:35:22.0828 3708	LVUVC - ok
11:35:24.0562 3708	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:35:24.0578 3708	MBAMProtector - ok
11:35:25.0687 3708	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
11:35:26.0109 3708	MBAMService - ok
11:35:28.0140 3708	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:35:28.0234 3708	MBAMSwissArmy - ok
11:35:29.0328 3708	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
11:35:29.0343 3708	MDM - ok
11:35:29.0734 3708	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
11:35:29.0875 3708	Messenger - ok
11:35:30.0296 3708	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:35:30.0484 3708	mnmdd - ok
11:35:30.0890 3708	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
11:35:31.0109 3708	mnmsrvc - ok
11:35:31.0531 3708	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:35:31.0671 3708	Modem - ok
11:35:32.0609 3708	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:35:33.0218 3708	Monfilt - ok
11:35:33.0625 3708	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:35:33.0765 3708	Mouclass - ok
11:35:34.0171 3708	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:35:34.0312 3708	mouhid - ok
11:35:34.0734 3708	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:35:34.0890 3708	MountMgr - ok
11:35:35.0281 3708	MpKsl1f947b4b - ok
11:35:35.0828 3708	mraid35x - ok
11:35:36.0328 3708	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:35:36.0468 3708	MRxDAV - ok
11:35:37.0062 3708	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:35:37.0265 3708	MRxSmb - ok
11:35:37.0640 3708	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
11:35:37.0796 3708	MSDTC - ok
11:35:38.0265 3708	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:35:38.0390 3708	Msfs - ok
11:35:38.0734 3708	MSIServer - ok
11:35:39.0140 3708	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:35:39.0281 3708	MSKSSRV - ok
11:35:39.0687 3708	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:35:39.0828 3708	MSPCLOCK - ok
11:35:40.0328 3708	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:35:40.0468 3708	MSPQM - ok
11:35:40.0875 3708	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:35:41.0015 3708	mssmbios - ok
11:35:41.0468 3708	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:35:41.0687 3708	MSTEE - ok
11:35:42.0125 3708	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:35:42.0171 3708	Mup - ok
11:35:42.0593 3708	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:35:42.0734 3708	NABTSFEC - ok
11:35:43.0203 3708	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
11:35:43.0343 3708	napagent - ok
11:35:43.0843 3708	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:35:44.0093 3708	NDIS - ok
11:35:44.0468 3708	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:35:44.0609 3708	NdisIP - ok
11:35:45.0000 3708	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:35:45.0062 3708	NdisTapi - ok
11:35:45.0484 3708	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:35:45.0625 3708	Ndisuio - ok
11:35:46.0046 3708	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:35:46.0234 3708	NdisWan - ok
11:35:46.0640 3708	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:35:46.0718 3708	NDProxy - ok
11:35:47.0078 3708	Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
11:35:47.0093 3708	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:35:47.0093 3708	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:35:47.0500 3708	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:35:47.0656 3708	NetBIOS - ok
11:35:48.0109 3708	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:35:48.0250 3708	NetBT - ok
11:35:48.0656 3708	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:35:48.0828 3708	NetDDE - ok
11:35:48.0875 3708	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:35:49.0000 3708	NetDDEdsdm - ok
11:35:49.0359 3708	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:35:49.0500 3708	Netlogon - ok
11:35:49.0953 3708	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
11:35:50.0093 3708	Netman - ok
11:35:50.0484 3708	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:35:50.0500 3708	NetTcpPortSharing - ok
11:35:50.0984 3708	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
11:35:51.0031 3708	Nla - ok
11:35:51.0437 3708	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:35:51.0593 3708	Npfs - ok
11:35:52.0203 3708	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:35:52.0484 3708	Ntfs - ok
11:35:53.0093 3708	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:35:53.0234 3708	NtLmSsp - ok
11:35:53.0750 3708	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
11:35:54.0015 3708	NtmsSvc - ok
11:35:54.0406 3708	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:35:54.0546 3708	Null - ok
11:35:54.0937 3708	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:35:55.0093 3708	NwlnkFlt - ok
11:35:55.0578 3708	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:35:55.0703 3708	NwlnkFwd - ok
11:35:56.0140 3708	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
11:35:56.0265 3708	Parport - ok
11:35:56.0687 3708	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:35:56.0859 3708	PartMgr - ok
11:35:57.0281 3708	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:35:57.0437 3708	ParVdm - ok
11:35:57.0984 3708	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:35:58.0140 3708	PCI - ok
11:35:58.0515 3708	PCIDump - ok
11:35:58.0937 3708	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:35:59.0078 3708	PCIIde - ok
11:36:00.0265 3708	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:36:00.0578 3708	Pcmcia - ok
11:36:01.0875 3708	PDCOMP - ok
11:36:02.0937 3708	PDFRAME - ok
11:36:04.0015 3708	PDRELI - ok
11:36:05.0531 3708	PDRFRAME - ok
11:36:07.0546 3708	perc2 - ok
11:36:08.0515 3708	perc2hib - ok
11:36:09.0046 3708	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:36:09.0093 3708	PlugPlay - ok
11:36:09.0500 3708	Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
11:36:09.0531 3708	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:36:09.0531 3708	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:36:09.0890 3708	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:36:10.0015 3708	PolicyAgent - ok
11:36:10.0625 3708	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:36:10.0812 3708	PptpMiniport - ok
11:36:11.0156 3708	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:36:11.0296 3708	ProtectedStorage - ok
11:36:11.0734 3708	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:36:11.0875 3708	PSched - ok
11:36:12.0296 3708	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:36:12.0437 3708	Ptilink - ok
11:36:12.0843 3708	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:36:12.0843 3708	PxHelp20 - ok
11:36:13.0218 3708	ql1080 - ok
11:36:13.0578 3708	Ql10wnt - ok
11:36:13.0968 3708	ql12160 - ok
11:36:14.0343 3708	ql1240 - ok
11:36:14.0734 3708	ql1280 - ok
11:36:15.0312 3708	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:36:15.0437 3708	RasAcd - ok
11:36:15.0843 3708	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
11:36:15.0984 3708	RasAuto - ok
11:36:16.0390 3708	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:36:16.0578 3708	Rasl2tp - ok
11:36:17.0000 3708	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
11:36:17.0140 3708	RasMan - ok
11:36:17.0609 3708	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:36:17.0750 3708	RasPppoe - ok
11:36:18.0171 3708	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:36:18.0312 3708	Raspti - ok
11:36:18.0781 3708	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:36:18.0937 3708	Rdbss - ok
11:36:19.0390 3708	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:36:19.0546 3708	RDPCDD - ok
11:36:20.0046 3708	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:36:20.0234 3708	rdpdr - ok
11:36:20.0687 3708	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:36:20.0765 3708	RDPWD - ok
11:36:21.0187 3708	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
11:36:21.0343 3708	RDSessMgr - ok
11:36:21.0765 3708	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:36:21.0906 3708	redbook - ok
11:36:22.0265 3708	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
11:36:22.0406 3708	RemoteAccess - ok
11:36:22.0812 3708	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
11:36:22.0953 3708	RemoteRegistry - ok
11:36:23.0359 3708	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
11:36:23.0515 3708	RpcLocator - ok
11:36:24.0125 3708	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:36:24.0359 3708	RpcSs - ok
11:36:24.0750 3708	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
11:36:24.0890 3708	RSVP - ok
11:36:25.0359 3708	RTLE8023xp      (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:36:25.0500 3708	RTLE8023xp - ok
11:36:25.0953 3708	s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
11:36:25.0984 3708	s1018bus - ok
11:36:26.0500 3708	s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
11:36:26.0500 3708	s1018mdfl - ok
11:36:26.0937 3708	s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
11:36:26.0953 3708	s1018mdm - ok
11:36:27.0406 3708	s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
11:36:27.0515 3708	s1018mgmt - ok
11:36:27.0937 3708	s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
11:36:27.0937 3708	s1018nd5 - ok
11:36:28.0421 3708	s1018obex       (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
11:36:28.0500 3708	s1018obex - ok
11:36:29.0046 3708	s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
11:36:29.0078 3708	s1018unic - ok
11:36:29.0500 3708	s115bus         (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
11:36:29.0515 3708	s115bus - ok
11:36:29.0984 3708	s115mdfl        (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
11:36:30.0328 3708	s115mdfl - ok
11:36:30.0781 3708	s115mdm         (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys
11:36:30.0796 3708	s115mdm - ok
11:36:31.0484 3708	s115mgmt        (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
11:36:31.0500 3708	s115mgmt - ok
11:36:31.0937 3708	s115obex        (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys
11:36:31.0953 3708	s115obex - ok
11:36:32.0390 3708	s125bus         (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
11:36:32.0406 3708	s125bus - ok
11:36:32.0828 3708	s125mdfl        (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
11:36:32.0843 3708	s125mdfl - ok
11:36:33.0312 3708	s125mdm         (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
11:36:33.0328 3708	s125mdm - ok
11:36:33.0781 3708	s125mgmt        (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
11:36:33.0796 3708	s125mgmt - ok
11:36:34.0265 3708	s125obex        (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
11:36:34.0265 3708	s125obex - ok
11:36:34.0625 3708	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:36:34.0765 3708	SamSs - ok
11:36:35.0140 3708	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
11:36:35.0328 3708	SCardSvr - ok
11:36:35.0828 3708	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
11:36:36.0015 3708	Schedule - ok
11:36:36.0437 3708	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:36:36.0562 3708	Secdrv - ok
11:36:36.0921 3708	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
11:36:37.0062 3708	seclogon - ok
11:36:37.0531 3708	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
11:36:37.0718 3708	SENS - ok
11:36:38.0203 3708	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:36:38.0421 3708	serenum - ok
11:36:38.0875 3708	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:36:39.0156 3708	Serial - ok
11:36:40.0843 3708	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:36:41.0093 3708	Sfloppy - ok
11:36:42.0656 3708	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
11:36:44.0875 3708	SharedAccess - ok
11:36:45.0765 3708	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:36:45.0828 3708	ShellHWDetection - ok
11:36:46.0843 3708	Simbad - ok
11:36:48.0343 3708	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:36:48.0578 3708	SLIP - ok
11:36:49.0937 3708	Sparrow - ok
11:36:51.0406 3708	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:36:51.0640 3708	splitter - ok
11:36:52.0140 3708	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:36:52.0187 3708	Spooler - ok
11:36:52.0906 3708	sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
11:36:52.0906 3708	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
11:36:52.0906 3708	sptd ( LockedFile.Multi.Generic ) - warning
11:36:52.0906 3708	sptd - detected LockedFile.Multi.Generic (1)
11:36:53.0375 3708	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:36:53.0562 3708	sr - ok
11:36:54.0015 3708	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
11:36:54.0171 3708	srservice - ok
11:36:54.0921 3708	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:36:55.0484 3708	Srv - ok
11:36:55.0859 3708	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
11:36:56.0062 3708	SSDPSRV - ok
11:36:56.0781 3708	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:36:56.0796 3708	ssmdrv - ok
11:36:57.0296 3708	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
11:36:57.0625 3708	stisvc - ok
11:36:58.0109 3708	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:36:58.0328 3708	streamip - ok
11:36:58.0875 3708	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:36:59.0062 3708	swenum - ok
11:36:59.0500 3708	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:36:59.0703 3708	swmidi - ok
11:37:00.0062 3708	SwPrv - ok
11:37:00.0437 3708	symc810 - ok
11:37:00.0843 3708	symc8xx - ok
11:37:01.0500 3708	sym_hi - ok
11:37:01.0875 3708	sym_u3 - ok
11:37:02.0328 3708	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:37:02.0562 3708	sysaudio - ok
11:37:02.0968 3708	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
11:37:03.0187 3708	SysmonLog - ok
11:37:03.0750 3708	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
11:37:03.0953 3708	TapiSrv - ok
11:37:04.0531 3708	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS
11:37:04.0703 3708	Tcpip - ok
11:37:05.0125 3708	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:37:05.0281 3708	TDPIPE - ok
11:37:05.0718 3708	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:37:05.0937 3708	TDTCP - ok
11:37:06.0406 3708	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:37:06.0593 3708	TermDD - ok
11:37:07.0109 3708	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
11:37:07.0359 3708	TermService - ok
11:37:07.0781 3708	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:37:07.0812 3708	Themes - ok
11:37:08.0234 3708	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
11:37:08.0484 3708	TlntSvr - ok
11:37:08.0875 3708	TosIde - ok
11:37:09.0265 3708	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
11:37:09.0468 3708	TrkWks - ok
11:37:09.0921 3708	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:37:10.0093 3708	Udfs - ok
11:37:10.0500 3708	ultra - ok
11:37:11.0234 3708	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:37:11.0531 3708	Update - ok
11:37:11.0984 3708	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
11:37:12.0156 3708	upnphost - ok
11:37:12.0546 3708	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
11:37:12.0718 3708	UPS - ok
11:37:13.0281 3708	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:37:13.0484 3708	usbaudio - ok
11:37:13.0921 3708	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:37:14.0093 3708	usbccgp - ok
11:37:14.0546 3708	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:37:14.0687 3708	usbehci - ok
11:37:15.0125 3708	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:37:15.0312 3708	usbhub - ok
11:37:15.0906 3708	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:37:16.0093 3708	usbprint - ok
11:37:16.0515 3708	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:37:16.0671 3708	usbscan - ok
11:37:17.0125 3708	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
11:37:17.0328 3708	usbser - ok
11:37:17.0968 3708	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:37:18.0140 3708	USBSTOR - ok
11:37:18.0562 3708	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:37:18.0750 3708	usbuhci - ok
11:37:19.0187 3708	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:37:19.0390 3708	usbvideo - ok
11:37:19.0812 3708	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:37:19.0984 3708	VgaSave - ok
11:37:20.0484 3708	ViaIde - ok
11:37:20.0984 3708	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:37:21.0156 3708	VolSnap - ok
11:37:21.0703 3708	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
11:37:21.0921 3708	VSS - ok
11:37:22.0500 3708	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
11:37:22.0859 3708	W32Time - ok
11:37:23.0906 3708	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:37:24.0203 3708	Wanarp - ok
11:37:26.0171 3708	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:37:26.0484 3708	Wdf01000 - ok
11:37:30.0140 3708	WDICA - ok
11:37:33.0171 3708	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:37:33.0515 3708	wdmaud - ok
11:37:34.0968 3708	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
11:37:35.0187 3708	WebClient - ok
11:37:35.0609 3708	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:37:35.0812 3708	winmgmt - ok
11:37:36.0234 3708	WmdmPmSN        (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
11:37:36.0406 3708	WmdmPmSN - ok
11:37:37.0812 3708	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
11:37:39.0515 3708	Wmi - ok
11:37:40.0328 3708	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:37:40.0640 3708	WmiApSrv - ok
11:37:41.0687 3708	WMPNetworkSvc   (d3dbd6e76f4be9bee67eb631488b5f29) C:\Programme\Windows Media Player\WMPNetwk.exe
11:37:42.0125 3708	WMPNetworkSvc - ok
11:37:42.0718 3708	WpdUsb          (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:37:42.0781 3708	WpdUsb - ok
11:37:43.0203 3708	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
11:37:43.0406 3708	wscsvc - ok
11:37:43.0984 3708	WSearch - ok
11:37:44.0500 3708	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:37:44.0718 3708	WSTCODEC - ok
11:37:45.0093 3708	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
11:37:45.0312 3708	wuauserv - ok
11:37:46.0640 3708	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:37:46.0968 3708	WudfPf - ok
11:37:47.0468 3708	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:37:47.0562 3708	WudfRd - ok
11:37:47.0984 3708	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:37:48.0046 3708	WudfSvc - ok
11:37:49.0000 3708	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
11:37:49.0359 3708	WZCSVC - ok
11:37:49.0828 3708	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
11:37:50.0093 3708	xmlprov - ok
11:37:50.0531 3708	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
11:37:51.0250 3708	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:37:51.0250 3708	\Device\Harddisk0\DR0 - detected TDSS File System (1)
11:37:51.0250 3708	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
11:37:51.0390 3708	\Device\Harddisk1\DR2 - ok
11:37:51.0406 3708	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR3
11:37:51.0687 3708	\Device\Harddisk2\DR3 - ok
11:37:51.0781 3708	Boot (0x1200)   (c26e33a19b326a21b3bdfabf27f1031c) \Device\Harddisk0\DR0\Partition0
11:37:51.0781 3708	\Device\Harddisk0\DR0\Partition0 - ok
11:37:51.0796 3708	Boot (0x1200)   (afa5273584d158ddd2c8bc72c1aee70f) \Device\Harddisk1\DR2\Partition0
11:37:51.0796 3708	\Device\Harddisk1\DR2\Partition0 - ok
11:37:51.0828 3708	Boot (0x1200)   (cacc095ab2ebfa29e6482702ec7448d7) \Device\Harddisk2\DR3\Partition0
11:37:51.0828 3708	\Device\Harddisk2\DR3\Partition0 - ok
11:37:51.0828 3708	============================================================
11:37:51.0828 3708	Scan finished
11:37:51.0828 3708	============================================================
11:37:51.0953 1596	Detected object count: 6
11:37:51.0953 1596	Actual detected object count: 6
11:39:12.0234 1596	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:12.0234 1596	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:39:12.0234 1596	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:12.0234 1596	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:39:12.0250 1596	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:12.0250 1596	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:39:12.0250 1596	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:12.0250 1596	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:39:12.0250 1596	sptd ( LockedFile.Multi.Generic ) - skipped by user
11:39:12.0250 1596	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
11:39:12.0250 1596	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:39:12.0250 1596	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17.03.2012, 15:06	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Gema Trojaner & Windows Security Center Trojaner Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

26.03.2012, 15:02	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Gema Trojaner & Windows Security Center Trojaner Wiederhol den Fix im abgesicherten Modus bitte __________________ Logfiles bitte immer in CODE-Tags posten

Gema Trojaner & Windows Security Center Trojaner

Log-Analyse und Auswertung: Gema Trojaner & Windows Security Center Trojaner