Umleitung auf searchcompletion.com

matthias2619 · 17.03.2012, 16:22

Hallo,
heute habe ich bei einem Setup (SUMo) leider nicht aufgepasst und dann war es auch schon zu spät...
Meine Startseite und meine Standard-Suchmaschine wurden geändert.
Ich habe danach natürlich versucht, so gut es geht alles rückgängig zu machen.
Zuerst habe ich in FF die Startseite auf standard gestellt (about:home), danach habe ich im Suchfenster (rechts neben der URL-Leiste) den Suchanbieter wieder auf Google gestellt. Danach habe ich MBAM gestartet und die Funde entfernt (Log unten). Danach habe ich regedit.exe geöffnet und die Registry nach "searchcompletion" durchsucht und die entsprechenden Einträge durch "google.de" ersetzt. Dann habe ich HijackThis genommen und es wurden einige Einträge mit "searchcompletion" gefunden, diese habe ich gefixt. Dann habe ich auch noch Spybot laufen lassen und die Funde entfernt. Ein weiterer Scan mit SAS brachte keine Ergenbisse. Wenn ich von der Startseite (about:home) suchen möchte, werde ich trotzdem immernoch auf searchcompletion weitergeleitet, sonst ist alles normal
Aber hier erstmal die Logs:
MBAM:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.17.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Matthias :: ***-FPGDH9 [Administrator]

17.03.2012 11:11:11
mbam-log-2012-03-17 (11-11-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 260472
Laufzeit: 1 Stunde(n), 7 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\temp\CSM2B.tmp (Adware.RelevantKnowledge) -> Löschen bei Neustart.
C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ein weiterer Scan brachte keine Ergebnisse.
OTL:

Code:

ATTFilter

OTL logfile created on: 17.03.2012 15:41:27 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Matthias\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,37 Gb Available Physical Memory | 24,75% Memory free
3,59 Gb Paging File | 2,82 Gb Available in Paging File | 78,44% Paging File free
Paging file location(s): C:\pagefile.sys 2300 3064 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 22,75 Gb Free Space | 30,53% Space Free | Partition Type: NTFS
Drive F: | 2328,76 Gb Total Space | 1899,48 Gb Free Space | 81,57% Space Free | Partition Type: NTFS
Drive N: | 3,82 Gb Total Space | 3,78 Gb Free Space | 98,85% Space Free | Partition Type: FAT32
 
Computer Name: MUHAHAHA-FPGDH9 | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\IObit\Game Booster\gbtray.exe (IObit)
PRC - C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\temp\CSM2B.tmp ()
MOD - C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\858316efc815bdff25c4fc66a0d80448\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\554211ea9870563ab6a2544faa234d48\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d1a4e5284f73c0426fdbe8fa4dea3db\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ba14959449e5c27d9c9f593c55cd7ccf\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\7c2da510ff90361852de55647d791a4e\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\483ca92d1c432c2ab4f45bcdca10e591\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\859f6bb004636fbd0a0e390002aa993c\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\acabbdbe75352f8e60be98a285da9f67\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\0375a0ec40ca6772f909e272784b854c\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\569b4aaba7843810942abc04dfa400e4\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\54ad69352f06b426ec621752b0a7bc8a\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d03a9a44a9482c0932beb1e3eabb11c3\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\245a2d9be605b96e0f1a0ef79ae3a28b\System.ni.dll ()
MOD - C:\Programme\VMware\VMware Player\libxml2.dll ()
MOD - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
MOD - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
MOD - C:\Programme\IObit\Game Booster\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\Hotspot Shield\bin\libidn-11.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libssl32.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libeay32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AVerScheduleService) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (AVerRemote) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\WINDOWS\system32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\WINDOWS\system32\drivers\vmusb.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\DRIVERS\vmci.sys (VMware, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AVerAF35) -- C:\WINDOWS\system32\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.de/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchcompletion.com?si=10188&home=true"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..keyword.URL: "http://search.searchcompletion.com?si=10188&bs=true&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.17 10:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.24 09:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.10.29 18:45:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2011.02.16 20:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Extensions
[2011.02.16 20:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.17 20:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\g2l788se.Standard-Benutzer\extensions
[2012.02.16 21:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions
[2011.02.17 16:06:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.19 00:58:44 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.24 00:20:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.22 20:44:47 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011.12.27 22:32:40 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2011.11.24 19:20:53 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\maps@ovi.com
[2012.03.02 21:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions
[2012.03.02 21:49:39 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.18 00:08:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\searchplugins\Web Search.xml
[2012.02.04 12:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.19 22:04:03 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MATTHIAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HV5G430I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MATTHIAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HV5G430I.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.17 10:58:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.16 19:21:48 | 000,002,046 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Web Search.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Programme\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.5_0\
 
O1 HOSTS File: ([2011.11.19 14:59:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1521F33A-179E-4A62-A9EF-877725B62DDE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1521F33A-179E-4A62-A9EF-877725B62DDE}: NameServer = 85.88.19.10,94.75.228.28
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\ms-help - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.15 20:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | -H-- | M] () - N:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | ---- | M] () - N:\AUTORUN_.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 1 Day ==========
 
[2012.03.17 12:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\SUPERAntiSpyware.com
[2012.03.17 12:39:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.03.17 12:39:34 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.03.17 12:39:10 | 014,309,640 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Matthias\Desktop\SUPERAntiSpyware5.exe
[2012.03.17 12:37:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe
[2012.03.17 12:34:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\SpybotPortable
[2012.03.17 12:34:04 | 020,395,368 | ---- | C] (PortableApps.com) -- C:\Dokumente und Einstellungen\Matthias\Desktop\SpybotPortable_1.6.2_Rev_2.paf.exe
[2012.03.17 12:28:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\backups
[2012.03.17 12:26:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Matthias\Desktop\HiJackThis204.exe
[2012.03.17 12:22:12 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Matthias\Desktop\TDSSKiller.exe
[2012.03.17 11:42:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012.03.17 11:41:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012.03.17 11:40:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2012.03.17 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.03.17 10:52:21 | 003,486,284 | ---- | C] (KC Softwares                                                ) -- C:\Dokumente und Einstellungen\Matthias\Desktop\sumo.exe
[2012.03.17 10:17:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Matthias\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 1 Day ==========
 
[2012.03.17 12:39:59 | 000,001,649 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.17 12:34:14 | 020,395,368 | ---- | M] (PortableApps.com) -- C:\Dokumente und Einstellungen\Matthias\Desktop\SpybotPortable_1.6.2_Rev_2.paf.exe
[2012.03.17 12:19:15 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\shdsp.sys
[2012.03.17 12:11:54 | 000,225,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.17 11:42:18 | 000,001,529 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.03.17 11:11:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaodyqmm.sys
[2012.03.17 10:58:44 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2012.03.17 10:52:21 | 003,486,284 | ---- | M] (KC Softwares                                                ) -- C:\Dokumente und Einstellungen\Matthias\Desktop\sumo.exe
[2012.03.17 09:33:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.17 09:32:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.16 19:49:52 | 000,163,738 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.JPG
[2012.03.16 19:48:18 | 000,140,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.JPG
[2012.03.16 19:45:13 | 002,979,894 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.bmp
[2012.03.16 19:43:18 | 002,605,734 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.bmp
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.17 12:39:59 | 000,001,649 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.17 12:19:15 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\shdsp.sys
[2012.03.17 11:42:18 | 000,001,529 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.03.17 11:11:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaodyqmm.sys
[2012.03.16 19:49:52 | 000,163,738 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.JPG
[2012.03.16 19:48:17 | 000,140,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.JPG
[2012.03.16 19:38:28 | 002,979,894 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.bmp
[2012.03.16 19:38:03 | 002,605,734 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.bmp
[2012.03.13 16:34:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.03.03 16:58:09 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.backup.dm
[2012.02.15 20:54:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.04 13:02:15 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2011.12.05 13:22:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.10.31 18:45:19 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.08.31 19:19:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.08.28 11:27:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\oodjobd.INI
[2011.08.05 15:11:33 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011.08.04 18:21:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.07.30 17:23:48 | 000,068,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.06.28 14:22:24 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.06.24 14:59:01 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2011.06.19 15:39:28 | 000,001,492 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2011.06.16 18:57:45 | 000,530,168 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.06.16 18:57:42 | 002,775,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1645522239-796845957-839522115-1003-0.dat
[2011.06.16 18:57:42 | 000,266,830 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.02.16 18:38:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2011.02.16 18:38:42 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2011.02.16 18:38:30 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll
[2011.02.16 18:38:30 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2011.02.16 18:38:30 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll
[2011.02.16 18:38:30 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll
[2011.02.16 18:38:30 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2011.02.16 18:38:30 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2011.02.16 18:38:30 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll
[2011.02.16 18:28:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011.02.16 15:37:46 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011.02.16 15:35:19 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011.02.16 15:34:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.02.16 14:54:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011.02.16 13:45:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.16 13:44:31 | 000,225,280 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.15 20:41:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.02.15 20:37:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.02.15 20:32:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.02.15 20:31:20 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.01.29 17:00:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2009.10.06 08:16:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.06 23:19:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\StickSecuritySafeMode.exe
[2007.08.28 05:58:00 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007.05.10 00:39:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLdNL.DLL
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006.12.31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.04.02 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003.04.02 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003.04.02 12:00:00 | 000,518,532 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003.04.02 12:00:00 | 000,494,050 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.04.02 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003.04.02 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003.04.02 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.04.02 12:00:00 | 000,103,166 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003.04.02 12:00:00 | 000,085,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.04.02 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003.04.02 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003.04.02 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003.04.02 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.04.02 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.04.02 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

Bitte um Hilfe!
MfG

cosinus · 19.03.2012, 18:24

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

matthias2619 · 19.03.2012, 18:32

Nein, das ist der einzige Scan.
MfG

cosinus · 19.03.2012, 18:34

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

matthias2619 · 20.03.2012, 14:09

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=51c95c9f2311af4b81cfb4f528d97195
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-20 08:37:48
# local_time=2012-03-20 09:37:48 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3719 3719 0 0
# scanned=88156
# found=2
# cleaned=0
# scan_time=4841
C:\System Volume Information\_restore{2BD77C37-4540-43DB-8D2F-BAC58E7CFEA4}\RP259\A0087625.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
C:\System Volume Information\_restore{2BD77C37-4540-43DB-8D2F-BAC58E7CFEA4}\RP259\A0087642.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I

Die erste Datei gehört zum Setup von CDBurnerXP und die zweite zum Setup von Sumo.
MfG

cosinus · 20.03.2012, 16:37

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

matthias2619 · 21.03.2012, 10:32

Code:

ATTFilter

OTL logfile created on: 21.03.2012 10:10:32 - Run 4
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\Matthias\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 70,85% Memory free
3,59 Gb Paging File | 3,26 Gb Available in Paging File | 90,85% Paging File free
Paging file location(s): C:\pagefile.sys 2300 3064 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 22,63 Gb Free Space | 30,37% Space Free | Partition Type: NTFS
Drive F: | 2328,76 Gb Total Space | 1969,46 Gb Free Space | 84,57% Space Free | Partition Type: NTFS
Drive N: | 3,82 Gb Total Space | 3,78 Gb Free Space | 98,85% Space Free | Partition Type: FAT32
 
Computer Name: MUHAHAHA-FPGDH9 | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d1a4e5284f73c0426fdbe8fa4dea3db\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ba14959449e5c27d9c9f593c55cd7ccf\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\7c2da510ff90361852de55647d791a4e\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\483ca92d1c432c2ab4f45bcdca10e591\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\859f6bb004636fbd0a0e390002aa993c\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\acabbdbe75352f8e60be98a285da9f67\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\0375a0ec40ca6772f909e272784b854c\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\569b4aaba7843810942abc04dfa400e4\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\54ad69352f06b426ec621752b0a7bc8a\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d03a9a44a9482c0932beb1e3eabb11c3\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\245a2d9be605b96e0f1a0ef79ae3a28b\System.ni.dll ()
MOD - C:\Programme\VMware\VMware Player\libxml2.dll ()
MOD - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
MOD - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\Hotspot Shield\bin\libidn-11.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libssl32.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libeay32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AVerScheduleService) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (AVerRemote) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva394) -- C:\WINDOWS\system32\XDva394.sys File not found
DRV - (XDva393) -- C:\WINDOWS\system32\XDva393.sys File not found
DRV - (XDva392) -- C:\WINDOWS\system32\XDva392.sys File not found
DRV - (XDva391) -- C:\WINDOWS\system32\XDva391.sys File not found
DRV - (XDva390) -- C:\WINDOWS\system32\XDva390.sys File not found
DRV - (XDva389) -- C:\WINDOWS\system32\XDva389.sys File not found
DRV - (XDva388) -- C:\WINDOWS\system32\XDva388.sys File not found
DRV - (PROCEXP151) -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS File not found
DRV - (PCIDump) --  File not found
DRV - (mcmajcf) -- System32\drivers\alcnxcva.sys File not found
DRV - (cpuz130) -- C:\DOKUME~1\Matthias\LOKALE~1\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (catchme) -- C:\DOKUME~1\Matthias\LOKALE~1\Temp\catchme.sys File not found
DRV - (betoxdl) -- System32\drivers\ldroeopg.sys File not found
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\WINDOWS\system32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\WINDOWS\system32\drivers\vmusb.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AVerAF35) -- C:\WINDOWS\system32\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.de/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.de/
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.de/
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.de/
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.de/
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.de/
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.de/
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/lionskin/{1C3167E1-42C1-42E1-9408-5EFAC7A3BAD3}?q={searchTerms}
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchcompletion.com?si=10188&home=true"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..keyword.URL: "http://search.searchcompletion.com?si=10188&bs=true&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.17 10:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.24 09:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.10.29 18:45:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2011.02.16 20:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Extensions
[2011.02.16 20:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.17 20:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\g2l788se.Standard-Benutzer\extensions
[2012.02.16 21:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions
[2011.02.17 16:06:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.19 00:58:44 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.24 00:20:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.22 20:44:47 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011.12.27 22:32:40 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2011.11.24 19:20:53 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\maps@ovi.com
[2012.03.02 21:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions
[2012.03.02 21:49:39 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.18 00:08:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\searchplugins\Web Search.xml
[2012.02.04 12:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.19 22:04:03 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MATTHIAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HV5G430I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MATTHIAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HV5G430I.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.17 10:58:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.16 19:21:48 | 000,002,046 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Web Search.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Programme\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.5_0\
 
O1 HOSTS File: ([2011.11.19 14:59:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-21-1645522239-796845957-839522115-1003..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1645522239-796845957-839522115-1003..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1521F33A-179E-4A62-A9EF-877725B62DDE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1521F33A-179E-4A62-A9EF-877725B62DDE}: NameServer = 85.88.19.10,94.75.228.28
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\ms-help - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.15 20:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | -H-- | M] () - N:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | ---- | M] () - N:\AUTORUN_.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe - (AVerMedia TECHNOLOGIES, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Dienst-Manager.lnk - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk -  - File not found
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DWQueuedReporting - hkey= - key= - C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
MsConfig - StartUpReg: FILSHtray - hkey= - key= - C:\Programme\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
MsConfig - StartUpReg: HDDHealth - hkey= - key= -  File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Programme\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: MSConfig - hkey= - key= - C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SlimDrivers - hkey= - key= - C:\Programme\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: VMware hqtray - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: AutorunsDisabled - 
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 21:50:46 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Matthias\Recent
[2012.03.20 16:35:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\id Software
[2012.03.20 16:35:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\id Software
[2012.03.20 16:35:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2012.03.20 14:28:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Eigene Dateien\Neuer Ordner (5)
[2012.03.20 08:15:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.03.20 08:15:07 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.03.17 12:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\SUPERAntiSpyware.com
[2012.03.17 12:39:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.03.17 12:39:34 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.03.17 12:37:12 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe
[2012.03.17 12:26:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Matthias\Desktop\HiJackThis204.exe
[2012.03.17 12:22:12 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Matthias\Desktop\TDSSKiller.exe
[2012.03.17 11:42:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012.03.17 11:41:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012.03.17 11:40:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2012.03.13 16:34:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.03.13 16:34:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canneverbe Limited
[2012.03.13 16:34:20 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2012.03.12 19:42:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Startmenü\Programme\Total Commander
[2012.03.12 19:42:55 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.03.12 19:42:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\GHISLER
[2012.03.11 13:56:06 | 000,000,000 | ---D | C] -- C:\Programme\Nero
[2012.03.11 13:56:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nero
[2012.03.11 13:55:51 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nero
[2012.03.11 13:55:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
[2012.03.11 13:47:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\IsoBusterPortable
[2012.03.08 19:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\sony vegas
[2012.03.06 17:08:17 | 004,763,456 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Matthias\Desktop\procexp.exe
[2012.03.02 13:15:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Amazon
[2012.03.02 13:15:12 | 000,000,000 | ---D | C] -- C:\Programme\Amazon
[2012.03.02 13:15:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Amazon
[2012.02.29 20:44:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Eigene Dateien\Neuer Ordner (4)
[2012.02.29 20:37:47 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2012.02.29 20:37:43 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2012.02.29 20:37:43 | 000,025,712 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2012.02.29 20:37:36 | 000,783,472 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2012.02.29 20:37:31 | 000,025,584 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2012.02.29 20:37:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VMware
[2012.02.29 20:36:47 | 000,000,000 | ---D | C] -- C:\Programme\VMware
[2012.02.29 20:36:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\VMware
[2012.02.28 21:09:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Rovio
[2012.02.27 21:26:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite
[2012.02.27 21:26:24 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012.02.27 21:26:12 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2012.02.27 21:21:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.02.27 21:13:27 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2012.02.27 21:13:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2012.02.27 21:13:26 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2012.02.27 21:06:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HyperCam 3
[2012.02.27 21:06:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Solveig Multimedia
[2012.02.27 21:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Startmenü\Programme\WinRAR
[2012.02.27 21:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinRAR
[2012.02.27 20:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\bluej
[2012.02.27 20:44:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Startmenü\Programme\BlueJ
[2012.02.27 20:43:58 | 000,000,000 | ---D | C] -- C:\Programme\BlueJ
[2012.02.27 20:40:59 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2012.02.27 20:26:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\inf
[2012.02.24 23:53:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TS3Client
[2012.02.24 23:52:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamSpeak 3 Client
[2012.02.24 23:52:25 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2012.02.24 09:37:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Oracle
[2012.02.24 09:35:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.02.23 16:20:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Eigene Dateien\Neuer Ordner (3)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.20 21:39:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe
[2012.03.20 21:31:05 | 117,601,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\908.flv
[2012.03.20 19:20:38 | 022,259,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\vlc-2.0.1-win32.exe
[2012.03.20 16:47:53 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2012.03.20 08:12:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.20 08:11:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.18 19:56:02 | 000,251,067 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2012-03-18_195555.jpg
[2012.03.18 16:29:21 | 000,176,958 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2012-03-18_162919.bmp
[2012.03.17 12:11:54 | 000,225,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.16 19:45:13 | 002,979,894 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.bmp
[2012.03.16 19:43:18 | 002,605,734 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.bmp
[2012.03.12 00:18:06 | 181,859,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\BEATKINGZ_Rmx_Ref.zip
[2012.03.11 10:36:36 | 007,744,129 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\18. Massiv feat. Baba Saad - Hart und Gerecht (Orginal).mp3
[2012.03.11 10:36:32 | 009,777,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\6. Dany feat. Baba Saad & Jonny Chash - Unterschaetzt II (Orginal).mp3
[2012.03.11 10:36:32 | 006,873,859 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2. Baba Saad feat. Bass Sultan Hengzt - Gb 2011 (Orginal).mp3
[2012.03.09 22:35:29 | 006,410,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\Baba Saad - Mein Job (Manuel Charr).mp3
[2012.03.09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Matthias\Desktop\TDSSKiller.exe
[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\UC.PIF
[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\RAR.PIF
[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\PKZIP.PIF
[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\PKUNZIP.PIF
[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\NOCLOSE.PIF
[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\LHA.PIF
[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\ARJ.PIF
[2012.03.08 15:31:03 | 000,518,532 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.08 15:31:03 | 000,494,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.08 15:31:03 | 000,103,166 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.08 15:31:03 | 000,085,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.05 22:20:44 | 000,046,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\trollface.jpg
[2012.03.05 22:13:58 | 000,044,837 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\blogspot-andreas-frauentausch.jpg
[2012.03.04 01:07:16 | 001,472,332 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\G0100027590550.jpg
[2012.03.03 16:58:09 | 000,000,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.backup.dm
[2012.03.03 00:42:12 | 000,022,485 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\41pupkrmmxl._sl5.jpg
[2012.02.29 23:28:26 | 003,473,347 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\haftbefehl-nehm_dir_alles_weg.mp3
[2012.02.29 23:28:08 | 010,312,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\kollegah-fanpost.mp3
[2012.02.29 23:27:50 | 000,304,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\Haftbefehl+haft.jpg
[2012.02.29 23:26:17 | 000,471,387 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\kollegah-flex-sluts-rock-n-roll-cover.jpg
[2012.02.29 21:39:05 | 000,200,014 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\ThugLife weiß.jpg
[2012.02.27 21:26:22 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012.02.27 21:16:18 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.20 21:29:24 | 117,601,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\908.flv
[2012.03.20 19:20:27 | 022,259,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\vlc-2.0.1-win32.exe
[2012.03.18 19:56:01 | 000,251,067 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2012-03-18_195555.jpg
[2012.03.18 16:29:21 | 000,176,958 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2012-03-18_162919.bmp
[2012.03.16 19:38:28 | 002,979,894 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.bmp
[2012.03.16 19:38:03 | 002,605,734 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.bmp
[2012.03.13 16:34:22 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CDBurnerXP.lnk
[2012.03.13 16:34:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.03.13 13:05:38 | 007,744,129 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\18. Massiv feat. Baba Saad - Hart und Gerecht (Orginal).mp3
[2012.03.13 13:05:22 | 009,777,917 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\6. Dany feat. Baba Saad & Jonny Chash - Unterschaetzt II (Orginal).mp3
[2012.03.13 13:05:04 | 006,873,859 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2. Baba Saad feat. Bass Sultan Hengzt - Gb 2011 (Orginal).mp3
[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2012.03.11 22:37:24 | 181,859,693 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\BEATKINGZ_Rmx_Ref.zip
[2012.03.11 15:50:45 | 000,000,246 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2012.03.09 22:35:16 | 006,410,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\Baba Saad - Mein Job (Manuel Charr).mp3
[2012.03.05 22:20:44 | 000,046,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\trollface.jpg
[2012.03.05 22:13:57 | 000,044,837 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\blogspot-andreas-frauentausch.jpg
[2012.03.04 01:07:15 | 001,472,332 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\G0100027590550.jpg
[2012.03.03 16:58:09 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.backup.dm
[2012.03.03 00:42:12 | 000,022,485 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\41pupkrmmxl._sl5.jpg
[2012.02.29 23:27:50 | 000,304,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\Haftbefehl+haft.jpg
[2012.02.29 23:26:17 | 000,471,387 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\kollegah-flex-sluts-rock-n-roll-cover.jpg
[2012.02.29 23:16:37 | 010,312,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\kollegah-fanpost.mp3
[2012.02.29 23:14:49 | 003,473,347 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\haftbefehl-nehm_dir_alles_weg.mp3
[2012.02.29 21:38:58 | 000,200,014 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\ThugLife weiß.jpg
[2012.02.15 20:54:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.05 13:22:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.10.31 18:45:19 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.08.31 19:19:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.08.28 11:27:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\oodjobd.INI
[2011.08.05 15:11:33 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011.08.04 18:21:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.07.30 17:23:48 | 000,068,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.06.28 14:22:24 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.06.24 14:59:01 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2011.06.19 15:39:28 | 000,001,492 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2011.06.16 18:57:45 | 000,530,168 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.06.16 18:57:42 | 002,775,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1645522239-796845957-839522115-1003-0.dat
[2011.06.16 18:57:42 | 000,266,830 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.02.17 16:08:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.02.17 16:08:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.02.17 16:08:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.02.17 16:08:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.02.17 16:08:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.02.16 18:38:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2011.02.16 18:38:42 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2011.02.16 18:38:30 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll
[2011.02.16 18:38:30 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2011.02.16 18:38:30 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll
[2011.02.16 18:38:30 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll
[2011.02.16 18:38:30 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2011.02.16 18:38:30 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2011.02.16 18:38:30 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll
[2011.02.16 18:28:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011.02.16 15:37:46 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011.02.16 15:35:19 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011.02.16 15:34:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.02.16 14:54:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011.02.16 13:45:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.16 13:44:31 | 000,225,280 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.15 20:41:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.02.15 20:37:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.02.15 20:32:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.02.15 20:31:20 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.01.29 17:00:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2011.02.16 18:39:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2012.03.13 16:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.06.17 16:09:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.11.03 16:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.08.12 17:49:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro
[2012.02.04 13:02:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2012.01.07 19:15:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hssff
[2011.06.20 22:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IconTweaker
[2012.03.20 16:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2011.09.06 16:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit
[2011.12.24 14:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2012.01.27 23:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security
[2011.02.16 19:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.08.03 19:00:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2011.06.18 20:57:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2011.06.20 21:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.02.15 21:04:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.08.22 19:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.minecraft
[2012.03.02 13:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Amazon
[2011.06.20 12:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Auslogics
[2011.10.16 12:58:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\BANDISOFT
[2012.02.13 18:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Binreader
[2012.03.13 16:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canneverbe Limited
[2011.08.30 20:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canon
[2011.10.20 17:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\CCE
[2012.03.08 16:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DAEMON Tools Lite
[2011.12.12 20:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DVDVideoSoft
[2011.12.12 20:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.03.12 19:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\GHISLER
[2012.01.22 17:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\gtk-2.0
[2012.03.20 16:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\id Software
[2011.07.15 22:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\JAM Software
[2011.02.17 21:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\KC Softwares
[2011.10.23 13:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\KillSwitch
[2011.12.25 20:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\MAGIX
[2012.03.04 01:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mp3tag
[2011.12.01 16:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Nik Software
[2012.02.24 09:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Oracle
[2012.01.27 23:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Panda Security
[2011.06.18 21:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Publish Providers
[2012.02.28 21:09:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Rovio
[2011.02.16 19:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung
[2012.02.27 21:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Solveig Multimedia
[2011.07.16 23:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Sony
[2011.11.26 22:51:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TERMINAL Studio
[2011.02.16 20:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Thunderbird
[2012.03.20 21:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TS3Client
[2011.06.20 21:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TuneUp Software
[2012.02.05 17:36:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\updatetool
[2012.03.18 11:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\uTorrent
[2011.06.19 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Windows Search
[2011.02.16 19:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\XMedia Recode
[2012.03.20 16:47:53 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.22 19:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.minecraft
[2011.02.16 15:46:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Adobe
[2012.03.02 13:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Amazon
[2011.11.16 21:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Apple Computer
[2011.06.20 12:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Auslogics
[2011.10.16 12:58:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\BANDISOFT
[2012.02.13 18:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Binreader
[2012.03.13 16:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canneverbe Limited
[2011.08.30 20:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canon
[2011.10.20 17:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\CCE
[2012.03.08 16:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DAEMON Tools Lite
[2011.10.29 14:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\dvdcss
[2011.12.12 20:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DVDVideoSoft
[2011.12.12 20:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.06.17 18:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\FastStone
[2012.03.12 19:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\GHISLER
[2012.01.22 17:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\gtk-2.0
[2012.03.20 16:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\id Software
[2011.02.15 20:43:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Identities
[2011.07.15 22:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\JAM Software
[2011.02.17 21:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\KC Softwares
[2011.10.23 13:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\KillSwitch
[2011.02.16 15:46:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Macromedia
[2011.12.25 20:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\MAGIX
[2011.02.16 16:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Malwarebytes
[2011.10.26 14:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Media Player Classic
[2012.02.27 20:44:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Microsoft
[2011.02.16 13:45:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla
[2012.03.04 01:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mp3tag
[2011.12.01 16:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Nik Software
[2012.02.24 09:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Oracle
[2012.01.27 23:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Panda Security
[2011.06.18 21:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Publish Providers
[2012.02.28 21:09:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Rovio
[2011.02.16 19:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung
[2012.03.16 20:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Skype
[2012.02.27 21:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Solveig Multimedia
[2011.07.16 23:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Sony
[2011.02.16 19:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Sun
[2012.03.17 12:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\SUPERAntiSpyware.com
[2011.10.29 23:45:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\teamspeak2
[2011.11.26 22:51:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TERMINAL Studio
[2011.02.16 20:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Thunderbird
[2012.03.20 21:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TS3Client
[2011.06.20 21:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TuneUp Software
[2012.02.05 17:36:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\updatetool
[2012.03.18 11:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\uTorrent
[2012.03.20 21:55:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\vlc
[2012.03.20 21:27:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\VMware
[2011.06.19 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Windows Search
[2011.02.16 13:49:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\WinRAR
[2011.02.16 19:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2011.04.16 11:18:52 | 000,647,168 | ---- | M] (IDEVFH) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
[2012.03.18 20:25:04 | 000,106,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.18 20:25:04 | 000,101,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.18 20:25:05 | 000,021,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2011.12.27 15:21:06 | 000,937,360 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.12.27 15:21:10 | 000,278,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.12.23 13:03:40 | 000,304,640 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.12.27 15:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.12.23 12:59:48 | 000,284,672 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.12.23 12:59:50 | 000,691,712 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.12.27 15:21:12 | 000,067,472 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.12.23 12:59:20 | 000,106,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.12.23 12:59:20 | 000,101,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.12.27 15:21:16 | 000,131,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.12.27 15:21:18 | 000,021,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.12.27 15:21:20 | 003,569,984 | ---- | M] (Freeware) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.12.27 15:21:22 | 000,371,088 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.02.03 09:50:30 | 000,371,088 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2003.04.02 12:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2003.04.02 12:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.12.08 20:47:30 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\SlimWare Utilities Inc\SlimDrivers\Backups\20110805T141725781250\pci\ven_8086&dev_2829&cc_0106\iaStor.sys
[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\drivers\kdrv0\IaStor.sys
[2008.12.08 20:47:30 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\NLDRV\001\iastor.sys
[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OEMDIR\iaStor.sys
[2008.12.08 20:47:30 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2003.04.02 12:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2003.04.02 12:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2003.04.02 12:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2003.04.02 12:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2003.04.02 12:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2003.04.02 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003.04.02 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011.02.15 21:30:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.02.15 21:30:46 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.02.15 21:30:46 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[19 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >

< End of report >

cosinus · 21.03.2012, 15:48

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
DRV - (XDva394) -- C:\WINDOWS\system32\XDva394.sys File not found
DRV - (XDva393) -- C:\WINDOWS\system32\XDva393.sys File not found
DRV - (XDva392) -- C:\WINDOWS\system32\XDva392.sys File not found
DRV - (XDva391) -- C:\WINDOWS\system32\XDva391.sys File not found
DRV - (XDva390) -- C:\WINDOWS\system32\XDva390.sys File not found
DRV - (XDva389) -- C:\WINDOWS\system32\XDva389.sys File not found
DRV - (XDva388) -- C:\WINDOWS\system32\XDva388.sys File not found
DRV - (PROCEXP151) -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS File not found
DRV - (PCIDump) --  File not found
DRV - (mcmajcf) -- System32\drivers\alcnxcva.sys File not found
DRV - (betoxdl) -- System32\drivers\ldroeopg.sys File not found
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/lionskin/{1C3167E1-42C1-42E1-9408-5EFAC7A3BAD3}?q={searchTerms}
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchcompletion.com?si=10188&home=true"
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..keyword.URL: "http://search.searchcompletion.com?si=10188&bs=true&q="
[2011.02.17 16:06:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\searchplugins\Web Search.xml
[2011.02.16 19:21:48 | 000,002,046 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Web Search.xml
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.15 20:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | -H-- | M] () - N:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | ---- | M] () - N:\AUTORUN_.INF -- [ FAT32 ]
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

matthias2619 · 22.03.2012, 15:06

Code:

ATTFilter

All processes killed
========== OTL ==========
Error: Unable to stop service XDva394!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XDva394 deleted successfully.
File C:\WINDOWS\system32\XDva394.sys File not found not found.
Service XDva393 stopped successfully!
Service XDva393 deleted successfully!
File C:\WINDOWS\system32\XDva393.sys File not found not found.
Service XDva392 stopped successfully!
Service XDva392 deleted successfully!
File C:\WINDOWS\system32\XDva392.sys File not found not found.
Service XDva391 stopped successfully!
Service XDva391 deleted successfully!
File C:\WINDOWS\system32\XDva391.sys File not found not found.
Service XDva390 stopped successfully!
Service XDva390 deleted successfully!
File C:\WINDOWS\system32\XDva390.sys File not found not found.
Service XDva389 stopped successfully!
Service XDva389 deleted successfully!
File C:\WINDOWS\system32\XDva389.sys File not found not found.
Service XDva388 stopped successfully!
Service XDva388 deleted successfully!
File C:\WINDOWS\system32\XDva388.sys File not found not found.
Service PROCEXP151 stopped successfully!
Service PROCEXP151 deleted successfully!
File C:\WINDOWS\system32\Drivers\PROCEXP151.SYS File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service mcmajcf stopped successfully!
Service mcmajcf deleted successfully!
File System32\drivers\alcnxcva.sys File not found not found.
Service betoxdl stopped successfully!
Service betoxdl deleted successfully!
File System32\drivers\ldroeopg.sys File not found not found.
Registry key HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.searchcompletion.com?si=10188&home=true" removed from browser.startup.homepage
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: false removed from browser.search.useDBForOrder
Prefs.js: "http://search.searchcompletion.com?si=10188&bs=true&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\searchplugins\Web Search.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\Web Search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE deleted successfully.
C:\WINDOWS\system32\ctfmon.exe moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE not found.
File C:\WINDOWS\system32\ctfmon.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File N:\autorun.inf not found.
N:\AUTORUN_.INF moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matthias
->Temp folder emptied: 371632 bytes
->Temporary Internet Files folder emptied: 1103718 bytes
->Java cache emptied: 3482766 bytes
->FireFox cache emptied: 791256980 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1208 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 719293 bytes

%systemdrive% .tmp files removed: 219136 bytes
%systemroot% .tmp files removed: 1119649 bytes
%systemroot%\System32 .tmp files removed: 2833287 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17631 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 764,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.1 log created on 03222012_150125

Files\Folders moved on Reboot...
C:\WINDOWS\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2980.log moved successfully.

Registry entries deleted on Reboot...

cosinus · 22.03.2012, 15:54

Zitat:

[2012.03.17 12:22:12 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Matthias\Desktop\TDSSKiller.exe

Was hast du da schon mit dem TDSS-Killer gemacht?!
Wo ist das Log dazu?

matthias2619 · 22.03.2012, 16:14

Den TDSS-Killer habe ich einmal benutzt und er hat nichts gefunden. Weil nix gefunden wurde, habe ich den Log, der unter C:\ lag, leider gelöscht, sorry

Aber da eh nix gefunden wurde, hoffe ich, dass es nicht allzu tragisch ist.
Ich hab eben einen neuen Scan gemacht und alle Haken vorher gesetzt.
Ich hoffe dass es sich dabei um Fehlalarme handelt:

Code:

ATTFilter

16:09:52.0390 3240	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
16:09:52.0453 3240	============================================================
16:09:52.0453 3240	Current date / time: 2012/03/22 16:09:52.0453
16:09:52.0453 3240	SystemInfo:
16:09:52.0453 3240	
16:09:52.0453 3240	OS Version: 5.1.2600 ServicePack: 3.0
16:09:52.0453 3240	Product type: Workstation
16:09:52.0453 3240	ComputerName: MUHAHAHA-FPGDH9
16:09:52.0453 3240	UserName: Matthias
16:09:52.0453 3240	Windows directory: C:\WINDOWS
16:09:52.0453 3240	System windows directory: C:\WINDOWS
16:09:52.0453 3240	Processor architecture: Intel x86
16:09:52.0453 3240	Number of processors: 1
16:09:52.0453 3240	Page size: 0x1000
16:09:52.0453 3240	Boot type: Normal boot
16:09:52.0453 3240	============================================================
16:09:53.0187 3240	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:09:53.0187 3240	Drive \Device\Harddisk1\DR2 - Size: 0xF5400000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:09:53.0203 3240	\Device\Harddisk0\DR0:
16:09:53.0203 3240	MBR used
16:09:53.0203 3240	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
16:09:53.0203 3240	\Device\Harddisk1\DR2:
16:09:53.0203 3240	MBR used
16:09:53.0203 3240	\Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7A9FE0
16:09:53.0234 3240	Initialize success
16:09:53.0234 3240	============================================================
16:09:59.0250 2388	============================================================
16:09:59.0250 2388	Scan started
16:09:59.0250 2388	Mode: Manual; SigCheck; TDLFS; 
16:09:59.0250 2388	============================================================
16:09:59.0953 2388	!SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
16:10:00.0125 2388	!SASCORE - ok
16:10:00.0328 2388	Abiosdsk - ok
16:10:00.0375 2388	abp480n5 - ok
16:10:00.0437 2388	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:10:02.0187 2388	ACPI - ok
16:10:02.0328 2388	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:10:02.0500 2388	ACPIEC - ok
16:10:02.0531 2388	adpu160m - ok
16:10:02.0593 2388	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:10:02.0843 2388	aec - ok
16:10:03.0046 2388	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:10:03.0109 2388	AFD - ok
16:10:03.0171 2388	AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Programme\LSI SoftModem\agrsmsvc.exe
16:10:03.0218 2388	AgereModemAudio - ok
16:10:03.0312 2388	AgereSoftModem  (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:10:03.0609 2388	AgereSoftModem - ok
16:10:03.0703 2388	Aha154x - ok
16:10:03.0750 2388	aic78u2 - ok
16:10:03.0781 2388	aic78xx - ok
16:10:03.0828 2388	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
16:10:03.0953 2388	Alerter - ok
16:10:04.0046 2388	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
16:10:04.0156 2388	ALG - ok
16:10:04.0203 2388	AliIde - ok
16:10:04.0296 2388	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
16:10:04.0703 2388	Ambfilt - ok
16:10:04.0875 2388	amsint - ok
16:10:04.0953 2388	androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
16:10:04.0953 2388	androidusb - ok
16:10:05.0062 2388	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:10:05.0078 2388	Apple Mobile Device - ok
16:10:05.0140 2388	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
16:10:05.0265 2388	AppMgmt - ok
16:10:05.0390 2388	asc - ok
16:10:05.0437 2388	asc3350p - ok
16:10:05.0484 2388	asc3550 - ok
16:10:05.0546 2388	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:10:05.0562 2388	aspnet_state - ok
16:10:05.0625 2388	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:10:05.0734 2388	AsyncMac - ok
16:10:05.0828 2388	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:10:05.0953 2388	atapi - ok
16:10:06.0046 2388	Atdisk - ok
16:10:06.0125 2388	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:10:06.0234 2388	Atmarpc - ok
16:10:06.0296 2388	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
16:10:06.0468 2388	AudioSrv - ok
16:10:06.0640 2388	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:10:06.0859 2388	audstub - ok
16:10:06.0968 2388	AVerAF35        (c143c69e089c7a13520eaf06175b3a3b) C:\WINDOWS\system32\Drivers\AVerAF35.sys
16:10:07.0062 2388	AVerAF35 - ok
16:10:07.0140 2388	AVerRemote      (a33c07f7527fc4cbc664c3137eb7d744) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
16:10:07.0187 2388	AVerRemote ( UnsignedFile.Multi.Generic ) - warning
16:10:07.0187 2388	AVerRemote - detected UnsignedFile.Multi.Generic (1)
16:10:07.0296 2388	AVerScheduleService (9aebb2d487d9bf4c0f354899d842edd0) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
16:10:07.0406 2388	AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
16:10:07.0406 2388	AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
16:10:07.0531 2388	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:10:07.0656 2388	Beep - ok
16:10:07.0734 2388	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
16:10:07.0890 2388	BITS - ok
16:10:08.0015 2388	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
16:10:08.0046 2388	Bonjour Service - ok
16:10:08.0218 2388	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
16:10:08.0328 2388	Browser - ok
16:10:08.0375 2388	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:10:08.0500 2388	BthEnum - ok
16:10:08.0531 2388	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:10:08.0656 2388	BthPan - ok
16:10:08.0718 2388	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
16:10:08.0781 2388	BTHPORT - ok
16:10:08.0890 2388	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
16:10:09.0234 2388	BthServ - ok
16:10:09.0328 2388	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:10:09.0421 2388	BTHUSB - ok
16:10:09.0593 2388	catchme - ok
16:10:09.0843 2388	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:10:10.0046 2388	cbidf2k - ok
16:10:10.0156 2388	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:10:10.0296 2388	CCDECODE - ok
16:10:10.0328 2388	cd20xrnt - ok
16:10:10.0390 2388	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:10:10.0546 2388	Cdaudio - ok
16:10:10.0640 2388	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:10:10.0796 2388	Cdfs - ok
16:10:10.0921 2388	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:10:11.0078 2388	Cdrom - ok
16:10:11.0171 2388	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
16:10:11.0312 2388	CiSvc - ok
16:10:11.0375 2388	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
16:10:11.0531 2388	ClipSrv - ok
16:10:11.0640 2388	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:11.0671 2388	clr_optimization_v2.0.50727_32 - ok
16:10:11.0765 2388	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:11.0812 2388	clr_optimization_v4.0.30319_32 - ok
16:10:11.0937 2388	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:10:12.0093 2388	CmBatt - ok
16:10:12.0140 2388	CmdIde - ok
16:10:12.0234 2388	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:10:12.0453 2388	Compbatt - ok
16:10:12.0515 2388	COMSysApp - ok
16:10:12.0578 2388	Cpqarray - ok
16:10:12.0828 2388	cpuz130 - ok
16:10:12.0937 2388	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
16:10:13.0093 2388	CryptSvc - ok
16:10:13.0140 2388	dac2w2k - ok
16:10:13.0187 2388	dac960nt - ok
16:10:13.0265 2388	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
16:10:13.0406 2388	DcomLaunch - ok
16:10:13.0500 2388	dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
16:10:13.0515 2388	dgderdrv - ok
16:10:13.0625 2388	dg_ssudbus      (919f338fd36f47d860775368d0748780) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
16:10:13.0640 2388	dg_ssudbus - ok
16:10:13.0687 2388	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
16:10:13.0843 2388	Dhcp - ok
16:10:14.0000 2388	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:10:14.0203 2388	Disk - ok
16:10:14.0218 2388	dmadmin - ok
16:10:14.0328 2388	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:10:14.0656 2388	dmboot - ok
16:10:14.0765 2388	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:10:14.0968 2388	dmio - ok
16:10:15.0062 2388	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:10:15.0250 2388	dmload - ok
16:10:15.0359 2388	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
16:10:15.0578 2388	dmserver - ok
16:10:15.0703 2388	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:10:15.0921 2388	DMusic - ok
16:10:16.0078 2388	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
16:10:16.0156 2388	Dnscache - ok
16:10:16.0265 2388	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
16:10:16.0437 2388	Dot3svc - ok
16:10:16.0546 2388	dpti2o - ok
16:10:16.0656 2388	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:10:16.0828 2388	drmkaud - ok
16:10:17.0000 2388	dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
16:10:17.0015 2388	dtsoftbus01 - ok
16:10:17.0140 2388	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
16:10:17.0281 2388	EapHost - ok
16:10:17.0359 2388	ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
16:10:17.0406 2388	ElbyCDFL - ok
16:10:17.0437 2388	ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:10:17.0437 2388	ElbyCDIO - ok
16:10:17.0546 2388	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
16:10:17.0703 2388	ERSvc - ok
16:10:17.0828 2388	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:10:17.0875 2388	Eventlog - ok
16:10:18.0000 2388	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
16:10:18.0062 2388	EventSystem - ok
16:10:18.0156 2388	Fabs - ok
16:10:18.0312 2388	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:10:18.0531 2388	Fastfat - ok
16:10:18.0593 2388	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:10:18.0656 2388	FastUserSwitchingCompatibility - ok
16:10:18.0703 2388	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:10:18.0875 2388	Fdc - ok
16:10:18.0937 2388	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:10:19.0093 2388	Fips - ok
16:10:19.0406 2388	FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
16:10:19.0718 2388	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:10:19.0718 2388	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:10:19.0875 2388	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:10:20.0062 2388	Flpydisk - ok
16:10:20.0234 2388	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:10:20.0406 2388	FltMgr - ok
16:10:20.0562 2388	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:10:20.0578 2388	FontCache3.0.0.0 - ok
16:10:20.0718 2388	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:10:20.0906 2388	Fs_Rec - ok
16:10:20.0968 2388	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:10:21.0171 2388	Ftdisk - ok
16:10:21.0281 2388	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:10:21.0328 2388	GEARAspiWDM - ok
16:10:21.0375 2388	giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
16:10:21.0390 2388	giveio ( UnsignedFile.Multi.Generic ) - warning
16:10:21.0390 2388	giveio - detected UnsignedFile.Multi.Generic (1)
16:10:21.0562 2388	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:10:21.0718 2388	Gpc - ok
16:10:21.0859 2388	gupdate - ok
16:10:21.0859 2388	gupdatem - ok
16:10:21.0968 2388	hcmon           (88a6f2571405b3a4abc4ed2f52136317) C:\WINDOWS\system32\drivers\hcmon.sys
16:10:22.0000 2388	hcmon - ok
16:10:22.0125 2388	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:10:22.0250 2388	HDAudBus - ok
16:10:22.0359 2388	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:10:22.0515 2388	helpsvc - ok
16:10:22.0609 2388	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
16:10:22.0875 2388	HidServ - ok
16:10:23.0000 2388	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:10:23.0125 2388	hidusb - ok
16:10:23.0281 2388	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
16:10:23.0390 2388	hkmsvc - ok
16:10:23.0453 2388	hpn - ok
16:10:23.0546 2388	hshld           (44452f7a09d00573dc6e714874257cc9) C:\Programme\Hotspot Shield\bin\openvpnas.exe
16:10:23.0578 2388	hshld - ok
16:10:23.0734 2388	HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
16:10:23.0750 2388	HssDrv - ok
16:10:23.0781 2388	HssSrv          (2cfea9c337b699aca38487e8a7438f35) C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
16:10:23.0828 2388	HssSrv - ok
16:10:23.0859 2388	HssTrayService  (6b1dc08d22231c9e508a715f07fce7fb) C:\Programme\Hotspot Shield\bin\HssTrayService.EXE
16:10:23.0875 2388	HssTrayService - ok
16:10:23.0875 2388	HssWd - ok
16:10:24.0000 2388	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:10:24.0046 2388	HTTP - ok
16:10:24.0156 2388	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
16:10:24.0281 2388	HTTPFilter - ok
16:10:24.0375 2388	i2omp - ok
16:10:24.0437 2388	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:10:24.0578 2388	i8042prt - ok
16:10:24.0796 2388	ialm            (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:10:25.0062 2388	ialm - ok
16:10:25.0156 2388	iaStor          (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:10:25.0171 2388	iaStor - ok
16:10:25.0390 2388	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:10:25.0515 2388	idsvc - ok
16:10:25.0656 2388	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:10:25.0796 2388	Imapi - ok
16:10:25.0921 2388	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
16:10:26.0062 2388	ImapiService - ok
16:10:26.0093 2388	ini910u - ok
16:10:26.0359 2388	IntcAzAudAddService (251be5418a9b2f9240079146ae96c4cf) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:10:26.0765 2388	IntcAzAudAddService - ok
16:10:27.0000 2388	IntelIde - ok
16:10:27.0109 2388	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:10:27.0265 2388	intelppm - ok
16:10:27.0328 2388	ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:10:27.0468 2388	ip6fw - ok
16:10:27.0531 2388	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:10:27.0718 2388	IpFilterDriver - ok
16:10:27.0828 2388	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:10:28.0015 2388	IpInIp - ok
16:10:28.0156 2388	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:10:28.0312 2388	IpNat - ok
16:10:28.0437 2388	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe
16:10:28.0546 2388	iPod Service - ok
16:10:28.0625 2388	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:10:28.0843 2388	IPSec - ok
16:10:28.0968 2388	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:10:29.0109 2388	IRENUM - ok
16:10:29.0218 2388	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:10:29.0406 2388	isapnp - ok
16:10:29.0562 2388	JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Programme\Java\jre7\bin\jqs.exe
16:10:29.0562 2388	JavaQuickStarterService - ok
16:10:29.0734 2388	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:10:29.0921 2388	Kbdclass - ok
16:10:30.0015 2388	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:10:30.0156 2388	kbdhid - ok
16:10:30.0265 2388	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:10:30.0515 2388	kmixer - ok
16:10:30.0765 2388	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:10:30.0906 2388	KSecDD - ok
16:10:30.0984 2388	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
16:10:31.0015 2388	lanmanserver - ok
16:10:31.0140 2388	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
16:10:31.0203 2388	lanmanworkstation - ok
16:10:31.0281 2388	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
16:10:31.0390 2388	LmHosts - ok
16:10:31.0437 2388	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
16:10:31.0546 2388	Messenger - ok
16:10:31.0625 2388	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:10:31.0765 2388	mnmdd - ok
16:10:31.0890 2388	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
16:10:32.0000 2388	mnmsrvc - ok
16:10:32.0187 2388	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:10:32.0312 2388	Modem - ok
16:10:32.0437 2388	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
16:10:32.0656 2388	Monfilt - ok
16:10:32.0734 2388	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:10:32.0875 2388	Mouclass - ok
16:10:32.0953 2388	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:10:33.0109 2388	mouhid - ok
16:10:33.0265 2388	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:10:33.0375 2388	MountMgr - ok
16:10:33.0468 2388	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:10:33.0593 2388	MPE - ok
16:10:33.0671 2388	mraid35x - ok
16:10:33.0718 2388	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:10:33.0875 2388	MRxDAV - ok
16:10:34.0000 2388	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:10:34.0093 2388	MRxSmb - ok
16:10:34.0156 2388	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
16:10:34.0265 2388	MSDTC - ok
16:10:34.0453 2388	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:10:34.0578 2388	Msfs - ok
16:10:34.0640 2388	MSIServer - ok
16:10:34.0687 2388	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:10:34.0828 2388	MSKSSRV - ok
16:10:34.0859 2388	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:10:35.0015 2388	MSPCLOCK - ok
16:10:35.0203 2388	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:10:35.0328 2388	MSPQM - ok
16:10:35.0421 2388	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:10:35.0531 2388	mssmbios - ok
16:10:35.0625 2388	MSSQL$SONY_MEDIAMGR - ok
16:10:35.0671 2388	MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
16:10:35.0703 2388	MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
16:10:35.0703 2388	MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
16:10:35.0796 2388	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:10:35.0921 2388	MSTEE - ok
16:10:36.0031 2388	MTsensor        (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
16:10:36.0078 2388	MTsensor - ok
16:10:36.0203 2388	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:10:36.0250 2388	Mup - ok
16:10:36.0515 2388	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:10:36.0640 2388	NABTSFEC - ok
16:10:36.0718 2388	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
16:10:36.0859 2388	napagent - ok
16:10:36.0968 2388	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:10:37.0109 2388	NDIS - ok
16:10:37.0265 2388	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:10:37.0359 2388	NdisIP - ok
16:10:37.0437 2388	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:10:37.0500 2388	NdisTapi - ok
16:10:37.0515 2388	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:10:37.0656 2388	Ndisuio - ok
16:10:37.0687 2388	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:10:37.0828 2388	NdisWan - ok
16:10:37.0921 2388	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:10:37.0937 2388	NDProxy - ok
16:10:38.0000 2388	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:10:38.0140 2388	NetBIOS - ok
16:10:38.0203 2388	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:10:38.0343 2388	NetBT - ok
16:10:38.0421 2388	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:10:38.0578 2388	NetDDE - ok
16:10:38.0609 2388	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:10:38.0718 2388	NetDDEdsdm - ok
16:10:38.0796 2388	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:10:38.0937 2388	Netlogon - ok
16:10:39.0000 2388	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
16:10:39.0171 2388	Netman - ok
16:10:39.0296 2388	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:10:39.0328 2388	NetTcpPortSharing - ok
16:10:39.0406 2388	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
16:10:39.0437 2388	Nla - ok
16:10:39.0500 2388	NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
16:10:39.0515 2388	NMSAccess - ok
16:10:39.0640 2388	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:10:39.0781 2388	Npfs - ok
16:10:39.0859 2388	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:10:40.0078 2388	Ntfs - ok
16:10:40.0187 2388	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
16:10:40.0328 2388	NtLmSsp - ok
16:10:40.0437 2388	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
16:10:40.0593 2388	NtmsSvc - ok
16:10:40.0671 2388	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:10:40.0828 2388	Null - ok
16:10:40.0921 2388	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:10:41.0062 2388	NwlnkFlt - ok
16:10:41.0109 2388	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:10:41.0250 2388	NwlnkFwd - ok
16:10:41.0328 2388	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:10:41.0343 2388	ose - ok
16:10:41.0453 2388	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
16:10:41.0578 2388	Parport - ok
16:10:41.0625 2388	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:10:41.0750 2388	PartMgr - ok
16:10:41.0828 2388	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:10:41.0953 2388	ParVdm - ok
16:10:42.0015 2388	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:10:42.0171 2388	PCI - ok
16:10:42.0250 2388	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:10:42.0390 2388	PCIIde - ok
16:10:42.0484 2388	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:10:42.0609 2388	Pcmcia - ok
16:10:42.0656 2388	perc2 - ok
16:10:42.0718 2388	perc2hib - ok
16:10:42.0796 2388	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:10:42.0828 2388	PlugPlay - ok
16:10:42.0937 2388	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:10:43.0062 2388	PolicyAgent - ok
16:10:43.0156 2388	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:10:43.0281 2388	PptpMiniport - ok
16:10:43.0359 2388	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
16:10:43.0500 2388	Processor - ok
16:10:43.0578 2388	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:10:43.0703 2388	ProtectedStorage - ok
16:10:43.0781 2388	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:10:43.0890 2388	PSched - ok
16:10:43.0984 2388	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:10:44.0171 2388	Ptilink - ok
16:10:44.0187 2388	ql1080 - ok
16:10:44.0218 2388	Ql10wnt - ok
16:10:44.0234 2388	ql12160 - ok
16:10:44.0265 2388	ql1240 - ok
16:10:44.0281 2388	ql1280 - ok
16:10:44.0328 2388	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:10:44.0468 2388	RasAcd - ok
16:10:44.0515 2388	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
16:10:44.0671 2388	RasAuto - ok
16:10:44.0718 2388	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:10:44.0859 2388	Rasl2tp - ok
16:10:44.0968 2388	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
16:10:45.0109 2388	RasMan - ok
16:10:45.0156 2388	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:10:45.0312 2388	RasPppoe - ok
16:10:45.0421 2388	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:10:45.0562 2388	Raspti - ok
16:10:45.0671 2388	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:10:45.0796 2388	Rdbss - ok
16:10:45.0937 2388	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:10:46.0093 2388	RDPCDD - ok
16:10:46.0156 2388	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:10:46.0312 2388	rdpdr - ok
16:10:46.0390 2388	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:10:46.0421 2388	RDPWD - ok
16:10:46.0484 2388	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
16:10:46.0640 2388	RDSessMgr - ok
16:10:46.0796 2388	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:10:46.0937 2388	redbook - ok
16:10:47.0031 2388	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
16:10:47.0171 2388	RemoteAccess - ok
16:10:47.0250 2388	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
16:10:47.0390 2388	RemoteRegistry - ok
16:10:47.0484 2388	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:10:47.0593 2388	RFCOMM - ok
16:10:47.0687 2388	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
16:10:47.0812 2388	RpcLocator - ok
16:10:47.0906 2388	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
16:10:47.0984 2388	RpcSs - ok
16:10:48.0093 2388	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
16:10:48.0250 2388	RSVP - ok
16:10:48.0406 2388	RTL8023xp       (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:10:48.0500 2388	RTL8023xp - ok
16:10:48.0578 2388	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:10:48.0703 2388	rtl8139 - ok
16:10:48.0812 2388	RTL8187B        (2890916eb8ded61cc2d8d057a9778e03) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
16:10:48.0937 2388	RTL8187B - ok
16:10:49.0093 2388	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:10:49.0203 2388	SamSs - ok
16:10:49.0296 2388	SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
16:10:49.0296 2388	SASDIFSV - ok
16:10:49.0312 2388	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
16:10:49.0328 2388	SASKUTIL - ok
16:10:49.0406 2388	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
16:10:49.0546 2388	SCardSvr - ok
16:10:49.0609 2388	SCDEmu          (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
16:10:49.0609 2388	SCDEmu ( UnsignedFile.Multi.Generic ) - warning
16:10:49.0609 2388	SCDEmu - detected UnsignedFile.Multi.Generic (1)
16:10:49.0718 2388	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
16:10:49.0875 2388	Schedule - ok
16:10:49.0921 2388	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:10:50.0062 2388	Secdrv - ok
16:10:50.0125 2388	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
16:10:50.0265 2388	seclogon - ok
16:10:50.0328 2388	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
16:10:50.0437 2388	SENS - ok
16:10:50.0578 2388	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
16:10:50.0703 2388	Serial - ok
16:10:50.0937 2388	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:10:51.0046 2388	Sfloppy - ok
16:10:51.0125 2388	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
16:10:51.0328 2388	SharedAccess - ok
16:10:51.0421 2388	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:10:51.0453 2388	ShellHWDetection - ok
16:10:51.0531 2388	Simbad - ok
16:10:51.0656 2388	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Programme\Skype\Updater\Updater.exe
16:10:51.0671 2388	SkypeUpdate - ok
16:10:51.0796 2388	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:10:51.0953 2388	SLIP - ok
16:10:52.0109 2388	Sparrow - ok
16:10:52.0203 2388	speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
16:10:52.0203 2388	speedfan - ok
16:10:52.0312 2388	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:10:52.0437 2388	splitter - ok
16:10:52.0531 2388	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:10:52.0578 2388	Spooler - ok
16:10:52.0671 2388	SQLAgent$SONY_MEDIAMGR - ok
16:10:52.0843 2388	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:10:52.0984 2388	sr - ok
16:10:53.0062 2388	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
16:10:53.0203 2388	srservice - ok
16:10:53.0312 2388	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:10:53.0406 2388	Srv - ok
16:10:53.0562 2388	ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
16:10:53.0578 2388	ssadbus - ok
16:10:53.0671 2388	ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
16:10:53.0671 2388	ssadmdfl - ok
16:10:53.0750 2388	ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
16:10:53.0781 2388	ssadmdm - ok
16:10:53.0859 2388	ssadserd        (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
16:10:53.0875 2388	ssadserd - ok
16:10:53.0984 2388	sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
16:10:54.0000 2388	sscdbus - ok
16:10:54.0171 2388	sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
16:10:54.0171 2388	sscdmdfl - ok
16:10:54.0281 2388	sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
16:10:54.0296 2388	sscdmdm - ok
16:10:54.0375 2388	sscebus         (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys
16:10:54.0390 2388	sscebus - ok
16:10:54.0437 2388	sscemdfl        (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
16:10:54.0453 2388	sscemdfl - ok
16:10:54.0562 2388	sscemdm         (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys
16:10:54.0578 2388	sscemdm - ok
16:10:54.0703 2388	ssceserd        (60cd4ad33aa52e58faac3abad18cf8ef) C:\WINDOWS\system32\DRIVERS\ssceserd.sys
16:10:54.0703 2388	ssceserd - ok
16:10:54.0781 2388	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
16:10:54.0906 2388	SSDPSRV - ok
16:10:55.0171 2388	ssudmdm         (8f299012ef58246f1c98de7b7e48dbf0) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
16:10:55.0203 2388	ssudmdm - ok
16:10:55.0265 2388	ssudserd        (7cc3e2e0bba3dd0b6c5e7c7a150bb5c4) C:\WINDOWS\system32\DRIVERS\ssudserd.sys
16:10:55.0296 2388	ssudserd - ok
16:10:55.0390 2388	StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
16:10:55.0390 2388	StarOpen ( UnsignedFile.Multi.Generic ) - warning
16:10:55.0390 2388	StarOpen - detected UnsignedFile.Multi.Generic (1)
16:10:55.0484 2388	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
16:10:55.0671 2388	stisvc - ok
16:10:55.0781 2388	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:10:55.0906 2388	streamip - ok
16:10:56.0000 2388	SWDUMon         (e5f568f412919244ce1b428662b96a18) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
16:10:56.0015 2388	SWDUMon - ok
16:10:56.0125 2388	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:10:56.0250 2388	swenum - ok
16:10:56.0328 2388	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:10:56.0468 2388	swmidi - ok
16:10:56.0515 2388	SwPrv - ok
16:10:56.0578 2388	symc810 - ok
16:10:56.0625 2388	symc8xx - ok
16:10:56.0671 2388	sym_hi - ok
16:10:56.0703 2388	sym_u3 - ok
16:10:56.0796 2388	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:10:56.0921 2388	sysaudio - ok
16:10:57.0000 2388	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
16:10:57.0171 2388	SysmonLog - ok
16:10:57.0312 2388	tap0901         (98a1e6bc9f766b0b0a5bf00af847ef20) C:\WINDOWS\system32\DRIVERS\tap0901.sys
16:10:57.0343 2388	tap0901 ( UnsignedFile.Multi.Generic ) - warning
16:10:57.0343 2388	tap0901 - detected UnsignedFile.Multi.Generic (1)
16:10:57.0421 2388	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
16:10:57.0437 2388	taphss - ok
16:10:57.0531 2388	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
16:10:57.0687 2388	TapiSrv - ok
16:10:57.0812 2388	Tcpip           (d9f19e78f98834cb411d6ad3c68d181a) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:10:57.0843 2388	Tcpip ( UnsignedFile.Multi.Generic ) - warning
16:10:57.0843 2388	Tcpip - detected UnsignedFile.Multi.Generic (1)
16:10:58.0046 2388	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:10:58.0156 2388	TDPIPE - ok
16:10:58.0203 2388	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:10:58.0328 2388	TDTCP - ok
16:10:58.0390 2388	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:10:58.0515 2388	TermDD - ok
16:10:58.0671 2388	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
16:10:58.0828 2388	TermService - ok
16:10:58.0937 2388	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:10:58.0953 2388	Themes - ok
16:10:59.0015 2388	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
16:10:59.0156 2388	TlntSvr - ok
16:10:59.0296 2388	TosIde - ok
16:10:59.0390 2388	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
16:10:59.0531 2388	TrkWks - ok
16:10:59.0625 2388	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:10:59.0781 2388	Udfs - ok
16:10:59.0812 2388	ultra - ok
16:10:59.0968 2388	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:11:00.0156 2388	Update - ok
16:11:00.0250 2388	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
16:11:00.0390 2388	upnphost - ok
16:11:00.0453 2388	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
16:11:00.0578 2388	UPS - ok
16:11:00.0671 2388	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:11:00.0718 2388	USBAAPL - ok
16:11:00.0828 2388	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:11:00.0984 2388	usbccgp - ok
16:11:01.0046 2388	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:11:01.0187 2388	usbehci - ok
16:11:01.0281 2388	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:11:01.0421 2388	usbhub - ok
16:11:01.0515 2388	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:11:01.0640 2388	usbprint - ok
16:11:01.0750 2388	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:11:01.0906 2388	usbscan - ok
16:11:01.0984 2388	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:11:02.0140 2388	USBSTOR - ok
16:11:02.0250 2388	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:11:02.0359 2388	usbuhci - ok
16:11:02.0437 2388	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:11:02.0562 2388	usbvideo - ok
16:11:02.0656 2388	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:11:02.0796 2388	VgaSave - ok
16:11:02.0828 2388	ViaIde - ok
16:11:02.0937 2388	VMAuthdService  (3accf0c817a2bb34efbfb72b57b00252) C:\Programme\VMware\VMware Player\vmware-authd.exe
16:11:02.0984 2388	VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
16:11:02.0984 2388	VMAuthdService - detected UnsignedFile.Multi.Generic (1)
16:11:03.0109 2388	vmci            (15759158f7531853616b2b43af962fcb) C:\WINDOWS\system32\DRIVERS\vmci.sys
16:11:03.0140 2388	vmci - ok
16:11:03.0234 2388	vmkbd           (e5fa574436b840d071dbfe74300741ce) C:\WINDOWS\system32\drivers\VMkbd.sys
16:11:03.0234 2388	vmkbd - ok
16:11:03.0312 2388	VMnetAdapter    (1afa4af55cbea579a4bbe4f90967f720) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
16:11:03.0328 2388	VMnetAdapter - ok
16:11:03.0468 2388	VMnetBridge     (6b8f26d54b2ee0da1543f08db3a01c8b) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
16:11:03.0468 2388	VMnetBridge - ok
16:11:03.0531 2388	VMnetDHCP       (6f5fe74a4713290e6309b45904403798) C:\WINDOWS\system32\vmnetdhcp.exe
16:11:03.0562 2388	VMnetDHCP - ok
16:11:03.0687 2388	VMnetuserif     (c88e5f414c567ff10343df18f8c3e3f0) C:\WINDOWS\system32\drivers\vmnetuserif.sys
16:11:03.0687 2388	VMnetuserif - ok
16:11:03.0859 2388	vmusb           (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys
16:11:03.0875 2388	vmusb - ok
16:11:04.0000 2388	VMUSBArbService (af76c6d3f5053459e18e4c519fb496c8) C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe
16:11:04.0062 2388	VMUSBArbService - ok
16:11:04.0234 2388	VMware NAT Service (5cc206036b6648cd3990d77e5117e1d9) C:\WINDOWS\system32\vmnat.exe
16:11:04.0265 2388	VMware NAT Service - ok
16:11:04.0375 2388	vmx86           (847909a1fc0c8eb46ff975747d673a7f) C:\WINDOWS\system32\Drivers\vmx86.sys
16:11:04.0406 2388	vmx86 - ok
16:11:04.0500 2388	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:11:04.0625 2388	VolSnap - ok
16:11:04.0703 2388	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
16:11:04.0843 2388	VSS - ok
16:11:04.0968 2388	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
16:11:05.0125 2388	W32Time - ok
16:11:05.0218 2388	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:11:05.0343 2388	Wanarp - ok
16:11:05.0421 2388	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:11:05.0468 2388	Wdf01000 - ok
16:11:05.0609 2388	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:11:05.0734 2388	wdmaud - ok
16:11:05.0843 2388	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
16:11:05.0984 2388	WebClient - ok
16:11:06.0140 2388	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:11:06.0296 2388	winmgmt - ok
16:11:06.0390 2388	WinRM           (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
16:11:06.0546 2388	WinRM - ok
16:11:06.0687 2388	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:11:06.0812 2388	WmdmPmSN - ok
16:11:06.0890 2388	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
16:11:07.0031 2388	Wmi - ok
16:11:07.0140 2388	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:11:07.0265 2388	WmiApSrv - ok
16:11:07.0437 2388	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
16:11:07.0609 2388	WMPNetworkSvc - ok
16:11:07.0734 2388	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:11:07.0765 2388	WpdUsb - ok
16:11:07.0906 2388	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:11:07.0984 2388	WPFFontCache_v0400 - ok
16:11:08.0078 2388	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:11:08.0234 2388	WS2IFSL - ok
16:11:08.0359 2388	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
16:11:08.0515 2388	wscsvc - ok
16:11:08.0640 2388	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:11:08.0765 2388	WSTCODEC - ok
16:11:08.0843 2388	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
16:11:08.0953 2388	wuauserv - ok
16:11:09.0062 2388	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:11:09.0125 2388	WudfPf - ok
16:11:09.0218 2388	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:11:09.0250 2388	WudfRd - ok
16:11:09.0328 2388	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:11:09.0375 2388	WudfSvc - ok
16:11:09.0468 2388	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
16:11:09.0625 2388	WZCSVC - ok
16:11:09.0765 2388	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
16:11:09.0906 2388	xmlprov - ok
16:11:09.0953 2388	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:11:10.0281 2388	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:11:10.0281 2388	\Device\Harddisk0\DR0 - detected TDSS File System (1)
16:11:10.0296 2388	MBR (0x1B8)     (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR2
16:11:15.0859 2388	\Device\Harddisk1\DR2 - ok
16:11:15.0875 2388	Boot (0x1200)   (6a3f0f843c929f2ffe9f9266010d90d4) \Device\Harddisk0\DR0\Partition0
16:11:15.0890 2388	\Device\Harddisk0\DR0\Partition0 - ok
16:11:15.0890 2388	Boot (0x1200)   (024f370dc78e5839d03d87823c9acdd8) \Device\Harddisk1\DR2\Partition0
16:11:15.0890 2388	\Device\Harddisk1\DR2\Partition0 - ok
16:11:15.0906 2388	============================================================
16:11:15.0906 2388	Scan finished
16:11:15.0906 2388	============================================================
16:11:16.0046 3864	Detected object count: 12
16:11:16.0046 3864	Actual detected object count: 12
16:12:30.0062 3864	AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0062 3864	AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0062 3864	AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0062 3864	AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0078 3864	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0078 3864	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0078 3864	giveio ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0078 3864	giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0093 3864	MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0093 3864	MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0093 3864	SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0093 3864	SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0109 3864	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0109 3864	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0109 3864	tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0109 3864	tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0109 3864	Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0109 3864	Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0125 3864	VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
16:12:30.0125 3864	VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:12:30.0125 3864	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:12:30.0125 3864	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus · 22.03.2012, 16:28

Zitat:

16:12:30.0125 3864 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:12:30.0125 3864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

matthias2619 · 22.03.2012, 21:54

Hier der neue Log:

Code:

ATTFilter

21:52:39.0640 3860	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
21:52:39.0906 3860	============================================================
21:52:39.0906 3860	Current date / time: 2012/03/22 21:52:39.0906
21:52:39.0906 3860	SystemInfo:
21:52:39.0906 3860	
21:52:39.0906 3860	OS Version: 5.1.2600 ServicePack: 3.0
21:52:39.0906 3860	Product type: Workstation
21:52:39.0906 3860	ComputerName: MUHAHAHA-FPGDH9
21:52:39.0906 3860	UserName: Matthias
21:52:39.0906 3860	Windows directory: C:\WINDOWS
21:52:39.0906 3860	System windows directory: C:\WINDOWS
21:52:39.0906 3860	Processor architecture: Intel x86
21:52:39.0906 3860	Number of processors: 1
21:52:39.0906 3860	Page size: 0x1000
21:52:39.0906 3860	Boot type: Normal boot
21:52:39.0906 3860	============================================================
21:52:40.0359 3860	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:52:40.0359 3860	Drive \Device\Harddisk1\DR2 - Size: 0xF5400000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:52:40.0359 3860	Drive \Device\Harddisk2\DR3 - Size: 0x246312C6000 (2328.77 Gb), SectorSize: 0x1000, Cylinders: 0x9470, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:52:40.0765 3860	Drive \Device\Harddisk3\DR6 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:52:40.0781 3860	\Device\Harddisk0\DR0:
21:52:40.0781 3860	MBR used
21:52:40.0781 3860	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
21:52:40.0781 3860	\Device\Harddisk1\DR2:
21:52:40.0781 3860	MBR used
21:52:40.0781 3860	\Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7A9FE0
21:52:40.0781 3860	\Device\Harddisk2\DR3:
21:52:40.0781 3860	MBR used
21:52:40.0781 3860	\Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x24630770
21:52:40.0781 3860	\Device\Harddisk3\DR6:
21:52:40.0781 3860	MBR used
21:52:40.0781 3860	\Device\Harddisk3\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
21:52:40.0906 3860	Initialize success
21:52:40.0906 3860	============================================================
21:52:47.0468 1148	============================================================
21:52:47.0468 1148	Scan started
21:52:47.0468 1148	Mode: Manual; SigCheck; TDLFS; 
21:52:47.0468 1148	============================================================
21:52:47.0625 1148	!SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
21:52:47.0812 1148	!SASCORE - ok
21:52:48.0000 1148	Abiosdsk - ok
21:52:48.0031 1148	abp480n5 - ok
21:52:48.0093 1148	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:52:49.0500 1148	ACPI - ok
21:52:49.0640 1148	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:52:49.0796 1148	ACPIEC - ok
21:52:49.0828 1148	adpu160m - ok
21:52:49.0890 1148	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:52:50.0015 1148	aec - ok
21:52:50.0171 1148	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:52:50.0250 1148	AFD - ok
21:52:50.0312 1148	AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Programme\LSI SoftModem\agrsmsvc.exe
21:52:50.0343 1148	AgereModemAudio - ok
21:52:50.0437 1148	AgereSoftModem  (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:52:50.0562 1148	AgereSoftModem - ok
21:52:50.0656 1148	Aha154x - ok
21:52:50.0703 1148	aic78u2 - ok
21:52:50.0718 1148	aic78xx - ok
21:52:50.0781 1148	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
21:52:50.0890 1148	Alerter - ok
21:52:50.0953 1148	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
21:52:51.0062 1148	ALG - ok
21:52:51.0109 1148	AliIde - ok
21:52:51.0203 1148	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:52:51.0562 1148	Ambfilt - ok
21:52:51.0687 1148	amsint - ok
21:52:51.0781 1148	androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
21:52:51.0781 1148	androidusb - ok
21:52:51.0890 1148	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:52:51.0890 1148	Apple Mobile Device - ok
21:52:51.0953 1148	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
21:52:52.0062 1148	AppMgmt - ok
21:52:52.0187 1148	asc - ok
21:52:52.0218 1148	asc3350p - ok
21:52:52.0250 1148	asc3550 - ok
21:52:52.0312 1148	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:52:52.0312 1148	aspnet_state - ok
21:52:52.0390 1148	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:52:52.0500 1148	AsyncMac - ok
21:52:52.0562 1148	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:52:52.0671 1148	atapi - ok
21:52:52.0781 1148	Atdisk - ok
21:52:52.0843 1148	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:52:52.0953 1148	Atmarpc - ok
21:52:53.0000 1148	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
21:52:53.0109 1148	AudioSrv - ok
21:52:53.0171 1148	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:52:53.0281 1148	audstub - ok
21:52:53.0375 1148	AVerAF35        (c143c69e089c7a13520eaf06175b3a3b) C:\WINDOWS\system32\Drivers\AVerAF35.sys
21:52:53.0453 1148	AVerAF35 - ok
21:52:53.0531 1148	AVerRemote      (a33c07f7527fc4cbc664c3137eb7d744) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
21:52:53.0593 1148	AVerRemote ( UnsignedFile.Multi.Generic ) - warning
21:52:53.0593 1148	AVerRemote - detected UnsignedFile.Multi.Generic (1)
21:52:53.0625 1148	AVerScheduleService (9aebb2d487d9bf4c0f354899d842edd0) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
21:52:53.0734 1148	AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
21:52:53.0734 1148	AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
21:52:53.0859 1148	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:52:53.0968 1148	Beep - ok
21:52:54.0062 1148	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
21:52:54.0203 1148	BITS - ok
21:52:54.0328 1148	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
21:52:54.0343 1148	Bonjour Service - ok
21:52:54.0500 1148	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
21:52:54.0625 1148	Browser - ok
21:52:54.0687 1148	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:52:54.0812 1148	BthEnum - ok
21:52:54.0843 1148	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:52:54.0968 1148	BthPan - ok
21:52:55.0015 1148	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
21:52:55.0078 1148	BTHPORT - ok
21:52:55.0203 1148	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
21:52:55.0312 1148	BthServ - ok
21:52:55.0390 1148	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:52:55.0484 1148	BTHUSB - ok
21:52:55.0640 1148	catchme - ok
21:52:55.0703 1148	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:52:55.0796 1148	cbidf2k - ok
21:52:55.0906 1148	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:52:56.0031 1148	CCDECODE - ok
21:52:56.0078 1148	cd20xrnt - ok
21:52:56.0156 1148	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:52:56.0265 1148	Cdaudio - ok
21:52:56.0328 1148	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:52:56.0421 1148	Cdfs - ok
21:52:56.0500 1148	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:52:56.0609 1148	Cdrom - ok
21:52:56.0718 1148	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
21:52:56.0828 1148	CiSvc - ok
21:52:56.0859 1148	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
21:52:56.0953 1148	ClipSrv - ok
21:52:57.0078 1148	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:57.0093 1148	clr_optimization_v2.0.50727_32 - ok
21:52:57.0156 1148	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:52:57.0171 1148	clr_optimization_v4.0.30319_32 - ok
21:52:57.0312 1148	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:52:57.0421 1148	CmBatt - ok
21:52:57.0453 1148	CmdIde - ok
21:52:57.0500 1148	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:52:57.0640 1148	Compbatt - ok
21:52:57.0671 1148	COMSysApp - ok
21:52:57.0703 1148	Cpqarray - ok
21:52:57.0890 1148	cpuz130 - ok
21:52:58.0015 1148	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
21:52:58.0125 1148	CryptSvc - ok
21:52:58.0156 1148	dac2w2k - ok
21:52:58.0171 1148	dac960nt - ok
21:52:58.0218 1148	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
21:52:58.0296 1148	DcomLaunch - ok
21:52:58.0343 1148	dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
21:52:58.0343 1148	dgderdrv - ok
21:52:58.0390 1148	dg_ssudbus      (919f338fd36f47d860775368d0748780) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:52:58.0390 1148	dg_ssudbus - ok
21:52:58.0515 1148	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
21:52:58.0625 1148	Dhcp - ok
21:52:58.0671 1148	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:52:58.0781 1148	Disk - ok
21:52:58.0796 1148	dmadmin - ok
21:52:58.0843 1148	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:52:59.0000 1148	dmboot - ok
21:52:59.0109 1148	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:52:59.0203 1148	dmio - ok
21:52:59.0234 1148	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:52:59.0343 1148	dmload - ok
21:52:59.0390 1148	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
21:52:59.0500 1148	dmserver - ok
21:52:59.0562 1148	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:52:59.0671 1148	DMusic - ok
21:52:59.0781 1148	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
21:52:59.0859 1148	Dnscache - ok
21:52:59.0968 1148	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
21:53:00.0078 1148	Dot3svc - ok
21:53:00.0093 1148	dpti2o - ok
21:53:00.0140 1148	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:53:00.0250 1148	drmkaud - ok
21:53:00.0328 1148	dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:53:00.0343 1148	dtsoftbus01 - ok
21:53:00.0406 1148	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
21:53:00.0515 1148	EapHost - ok
21:53:00.0562 1148	ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
21:53:00.0578 1148	ElbyCDFL - ok
21:53:00.0609 1148	ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:53:00.0609 1148	ElbyCDIO - ok
21:53:00.0656 1148	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
21:53:00.0765 1148	ERSvc - ok
21:53:00.0812 1148	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:53:00.0843 1148	Eventlog - ok
21:53:00.0906 1148	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
21:53:00.0968 1148	EventSystem - ok
21:53:01.0031 1148	Fabs - ok
21:53:01.0171 1148	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:53:01.0296 1148	Fastfat - ok
21:53:01.0406 1148	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:53:01.0437 1148	FastUserSwitchingCompatibility - ok
21:53:01.0500 1148	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:53:01.0593 1148	Fdc - ok
21:53:01.0671 1148	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:53:01.0765 1148	Fips - ok
21:53:02.0015 1148	FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
21:53:02.0281 1148	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
21:53:02.0281 1148	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
21:53:02.0406 1148	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:53:02.0531 1148	Flpydisk - ok
21:53:02.0625 1148	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:53:02.0734 1148	FltMgr - ok
21:53:02.0843 1148	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:53:02.0859 1148	FontCache3.0.0.0 - ok
21:53:02.0984 1148	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:53:03.0109 1148	Fs_Rec - ok
21:53:03.0171 1148	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:53:03.0296 1148	Ftdisk - ok
21:53:03.0359 1148	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:53:03.0359 1148	GEARAspiWDM - ok
21:53:03.0421 1148	giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
21:53:03.0437 1148	giveio ( UnsignedFile.Multi.Generic ) - warning
21:53:03.0437 1148	giveio - detected UnsignedFile.Multi.Generic (1)
21:53:03.0562 1148	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:53:03.0687 1148	Gpc - ok
21:53:03.0750 1148	gupdate - ok
21:53:03.0765 1148	gupdatem - ok
21:53:03.0828 1148	hcmon           (88a6f2571405b3a4abc4ed2f52136317) C:\WINDOWS\system32\drivers\hcmon.sys
21:53:03.0843 1148	hcmon - ok
21:53:03.0906 1148	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:53:04.0031 1148	HDAudBus - ok
21:53:04.0125 1148	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:53:04.0234 1148	helpsvc - ok
21:53:04.0328 1148	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
21:53:04.0437 1148	HidServ - ok
21:53:04.0531 1148	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:53:04.0640 1148	hidusb - ok
21:53:04.0703 1148	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
21:53:04.0796 1148	hkmsvc - ok
21:53:04.0843 1148	hpn - ok
21:53:04.0921 1148	hshld           (44452f7a09d00573dc6e714874257cc9) C:\Programme\Hotspot Shield\bin\openvpnas.exe
21:53:04.0937 1148	hshld - ok
21:53:05.0015 1148	HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
21:53:05.0015 1148	HssDrv - ok
21:53:05.0046 1148	HssSrv          (2cfea9c337b699aca38487e8a7438f35) C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
21:53:05.0062 1148	HssSrv - ok
21:53:05.0140 1148	HssTrayService  (6b1dc08d22231c9e508a715f07fce7fb) C:\Programme\Hotspot Shield\bin\HssTrayService.EXE
21:53:05.0156 1148	HssTrayService - ok
21:53:05.0156 1148	HssWd - ok
21:53:05.0250 1148	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:53:05.0296 1148	HTTP - ok
21:53:05.0390 1148	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
21:53:05.0500 1148	HTTPFilter - ok
21:53:05.0546 1148	i2omp - ok
21:53:05.0593 1148	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:53:05.0703 1148	i8042prt - ok
21:53:05.0843 1148	ialm            (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:53:06.0046 1148	ialm - ok
21:53:06.0171 1148	iaStor          (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:53:06.0187 1148	iaStor - ok
21:53:06.0343 1148	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:53:06.0421 1148	idsvc - ok
21:53:06.0562 1148	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:53:06.0687 1148	Imapi - ok
21:53:06.0765 1148	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
21:53:06.0875 1148	ImapiService - ok
21:53:06.0921 1148	ini910u - ok
21:53:07.0171 1148	IntcAzAudAddService (251be5418a9b2f9240079146ae96c4cf) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:53:07.0515 1148	IntcAzAudAddService - ok
21:53:07.0640 1148	IntelIde - ok
21:53:07.0718 1148	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:53:07.0828 1148	intelppm - ok
21:53:07.0890 1148	ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:53:07.0968 1148	ip6fw - ok
21:53:08.0015 1148	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:53:08.0125 1148	IpFilterDriver - ok
21:53:08.0234 1148	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:53:08.0328 1148	IpInIp - ok
21:53:08.0406 1148	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:53:08.0515 1148	IpNat - ok
21:53:08.0671 1148	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe
21:53:08.0734 1148	iPod Service - ok
21:53:08.0890 1148	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:53:09.0015 1148	IPSec - ok
21:53:09.0078 1148	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:53:09.0187 1148	IRENUM - ok
21:53:09.0250 1148	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:53:09.0359 1148	isapnp - ok
21:53:09.0468 1148	JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Programme\Java\jre7\bin\jqs.exe
21:53:09.0468 1148	JavaQuickStarterService - ok
21:53:09.0609 1148	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:53:09.0718 1148	Kbdclass - ok
21:53:09.0796 1148	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:53:09.0906 1148	kbdhid - ok
21:53:09.0968 1148	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:53:10.0078 1148	kmixer - ok
21:53:10.0218 1148	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:53:10.0281 1148	KSecDD - ok
21:53:10.0359 1148	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
21:53:10.0390 1148	lanmanserver - ok
21:53:10.0453 1148	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
21:53:10.0484 1148	lanmanworkstation - ok
21:53:10.0609 1148	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
21:53:10.0703 1148	LmHosts - ok
21:53:10.0765 1148	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
21:53:10.0875 1148	Messenger - ok
21:53:10.0953 1148	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:53:11.0078 1148	mnmdd - ok
21:53:11.0171 1148	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
21:53:11.0265 1148	mnmsrvc - ok
21:53:11.0343 1148	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:53:11.0453 1148	Modem - ok
21:53:11.0562 1148	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
21:53:11.0703 1148	Monfilt - ok
21:53:11.0796 1148	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:53:11.0906 1148	Mouclass - ok
21:53:12.0015 1148	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:53:12.0140 1148	mouhid - ok
21:53:12.0250 1148	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:53:12.0343 1148	MountMgr - ok
21:53:12.0390 1148	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
21:53:12.0500 1148	MPE - ok
21:53:12.0578 1148	mraid35x - ok
21:53:12.0593 1148	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:53:12.0703 1148	MRxDAV - ok
21:53:12.0765 1148	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:53:12.0875 1148	MRxSmb - ok
21:53:12.0921 1148	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
21:53:13.0015 1148	MSDTC - ok
21:53:13.0171 1148	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:53:13.0281 1148	Msfs - ok
21:53:13.0312 1148	MSIServer - ok
21:53:13.0375 1148	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:53:13.0484 1148	MSKSSRV - ok
21:53:13.0515 1148	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:53:13.0625 1148	MSPCLOCK - ok
21:53:13.0671 1148	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:53:13.0781 1148	MSPQM - ok
21:53:13.0937 1148	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:53:14.0031 1148	mssmbios - ok
21:53:14.0125 1148	MSSQL$SONY_MEDIAMGR - ok
21:53:14.0187 1148	MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
21:53:14.0218 1148	MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
21:53:14.0218 1148	MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
21:53:14.0312 1148	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:53:14.0421 1148	MSTEE - ok
21:53:14.0515 1148	MTsensor        (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
21:53:14.0562 1148	MTsensor - ok
21:53:14.0625 1148	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:53:14.0656 1148	Mup - ok
21:53:14.0765 1148	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:53:14.0875 1148	NABTSFEC - ok
21:53:14.0953 1148	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
21:53:15.0062 1148	napagent - ok
21:53:15.0156 1148	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:53:15.0265 1148	NDIS - ok
21:53:15.0328 1148	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:53:15.0421 1148	NdisIP - ok
21:53:15.0500 1148	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:53:15.0546 1148	NdisTapi - ok
21:53:15.0609 1148	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:53:15.0734 1148	Ndisuio - ok
21:53:15.0812 1148	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:53:15.0921 1148	NdisWan - ok
21:53:16.0000 1148	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:53:16.0046 1148	NDProxy - ok
21:53:16.0093 1148	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:53:16.0203 1148	NetBIOS - ok
21:53:16.0281 1148	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:53:16.0390 1148	NetBT - ok
21:53:16.0437 1148	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:53:16.0546 1148	NetDDE - ok
21:53:16.0578 1148	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:53:16.0671 1148	NetDDEdsdm - ok
21:53:16.0750 1148	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:53:16.0843 1148	Netlogon - ok
21:53:16.0906 1148	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
21:53:17.0015 1148	Netman - ok
21:53:17.0140 1148	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:53:17.0156 1148	NetTcpPortSharing - ok
21:53:17.0203 1148	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
21:53:17.0234 1148	Nla - ok
21:53:17.0296 1148	NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
21:53:17.0312 1148	NMSAccess - ok
21:53:17.0421 1148	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:53:17.0531 1148	Npfs - ok
21:53:17.0609 1148	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:53:17.0781 1148	Ntfs - ok
21:53:17.0843 1148	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
21:53:17.0937 1148	NtLmSsp - ok
21:53:18.0031 1148	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
21:53:18.0218 1148	NtmsSvc - ok
21:53:18.0312 1148	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:53:18.0437 1148	Null - ok
21:53:18.0500 1148	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:53:18.0609 1148	NwlnkFlt - ok
21:53:18.0640 1148	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:53:18.0781 1148	NwlnkFwd - ok
21:53:18.0859 1148	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:53:18.0875 1148	ose - ok
21:53:18.0968 1148	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
21:53:19.0078 1148	Parport - ok
21:53:19.0125 1148	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:53:19.0234 1148	PartMgr - ok
21:53:19.0265 1148	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:53:19.0390 1148	ParVdm - ok
21:53:19.0421 1148	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:53:19.0531 1148	PCI - ok
21:53:19.0562 1148	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:53:19.0687 1148	PCIIde - ok
21:53:19.0781 1148	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:53:19.0890 1148	Pcmcia - ok
21:53:19.0953 1148	perc2 - ok
21:53:19.0968 1148	perc2hib - ok
21:53:20.0015 1148	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:53:20.0046 1148	PlugPlay - ok
21:53:20.0062 1148	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:53:20.0156 1148	PolicyAgent - ok
21:53:20.0187 1148	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:53:20.0296 1148	PptpMiniport - ok
21:53:20.0328 1148	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
21:53:20.0437 1148	Processor - ok
21:53:20.0515 1148	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:53:20.0593 1148	ProtectedStorage - ok
21:53:20.0687 1148	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:53:20.0765 1148	PSched - ok
21:53:20.0828 1148	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:53:20.0953 1148	Ptilink - ok
21:53:20.0984 1148	ql1080 - ok
21:53:21.0015 1148	Ql10wnt - ok
21:53:21.0031 1148	ql12160 - ok
21:53:21.0062 1148	ql1240 - ok
21:53:21.0078 1148	ql1280 - ok
21:53:21.0125 1148	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:53:21.0234 1148	RasAcd - ok
21:53:21.0296 1148	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
21:53:21.0406 1148	RasAuto - ok
21:53:21.0484 1148	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:53:21.0593 1148	Rasl2tp - ok
21:53:21.0656 1148	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
21:53:21.0781 1148	RasMan - ok
21:53:21.0843 1148	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:53:21.0984 1148	RasPppoe - ok
21:53:22.0046 1148	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:53:22.0156 1148	Raspti - ok
21:53:22.0234 1148	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:53:22.0343 1148	Rdbss - ok
21:53:22.0421 1148	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:53:22.0531 1148	RDPCDD - ok
21:53:22.0593 1148	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:53:22.0703 1148	rdpdr - ok
21:53:22.0812 1148	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:53:22.0843 1148	RDPWD - ok
21:53:22.0906 1148	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
21:53:23.0015 1148	RDSessMgr - ok
21:53:23.0078 1148	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:53:23.0187 1148	redbook - ok
21:53:23.0281 1148	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
21:53:23.0375 1148	RemoteAccess - ok
21:53:23.0468 1148	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
21:53:23.0578 1148	RemoteRegistry - ok
21:53:23.0671 1148	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:53:23.0765 1148	RFCOMM - ok
21:53:23.0828 1148	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
21:53:23.0937 1148	RpcLocator - ok
21:53:24.0031 1148	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
21:53:24.0078 1148	RpcSs - ok
21:53:24.0171 1148	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
21:53:24.0296 1148	RSVP - ok
21:53:24.0375 1148	RTL8023xp       (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:53:24.0437 1148	RTL8023xp - ok
21:53:24.0515 1148	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:53:24.0625 1148	rtl8139 - ok
21:53:24.0703 1148	RTL8187B        (2890916eb8ded61cc2d8d057a9778e03) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
21:53:24.0828 1148	RTL8187B - ok
21:53:24.0906 1148	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:53:25.0000 1148	SamSs - ok
21:53:25.0125 1148	SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
21:53:25.0125 1148	SASDIFSV - ok
21:53:25.0140 1148	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
21:53:25.0156 1148	SASKUTIL - ok
21:53:25.0265 1148	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
21:53:25.0375 1148	SCardSvr - ok
21:53:25.0437 1148	SCDEmu          (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
21:53:25.0437 1148	SCDEmu ( UnsignedFile.Multi.Generic ) - warning
21:53:25.0437 1148	SCDEmu - detected UnsignedFile.Multi.Generic (1)
21:53:25.0484 1148	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
21:53:25.0593 1148	Schedule - ok
21:53:25.0625 1148	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:53:25.0718 1148	Secdrv - ok
21:53:25.0812 1148	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
21:53:25.0921 1148	seclogon - ok
21:53:25.0984 1148	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
21:53:26.0078 1148	SENS - ok
21:53:26.0171 1148	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
21:53:26.0281 1148	Serial - ok
21:53:26.0390 1148	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:53:26.0484 1148	Sfloppy - ok
21:53:26.0578 1148	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
21:53:26.0718 1148	SharedAccess - ok
21:53:26.0859 1148	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:53:26.0875 1148	ShellHWDetection - ok
21:53:26.0906 1148	Simbad - ok
21:53:27.0015 1148	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Programme\Skype\Updater\Updater.exe
21:53:27.0031 1148	SkypeUpdate - ok
21:53:27.0062 1148	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:53:27.0171 1148	SLIP - ok
21:53:27.0296 1148	Sparrow - ok
21:53:27.0343 1148	speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
21:53:27.0359 1148	speedfan - ok
21:53:27.0453 1148	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:53:27.0562 1148	splitter - ok
21:53:27.0625 1148	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:53:27.0656 1148	Spooler - ok
21:53:27.0750 1148	SQLAgent$SONY_MEDIAMGR - ok
21:53:27.0890 1148	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:53:28.0000 1148	sr - ok
21:53:28.0093 1148	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
21:53:28.0187 1148	srservice - ok
21:53:28.0265 1148	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:53:28.0375 1148	Srv - ok
21:53:28.0531 1148	ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
21:53:28.0531 1148	ssadbus - ok
21:53:28.0625 1148	ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
21:53:28.0625 1148	ssadmdfl - ok
21:53:28.0687 1148	ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
21:53:28.0687 1148	ssadmdm - ok
21:53:28.0750 1148	ssadserd        (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
21:53:28.0765 1148	ssadserd - ok
21:53:28.0843 1148	sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
21:53:28.0859 1148	sscdbus - ok
21:53:28.0984 1148	sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
21:53:28.0984 1148	sscdmdfl - ok
21:53:29.0046 1148	sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
21:53:29.0062 1148	sscdmdm - ok
21:53:29.0140 1148	sscebus         (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys
21:53:29.0156 1148	sscebus - ok
21:53:29.0203 1148	sscemdfl        (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
21:53:29.0203 1148	sscemdfl - ok
21:53:29.0296 1148	sscemdm         (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys
21:53:29.0312 1148	sscemdm - ok
21:53:29.0437 1148	ssceserd        (60cd4ad33aa52e58faac3abad18cf8ef) C:\WINDOWS\system32\DRIVERS\ssceserd.sys
21:53:29.0437 1148	ssceserd - ok
21:53:29.0515 1148	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
21:53:29.0609 1148	SSDPSRV - ok
21:53:29.0734 1148	ssudmdm         (8f299012ef58246f1c98de7b7e48dbf0) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:53:29.0750 1148	ssudmdm - ok
21:53:29.0843 1148	ssudserd        (7cc3e2e0bba3dd0b6c5e7c7a150bb5c4) C:\WINDOWS\system32\DRIVERS\ssudserd.sys
21:53:29.0859 1148	ssudserd - ok
21:53:29.0968 1148	StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
21:53:29.0968 1148	StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:53:29.0968 1148	StarOpen - detected UnsignedFile.Multi.Generic (1)
21:53:30.0062 1148	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
21:53:30.0203 1148	stisvc - ok
21:53:30.0312 1148	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:53:30.0406 1148	streamip - ok
21:53:30.0562 1148	SWDUMon         (e5f568f412919244ce1b428662b96a18) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
21:53:30.0562 1148	SWDUMon - ok
21:53:30.0640 1148	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:53:30.0750 1148	swenum - ok
21:53:30.0812 1148	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:53:30.0921 1148	swmidi - ok
21:53:31.0031 1148	SwPrv - ok
21:53:31.0125 1148	symc810 - ok
21:53:31.0156 1148	symc8xx - ok
21:53:31.0187 1148	sym_hi - ok
21:53:31.0203 1148	sym_u3 - ok
21:53:31.0265 1148	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:53:31.0375 1148	sysaudio - ok
21:53:31.0437 1148	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
21:53:31.0546 1148	SysmonLog - ok
21:53:31.0625 1148	tap0901         (98a1e6bc9f766b0b0a5bf00af847ef20) C:\WINDOWS\system32\DRIVERS\tap0901.sys
21:53:31.0656 1148	tap0901 ( UnsignedFile.Multi.Generic ) - warning
21:53:31.0656 1148	tap0901 - detected UnsignedFile.Multi.Generic (1)
21:53:31.0796 1148	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
21:53:31.0812 1148	taphss - ok
21:53:31.0875 1148	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
21:53:31.0968 1148	TapiSrv - ok
21:53:32.0062 1148	Tcpip           (d9f19e78f98834cb411d6ad3c68d181a) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:53:32.0078 1148	Tcpip ( UnsignedFile.Multi.Generic ) - warning
21:53:32.0078 1148	Tcpip - detected UnsignedFile.Multi.Generic (1)
21:53:32.0140 1148	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:53:32.0234 1148	TDPIPE - ok
21:53:32.0296 1148	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:53:32.0406 1148	TDTCP - ok
21:53:32.0500 1148	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:53:32.0593 1148	TermDD - ok
21:53:32.0718 1148	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
21:53:32.0859 1148	TermService - ok
21:53:32.0921 1148	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:53:32.0937 1148	Themes - ok
21:53:33.0000 1148	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
21:53:33.0109 1148	TlntSvr - ok
21:53:33.0218 1148	TosIde - ok
21:53:33.0296 1148	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
21:53:33.0406 1148	TrkWks - ok
21:53:33.0484 1148	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:53:33.0578 1148	Udfs - ok
21:53:33.0609 1148	ultra - ok
21:53:33.0671 1148	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:53:33.0828 1148	Update - ok
21:53:33.0953 1148	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
21:53:34.0062 1148	upnphost - ok
21:53:34.0125 1148	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
21:53:34.0218 1148	UPS - ok
21:53:34.0328 1148	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:53:34.0375 1148	USBAAPL - ok
21:53:34.0437 1148	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:53:34.0546 1148	usbccgp - ok
21:53:34.0656 1148	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:53:34.0750 1148	usbehci - ok
21:53:34.0812 1148	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:53:34.0921 1148	usbhub - ok
21:53:34.0984 1148	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:53:35.0078 1148	usbprint - ok
21:53:35.0140 1148	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:53:35.0250 1148	usbscan - ok
21:53:35.0343 1148	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:53:35.0453 1148	USBSTOR - ok
21:53:35.0562 1148	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:53:35.0640 1148	usbuhci - ok
21:53:35.0718 1148	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:53:35.0828 1148	usbvideo - ok
21:53:35.0890 1148	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:53:35.0984 1148	VgaSave - ok
21:53:36.0000 1148	ViaIde - ok
21:53:36.0109 1148	VMAuthdService  (3accf0c817a2bb34efbfb72b57b00252) C:\Programme\VMware\VMware Player\vmware-authd.exe
21:53:36.0140 1148	VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
21:53:36.0140 1148	VMAuthdService - detected UnsignedFile.Multi.Generic (1)
21:53:36.0187 1148	vmci            (15759158f7531853616b2b43af962fcb) C:\WINDOWS\system32\DRIVERS\vmci.sys
21:53:36.0203 1148	vmci - ok
21:53:36.0234 1148	vmkbd           (e5fa574436b840d071dbfe74300741ce) C:\WINDOWS\system32\drivers\VMkbd.sys
21:53:36.0234 1148	vmkbd - ok
21:53:36.0296 1148	VMnetAdapter    (1afa4af55cbea579a4bbe4f90967f720) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
21:53:36.0312 1148	VMnetAdapter - ok
21:53:36.0406 1148	VMnetBridge     (6b8f26d54b2ee0da1543f08db3a01c8b) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
21:53:36.0421 1148	VMnetBridge - ok
21:53:36.0484 1148	VMnetDHCP       (6f5fe74a4713290e6309b45904403798) C:\WINDOWS\system32\vmnetdhcp.exe
21:53:36.0515 1148	VMnetDHCP - ok
21:53:36.0625 1148	VMnetuserif     (c88e5f414c567ff10343df18f8c3e3f0) C:\WINDOWS\system32\drivers\vmnetuserif.sys
21:53:36.0625 1148	VMnetuserif - ok
21:53:36.0734 1148	vmusb           (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys
21:53:36.0750 1148	vmusb - ok
21:53:36.0843 1148	VMUSBArbService (af76c6d3f5053459e18e4c519fb496c8) C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe
21:53:36.0890 1148	VMUSBArbService - ok
21:53:37.0078 1148	VMware NAT Service (5cc206036b6648cd3990d77e5117e1d9) C:\WINDOWS\system32\vmnat.exe
21:53:37.0109 1148	VMware NAT Service - ok
21:53:37.0312 1148	vmx86           (847909a1fc0c8eb46ff975747d673a7f) C:\WINDOWS\system32\Drivers\vmx86.sys
21:53:37.0328 1148	vmx86 - ok
21:53:37.0390 1148	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:53:37.0515 1148	VolSnap - ok
21:53:37.0656 1148	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
21:53:37.0750 1148	VSS - ok
21:53:37.0812 1148	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
21:53:37.0921 1148	W32Time - ok
21:53:38.0015 1148	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:53:38.0109 1148	Wanarp - ok
21:53:38.0203 1148	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:53:38.0234 1148	Wdf01000 - ok
21:53:38.0375 1148	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:53:38.0484 1148	wdmaud - ok
21:53:38.0562 1148	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
21:53:38.0671 1148	WebClient - ok
21:53:38.0765 1148	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:53:38.0875 1148	winmgmt - ok
21:53:38.0984 1148	WinRM           (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
21:53:39.0109 1148	WinRM - ok
21:53:39.0218 1148	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:53:39.0234 1148	WmdmPmSN - ok
21:53:39.0328 1148	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
21:53:39.0390 1148	Wmi - ok
21:53:39.0484 1148	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:53:39.0593 1148	WmiApSrv - ok
21:53:39.0734 1148	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
21:53:39.0843 1148	WMPNetworkSvc - ok
21:53:40.0062 1148	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:53:40.0078 1148	WpdUsb - ok
21:53:40.0218 1148	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:53:40.0265 1148	WPFFontCache_v0400 - ok
21:53:40.0421 1148	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:53:40.0546 1148	WS2IFSL - ok
21:53:40.0625 1148	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
21:53:40.0734 1148	wscsvc - ok
21:53:40.0796 1148	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:53:40.0906 1148	WSTCODEC - ok
21:53:40.0968 1148	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
21:53:41.0062 1148	wuauserv - ok
21:53:41.0203 1148	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:53:41.0234 1148	WudfPf - ok
21:53:41.0265 1148	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:53:41.0296 1148	WudfRd - ok
21:53:41.0359 1148	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:53:41.0390 1148	WudfSvc - ok
21:53:41.0468 1148	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
21:53:41.0625 1148	WZCSVC - ok
21:53:41.0703 1148	XDva394 - ok
21:53:41.0765 1148	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
21:53:41.0859 1148	xmlprov - ok
21:53:41.0921 1148	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:53:42.0203 1148	\Device\Harddisk0\DR0 - ok
21:53:42.0218 1148	MBR (0x1B8)     (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR2
21:53:46.0406 1148	\Device\Harddisk1\DR2 - ok
21:53:46.0421 1148	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR3
21:53:46.0968 1148	\Device\Harddisk2\DR3 - ok
21:53:46.0968 1148	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR6
21:53:47.0062 1148	\Device\Harddisk3\DR6 - ok
21:53:47.0078 1148	Boot (0x1200)   (6a3f0f843c929f2ffe9f9266010d90d4) \Device\Harddisk0\DR0\Partition0
21:53:47.0078 1148	\Device\Harddisk0\DR0\Partition0 - ok
21:53:47.0078 1148	Boot (0x1200)   (024f370dc78e5839d03d87823c9acdd8) \Device\Harddisk1\DR2\Partition0
21:53:47.0078 1148	\Device\Harddisk1\DR2\Partition0 - ok
21:53:47.0093 1148	Boot (0x1200)   (b7e1151473711f7ebb360749df755929) \Device\Harddisk2\DR3\Partition0
21:53:47.0093 1148	\Device\Harddisk2\DR3\Partition0 - ok
21:53:47.0093 1148	Boot (0x1200)   (b28f0da2e578fff9441cee436b622d76) \Device\Harddisk3\DR6\Partition0
21:53:47.0093 1148	\Device\Harddisk3\DR6\Partition0 - ok
21:53:47.0093 1148	============================================================
21:53:47.0093 1148	Scan finished
21:53:47.0093 1148	============================================================
21:53:47.0234 0548	Detected object count: 10
21:53:47.0234 0548	Actual detected object count: 10
21:53:58.0906 0548	AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0906 0548	AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:53:58.0906 0548	AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0906 0548	AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:53:58.0906 0548	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0906 0548	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:53:58.0906 0548	giveio ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0906 0548	giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:53:58.0906 0548	MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0906 0548	MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:53:58.0906 0548	SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0906 0548	SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:53:58.0921 0548	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0921 0548	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:53:58.0921 0548	tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0921 0548	tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:53:58.0921 0548	Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0921 0548	Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:53:58.0921 0548	VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:58.0921 0548	VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:00.0843 1296	Deinitialize success

cosinus · 23.03.2012, 21:14

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

matthias2619 · 24.03.2012, 00:41

Log ist zu groß um es zu posten, deshalb im Anhang.
MfG

19.03.2012, 18:24	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Umleitung auf searchcompletion.com Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ __________________

Umleitung auf searchcompletion.com

Log-Analyse und Auswertung: Umleitung auf searchcompletion.com