BKA Virus 1.09 - OTL Logfile Auswertung

HF66 · 31.03.2012, 18:43

hallo zusammen!

heute hat es einen rechner bei mir erwischt - bka virus, meiner recherche nach version 1.09.

betroffener pc: win xp sp3, alle updates installiert

der "bka-lockscreen" kam und ich musste den rechner manuell runterfahren, neustart lief problemlos im normalen modus, norton internet security hat eine datei isoliert bzw gelöscht deren name leider nicht mehr eruierbar ist...

autostart geprüft, keine neuen / verdächtigen einträge

einzige auffälligkeit war ein versteckter ordner im verzeichnis "Dokumente und Einstellungen....Anwendungsdateien" mit dem namen "gizza" - inhalt war eine txt file mit meiner ip adresse und ein bmp des locksreen.

diverse recherchen und online test, komplettscan mit norton internet security - aktuelleste version brachte keine auffälligkeiten, ksapersky notfall-cd ausgeführt, leider war der festplattenscan der systemplatte nicht vollständig möglich da der scan nach 3% abgebrochen ist, bootsektorentest unauffällig, cc cleaner registry gereinigt - keine auffälligen einträge

ich möchte euch nun meine otl logflies posten um ggf einen check zu erbitten ob es auffälligkeiten gibt oder ich mein system als sicher bzw sauber betrachten kann - vielen dank im voraus:

zusatzinfo:

konnte heute mit dem microsoft bitdefender offline Tool den win32.gamarue.f im Verzeichnis "system volume Information" identifizieren und entfernen......

cosinus · 02.04.2012, 13:11

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

HF66 · 02.04.2012, 13:55

hallo!

danke für die rückmeldung.

anbei der log von malewarebytes von gestern nachmittag

eset scan brachte keine ergebnisse

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.01.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Faber :: CENTER [Administrator]

Schutz: Aktiviert

01.04.2012 15:24:36
mbam-log-2012-04-01 (19-06-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 326149
Laufzeit: 3 Stunde(n), 38 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 02.04.2012, 14:37

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

HF66 · 02.04.2012, 14:58

habe die software erst im zuge der aktion vom samstag dann installiert, daher gibts auch keine weiteren scans

logdateien kann ich anbieten - eben seit samstag

Code:

ATTFilter

2012/03/31 15:00:15 +0200	CENTER	Faber	MESSAGE	Starting protection
2012/03/31 15:00:20 +0200	CENTER	Faber	MESSAGE	Protection started successfully
2012/03/31 15:00:23 +0200	CENTER	Faber	MESSAGE	Starting IP protection
2012/03/31 15:00:30 +0200	CENTER	Faber	MESSAGE	IP Protection started successfully
2012/03/31 17:11:06 +0200	CENTER	Faber	MESSAGE	Stopping IP protection
2012/03/31 17:11:07 +0200	CENTER	Faber	MESSAGE	IP Protection stopped
2012/03/31 19:05:35 +0200	CENTER	Faber	MESSAGE	Executing scheduled update:  Daily
2012/03/31 19:05:35 +0200	CENTER	Faber	ERROR	Scheduled update failed:  Config missing or corrupt, please reinstall failed with error code 2

Code:

ATTFilter

2012/04/01 15:24:17 +0200	CENTER	Faber	MESSAGE	Starting protection
2012/04/01 15:24:22 +0200	CENTER	Faber	MESSAGE	Protection started successfully
2012/04/01 15:24:25 +0200	CENTER	Faber	MESSAGE	Starting IP protection
2012/04/01 15:24:29 +0200	CENTER	Faber	MESSAGE	IP Protection started successfully
2012/04/01 16:12:36 +0200	CENTER	Faber	IP-BLOCK	188.130.251.85 (Type: outgoing)
2012/04/01 16:12:39 +0200	CENTER	Faber	IP-BLOCK	188.130.251.85 (Type: outgoing)
2012/04/01 16:12:45 +0200	CENTER	Faber	IP-BLOCK	188.130.251.85 (Type: outgoing)
2012/04/01 16:12:59 +0200	CENTER	Faber	IP-BLOCK	188.130.251.85 (Type: outgoing)
2012/04/01 16:13:02 +0200	CENTER	Faber	IP-BLOCK	188.130.251.85 (Type: outgoing)
2012/04/01 16:13:08 +0200	CENTER	Faber	IP-BLOCK	188.130.251.85 (Type: outgoing)
2012/04/01 19:05:26 +0200	CENTER	Faber	MESSAGE	Executing scheduled update:  Daily
2012/04/01 19:05:33 +0200	CENTER	Faber	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.01.01 to version v2012.04.01.03
2012/04/01 19:05:33 +0200	CENTER	Faber	MESSAGE	Starting database refresh
2012/04/01 19:05:33 +0200	CENTER	Faber	MESSAGE	Stopping IP protection
2012/04/01 19:05:33 +0200	CENTER	Faber	MESSAGE	IP Protection stopped
2012/04/01 19:05:37 +0200	CENTER	Faber	MESSAGE	Database refreshed successfully
2012/04/01 19:05:37 +0200	CENTER	Faber	MESSAGE	Starting IP protection
2012/04/01 19:05:50 +0200	CENTER	Faber	MESSAGE	IP Protection started successfully

Code:

ATTFilter

2012/04/02 14:50:11 +0200	CENTER	Faber	MESSAGE	Starting protection
2012/04/02 14:50:17 +0200	CENTER	Faber	MESSAGE	Protection started successfully
2012/04/02 14:50:20 +0200	CENTER	Faber	MESSAGE	Starting IP protection
2012/04/02 14:50:25 +0200	CENTER	Faber	MESSAGE	IP Protection started successfully
2012/04/02 14:50:43 +0200	CENTER	Faber	MESSAGE	Starting database refresh
2012/04/02 14:50:43 +0200	CENTER	Faber	MESSAGE	Stopping IP protection
2012/04/02 14:50:43 +0200	CENTER	Faber	MESSAGE	IP Protection stopped
2012/04/02 14:50:46 +0200	CENTER	Faber	MESSAGE	Database refreshed successfully
2012/04/02 14:50:46 +0200	CENTER	Faber	MESSAGE	Starting IP protection
2012/04/02 14:50:53 +0200	CENTER	Faber	MESSAGE	IP Protection started successfully

cosinus · 02.04.2012, 15:37

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

HF66 · 02.04.2012, 15:43

ad1) normaler modus geht problemlos und uneingeschränkt . konnte bisher keine fehler erkennen

ad2) vermisse auch nix im startmenü, keine leeren ordner oder fehlende proigramme soweit ich es bisher festellen konnte

cosinus · 02.04.2012, 15:48

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

HF66 · 02.04.2012, 16:19

bitteschön - hier der log - in 2 teilen da um ein paar zeichen zu gross...

Code:

ATTFilter

OTL logfile created on: 02.04.2012 17:07:22 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = H:\Dokumente und Einstellungen\Faber\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,81% Memory free
5,09 Gb Paging File | 4,16 Gb Available in Paging File | 81,81% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\windows | %ProgramFiles% = H:\Programme
Drive E: | 232,88 Gb Total Space | 129,72 Gb Free Space | 55,70% Space Free | Partition Type: NTFS
Drive H: | 232,88 Gb Total Space | 208,76 Gb Free Space | 89,65% Space Free | Partition Type: NTFS
Drive I: | 149,05 Gb Total Space | 105,64 Gb Free Space | 70,88% Space Free | Partition Type: NTFS
Drive N: | 915,91 Gb Total Space | 483,86 Gb Free Space | 52,83% Space Free | Partition Type: NTFS
Drive O: | 1832,80 Gb Total Space | 1223,90 Gb Free Space | 66,78% Space Free | Partition Type: NTFS
 
Computer Name: CENTER | User Name: Faber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.31 14:52:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Faber\Desktop\OTL.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.01.17 08:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- H:\Programme\Norton Management\Engine\2.1.2.13\ccsvchst.exe
PRC - [2012.01.17 07:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- H:\Programme\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- H:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.01.04 14:32:18 | 000,173,096 | ---- | M] (Nokia) -- H:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.01.04 14:32:02 | 000,142,376 | ---- | M] (Nokia) -- H:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.10.07 11:40:08 | 000,055,064 | ---- | M] (Logitech, Inc.) -- H:\Programme\Logitech\SetPointP\LBTWiz.exe
PRC - [2011.03.04 12:38:48 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2010.08.18 02:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- H:\WINDOWS\V0700Mon.exe
PRC - [2010.07.07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- H:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2010.07.07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- H:\WINDOWS\system32\CTxfispi.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- H:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009.06.12 00:10:18 | 000,503,808 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe
PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- H:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.05.05 09:53:00 | 000,221,300 | ---- | M] (Creative Technology Ltd) -- H:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008.04.21 23:00:36 | 000,911,168 | ---- | M] (Acronis) -- H:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.04.21 22:54:38 | 002,622,296 | ---- | M] (Acronis) -- H:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.04.21 00:07:26 | 000,136,472 | ---- | M] (Acronis) -- H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2008.04.21 00:07:18 | 000,431,384 | ---- | M] (Acronis) -- H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2008.04.15 19:55:02 | 001,449,984 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2008.01.31 19:12:04 | 000,634,880 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe
PRC - [2008.01.31 19:06:40 | 001,060,864 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe
PRC - [2008.01.31 18:04:54 | 000,925,696 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe
PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- H:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2005.10.27 17:01:16 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- H:\Programme\Multimedia Card Reader\shwicon2k.exe
PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- H:\WINDOWS\system32\LVCOMSX.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.16 16:44:26 | 011,817,472 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012.02.16 15:22:17 | 000,971,264 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012.02.15 15:18:01 | 005,450,752 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012.02.15 15:17:57 | 012,430,848 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012.02.15 15:17:48 | 001,587,200 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012.02.15 15:14:18 | 007,953,408 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012.02.15 15:12:48 | 000,303,104 | ---- | M] () -- H:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.01.03 15:10:46 | 000,301,056 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.10.12 15:10:14 | 000,025,600 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011.10.12 13:35:36 | 011,490,816 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- H:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.07.28 17:22:00 | 000,270,336 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- H:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009.07.13 17:37:04 | 000,152,112 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009.07.13 17:37:04 | 000,098,304 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009.06.19 21:56:39 | 000,315,392 | ---- | M] () -- H:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.19 21:56:37 | 000,434,176 | ---- | M] () -- H:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.06.12 00:10:18 | 000,503,808 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe
MOD - [2008.06.26 20:46:08 | 001,384,520 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\SSOle.dll
MOD - [2008.06.26 20:45:14 | 000,367,104 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\NetModule.dll
MOD - [2008.06.26 20:45:06 | 000,155,648 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\IMFilter.dll
MOD - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
MOD - [2008.04.21 22:43:20 | 001,336,600 | ---- | M] () -- H:\Programme\Acronis\TrueImageHome\fox.dll
MOD - [2008.04.15 19:55:02 | 001,449,984 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
MOD - [2008.04.15 19:48:54 | 000,073,728 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\zlib1.dll
MOD - [2008.04.15 19:48:42 | 004,976,640 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\qt-mt333.dll
MOD - [2008.04.15 19:48:42 | 000,118,784 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\slp.dll
MOD - [2008.04.15 19:48:42 | 000,024,064 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\XalanMessages_1_9.dll
MOD - [2008.04.15 19:48:40 | 000,057,344 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\boost_thread-vc71-mt-1_32.dll
MOD - [2008.01.31 19:12:04 | 000,634,880 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe
MOD - [2008.01.31 19:06:40 | 001,060,864 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe
MOD - [2008.01.31 18:52:36 | 000,352,256 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\QtSql4.dll
MOD - [2008.01.31 18:52:36 | 000,352,256 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\QtSql4.dll
MOD - [2008.01.31 18:52:34 | 000,221,184 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\QtNetwork4.dll
MOD - [2008.01.31 18:52:34 | 000,221,184 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\QtNetwork4.dll
MOD - [2008.01.31 18:52:34 | 000,221,184 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\QtNetwork4.dll
MOD - [2008.01.31 18:52:32 | 001,069,056 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\QtCore4.dll
MOD - [2008.01.31 18:52:32 | 001,069,056 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\QtCore4.dll
MOD - [2008.01.31 18:52:32 | 001,069,056 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\QtCore4.dll
MOD - [2008.01.31 18:04:54 | 000,925,696 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe
MOD - [2008.01.31 17:52:36 | 000,025,600 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\XalanMessages_1_10.dll
MOD - [2008.01.31 17:52:36 | 000,025,600 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\XalanMessages_1_10.dll
MOD - [2008.01.31 17:52:36 | 000,025,600 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\XalanMessages_1_10.dll
MOD - [2008.01.31 17:52:34 | 000,106,496 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\boost_log-vc80-mt-1_33_1.dll
MOD - [2008.01.31 17:52:34 | 000,106,496 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\boost_log-vc80-mt-1_33_1.dll
MOD - [2008.01.31 17:52:34 | 000,106,496 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\boost_log-vc80-mt-1_33_1.dll
MOD - [2007.12.27 16:38:58 | 000,094,208 | ---- | M] () -- H:\WINDOWS\system32\SamFaxPort.dll
MOD - [2007.09.13 18:05:22 | 000,002,560 | ---- | M] () -- H:\WINDOWS\CTXFIGER.DLL
MOD - [2007.08.14 03:01:17 | 000,022,723 | ---- | M] () -- H:\WINDOWS\system32\sst1cl3.dll
MOD - [2002.01.11 15:59:06 | 000,094,274 | ---- | M] () -- H:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2001.10.28 18:43:08 | 000,116,736 | ---- | M] () -- H:\WINDOWS\system32\redmonnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- H:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.17 08:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- H:\Programme\Norton Management\Engine\2.1.2.13\ccSvcHst.exe -- (MCLIENT)
SRV - [2012.01.17 07:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- H:\Programme\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- H:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.04 12:38:48 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2010.11.18 15:35:50 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- H:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_D3D96EB9)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.24 15:09:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009.10.24 15:03:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2009.10.24 15:02:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- H:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008.04.21 00:07:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.04.15 19:55:02 | 001,449,984 | ---- | M] () [Auto | Running] -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe -- (SWAS_Core)
SRV - [2008.01.31 19:12:04 | 000,634,880 | ---- | M] () [Auto | Running] -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe -- (SWAS_Srv_LDD)
SRV - [2008.01.31 19:06:40 | 001,060,864 | ---- | M] () [Auto | Running] -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe -- (SWAS_Srv_DriverManagement)
SRV - [2008.01.31 18:04:54 | 000,925,696 | ---- | M] () [Auto | Running] -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe -- (SWAS_Report_Plugin)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- H:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- H:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | Auto | Stopped] -- H:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - [2012.03.29 10:27:31 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.03.19 20:28:24 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120401.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.03.19 20:28:24 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.03.19 20:28:24 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120401.016\NAVENG.SYS -- (NAVENG)
DRV - [2012.03.06 17:04:10 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012.03.02 20:58:02 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.02.04 12:25:51 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.01.18 00:46:01 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\symtdi.sys -- (SYMTDI)
DRV - [2012.01.18 00:45:57 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\symefa.sys -- (SymEFA)
DRV - [2012.01.18 00:35:24 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\ironx86.sys -- (SymIRON)
DRV - [2012.01.18 00:33:51 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\srtsp.sys -- (SRTSP)
DRV - [2012.01.18 00:33:51 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.30 01:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\MCLIENT\0201020.00D\ccsetx86.sys -- (ccSet_MCLIENT)
DRV - [2011.11.30 00:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011.11.24 04:23:20 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011.11.24 04:23:20 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.09.26 17:17:34 | 000,025,344 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2011.09.06 18:00:02 | 000,322,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\V0700Vid.sys -- (V0700Vid)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.09.02 08:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011.09.02 08:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011.09.02 08:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011.07.29 14:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.07.29 00:20:10 | 007,084,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.07.25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\symds.sys -- (SymDS)
DRV - [2011.03.24 14:28:36 | 000,150,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.10.20 07:24:22 | 000,302,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\V0700Afx.sys -- (V0700Afx)
DRV - [2010.07.09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- H:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2010.07.07 14:15:42 | 001,811,288 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ct20xflt.sys -- (ct20xflt)
DRV - [2010.07.07 14:15:22 | 001,227,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2010.07.07 14:15:10 | 001,184,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010.07.07 14:15:00 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010.07.07 14:14:52 | 000,159,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010.07.07 14:14:44 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010.07.07 14:14:36 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010.07.07 14:14:20 | 000,537,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010.07.07 14:14:00 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010.07.07 14:13:52 | 001,353,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2010.07.07 14:13:52 | 001,353,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010.07.07 14:13:42 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2010.07.07 14:13:42 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010.07.07 14:13:34 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2010.07.07 14:13:34 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010.05.10 10:09:34 | 000,627,288 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\SkyNET.sys -- (SKYNET)
DRV - [2009.11.09 19:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009.10.30 14:40:56 | 000,039,488 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nc06_wdm.sys -- (NUMARK_NC06_WDM)
DRV - [2009.10.30 14:40:56 | 000,026,688 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nc06midi.sys -- (NUMARK_NC06_MIDI)
DRV - [2009.10.07 15:48:58 | 000,163,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- H:\windows\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2009.10.07 15:48:58 | 000,015,784 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- H:\windows\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2009.10.02 10:59:16 | 000,489,952 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009.08.10 12:07:32 | 000,089,600 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\GemCCID.sys -- (GemCCID)
DRV - [2009.08.05 06:16:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009.07.15 13:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009.07.07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009.07.07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009.07.06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.06.20 14:01:26 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2009.06.20 14:01:26 | 001,086,208 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.06.20 12:52:41 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009.06.20 12:52:41 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- H:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009.06.20 12:52:38 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009.06.20 12:52:36 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.10.31 20:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.09.09 05:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.03.05 11:27:34 | 000,026,656 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\PLCND532.sys -- (PLCND532)
DRV - [2007.12.17 17:14:04 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007.10.22 08:55:46 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- H:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2007.10.12 03:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2007.06.15 10:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007.04.16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.02.09 12:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007.02.09 12:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2007.01.23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006.03.16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006.03.15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006.02.24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.02.10 11:17:46 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.02.02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005.10.27 17:01:06 | 000,038,468 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2005.10.05 12:00:06 | 000,047,104 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2005.10.05 12:00:06 | 000,018,167 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2005.09.01 11:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
DRV - [2005.09.01 11:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- H:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.05.27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- H:\windows\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\..\SearchScopes,DefaultScope = {701DD555-C500-4EBB-86BA-0E4CC604397A}
IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\..\SearchScopes\{701DD555-C500-4EBB-86BA-0E4CC604397A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: H:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: H:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: H:\Dokumente und Einstellungen\Faber\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: H:\Dokumente und Einstellungen\Faber\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.02 15:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.04.02 14:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_9.0@nokia.com: H:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.18 17:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: H:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.18 17:54:09 | 000,000,000 | ---D | M]
 
[2010.04.13 17:27:04 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Mozilla\Extensions
[2010.04.13 17:27:04 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Mozilla\Extensions\MediaCoder-MCEX
[2010.04.13 17:23:02 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2011.03.27 10:32:31 | 000,002,046 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml
 
O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Programme\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Programme\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - H:\Programme\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Programme\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - H:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKU\S-1-5-21-861567501-299502267-839522115-1003\..\Toolbar\WebBrowser: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - H:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [3170 Scan2PC] H:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] H:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] H:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] H:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CTxfiHlp] H:\windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Live! Central 3] H:\Programme\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] H:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Sunkist2k] H:\Programme\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] H:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] H:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [V0700Mon.exe] H:\WINDOWS\V0700Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] H:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-861567501-299502267-839522115-1003..\Run: [NokiaSuite.exe] H:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Button Manager v5.099.lnk = H:\Programme\INITIO\v5.099\INIHID.EXE ()
O4 - Startup: H:\Dokumente und Einstellungen\Faber\Startmenü\Programme\Autostart\batch.cmd ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run:  = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-861567501-299502267-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-299502267-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: An OneNote s&enden - H:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - H:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SmarThru4 Als HTML speichern - H:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - H:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - H:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - H:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - H:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - H:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - H:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - H:\Programme\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} hxxp://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab (PrinterHelpEtcActiveX Control)
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245435584890 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} hxxp://www.facebook.com/controls/contactx.dll (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245445290437 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player Version 1.x)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} hxxp://www.nero.com/doc/NeroVersionChecker.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74253CA6-1631-410E-AFFF-201D1C7D9FDB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (h:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - h:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: H:\Dokumente und Einstellungen\Faber\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Dokumente und Einstellungen\Faber\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - H:\windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{423606c5-ee43-11de-9754-00248cfc6054}\Shell - "" = AutoRun
O33 - MountPoints2\{423606c5-ee43-11de-9754-00248cfc6054}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{423606c5-ee43-11de-9754-00248cfc6054}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

HF66 · 02.04.2012, 16:21

Code:

ATTFilter

 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - 
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - 
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "H:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5C3BFCCD-B621-615D-F98E-B13583C24057} - Browseranpassungen
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - H:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - h:\WINDOWS\system32\Rundll32.exe h:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A21001A2-5CC6-FB3C-0C30-1B7A810F81A3} - DirectX
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FE78F135-129E-9C20-477D-A810D3C768AD} - DirectAnimation
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - H:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - H:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - H:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.l3acm - H:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - H:\windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - H:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - H:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - H:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - H:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - H:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - H:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - H:\windows\System32\ffdshow.ax ()
Drivers32: VIDC.I420 - H:\windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - H:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - H:\windows\System32\ir32_32.dll ()
Drivers32: vidc.XVID - H:\windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - H:\windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.02 16:32:59 | 000,000,000 | RH-D | C] -- H:\Dokumente und Einstellungen\Faber\Recent
[2012.04.01 22:07:22 | 000,000,000 | ---D | C] -- H:\windows\Microsoft Antimalware
[2012.04.01 15:22:52 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.01 15:22:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- H:\windows\System32\drivers\mbam.sys
[2012.04.01 15:22:51 | 000,000,000 | ---D | C] -- H:\Programme\Malwarebytes' Anti-Malware
[2012.04.01 11:17:23 | 000,000,000 | ---D | C] -- H:\Programme\Gemeinsame Dateien\Java
[2012.03.31 18:26:53 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\QuickScan
[2012.03.31 16:48:42 | 000,000,000 | ---D | C] -- H:\Programme\ESET
[2012.03.31 14:59:39 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Malwarebytes
[2012.03.31 14:59:29 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.31 14:52:29 | 000,593,920 | ---- | C] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Faber\Desktop\OTL.exe
[2012.03.31 14:05:58 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SUPERAntiSpyware.com
[2012.03.31 13:43:43 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton Management
[2012.03.31 12:30:09 | 000,000,000 | ---D | C] -- H:\Programme\Trend Micro
[2012.03.31 12:30:09 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Faber\Startmenü\Programme\HiJackThis
[2012.03.31 11:18:13 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Local Settings
[2012.03.29 11:36:19 | 000,000,000 | ---D | C] -- H:\Programme\Dude
[2012.03.19 19:46:37 | 000,000,000 | ---D | C] -- H:\windows\usb-audio.deNumarkNS6
[2012.03.19 19:46:33 | 000,000,000 | ---D | C] -- H:\windows\usb-audio.deNumarkV7
[2012.03.19 19:46:29 | 000,000,000 | ---D | C] -- H:\windows\usb-audio.deNumarkNS7
[2012.03.19 19:46:24 | 000,000,000 | ---D | C] -- H:\Programme\Serato
[2012.03.19 17:27:37 | 000,000,000 | ---D | C] -- H:\Programme\PC Inspector File Recovery
[2012.03.12 15:05:43 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Amazon
[7 H:\windows\System32\*.tmp files -> H:\windows\System32\*.tmp -> ]
[4 H:\windows\*.tmp files -> H:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.02 17:10:33 | 000,000,418 | -H-- | M] () -- H:\windows\tasks\User_Feed_Synchronization-{E5E6C224-3146-4AF6-9F3A-3EA9B758CA42}.job
[2012.04.02 16:23:00 | 000,001,090 | ---- | M] () -- H:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.02 14:30:23 | 000,013,646 | ---- | M] () -- H:\windows\System32\wpa.dbl
[2012.04.02 14:30:21 | 000,001,086 | ---- | M] () -- H:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.02 14:28:06 | 000,002,048 | --S- | M] () -- H:\windows\bootstat.dat
[2012.04.01 21:53:01 | 000,055,480 | ---- | M] () -- H:\windows\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012.04.01 21:53:01 | 000,055,480 | ---- | M] () -- H:\windows\System32\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012.04.01 21:53:01 | 000,000,820 | ---- | M] () -- H:\windows\System32\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012.04.01 15:22:54 | 000,000,762 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 14:49:37 | 000,521,428 | ---- | M] () -- H:\windows\System32\perfh007.dat
[2012.04.01 14:49:37 | 000,497,086 | ---- | M] () -- H:\windows\System32\perfh009.dat
[2012.04.01 14:49:37 | 000,085,570 | ---- | M] () -- H:\windows\System32\perfc009.dat
[2012.04.01 14:49:36 | 000,102,550 | ---- | M] () -- H:\windows\System32\perfc007.dat
[2012.04.01 11:50:46 | 000,696,562 | ---- | M] () -- H:\windows\System32\drivers\NIS\1306020.00A\Cat.DB
[2012.03.31 14:52:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Faber\Desktop\OTL.exe
[2012.03.30 19:41:06 | 000,000,573 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Desktop\Gemeinsame Dokumente.lnk
[2012.03.30 18:52:29 | 002,359,767 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Desktop\IMG_7679.jpg
[2012.03.30 18:09:44 | 000,000,691 | ---- | M] () -- H:\dude.conf
[2012.03.30 07:43:56 | 000,008,727 | ---- | M] () -- H:\windows\System32\drivers\NIS\1306020.00A\VT20120301.009
[2012.03.29 23:57:26 | 000,001,080 | ---- | M] () -- H:\windows\System32\settingsbkup.sfm
[2012.03.29 23:57:26 | 000,001,080 | ---- | M] () -- H:\windows\System32\settings.sfm
[2012.03.29 10:27:31 | 000,141,944 | ---- | M] (Symantec Corporation) -- H:\windows\System32\drivers\SYMEVENT.SYS
[2012.03.29 10:27:31 | 000,060,872 | ---- | M] (Symantec Corporation) -- H:\windows\System32\S32EVNT1.DLL
[2012.03.29 10:27:31 | 000,007,468 | ---- | M] () -- H:\windows\System32\drivers\SYMEVENT.CAT
[2012.03.29 10:27:31 | 000,000,805 | ---- | M] () -- H:\windows\System32\drivers\SYMEVENT.INF
[2012.03.24 08:36:15 | 000,000,172 | ---- | M] () -- H:\windows\System32\drivers\MCLIENT\0201020.00D\isolate.ini
[2012.03.22 20:55:09 | 000,000,050 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\tigersetting.dll
[2012.03.20 06:26:35 | 000,000,172 | ---- | M] () -- H:\windows\System32\drivers\NIS\1306020.00A\isolate.ini
[2012.03.19 19:46:38 | 000,000,647 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Desktop\ITCH.lnk
[2012.03.14 16:06:28 | 000,321,136 | ---- | M] () -- H:\windows\System32\FNTCACHE.DAT
[2012.03.11 10:00:02 | 000,015,364 | -H-- | M] () -- E:\Eigene Dateien\.DS_Store
[2012.03.05 16:08:20 | 000,000,842 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\Handy Safe Desktop Professional 3.00.lnk
[7 H:\windows\System32\*.tmp files -> H:\windows\System32\*.tmp -> ]
[4 H:\windows\*.tmp files -> H:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.01 15:22:53 | 000,000,762 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.30 18:52:29 | 002,359,767 | ---- | C] () -- H:\Dokumente und Einstellungen\Faber\Desktop\IMG_7679.jpg
[2012.03.29 11:36:40 | 000,000,691 | ---- | C] () -- H:\dude.conf
[2012.03.19 19:46:38 | 000,000,647 | ---- | C] () -- H:\Dokumente und Einstellungen\Faber\Desktop\ITCH.lnk
[2012.03.19 17:27:37 | 000,006,200 | ---- | C] () -- H:\windows\System32\INT13EXT.VXD
[2012.03.05 16:08:19 | 000,000,842 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Desktop\Handy Safe Desktop Professional 3.00.lnk
[2012.02.26 12:42:30 | 000,107,520 | RHS- | C] () -- H:\windows\System32\TAKDSDecoder.dll
[2012.02.15 15:09:01 | 000,003,072 | ---- | C] () -- H:\windows\System32\iacenc.dll
[2011.11.28 20:07:11 | 000,067,904 | -H-- | C] () -- H:\windows\System32\mlfcache.dat
[2011.11.07 14:51:46 | 000,019,840 | ---- | C] () -- H:\windows\System32\EuEpmGdi.dll
[2011.11.07 14:51:45 | 002,469,760 | ---- | C] () -- H:\windows\System32\BootMan.exe
[2011.11.07 14:51:45 | 000,086,408 | ---- | C] () -- H:\windows\System32\setupempdrv03.exe
[2011.11.07 14:51:45 | 000,013,192 | ---- | C] () -- H:\windows\System32\epmntdrv.sys
[2011.11.07 14:51:45 | 000,008,456 | ---- | C] () -- H:\windows\System32\EuGdiDrv.sys
[2011.11.04 08:17:11 | 000,000,040 | -HS- | C] () -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2011.11.03 15:40:53 | 000,000,056 | ---- | C] () -- H:\windows\DVDFab.INI
[2011.08.22 21:51:47 | 000,328,882 | ---- | C] () -- H:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.08.22 21:51:47 | 000,328,882 | ---- | C] () -- H:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-861567501-299502267-839522115-1003-0.dat
[2011.07.10 12:12:05 | 000,015,871 | ---- | C] () -- H:\windows\Ascd_tmp.ini
[2011.02.08 17:48:11 | 000,887,724 | ---- | C] () -- H:\windows\System32\ativva6x.dat
[2011.02.08 17:48:11 | 000,000,003 | ---- | C] () -- H:\windows\System32\ativva5x.dat
[2011.02.08 17:36:20 | 000,234,855 | ---- | C] () -- H:\windows\System32\atiicdxx.dat
[2010.11.11 16:32:56 | 000,000,760 | ---- | C] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\setup_ldm.iss
[2010.08.14 09:58:28 | 000,000,000 | ---- | C] () -- H:\windows\SetPointInstall.ini
 
========== LOP Check ==========
 
[2011.08.07 10:45:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\A-Trust GmbH
[2009.07.12 01:26:38 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.07.24 10:47:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt
[2011.03.17 16:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMUV
[2010.03.20 11:23:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hagel Technologies
[2009.06.20 11:19:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ID3-TagIT 3
[2010.09.16 14:41:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.04.08 20:01:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Jabra
[2009.06.20 13:30:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2010.01.17 19:37:49 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2009.06.20 09:52:17 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2010.11.11 17:44:37 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments
[2009.09.14 17:03:55 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2011.11.06 01:09:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2011.05.26 10:00:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaAccount
[2012.03.13 15:15:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2009.06.20 11:46:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.11.04 08:23:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2011.03.17 16:03:54 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Technisat
[2011.11.03 15:09:12 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2010.06.06 09:48:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2009.09.14 17:01:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk
[2012.02.06 15:45:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011.11.28 20:05:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.07 20:05:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\A-Trust GmbH
[2010.05.31 17:22:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Acronis
[2011.12.14 17:00:40 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Amazon
[2010.03.25 18:18:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\AnvSoft
[2012.01.09 20:32:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2010.04.13 17:29:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Broad Intelligence
[2011.07.24 10:47:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Canon
[2010.02.20 16:41:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DisplayTune
[2012.03.25 01:44:01 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Dropbox
[2011.11.03 17:34:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DVDFab
[2011.01.19 14:43:09 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DVDVideoSoft
[2010.11.11 17:20:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ElevatedDiagnostics
[2011.03.27 10:34:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\facemoods.com
[2012.02.04 23:36:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\FileZilla
[2009.10.06 22:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\FreeFLVConverter
[2011.02.25 20:49:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\GetRightToGo
[2009.06.20 11:20:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ID3-TagIT 3
[2010.02.17 16:27:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\JustWrite Office
[2012.02.17 19:05:55 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Leadertech
[2009.06.20 10:55:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\MAGIX
[2011.07.14 15:22:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\mkvtoolnix
[2010.03.27 13:20:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Moyea
[2012.01.18 17:54:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia
[2010.09.17 13:46:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia Ovi Suite
[2011.11.09 16:47:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia Suite
[2011.12.07 20:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\PC Suite
[2010.10.05 20:03:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\PDF-OVER
[2012.03.31 18:27:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\QuickScan
[2011.08.22 17:47:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Samsung
[2010.07.24 12:37:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SignaturUmgebung
[2009.09.02 17:47:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SmarThru4
[2010.01.07 17:22:31 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TeamViewer
[2010.07.03 15:28:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TerraTec
[2010.08.25 14:12:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Tific
[2012.03.25 19:58:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TV-Browser
[2011.01.19 15:27:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Vso
[2010.02.26 19:17:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\WTouch
[2010.08.06 13:09:05 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\XMedia Recode
[2009.12.12 22:51:46 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\YCanPDF
[2009.06.20 13:30:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Acronis
[2011.08.22 17:42:24 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Samsung
[2012.04.02 17:10:33 | 000,000,418 | -H-- | M] () -- H:\windows\Tasks\User_Feed_Synchronization-{E5E6C224-3146-4AF6-9F3A-3EA9B758CA42}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.08.26 16:38:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.07 20:05:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\A-Trust GmbH
[2010.05.31 17:22:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Acronis
[2012.01.31 19:08:57 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Adobe
[2011.03.16 17:59:25 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Ahead
[2011.12.14 17:00:40 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Amazon
[2010.03.25 18:18:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\AnvSoft
[2011.12.13 20:35:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Apple Computer
[2009.06.19 20:14:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ATI
[2010.05.22 08:08:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\AVS4YOU
[2012.01.09 20:32:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2010.04.13 17:29:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Broad Intelligence
[2009.06.19 23:34:23 | 000,000,000 | R--D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Brother
[2012.02.12 12:31:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\CameraWindowDC
[2011.07.24 10:47:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Canon
[2012.02.12 12:31:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\CANON INC
[2011.08.07 08:50:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Creative
[2011.11.03 15:20:25 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\CyberLink
[2010.02.20 16:41:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DisplayTune
[2009.10.26 17:45:11 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DivX
[2012.03.25 01:44:01 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Dropbox
[2011.03.14 18:25:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\dvdcss
[2011.11.03 17:34:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DVDFab
[2011.01.19 14:43:09 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DVDVideoSoft
[2010.11.11 17:20:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ElevatedDiagnostics
[2011.03.27 10:34:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\facemoods.com
[2012.02.04 23:36:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\FileZilla
[2009.10.06 22:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\FreeFLVConverter
[2011.02.25 20:49:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\GetRightToGo
[2009.08.10 18:12:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Google
[2009.10.26 17:45:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Help
[2009.06.20 11:20:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ID3-TagIT 3
[2009.06.19 19:25:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Identities
[2009.06.19 21:23:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\InstallShield
[2010.02.17 16:27:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\JustWrite Office
[2012.02.17 19:05:55 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Leadertech
[2012.02.17 20:34:47 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Logishrd
[2012.02.18 11:38:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Logitech
[2009.07.04 14:52:22 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Macromedia
[2009.06.20 10:55:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\MAGIX
[2012.03.31 14:59:39 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Malwarebytes
[2012.01.31 19:08:57 | 000,000,000 | --SD | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft
[2009.06.19 22:25:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft Web Folders
[2011.04.03 08:47:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\MixMeister Technology
[2011.07.14 15:22:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\mkvtoolnix
[2010.03.27 13:20:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Moyea
[2010.04.13 17:23:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Mozilla
[2010.03.29 16:56:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\NCH Software
[2012.01.18 17:54:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia
[2010.09.17 13:46:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia Ovi Suite
[2011.11.09 16:47:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia Suite
[2011.12.07 20:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\PC Suite
[2010.10.05 20:03:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\PDF-OVER
[2012.03.31 18:27:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\QuickScan
[2011.06.03 16:23:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Real
[2011.08.22 17:47:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Samsung
[2010.07.24 12:37:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SignaturUmgebung
[2012.04.02 16:58:14 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Skype
[2009.09.02 17:47:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SmarThru4
[2009.06.19 21:01:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Sun
[2012.03.31 14:05:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SUPERAntiSpyware.com
[2010.01.07 17:22:31 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TeamViewer
[2010.07.03 15:28:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TerraTec
[2010.08.25 14:12:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Tific
[2012.03.25 19:58:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TV-Browser
[2010.05.02 17:02:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\U3
[2012.03.29 19:51:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\vlc
[2011.01.19 15:27:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Vso
[2011.09.14 22:06:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\WinRAR
[2010.02.17 16:28:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\WTablet
[2010.02.26 19:17:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\WTouch
[2010.08.06 13:09:05 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\XMedia Recode
[2009.12.12 22:51:46 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\YCanPDF
[2009.06.20 15:57:50 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2011.01.19 15:27:34 | 000,087,608 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\inst.exe
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2012.01.09 20:32:13 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.01.09 20:32:06 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2009.12.13 19:18:07 | 000,010,134 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{20820A45-02A1-144C-21A3-A1812C5DDE23}\ARPPRODUCTICON.exe
[2010.07.06 15:39:39 | 000,010,134 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\ARPPRODUCTICON.exe
[2010.07.06 15:39:39 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\easyFit.exe1_FB6AD838DF3A4509972E809922B4BACD.exe
[2010.07.06 15:39:39 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\easyFit.exe_FB6AD838DF3A4509972E809922B4BACD_1.exe
[2010.08.16 18:44:30 | 000,010,134 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
[2012.02.18 14:54:52 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.03.31 12:30:10 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.04.06 14:21:39 | 000,015,086 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}\ARPPRODUCTICON.exe
[2012.03.19 19:46:39 | 000,010,134 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ARPPRODUCTICON.exe
[2012.03.19 19:46:39 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
[2011.04.03 08:48:00 | 000,000,766 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\U3\temp\cleanup.exe
[2008.02.25 13:47:34 | 003,489,792 | -H-- | M] (SanDisk Corporation) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- H:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2003.04.02 14:00:00 | 010,180,476 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\WINDOWS\system32\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- H:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- H:\Programme\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\WINDOWS\system32\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- H:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\WINDOWS\system32\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- H:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- H:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- H:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- H:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.06.19 21:15:56 | 000,094,208 | ---- | M] () -- H:\windows\System32\config\default.sav
[2009.06.19 21:15:56 | 000,630,784 | ---- | M] () -- H:\windows\System32\config\software.sav
[2009.06.19 21:15:56 | 000,438,272 | ---- | M] () -- H:\windows\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[7 H:\windows\system32\*.tmp files -> H:\windows\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> E:\Gemeinsame Dokumente\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> E:\Eigene Dateien\.DS_Store:AFP_AfpInfo

< End of report >

cosinus · 02.04.2012, 19:43

Zitat:

O4 - Startup: H:\Dokumente und Einstellungen\Faber\Startmenü\Programme\Autostart\batch.cmd ()

Hast du da eine "batch.cmd" abgelegt?

HF66 · 02.04.2012, 20:20

ja, diese batch.cmd ist eine von mir erstellte und so gewollte

cosinus · 03.04.2012, 08:22

Ok, sonst war alles unauffällig. Ich würde aber noch eine Rootkitprüfung empfehlen

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

HF66 · 03.04.2012, 11:09

hier der tdsskiller log:

Code:

ATTFilter

12:06:19.0187 5108	TDSS rootkit removing tool 2.7.24.0 Apr  2 2012 10:31:48
12:06:19.0312 5108	============================================================
12:06:19.0312 5108	Current date / time: 2012/04/03 12:06:19.0312
12:06:19.0312 5108	SystemInfo:
12:06:19.0312 5108	
12:06:19.0312 5108	OS Version: 5.1.2600 ServicePack: 3.0
12:06:19.0312 5108	Product type: Workstation
12:06:19.0312 5108	ComputerName: CENTER
12:06:19.0312 5108	UserName: Faber
12:06:19.0312 5108	Windows directory: H:\windows
12:06:19.0312 5108	System windows directory: H:\windows
12:06:19.0312 5108	Processor architecture: Intel x86
12:06:19.0312 5108	Number of processors: 2
12:06:19.0312 5108	Page size: 0x1000
12:06:19.0312 5108	Boot type: Normal boot
12:06:19.0312 5108	============================================================
12:06:21.0140 5108	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:06:21.0156 5108	Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:06:21.0171 5108	Drive \Device\Harddisk2\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:06:21.0187 5108	\Device\Harddisk0\DR0:
12:06:21.0187 5108	MBR used
12:06:21.0187 5108	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
12:06:21.0187 5108	\Device\Harddisk1\DR1:
12:06:21.0187 5108	MBR used
12:06:21.0187 5108	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
12:06:21.0187 5108	\Device\Harddisk2\DR2:
12:06:21.0187 5108	MBR used
12:06:21.0187 5108	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
12:06:21.0281 5108	Initialize success
12:06:21.0281 5108	============================================================
12:06:30.0921 5748	============================================================
12:06:30.0921 5748	Scan started
12:06:30.0921 5748	Mode: Manual; SigCheck; TDLFS; 
12:06:30.0921 5748	============================================================
12:06:31.0265 5748	Abiosdsk - ok
12:06:31.0265 5748	abp480n5 - ok
12:06:31.0312 5748	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) H:\windows\system32\DRIVERS\ACPI.sys
12:06:32.0390 5748	ACPI - ok
12:06:32.0484 5748	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) H:\windows\system32\drivers\ACPIEC.sys
12:06:32.0578 5748	ACPIEC - ok
12:06:32.0625 5748	AcrSch2Svc      (849201bfb643fc6eea0b5531b22aaa57) H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
12:06:32.0640 5748	AcrSch2Svc - ok
12:06:32.0640 5748	adpu160m - ok
12:06:32.0687 5748	aec             (8bed39e3c35d6a489438b8141717a557) H:\windows\system32\drivers\aec.sys
12:06:32.0750 5748	aec - ok
12:06:32.0781 5748	AF15BDA         (5b1ef06f0cdcf7ed33bd5d99e9421f02) H:\windows\system32\DRIVERS\AF15BDA.sys
12:06:32.0812 5748	AF15BDA - ok
12:06:32.0859 5748	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) H:\windows\System32\drivers\afd.sys
12:06:32.0921 5748	AFD - ok
12:06:32.0921 5748	Aha154x - ok
12:06:32.0937 5748	aic78u2 - ok
12:06:32.0937 5748	aic78xx - ok
12:06:32.0968 5748	Alerter         (738d80cc01d7bc7584be917b7f544394) H:\windows\system32\alrsvc.dll
12:06:33.0046 5748	Alerter - ok
12:06:33.0062 5748	ALG             (190cd73d4984f94d823f9444980513e5) H:\windows\System32\alg.exe
12:06:33.0125 5748	ALG - ok
12:06:33.0125 5748	AliIde - ok
12:06:33.0171 5748	amdide          (6e58654cb25730b2579e45e1fd116a47) H:\windows\system32\DRIVERS\amdide.sys
12:06:33.0171 5748	amdide - ok
12:06:33.0203 5748	AmdPPM          (033448d435e65c4bd72e70521fd05c76) H:\windows\system32\DRIVERS\AmdPPM.sys
12:06:33.0250 5748	AmdPPM - ok
12:06:33.0265 5748	amsint - ok
12:06:33.0390 5748	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:06:33.0390 5748	Apple Mobile Device - ok
12:06:33.0437 5748	AppMgmt         (d45960be52c3c610d361977057f98c54) H:\windows\System32\appmgmts.dll
12:06:33.0500 5748	AppMgmt - ok
12:06:33.0531 5748	Arp1394         (b5b8a80875c1dededa8b02765642c32f) H:\windows\system32\DRIVERS\arp1394.sys
12:06:33.0593 5748	Arp1394 - ok
12:06:33.0593 5748	asc - ok
12:06:33.0593 5748	asc3350p - ok
12:06:33.0609 5748	asc3550 - ok
12:06:33.0640 5748	AsIO            (2b4e66fac6503494a2c6f32bb6ab3826) H:\windows\system32\drivers\AsIO.sys
12:06:33.0640 5748	AsIO - ok
12:06:33.0687 5748	Aspi32          (b979979ab8027f7f53fb16ec4229b7db) H:\windows\system32\drivers\Aspi32.sys
12:06:33.0687 5748	Aspi32 ( UnsignedFile.Multi.Generic ) - warning
12:06:33.0687 5748	Aspi32 - detected UnsignedFile.Multi.Generic (1)
12:06:33.0781 5748	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) H:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:06:33.0812 5748	aspnet_state - ok
12:06:33.0843 5748	AsUpIO          (e67493490466b5f04b58c22d2590e8ca) H:\windows\system32\drivers\AsUpIO.sys
12:06:33.0843 5748	AsUpIO - ok
12:06:33.0875 5748	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) H:\windows\system32\DRIVERS\asyncmac.sys
12:06:33.0937 5748	AsyncMac - ok
12:06:33.0953 5748	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) H:\windows\system32\DRIVERS\atapi.sys
12:06:34.0015 5748	atapi - ok
12:06:34.0015 5748	Atdisk - ok
12:06:34.0062 5748	Ati HotKey Poller (288e9f9cb529b4f7c6b58fc53940fb46) H:\windows\system32\Ati2evxx.exe
12:06:34.0187 5748	Ati HotKey Poller - ok
12:06:34.0328 5748	ati2mtag        (913da327ad22c6fa44c41d36fd8cc570) H:\windows\system32\DRIVERS\ati2mtag.sys
12:06:34.0562 5748	ati2mtag - ok
12:06:34.0593 5748	AtiHdmiService  (d9bc8892b9440a2551b8148c57aa039e) H:\windows\system32\drivers\AtiHdmi.sys
12:06:34.0609 5748	AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
12:06:34.0609 5748	AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
12:06:34.0625 5748	Atmarpc         (9916c1225104ba14794209cfa8012159) H:\windows\system32\DRIVERS\atmarpc.sys
12:06:34.0703 5748	Atmarpc - ok
12:06:34.0718 5748	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) H:\windows\System32\audiosrv.dll
12:06:34.0781 5748	AudioSrv - ok
12:06:34.0828 5748	audstub         (d9f724aa26c010a217c97606b160ed68) H:\windows\system32\DRIVERS\audstub.sys
12:06:34.0890 5748	audstub - ok
12:06:34.0921 5748	Beep            (da1f27d85e0d1525f6621372e7b685e9) H:\windows\system32\drivers\Beep.sys
12:06:35.0000 5748	Beep - ok
12:06:35.0171 5748	BHDrvx86        (eb7f1f1dfa95c25d762c22d3cf13d4e0) H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
12:06:35.0187 5748	BHDrvx86 - ok
12:06:35.0218 5748	BITS            (d6f603772a789bb3228f310d650b8bd1) H:\WINDOWS\system32\qmgr.dll
12:06:35.0312 5748	BITS - ok
12:06:35.0359 5748	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) H:\Programme\Bonjour\mDNSResponder.exe
12:06:35.0375 5748	Bonjour Service - ok
12:06:35.0421 5748	Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) H:\WINDOWS\system32\brsvc01a.exe
12:06:35.0421 5748	Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
12:06:35.0421 5748	Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
12:06:35.0437 5748	Browser         (b42057f06bbb98b31876c0b3f2b54e33) H:\windows\System32\browser.dll
12:06:35.0515 5748	Browser - ok
12:06:35.0515 5748	btaudio - ok
12:06:35.0515 5748	BTDriver - ok
12:06:35.0546 5748	BthEnum         (b279426e3c0c344893ed78a613a73bde) H:\windows\system32\DRIVERS\BthEnum.sys
12:06:35.0609 5748	BthEnum - ok
12:06:35.0609 5748	BTHMODEM        (fca6f069597b62d42495191ace3fc6c1) H:\windows\system32\DRIVERS\bthmodem.sys
12:06:35.0671 5748	BTHMODEM - ok
12:06:35.0687 5748	BthPan          (80602b8746d3738f5886ce3d67ef06b6) H:\windows\system32\DRIVERS\bthpan.sys
12:06:35.0734 5748	BthPan - ok
12:06:35.0812 5748	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) H:\windows\system32\Drivers\BTHport.sys
12:06:35.0859 5748	BTHPORT - ok
12:06:35.0906 5748	BthServ         (26c601ef7525e31379744abfc6f35a1b) H:\windows\System32\bthserv.dll
12:06:35.0968 5748	BthServ - ok
12:06:35.0984 5748	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) H:\windows\system32\Drivers\BTHUSB.sys
12:06:36.0046 5748	BTHUSB - ok
12:06:36.0062 5748	btwhid - ok
12:06:36.0062 5748	BTWUSB - ok
12:06:36.0093 5748	BulkUsb         (a0b8cf9deb1184fbdd20784a58fa75d4) H:\windows\system32\Drivers\usbscan.sys
12:06:36.0218 5748	BulkUsb - ok
12:06:36.0250 5748	BVRPMPR5        (248dfa5762dde38dfddbbd44149e9d7a) H:\WINDOWS\system32\drivers\BVRPMPR5.SYS
12:06:36.0265 5748	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
12:06:36.0265 5748	BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
12:06:36.0296 5748	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) H:\windows\system32\drivers\cbidf2k.sys
12:06:36.0359 5748	cbidf2k - ok
12:06:36.0406 5748	CCALib8         (8ef654045e518ac00e52e7a1e2d3ad70) H:\Programme\Canon\CAL\CALMAIN.exe
12:06:36.0421 5748	CCALib8 ( UnsignedFile.Multi.Generic ) - warning
12:06:36.0421 5748	CCALib8 - detected UnsignedFile.Multi.Generic (1)
12:06:36.0437 5748	CCDECODE        (0be5aef125be881c4f854c554f2b025c) H:\windows\system32\DRIVERS\CCDECODE.sys
12:06:36.0500 5748	CCDECODE - ok
12:06:36.0531 5748	ccSet_MCLIENT   (599e7f6259a127c174c49938d2aa6a60) H:\windows\system32\drivers\MCLIENT\0201020.00D\ccSetx86.sys
12:06:36.0546 5748	ccSet_MCLIENT - ok
12:06:36.0578 5748	ccSet_NIS       (599e7f6259a127c174c49938d2aa6a60) H:\windows\system32\drivers\NIS\1306020.00A\ccSetx86.sys
12:06:36.0578 5748	ccSet_NIS - ok
12:06:36.0578 5748	cd20xrnt - ok
12:06:36.0609 5748	Cdaudio         (c1b486a7658353d33a10cc15211a873b) H:\windows\system32\drivers\Cdaudio.sys
12:06:36.0671 5748	Cdaudio - ok
12:06:36.0687 5748	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) H:\windows\system32\drivers\Cdfs.sys
12:06:36.0750 5748	Cdfs - ok
12:06:36.0781 5748	Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) H:\windows\system32\DRIVERS\cdrom.sys
12:06:36.0828 5748	Cdrom - ok
12:06:36.0828 5748	Changer - ok
12:06:36.0937 5748	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) H:\windows\system32\cisvc.exe
12:06:37.0015 5748	CiSvc - ok
12:06:37.0031 5748	CLBStor         (f5c8f7a7d1a3f569bf77574a795cc19e) H:\windows\system32\drivers\CLBStor.sys
12:06:37.0046 5748	CLBStor - ok
12:06:37.0062 5748	CLBUDF          (07b3e4fc5d4943ba802607ddf8f5d418) H:\windows\system32\drivers\CLBUDF.sys
12:06:37.0062 5748	CLBUDF - ok
12:06:37.0078 5748	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) H:\windows\system32\clipsrv.exe
12:06:37.0140 5748	ClipSrv - ok
12:06:37.0234 5748	CLKMSVC10_D3D96EB9 (4642b5a3e0d2e61d08163de95fc5b949) H:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
12:06:37.0234 5748	CLKMSVC10_D3D96EB9 - ok
12:06:37.0296 5748	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:06:37.0343 5748	clr_optimization_v2.0.50727_32 - ok
12:06:37.0390 5748	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:06:37.0453 5748	clr_optimization_v4.0.30319_32 - ok
12:06:37.0453 5748	CmdIde - ok
12:06:37.0468 5748	COMSysApp - ok
12:06:37.0468 5748	Cpqarray - ok
12:06:37.0546 5748	cpuz134         (75fa19142531cbf490770c2988a7db64) H:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys
12:06:37.0546 5748	cpuz134 - ok
12:06:37.0578 5748	cpuz135         (c2eb4539a4f6ab6edd01bdc191619975) H:\WINDOWS\system32\drivers\cpuz135_x32.sys
12:06:37.0593 5748	cpuz135 - ok
12:06:37.0640 5748	Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
12:06:37.0656 5748	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:06:37.0656 5748	Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:06:37.0687 5748	Creative Dolby Digital Live Pack Licensing Service (80f3d3a4c202cda7ca886d126f9a39d9) H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\DDLLicensing.exe
12:06:37.0703 5748	Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:06:37.0703 5748	Creative Dolby Digital Live Pack Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:06:37.0734 5748	Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe
12:06:37.0750 5748	Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:06:37.0750 5748	Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:06:37.0765 5748	Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) H:\WINDOWS\system32\CTsvcCDA.exe
12:06:37.0781 5748	Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
12:06:37.0781 5748	Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
12:06:37.0812 5748	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) H:\windows\System32\cryptsvc.dll
12:06:37.0890 5748	CryptSvc - ok
12:06:37.0890 5748	CrystalSysInfo - ok
12:06:37.0921 5748	CSRBC           (81d67e29a9bb6c399b2517fc0763a17b) H:\windows\system32\Drivers\csrbcxp.sys
12:06:37.0937 5748	CSRBC ( UnsignedFile.Multi.Generic ) - warning
12:06:37.0937 5748	CSRBC - detected UnsignedFile.Multi.Generic (1)
12:06:38.0000 5748	ct20xflt        (3c8f74423c50e39972d92f8dd04efa89) H:\windows\system32\drivers\ct20xflt.sys
12:06:38.0046 5748	ct20xflt - ok
12:06:38.0109 5748	CT20XUT         (444117d74af76d4bc0b5fd3398fc0cf8) H:\windows\system32\drivers\CT20XUT.SYS
12:06:38.0125 5748	CT20XUT - ok
12:06:38.0140 5748	CT20XUT.SYS     (444117d74af76d4bc0b5fd3398fc0cf8) H:\windows\System32\drivers\CT20XUT.SYS
12:06:38.0140 5748	CT20XUT.SYS - ok
12:06:38.0203 5748	ctac32k         (3854ae2d02880ed877e9b4dfda15e0e1) H:\windows\system32\drivers\ctac32k.sys
12:06:38.0218 5748	ctac32k - ok
12:06:38.0250 5748	ctaud2k         (c365234b800a70afa95ded3c6bfeeaef) H:\windows\system32\drivers\ctaud2k.sys
12:06:38.0265 5748	ctaud2k - ok
12:06:38.0359 5748	CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) H:\Programme\Creative\Shared Files\CTAudSvc.exe
12:06:38.0359 5748	CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
12:06:38.0359 5748	CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
12:06:38.0406 5748	CtClsFlt        (61429774ad6162250c3ade7311f235d6) H:\windows\system32\DRIVERS\CtClsFlt.sys
12:06:38.0468 5748	CtClsFlt - ok
12:06:38.0515 5748	CTEXFIFX        (7cc5e7224125a29ec0ca45fb437c953e) H:\windows\system32\drivers\CTEXFIFX.SYS
12:06:38.0546 5748	CTEXFIFX - ok
12:06:38.0578 5748	CTEXFIFX.SYS    (7cc5e7224125a29ec0ca45fb437c953e) H:\windows\System32\drivers\CTEXFIFX.SYS
12:06:38.0609 5748	CTEXFIFX.SYS - ok
12:06:38.0625 5748	CTHWIUT         (2941bdb22acc6a1be9d6128a1afeae2d) H:\windows\system32\drivers\CTHWIUT.SYS
12:06:38.0625 5748	CTHWIUT - ok
12:06:38.0640 5748	CTHWIUT.SYS     (2941bdb22acc6a1be9d6128a1afeae2d) H:\windows\System32\drivers\CTHWIUT.SYS
12:06:38.0640 5748	CTHWIUT.SYS - ok
12:06:38.0640 5748	ctprxy2k        (ffa0e7da970749e0bf92822e82f94a1c) H:\windows\system32\drivers\ctprxy2k.sys
12:06:38.0656 5748	ctprxy2k - ok
12:06:38.0671 5748	ctsfm2k         (3487c97492dcfa3b1aa474f3d1024b94) H:\windows\system32\DRIVERS\ctsfm2k.sys
12:06:38.0687 5748	ctsfm2k - ok
12:06:38.0687 5748	dac2w2k - ok
12:06:38.0687 5748	dac960nt - ok
12:06:38.0734 5748	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\windows\system32\rpcss.dll
12:06:38.0796 5748	DcomLaunch - ok
12:06:38.0796 5748	DFUBTUSB - ok
12:06:38.0828 5748	DgiVecp         (770471de2550820feeb7e5d24bf2e273) H:\WINDOWS\system32\Drivers\DgiVecp.sys
12:06:38.0828 5748	DgiVecp ( UnsignedFile.Multi.Generic ) - warning
12:06:38.0828 5748	DgiVecp - detected UnsignedFile.Multi.Generic (1)
12:06:38.0875 5748	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) H:\windows\System32\dhcpcsvc.dll
12:06:38.0937 5748	Dhcp - ok
12:06:38.0968 5748	Disk            (044452051f3e02e7963599fc8f4f3e25) H:\windows\system32\DRIVERS\disk.sys
12:06:39.0031 5748	Disk - ok
12:06:39.0031 5748	dmadmin - ok
12:06:39.0078 5748	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) H:\windows\system32\drivers\dmboot.sys
12:06:39.0187 5748	dmboot - ok
12:06:39.0250 5748	dmio            (53720ab12b48719d00e327da470a619a) H:\windows\system32\drivers\dmio.sys
12:06:39.0312 5748	dmio - ok
12:06:39.0328 5748	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) H:\windows\system32\drivers\dmload.sys
12:06:39.0406 5748	dmload - ok
12:06:39.0437 5748	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) H:\windows\System32\dmserver.dll
12:06:39.0500 5748	dmserver - ok
12:06:39.0515 5748	DMusic          (8a208dfcf89792a484e76c40e5f50b45) H:\windows\system32\drivers\DMusic.sys
12:06:39.0578 5748	DMusic - ok
12:06:39.0609 5748	Dnscache        (407f3227ac618fd1ca54b335b083de07) H:\windows\System32\dnsrslvr.dll
12:06:39.0671 5748	Dnscache - ok
12:06:39.0687 5748	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) H:\windows\System32\dot3svc.dll
12:06:39.0765 5748	Dot3svc - ok
12:06:39.0765 5748	dpti2o - ok
12:06:39.0781 5748	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) H:\windows\system32\drivers\drmkaud.sys
12:06:39.0828 5748	drmkaud - ok
12:06:39.0859 5748	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) H:\windows\System32\eapsvc.dll
12:06:39.0921 5748	EapHost - ok
12:06:40.0015 5748	eeCtrl          (579a6b6135d32b857faf0e3a974535d8) H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
12:06:40.0015 5748	eeCtrl - ok
12:06:40.0062 5748	emupia          (dd5bbc069d01082d0273e03053c34c38) H:\windows\system32\drivers\emupia2k.sys
12:06:40.0078 5748	emupia - ok
12:06:40.0093 5748	epmntdrv        (f07ba56b0235f15eff8f10dc6389c42e) H:\windows\system32\epmntdrv.sys
12:06:40.0109 5748	epmntdrv ( UnsignedFile.Multi.Generic ) - warning
12:06:40.0109 5748	epmntdrv - detected UnsignedFile.Multi.Generic (1)
12:06:40.0125 5748	EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:06:40.0140 5748	EraserUtilRebootDrv - ok
12:06:40.0156 5748	ERSvc           (877c18558d70587aa7823a1a308ac96b) H:\windows\System32\ersvc.dll
12:06:40.0234 5748	ERSvc - ok
12:06:40.0265 5748	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) H:\windows\system32\EuGdiDrv.sys
12:06:40.0359 5748	EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
12:06:40.0359 5748	EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
12:06:40.0500 5748	Eventlog        (a3edbe9053889fb24ab22492472b39dc) H:\windows\system32\services.exe
12:06:40.0546 5748	Eventlog - ok
12:06:40.0593 5748	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) H:\WINDOWS\System32\es.dll
12:06:40.0609 5748	EventSystem - ok
12:06:40.0640 5748	Fastfat         (38d332a6d56af32635675f132548343e) H:\windows\system32\drivers\Fastfat.sys
12:06:40.0703 5748	Fastfat - ok
12:06:40.0734 5748	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) H:\windows\System32\shsvcs.dll
12:06:40.0781 5748	FastUserSwitchingCompatibility - ok
12:06:40.0796 5748	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\windows\system32\DRIVERS\fdc.sys
12:06:40.0843 5748	Fdc - ok
12:06:40.0859 5748	Fips            (b0678a548587c5f1967b0d70bacad6c1) H:\windows\system32\drivers\Fips.sys
12:06:40.0937 5748	Fips - ok
12:06:41.0046 5748	FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) H:\Programme\MAGIX\Common\Database\bin\fbserver.exe
12:06:41.0125 5748	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
12:06:41.0125 5748	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
12:06:41.0140 5748	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\windows\system32\drivers\Flpydisk.sys
12:06:41.0218 5748	Flpydisk - ok
12:06:41.0250 5748	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\windows\system32\drivers\fltmgr.sys
12:06:41.0312 5748	FltMgr - ok
12:06:41.0375 5748	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:06:41.0390 5748	FontCache3.0.0.0 - ok
12:06:41.0484 5748	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\windows\system32\drivers\Fs_Rec.sys
12:06:41.0562 5748	Fs_Rec - ok
12:06:41.0562 5748	Ftdisk          (8f1955ce42e1484714b542f341647778) H:\windows\system32\DRIVERS\ftdisk.sys
12:06:41.0640 5748	Ftdisk - ok
12:06:41.0656 5748	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) H:\windows\system32\Drivers\GEARAspiWDM.sys
12:06:41.0687 5748	GEARAspiWDM - ok
12:06:41.0703 5748	GemCCID         (86d3d834d35ebe920d85ffedcef79faf) H:\windows\system32\Drivers\GemCCID.sys
12:06:41.0750 5748	GemCCID - ok
12:06:41.0765 5748	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) H:\windows\system32\DRIVERS\msgpc.sys
12:06:41.0843 5748	Gpc - ok
12:06:41.0906 5748	gupdate1ca19d523fc2adc (626a24ed1228580b9518c01930936df9) H:\Programme\Google\Update\GoogleUpdate.exe
12:06:41.0906 5748	gupdate1ca19d523fc2adc - ok
12:06:41.0921 5748	gupdatem        (626a24ed1228580b9518c01930936df9) H:\Programme\Google\Update\GoogleUpdate.exe
12:06:41.0921 5748	gupdatem - ok
12:06:41.0968 5748	ha20x22k        (e9eed44cf043a23a1a74544c5fe9e927) H:\windows\system32\drivers\ha20x22k.sys
12:06:42.0000 5748	ha20x22k - ok
12:06:42.0046 5748	ha20x2k         (b10ca02f917ddff5abc6c9408c691fc6) H:\windows\system32\drivers\ha20x2k.sys
12:06:42.0109 5748	ha20x2k - ok
12:06:42.0140 5748	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) H:\windows\system32\DRIVERS\HDAudBus.sys
12:06:42.0203 5748	HDAudBus - ok
12:06:42.0484 5748	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) H:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:06:42.0546 5748	helpsvc - ok
12:06:42.0609 5748	HidBth          (a5aecf10be62459533a06ed7ebf5770b) H:\windows\system32\DRIVERS\hidbth.sys
12:06:42.0671 5748	HidBth - ok
12:06:42.0703 5748	HidServ         (b35da85e60c0103f2e4104532da2f12b) H:\windows\System32\hidserv.dll
12:06:42.0765 5748	HidServ - ok
12:06:42.0781 5748	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) H:\windows\system32\DRIVERS\hidusb.sys
12:06:42.0843 5748	hidusb - ok
12:06:42.0890 5748	hkmsvc          (ed29f14101523a6e0e808107405d452c) H:\windows\System32\kmsvc.dll
12:06:43.0046 5748	hkmsvc - ok
12:06:43.0046 5748	hpn - ok
12:06:43.0078 5748	HTTP            (f80a415ef82cd06ffaf0d971528ead38) H:\windows\system32\Drivers\HTTP.sys
12:06:43.0125 5748	HTTP - ok
12:06:43.0171 5748	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) H:\windows\System32\w3ssl.dll
12:06:43.0250 5748	HTTPFilter - ok
12:06:43.0250 5748	i2omgmt - ok
12:06:43.0250 5748	i2omp - ok
12:06:43.0281 5748	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) H:\windows\system32\DRIVERS\i8042prt.sys
12:06:43.0359 5748	i8042prt - ok
12:06:43.0468 5748	IDriverT        (6f95324909b502e2651442c1548ab12f) H:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:06:43.0468 5748	IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:06:43.0468 5748	IDriverT - detected UnsignedFile.Multi.Generic (1)
12:06:43.0578 5748	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:06:43.0625 5748	idsvc - ok
12:06:43.0843 5748	IDSxpx86        (cfbc1ce72e5353d428704659199147b1) H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSxpx86.sys
12:06:43.0859 5748	IDSxpx86 - ok
12:06:43.0906 5748	imagedrv        (25edd75e23c5ef6b33d0fbcce125a601) H:\windows\system32\Drivers\imagedrv.sys
12:06:43.0921 5748	imagedrv ( UnsignedFile.Multi.Generic ) - warning
12:06:43.0921 5748	imagedrv - detected UnsignedFile.Multi.Generic (1)
12:06:43.0921 5748	imagesrv        (9c4bbacf4e9b9543c3ce23f1fe556941) H:\windows\system32\DRIVERS\imagesrv.sys
12:06:43.0921 5748	imagesrv ( UnsignedFile.Multi.Generic ) - warning
12:06:43.0921 5748	imagesrv - detected UnsignedFile.Multi.Generic (1)
12:06:43.0968 5748	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) H:\windows\system32\DRIVERS\imapi.sys
12:06:44.0046 5748	Imapi - ok
12:06:44.0093 5748	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) H:\WINDOWS\System32\imapi.exe
12:06:44.0171 5748	ImapiService - ok
12:06:44.0187 5748	ini910u - ok
12:06:44.0187 5748	IntelIde - ok
12:06:44.0234 5748	ip6fw           (3bb22519a194418d5fec05d800a19ad0) H:\windows\system32\drivers\ip6fw.sys
12:06:44.0281 5748	ip6fw - ok
12:06:44.0312 5748	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) H:\windows\system32\DRIVERS\ipfltdrv.sys
12:06:44.0390 5748	IpFilterDriver - ok
12:06:44.0406 5748	IpInIp          (b87ab476dcf76e72010632b5550955f5) H:\windows\system32\DRIVERS\ipinip.sys
12:06:44.0468 5748	IpInIp - ok
12:06:44.0484 5748	IpNat           (cc748ea12c6effde940ee98098bf96bb) H:\windows\system32\DRIVERS\ipnat.sys
12:06:44.0562 5748	IpNat - ok
12:06:44.0625 5748	iPod Service    (49918803b661367023bf325cf602afdc) H:\Programme\iPod\bin\iPodService.exe
12:06:44.0656 5748	iPod Service - ok
12:06:44.0687 5748	IPSec           (23c74d75e36e7158768dd63d92789a91) H:\windows\system32\DRIVERS\ipsec.sys
12:06:44.0750 5748	IPSec - ok
12:06:44.0812 5748	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) H:\windows\system32\DRIVERS\irenum.sys
12:06:44.0859 5748	IRENUM - ok
12:06:44.0875 5748	isapnp          (6dfb88f64135c525433e87648bda30de) H:\windows\system32\DRIVERS\isapnp.sys
12:06:44.0953 5748	isapnp - ok
12:06:45.0015 5748	JavaQuickStarterService (0a5709543986843d37a92290b7838340) H:\Programme\Java\jre6\bin\jqs.exe
12:06:45.0031 5748	JavaQuickStarterService - ok
12:06:45.0062 5748	Kbdclass        (1704d8c4c8807b889e43c649b478a452) H:\windows\system32\DRIVERS\kbdclass.sys
12:06:45.0109 5748	Kbdclass - ok
12:06:45.0140 5748	kbdhid          (b6d6c117d771c98130497265f26d1882) H:\windows\system32\DRIVERS\kbdhid.sys
12:06:45.0203 5748	kbdhid - ok
12:06:45.0234 5748	kmixer          (692bcf44383d056aed41b045a323d378) H:\windows\system32\drivers\kmixer.sys
12:06:45.0296 5748	kmixer - ok
12:06:45.0312 5748	KSecDD          (b467646c54cc746128904e1654c750c1) H:\windows\system32\drivers\KSecDD.sys
12:06:45.0390 5748	KSecDD - ok
12:06:45.0421 5748	L1e             (080cf8720a306a64f7a09d1226491791) H:\windows\system32\DRIVERS\l1e51x86.sys
12:06:45.0468 5748	L1e - ok
12:06:45.0500 5748	L8042Kbd        (58759156a6918913edd368f995be3e53) H:\windows\system32\DRIVERS\L8042Kbd.sys
12:06:45.0515 5748	L8042Kbd - ok
12:06:45.0546 5748	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) H:\windows\System32\srvsvc.dll
12:06:45.0578 5748	lanmanserver - ok
12:06:45.0609 5748	LanmanWorkstation (1869b14b06b44b44af70548e1ea3303f) H:\windows\System32\wkssvc.dll
12:06:45.0656 5748	LanmanWorkstation - ok
12:06:45.0671 5748	LBeepKE         (be2dc24d403643a2d1d98f33c7087b38) H:\windows\system32\Drivers\LBeepKE.sys
12:06:45.0671 5748	LBeepKE - ok
12:06:45.0687 5748	lbrtfdc - ok
12:06:45.0750 5748	LBTServ         (910344e2a984010435ae84783b25e5eb) H:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
12:06:45.0765 5748	LBTServ - ok
12:06:45.0796 5748	LEqdUsb         (717e6714bca808f2a372e636aff3d15a) H:\windows\system32\Drivers\LEqdUsb.Sys
12:06:45.0796 5748	LEqdUsb - ok
12:06:45.0812 5748	LHidEqd         (2786f7b4003adff88ce28bc1800b5407) H:\windows\system32\Drivers\LHidEqd.Sys
12:06:45.0812 5748	LHidEqd - ok
12:06:45.0937 5748	LHidFilt        (01cc7fb6e790ef044b411377f3a1ff41) H:\windows\system32\DRIVERS\LHidFilt.Sys
12:06:45.0937 5748	LHidFilt - ok
12:06:45.0984 5748	LightScribeService (c34411a244029f1c08687f7c752c4563) H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
12:06:46.0000 5748	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:06:46.0000 5748	LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:06:46.0046 5748	LmHosts         (636714b7d43c8d0c80449123fd266920) H:\windows\System32\lmhsvc.dll
12:06:46.0109 5748	LmHosts - ok
12:06:46.0109 5748	LMouFilt        (a2e7eae8898d7b4b8c302b8f4e836bb5) H:\windows\system32\DRIVERS\LMouFilt.Sys
12:06:46.0109 5748	LMouFilt - ok
12:06:46.0140 5748	LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) H:\windows\system32\Drivers\LUsbFilt.Sys
12:06:46.0156 5748	LUsbFilt - ok
12:06:46.0156 5748	LVUSBSta - ok
12:06:46.0171 5748	MagicTune - ok
12:06:46.0187 5748	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) H:\windows\system32\drivers\mbam.sys
12:06:46.0203 5748	MBAMProtector - ok
12:06:46.0234 5748	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
12:06:46.0265 5748	MBAMService - ok
12:06:46.0343 5748	MCLIENT         (7a02f128a454bb22e300f3f80bc1bd22) H:\Programme\Norton Management\Engine\2.1.2.13\ccSvcHst.exe
12:06:46.0359 5748	MCLIENT - ok
12:06:46.0390 5748	MDM             (7cf1b716372b89568ae4c0fe769f5869) H:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
12:06:46.0406 5748	MDM ( UnsignedFile.Multi.Generic ) - warning
12:06:46.0406 5748	MDM - detected UnsignedFile.Multi.Generic (1)
12:06:46.0453 5748	Messenger       (b7550a7107281d170ce85524b1488c98) H:\windows\System32\msgsvc.dll
12:06:46.0500 5748	Messenger - ok
12:06:46.0578 5748	Microsoft SharePoint Workspace Audit Service - ok
12:06:46.0609 5748	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) H:\windows\system32\drivers\mnmdd.sys
12:06:46.0687 5748	mnmdd - ok
12:06:46.0718 5748	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) H:\WINDOWS\System32\mnmsrvc.exe
12:06:46.0781 5748	mnmsrvc - ok
12:06:46.0828 5748	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) H:\windows\system32\drivers\Modem.sys
12:06:46.0875 5748	Modem - ok
12:06:46.0937 5748	monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) H:\windows\system32\drivers\monfilt.sys
12:06:47.0109 5748	monfilt - ok
12:06:47.0218 5748	Mouclass        (b24ce8005deab254c0251e15cb71d802) H:\windows\system32\DRIVERS\mouclass.sys
12:06:47.0281 5748	Mouclass - ok
12:06:47.0312 5748	mouhid          (66a6f73c74e1791464160a7065ce711a) H:\windows\system32\DRIVERS\mouhid.sys
12:06:47.0390 5748	mouhid - ok
12:06:47.0406 5748	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) H:\windows\system32\drivers\MountMgr.sys
12:06:47.0468 5748	MountMgr - ok
12:06:47.0500 5748	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) H:\windows\system32\DRIVERS\MPE.sys
12:06:47.0578 5748	MPE - ok
12:06:47.0578 5748	mraid35x - ok
12:06:47.0593 5748	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) H:\windows\system32\DRIVERS\mrxdav.sys
12:06:47.0640 5748	MRxDAV - ok
12:06:47.0687 5748	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\windows\system32\DRIVERS\mrxsmb.sys
12:06:47.0750 5748	MRxSmb - ok
12:06:47.0781 5748	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) H:\WINDOWS\System32\msdtc.exe
12:06:47.0859 5748	MSDTC - ok
12:06:47.0875 5748	Msfs            (c941ea2454ba8350021d774daf0f1027) H:\windows\system32\drivers\Msfs.sys
12:06:47.0937 5748	Msfs - ok
12:06:47.0937 5748	MSIServer - ok
12:06:47.0953 5748	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) H:\windows\system32\drivers\MSKSSRV.sys
12:06:48.0015 5748	MSKSSRV - ok
12:06:48.0031 5748	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) H:\windows\system32\drivers\MSPCLOCK.sys
12:06:48.0078 5748	MSPCLOCK - ok
12:06:48.0187 5748	MSPQM           (bad59648ba099da4a17680b39730cb3d) H:\windows\system32\drivers\MSPQM.sys
12:06:48.0250 5748	MSPQM - ok
12:06:48.0281 5748	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) H:\windows\system32\DRIVERS\mssmbios.sys
12:06:48.0328 5748	mssmbios - ok
12:06:48.0343 5748	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) H:\windows\system32\drivers\MSTEE.sys
12:06:48.0406 5748	MSTEE - ok
12:06:48.0437 5748	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) H:\windows\system32\DRIVERS\ASACPI.sys
12:06:48.0453 5748	MTsensor - ok
12:06:48.0468 5748	Mup             (de6a75f5c270e756c5508d94b6cf68f5) H:\windows\system32\drivers\Mup.sys
12:06:48.0484 5748	Mup - ok
12:06:48.0515 5748	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) H:\windows\system32\DRIVERS\NABTSFEC.sys
12:06:48.0562 5748	NABTSFEC - ok
12:06:48.0593 5748	napagent        (46bb15ae2ac7d025d6d2567b876817bd) H:\windows\System32\qagentrt.dll
12:06:48.0671 5748	napagent - ok
12:06:48.0843 5748	NAVENG          (862f55824ac81295837b0ab63f91071f) H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120402.002\NAVENG.SYS
12:06:48.0843 5748	NAVENG - ok
12:06:48.0890 5748	NAVEX15         (529d571b551cb9da44237389b936f1ae) H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120402.002\NAVEX15.SYS
12:06:48.0921 5748	NAVEX15 - ok
12:06:48.0953 5748	NDIS            (1df7f42665c94b825322fae71721130d) H:\windows\system32\drivers\NDIS.sys
12:06:49.0015 5748	NDIS - ok
12:06:49.0046 5748	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) H:\windows\system32\DRIVERS\NdisIP.sys
12:06:49.0109 5748	NdisIP - ok
12:06:49.0156 5748	NdisTapi        (0109c4f3850dfbab279542515386ae22) H:\windows\system32\DRIVERS\ndistapi.sys
12:06:49.0187 5748	NdisTapi - ok
12:06:49.0218 5748	Ndisuio         (f927a4434c5028758a842943ef1a3849) H:\windows\system32\DRIVERS\ndisuio.sys
12:06:49.0375 5748	Ndisuio - ok
12:06:49.0375 5748	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) H:\windows\system32\DRIVERS\ndiswan.sys
12:06:49.0453 5748	NdisWan - ok
12:06:49.0484 5748	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) H:\windows\system32\drivers\NDProxy.sys
12:06:49.0515 5748	NDProxy - ok
12:06:49.0531 5748	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) H:\windows\system32\DRIVERS\netbios.sys
12:06:49.0593 5748	NetBIOS - ok
12:06:49.0609 5748	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) H:\windows\system32\DRIVERS\netbt.sys
12:06:49.0687 5748	NetBT - ok
12:06:49.0734 5748	NetDDE          (8ace4251bffd09ce75679fe940e996cc) H:\windows\system32\netdde.exe
12:06:49.0859 5748	NetDDE - ok
12:06:49.0859 5748	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) H:\windows\system32\netdde.exe
12:06:49.0921 5748	NetDDEdsdm - ok
12:06:49.0937 5748	Netlogon        (afb8261b56cba0d86aeb6df682af9785) H:\windows\system32\lsass.exe
12:06:50.0000 5748	Netlogon - ok
12:06:50.0046 5748	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) H:\windows\System32\netman.dll
12:06:50.0109 5748	Netman - ok
12:06:50.0203 5748	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:06:50.0234 5748	NetTcpPortSharing - ok
12:06:50.0265 5748	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) H:\windows\system32\DRIVERS\nic1394.sys
12:06:50.0328 5748	NIC1394 - ok
12:06:50.0468 5748	NIS             (7a02f128a454bb22e300f3f80bc1bd22) H:\Programme\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
12:06:50.0484 5748	NIS - ok
12:06:50.0515 5748	Nla             (f1b67b6b0751ae0e6e964b02821206a3) H:\windows\System32\mswsock.dll
12:06:50.0531 5748	Nla - ok
12:06:50.0578 5748	nmservice       (cd569fa91ec6f59d045c19d0d3850f44) H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
12:06:50.0609 5748	nmservice - ok
12:06:50.0640 5748	nmwcd           (f6c40e0a565ee3ce5aeeb325e10054f2) H:\windows\system32\drivers\ccdcmb.sys
12:06:50.0765 5748	nmwcd - ok
12:06:50.0765 5748	nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) H:\windows\system32\drivers\ccdcmbo.sys
12:06:50.0828 5748	nmwcdc - ok
12:06:50.0859 5748	nmwcdnsu        (99b224f8026cb534724aa3c408561e45) H:\windows\system32\drivers\nmwcdnsu.sys
12:06:50.0890 5748	nmwcdnsu - ok
12:06:50.0937 5748	nmwcdnsuc       (d23257682d349a5e2e4507ed33decc16) H:\windows\system32\drivers\nmwcdnsuc.sys
12:06:50.0968 5748	nmwcdnsuc - ok
12:06:51.0015 5748	Npfs            (3182d64ae053d6fb034f44b6def8034a) H:\windows\system32\drivers\Npfs.sys
12:06:51.0078 5748	Npfs - ok
12:06:51.0093 5748	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) H:\windows\system32\drivers\Ntfs.sys
12:06:51.0171 5748	Ntfs - ok
12:06:51.0203 5748	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) H:\windows\system32\lsass.exe
12:06:51.0265 5748	NtLmSsp - ok
12:06:51.0296 5748	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) H:\windows\system32\ntmssvc.dll
12:06:51.0375 5748	NtmsSvc - ok
12:06:51.0390 5748	Null            (73c1e1f395918bc2c6dd67af7591a3ad) H:\windows\system32\drivers\Null.sys
12:06:51.0453 5748	Null - ok
12:06:51.0578 5748	NUMARK_NC06_MIDI (d23ca629b95599eb06010a135375b47c) H:\windows\system32\drivers\nc06midi.sys
12:06:51.0578 5748	NUMARK_NC06_MIDI - ok
12:06:51.0609 5748	NUMARK_NC06_WDM (26195452e898bdf0f75dd1b00876321b) H:\windows\system32\drivers\nc06_wdm.sys
12:06:51.0609 5748	NUMARK_NC06_WDM - ok
12:06:51.0640 5748	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) H:\windows\system32\DRIVERS\nwlnkflt.sys
12:06:51.0703 5748	NwlnkFlt - ok
12:06:51.0718 5748	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) H:\windows\system32\DRIVERS\nwlnkfwd.sys
12:06:51.0796 5748	NwlnkFwd - ok
12:06:51.0828 5748	ohci1394        (ca33832df41afb202ee7aeb05145922f) H:\windows\system32\DRIVERS\ohci1394.sys
12:06:51.0890 5748	ohci1394 - ok
12:06:51.0968 5748	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
12:06:51.0984 5748	ose - ok
12:06:52.0109 5748	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) H:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:06:52.0234 5748	osppsvc - ok
12:06:52.0265 5748	ossrv           (54c4bcfd5336ea6ceafcb0d4b6978408) H:\windows\system32\DRIVERS\ctoss2k.sys
12:06:52.0281 5748	ossrv - ok
12:06:52.0328 5748	P17             (df886ffed69aead0cf608b89b18c3f6f) H:\windows\system32\drivers\P17.sys
12:06:52.0484 5748	P17 - ok
12:06:52.0500 5748	Parport         (f84785660305b9b903fb3bca8ba29837) H:\windows\system32\drivers\Parport.sys
12:06:52.0562 5748	Parport - ok
12:06:52.0593 5748	PartMgr         (beb3ba25197665d82ec7065b724171c6) H:\windows\system32\drivers\PartMgr.sys
12:06:52.0734 5748	PartMgr - ok
12:06:52.0765 5748	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) H:\windows\system32\drivers\ParVdm.sys
12:06:52.0843 5748	ParVdm - ok
12:06:52.0875 5748	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) H:\windows\system32\DRIVERS\pccsmcfd.sys
12:06:52.0921 5748	pccsmcfd - ok
12:06:52.0937 5748	PCI             (387e8dedc343aa2d1efbc30580273acd) H:\windows\system32\DRIVERS\pci.sys
12:06:53.0000 5748	PCI - ok
12:06:53.0015 5748	PCIDump - ok
12:06:53.0031 5748	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) H:\windows\system32\DRIVERS\pciide.sys
12:06:53.0109 5748	PCIIde - ok
12:06:53.0125 5748	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) H:\windows\system32\drivers\Pcmcia.sys
12:06:53.0187 5748	Pcmcia - ok
12:06:53.0187 5748	PDCOMP - ok
12:06:53.0203 5748	PDFRAME - ok
12:06:53.0218 5748	PdiPorts        (3b2f443b8e23d17d46f0e43e2fc42cfe) H:\windows\system32\Drivers\PdiPorts.sys
12:06:53.0234 5748	PdiPorts - ok
12:06:53.0312 5748	PdiService      (fed28c565de5f73b7c5b32841229e496) H:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
12:06:53.0328 5748	PdiService - ok
12:06:53.0328 5748	PDRELI - ok
12:06:53.0343 5748	PDRFRAME - ok
12:06:53.0343 5748	perc2 - ok
12:06:53.0343 5748	perc2hib - ok
12:06:53.0390 5748	Pivot           (943f840611d33832308ec5310b616b57) H:\windows\system32\drivers\pivot.sys
12:06:53.0406 5748	Pivot ( UnsignedFile.Multi.Generic ) - warning
12:06:53.0406 5748	Pivot - detected UnsignedFile.Multi.Generic (1)
12:06:53.0421 5748	pivotmou        (998c58295288eedfbfe95e7f6cc94df4) H:\WINDOWS\system32\drivers\pivotmou.sys
12:06:53.0421 5748	pivotmou ( UnsignedFile.Multi.Generic ) - warning
12:06:53.0421 5748	pivotmou - detected UnsignedFile.Multi.Generic (1)
12:06:53.0468 5748	PLCND532        (cf5aa091b8ba5aee3f3adb310b9f73cb) H:\windows\system32\Drivers\PLCND532.sys
12:06:53.0468 5748	PLCND532 - ok
12:06:53.0500 5748	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) H:\windows\system32\services.exe
12:06:53.0500 5748	PlugPlay - ok
12:06:53.0531 5748	pnarp           (36fcac4fa28b462ca867742dea59b0d0) H:\windows\system32\DRIVERS\pnarp.sys
12:06:53.0531 5748	pnarp - ok
12:06:53.0578 5748	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) H:\windows\System32\lsass.exe
12:06:53.0625 5748	PolicyAgent - ok
12:06:53.0671 5748	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\windows\system32\DRIVERS\raspptp.sys
12:06:53.0718 5748	PptpMiniport - ok
12:06:53.0812 5748	Processor       (2cb55427c58679f49ad600fccba76360) H:\windows\system32\DRIVERS\processr.sys
12:06:53.0875 5748	Processor - ok
12:06:53.0875 5748	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) H:\windows\system32\lsass.exe
12:06:53.0937 5748	ProtectedStorage - ok
12:06:53.0937 5748	PSched          (09298ec810b07e5d582cb3a3f9255424) H:\windows\system32\DRIVERS\psched.sys
12:06:54.0000 5748	PSched - ok
12:06:54.0000 5748	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\windows\system32\DRIVERS\ptilink.sys
12:06:54.0062 5748	Ptilink - ok
12:06:54.0078 5748	purendis        (d8ac00388262b1a4878a7ee12f31d376) H:\windows\system32\DRIVERS\purendis.sys
12:06:54.0078 5748	purendis - ok
12:06:54.0125 5748	QCMerced        (9a155d31b8e52f41b258282092cc93a7) H:\windows\system32\DRIVERS\LVCM.sys
12:06:54.0296 5748	QCMerced - ok
12:06:54.0296 5748	ql1080 - ok
12:06:54.0312 5748	Ql10wnt - ok
12:06:54.0312 5748	ql12160 - ok
12:06:54.0312 5748	ql1240 - ok
12:06:54.0328 5748	ql1280 - ok
12:06:54.0343 5748	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) H:\windows\system32\DRIVERS\rasacd.sys
12:06:54.0421 5748	RasAcd - ok
12:06:54.0453 5748	RasAuto         (f5ba6caccdb66c8f048e867563203246) H:\windows\System32\rasauto.dll
12:06:54.0531 5748	RasAuto - ok
12:06:54.0531 5748	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) H:\windows\system32\DRIVERS\rasl2tp.sys
12:06:54.0593 5748	Rasl2tp - ok
12:06:54.0640 5748	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) H:\windows\System32\rasmans.dll
12:06:54.0703 5748	RasMan - ok
12:06:54.0703 5748	RasPppoe        (5bc962f2654137c9909c3d4603587dee) H:\windows\system32\DRIVERS\raspppoe.sys
12:06:54.0765 5748	RasPppoe - ok
12:06:54.0781 5748	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) H:\windows\system32\DRIVERS\raspti.sys
12:06:54.0843 5748	Raspti - ok
12:06:54.0921 5748	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) H:\windows\system32\DRIVERS\rdbss.sys
12:06:54.0984 5748	Rdbss - ok
12:06:54.0984 5748	RDPCDD          (4912d5b403614ce99c28420f75353332) H:\windows\system32\DRIVERS\RDPCDD.sys
12:06:55.0062 5748	RDPCDD - ok
12:06:55.0078 5748	rdpdr           (15cabd0f7c00c47c70124907916af3f1) H:\windows\system32\DRIVERS\rdpdr.sys
12:06:55.0140 5748	rdpdr - ok
12:06:55.0187 5748	RDPWD           (5b3055daa788bd688594d2f5981f2a83) H:\windows\system32\drivers\RDPWD.sys
12:06:55.0218 5748	RDPWD - ok
12:06:55.0250 5748	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) H:\WINDOWS\system32\sessmgr.exe
12:06:55.0312 5748	RDSessMgr - ok
12:06:55.0343 5748	redbook         (ed761d453856f795a7fe056e42c36365) H:\windows\system32\DRIVERS\redbook.sys
12:06:55.0406 5748	redbook - ok
12:06:55.0437 5748	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) H:\windows\System32\mprdim.dll
12:06:55.0484 5748	RemoteAccess - ok
12:06:55.0515 5748	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) H:\windows\system32\regsvc.dll
12:06:55.0578 5748	RemoteRegistry - ok
12:06:55.0578 5748	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) H:\windows\system32\DRIVERS\rfcomm.sys
12:06:55.0640 5748	RFCOMM - ok
12:06:55.0750 5748	RichVideo       (805ae1f90c64758d19aaa001cf8cba12) H:\Programme\CyberLink\Shared files\RichVideo.exe
12:06:55.0765 5748	RichVideo ( UnsignedFile.Multi.Generic ) - warning
12:06:55.0765 5748	RichVideo - detected UnsignedFile.Multi.Generic (1)
12:06:55.0796 5748	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) H:\windows\system32\Drivers\RootMdm.sys
12:06:55.0875 5748	ROOTMODEM - ok
12:06:55.0890 5748	RpcLocator      (2a02e21867497df20b8fc95631395169) H:\windows\system32\locator.exe
12:06:55.0953 5748	RpcLocator - ok
12:06:55.0984 5748	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\windows\system32\rpcss.dll
12:06:56.0000 5748	RpcSs - ok
12:06:56.0000 5748	RSVP            (4bdd71b4b521521499dfd14735c4f398) H:\windows\System32\rsvp.exe
12:06:56.0109 5748	RSVP - ok
12:06:56.0125 5748	SamSs           (afb8261b56cba0d86aeb6df682af9785) H:\windows\system32\lsass.exe
12:06:56.0187 5748	SamSs - ok
12:06:56.0203 5748	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) H:\windows\System32\SCardSvr.exe
12:06:56.0265 5748	SCardSvr - ok
12:06:56.0281 5748	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) H:\windows\system32\schedsvc.dll
12:06:56.0343 5748	Schedule - ok
12:06:56.0375 5748	Secdrv          (90a3935d05b494a5a39d37e71f09a677) H:\windows\system32\DRIVERS\secdrv.sys
12:06:56.0421 5748	Secdrv - ok
12:06:56.0453 5748	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) H:\windows\System32\seclogon.dll
12:06:56.0515 5748	seclogon - ok
12:06:56.0531 5748	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) H:\windows\system32\sens.dll
12:06:56.0593 5748	SENS - ok
12:06:56.0609 5748	serenum         (0f29512ccd6bead730039fb4bd2c85ce) H:\windows\system32\DRIVERS\serenum.sys
12:06:56.0671 5748	serenum - ok
12:06:56.0671 5748	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) H:\windows\system32\DRIVERS\serial.sys
12:06:56.0734 5748	Serial - ok
12:06:56.0796 5748	ServiceLayer    (f31e9531af225ca25350d5e87e999b31) H:\Programme\PC Connectivity Solution\ServiceLayer.exe
12:06:56.0812 5748	ServiceLayer - ok
12:06:56.0843 5748	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) H:\windows\system32\drivers\Sfloppy.sys
12:06:56.0906 5748	Sfloppy - ok
12:06:56.0921 5748	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) H:\windows\System32\ipnathlp.dll
12:06:57.0000 5748	SharedAccess - ok
12:06:57.0031 5748	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) H:\windows\System32\shsvcs.dll
12:06:57.0046 5748	ShellHWDetection - ok
12:06:57.0046 5748	Simbad - ok
12:06:57.0078 5748	SimpTcp         (7a1a532f14fde28489dc349c6e404a67) H:\windows\System32\tcpsvcs.exe
12:06:57.0156 5748	SimpTcp - ok
12:06:57.0218 5748	SKYNET          (1497fae9446f13023c32fef3ebde22bc) H:\windows\system32\DRIVERS\SkyNET.SYS
12:06:57.0234 5748	SKYNET - ok
12:06:57.0281 5748	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) H:\Programme\Skype\Updater\Updater.exe
12:06:57.0281 5748	SkypeUpdate - ok
12:06:57.0296 5748	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) H:\windows\system32\DRIVERS\SLIP.sys
12:06:57.0359 5748	SLIP - ok
12:06:57.0406 5748	snapman         (c3bf55189aa92b8f919108ef9e4accae) H:\windows\system32\DRIVERS\snapman.sys
12:06:57.0421 5748	snapman - ok
12:06:57.0453 5748	SNMP            (708a1b41e7e850b2b1309073551cbd53) H:\windows\System32\snmp.exe
12:06:57.0515 5748	SNMP - ok
12:06:57.0562 5748	SNMPTRAP        (0702e1d16b7003049918595057f3904f) H:\windows\System32\snmptrap.exe
12:06:57.0609 5748	SNMPTRAP - ok
12:06:57.0625 5748	Sparrow - ok
12:06:57.0640 5748	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\windows\system32\drivers\splitter.sys
12:06:57.0703 5748	splitter - ok
12:06:57.0734 5748	Spooler         (60784f891563fb1b767f70117fc2428f) H:\windows\system32\spoolsv.exe
12:06:57.0750 5748	Spooler - ok
12:06:57.0750 5748	sr              (50fa898f8c032796d3b1b9951bb5a90f) H:\windows\system32\DRIVERS\sr.sys
12:06:57.0828 5748	sr - ok
12:06:57.0859 5748	srservice       (fe77a85495065f3ad59c5c65b6c54182) H:\WINDOWS\System32\srsvc.dll
12:06:57.0921 5748	srservice - ok
12:06:58.0000 5748	SRTSP           (c16d048faf2978d2121f9f40594a6bdc) H:\windows\System32\Drivers\NIS\1306020.00A\SRTSP.SYS
12:06:58.0015 5748	SRTSP - ok
12:06:58.0031 5748	SRTSPX          (f0d02c2e25970c9c72a5cd278c17cdb6) H:\windows\system32\drivers\NIS\1306020.00A\SRTSPX.SYS
12:06:58.0046 5748	SRTSPX - ok
12:06:58.0062 5748	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) H:\windows\system32\DRIVERS\srv.sys
12:06:58.0078 5748	Srv - ok
12:06:58.0125 5748	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) H:\windows\System32\ssdpsrv.dll
12:06:58.0187 5748	SSDPSRV - ok
12:06:58.0203 5748	SSPORT - ok
12:06:58.0218 5748	StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) H:\windows\system32\DRIVERS\serscan.sys
12:06:58.0296 5748	StillCam - ok
12:06:58.0328 5748	stisvc          (bc2c5985611c5356b24aeb370953ded9) H:\windows\system32\wiaservc.dll
12:06:58.0390 5748	stisvc - ok
12:06:58.0406 5748	streamip        (77813007ba6265c4b6098187e6ed79d2) H:\windows\system32\DRIVERS\StreamIP.sys
12:06:58.0468 5748	streamip - ok
12:06:58.0515 5748	SunkFilt        (09dfd0f2199704a27b4953233c23a036) H:\WINDOWS\System32\Drivers\sunkfilt.sys
12:06:58.0515 5748	SunkFilt ( UnsignedFile.Multi.Generic ) - warning
12:06:58.0515 5748	SunkFilt - detected UnsignedFile.Multi.Generic (1)
12:06:58.0640 5748	SWAS_Core       (8734cf72f1c80c59085a3377b5497d38) H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
12:06:58.0687 5748	SWAS_Core ( UnsignedFile.Multi.Generic ) - warning
12:06:58.0687 5748	SWAS_Core - detected UnsignedFile.Multi.Generic (1)
12:06:58.0718 5748	SWAS_Report_Plugin (4eaada085bd573870912c1f2e25ffbfd) H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe
12:06:58.0765 5748	SWAS_Report_Plugin ( UnsignedFile.Multi.Generic ) - warning
12:06:58.0765 5748	SWAS_Report_Plugin - detected UnsignedFile.Multi.Generic (1)
12:06:58.0828 5748	SWAS_Srv_DriverManagement (bb026466c2edf5d4bcfd337fc739c738) H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe
12:06:58.0875 5748	SWAS_Srv_DriverManagement ( UnsignedFile.Multi.Generic ) - warning
12:06:58.0875 5748	SWAS_Srv_DriverManagement - detected UnsignedFile.Multi.Generic (1)
12:06:58.0921 5748	SWAS_Srv_LDD    (ba0830d4c799be735ef8c224b07ca0e8) H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe
12:06:58.0968 5748	SWAS_Srv_LDD ( UnsignedFile.Multi.Generic ) - warning
12:06:58.0968 5748	SWAS_Srv_LDD - detected UnsignedFile.Multi.Generic (1)
12:06:58.0984 5748	swenum          (3941d127aef12e93addf6fe6ee027e0f) H:\windows\system32\DRIVERS\swenum.sys
12:06:59.0031 5748	swenum - ok
12:06:59.0062 5748	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\windows\system32\drivers\swmidi.sys
12:06:59.0125 5748	swmidi - ok
12:06:59.0140 5748	SwPrv - ok
12:06:59.0156 5748	sxuptp - ok
12:06:59.0171 5748	symc810 - ok
12:06:59.0171 5748	symc8xx - ok
12:06:59.0234 5748	SymDS           (690fa0e61b90084c4d9a721bd4f3d779) H:\windows\system32\drivers\NIS\1306020.00A\SYMDS.SYS
12:06:59.0250 5748	SymDS - ok
12:06:59.0296 5748	SymEFA          (4e55148a2e044d02245cbcdbb266b98c) H:\windows\system32\drivers\NIS\1306020.00A\SYMEFA.SYS
12:06:59.0328 5748	SymEFA - ok
12:06:59.0390 5748	SymEvent        (555fb450fe6908600310e990738b41d6) H:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:06:59.0390 5748	SymEvent - ok
12:06:59.0421 5748	SymIM           (a7100ea17ed9eaf365362a05bf430e77) H:\windows\system32\DRIVERS\SymIM.sys
12:06:59.0437 5748	SymIM - ok
12:06:59.0437 5748	SymIMMP         (a7100ea17ed9eaf365362a05bf430e77) H:\windows\system32\DRIVERS\SymIM.sys
12:06:59.0437 5748	SymIMMP - ok
12:06:59.0484 5748	SymIRON         (2c356cca706505cf63cbe39d532b9236) H:\windows\system32\drivers\NIS\1306020.00A\Ironx86.SYS
12:06:59.0484 5748	SymIRON - ok
12:06:59.0531 5748	SYMTDI          (508bd882040f9cb12319e3a4fc78edb9) H:\windows\System32\Drivers\NIS\1306020.00A\SYMTDI.SYS
12:06:59.0531 5748	SYMTDI - ok
12:06:59.0546 5748	sym_hi - ok
12:06:59.0546 5748	sym_u3 - ok
12:06:59.0578 5748	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) H:\windows\system32\drivers\sysaudio.sys
12:06:59.0625 5748	sysaudio - ok
12:06:59.0671 5748	SysmonLog       (2903fffa2523926d6219428040dce6b9) H:\windows\system32\smlogsvc.exe
12:06:59.0734 5748	SysmonLog - ok
12:06:59.0781 5748	TapiSrv         (05903cac4b98908d55ea5774775b382e) H:\windows\System32\tapisrv.dll
12:06:59.0828 5748	TapiSrv - ok
12:06:59.0890 5748	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) H:\windows\system32\DRIVERS\tcpip.sys
12:06:59.0906 5748	Tcpip - ok
12:06:59.0921 5748	TDPIPE          (6471a66807f5e104e4885f5b67349397) H:\windows\system32\drivers\TDPIPE.sys
12:06:59.0984 5748	TDPIPE - ok
12:07:00.0015 5748	tdrpman         (3b7b6779eb231f731bba8f9fe67aadfc) H:\windows\system32\DRIVERS\tdrpman.sys
12:07:00.0031 5748	tdrpman - ok
12:07:00.0062 5748	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) H:\windows\system32\drivers\TDTCP.sys
12:07:00.0140 5748	TDTCP - ok
12:07:00.0171 5748	teamviewervpn   (9101fffcfccd1a30e870a5b8a9091b10) H:\windows\system32\DRIVERS\teamviewervpn.sys
12:07:00.0203 5748	teamviewervpn - ok
12:07:00.0218 5748	TermDD          (88155247177638048422893737429d9e) H:\windows\system32\DRIVERS\termdd.sys
12:07:00.0281 5748	TermDD - ok
12:07:00.0328 5748	TermService     (b7de02c863d8f5a005a7bf375375a6a4) H:\windows\System32\termsrv.dll
12:07:00.0390 5748	TermService - ok
12:07:00.0421 5748	Themes          (2db7d303c36ddd055215052f118e8e75) H:\windows\System32\shsvcs.dll
12:07:00.0421 5748	Themes - ok
12:07:00.0437 5748	tifsfilter      (b0b3122bff3910e0ba97014045467778) H:\windows\system32\DRIVERS\tifsfilt.sys
12:07:00.0437 5748	tifsfilter - ok
12:07:00.0453 5748	timounter       (13bfe330880ac0ce8672d00aa5aff738) H:\windows\system32\DRIVERS\timntr.sys
12:07:00.0468 5748	timounter - ok
12:07:00.0500 5748	TlntSvr         (03681a1ce77f51586903869a5ab1deab) H:\WINDOWS\System32\tlntsvr.exe
12:07:00.0578 5748	TlntSvr - ok
12:07:00.0609 5748	toshidpt        (e362d54fd394999c4178936396664e57) H:\windows\system32\drivers\Toshidpt.sys
12:07:00.0609 5748	toshidpt ( UnsignedFile.Multi.Generic ) - warning
12:07:00.0609 5748	toshidpt - detected UnsignedFile.Multi.Generic (1)
12:07:00.0609 5748	TosIde - ok
12:07:00.0625 5748	tosporte        (b2842672056ca33f0a4aab3e5cbbf181) H:\windows\system32\DRIVERS\tosporte.sys
12:07:00.0640 5748	tosporte ( UnsignedFile.Multi.Generic ) - warning
12:07:00.0640 5748	tosporte - detected UnsignedFile.Multi.Generic (1)
12:07:00.0671 5748	Tosrfbd         (0ec5206059d97a8dc785be73fb457ec7) H:\windows\system32\Drivers\tosrfbd.sys
12:07:00.0687 5748	Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
12:07:00.0687 5748	Tosrfbd - detected UnsignedFile.Multi.Generic (1)
12:07:00.0718 5748	Tosrfbnp        (1ae2ba74b2a4f5a358b13fcd35258c30) H:\windows\system32\Drivers\tosrfbnp.sys
12:07:00.0718 5748	Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
12:07:00.0718 5748	Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
12:07:00.0734 5748	Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) H:\windows\system32\Drivers\tosrfcom.sys
12:07:00.0734 5748	Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
12:07:00.0734 5748	Tosrfcom - detected UnsignedFile.Multi.Generic (1)
12:07:00.0765 5748	Tosrfhid        (5dbf390aab62dd0d4d43a9278614e001) H:\windows\system32\DRIVERS\Tosrfhid.sys
12:07:00.0765 5748	Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
12:07:00.0765 5748	Tosrfhid - detected UnsignedFile.Multi.Generic (1)
12:07:00.0781 5748	tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) H:\windows\system32\DRIVERS\tosrfnds.sys
12:07:00.0781 5748	tosrfnds ( UnsignedFile.Multi.Generic ) - warning
12:07:00.0781 5748	tosrfnds - detected UnsignedFile.Multi.Generic (1)
12:07:00.0828 5748	TosRfSnd        (ab6fd13d7efa2634fa6bdf84c7ef0696) H:\windows\system32\drivers\TosRfSnd.sys
12:07:00.0828 5748	TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
12:07:00.0828 5748	TosRfSnd - detected UnsignedFile.Multi.Generic (1)
12:07:00.0859 5748	Tosrfusb        (d870fd6ce9060b73289f47e88630ee0e) H:\windows\system32\Drivers\tosrfusb.sys
12:07:00.0859 5748	Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
12:07:00.0859 5748	Tosrfusb - detected UnsignedFile.Multi.Generic (1)
12:07:00.0906 5748	TrkWks          (626504572b175867f30f3215c04b3e2f) H:\windows\system32\trkwks.dll
12:07:00.0968 5748	TrkWks - ok
12:07:01.0046 5748	TryAndDecideService (484d4d0ca6c346248a4b14d807fb28a9) H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
12:07:01.0062 5748	TryAndDecideService - ok
12:07:01.0078 5748	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\windows\system32\drivers\Udfs.sys
12:07:01.0156 5748	Udfs - ok
12:07:01.0156 5748	ultra - ok
12:07:01.0187 5748	Update          (402ddc88356b1bac0ee3dd1580c76a31) H:\windows\system32\DRIVERS\update.sys
12:07:01.0250 5748	Update - ok
12:07:01.0265 5748	upnphost        (1dfd8975d8c89214b98d9387c1125b49) H:\windows\System32\upnphost.dll
12:07:01.0343 5748	upnphost - ok
12:07:01.0421 5748	UPnPService     (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) H:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
12:07:01.0468 5748	UPnPService ( UnsignedFile.Multi.Generic ) - warning
12:07:01.0468 5748	UPnPService - detected UnsignedFile.Multi.Generic (1)
12:07:01.0500 5748	upperdev        (47f5f9d837d80ffd5882a14db9da0a67) H:\windows\system32\DRIVERS\usbser_lowerflt.sys
12:07:01.0531 5748	upperdev - ok
12:07:01.0531 5748	UPS             (9b11e6118958e63e1fef129466e2bda7) H:\windows\System32\ups.exe
12:07:01.0609 5748	UPS - ok
12:07:01.0656 5748	usbaudio        (e919708db44ed8543a7c017953148330) H:\windows\system32\drivers\usbaudio.sys
12:07:01.0718 5748	usbaudio - ok
12:07:01.0734 5748	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) H:\windows\system32\DRIVERS\usbccgp.sys
12:07:01.0796 5748	usbccgp - ok
12:07:01.0812 5748	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\windows\system32\DRIVERS\usbehci.sys
12:07:01.0875 5748	usbehci - ok
12:07:01.0906 5748	usbhub          (1ab3cdde553b6e064d2e754efe20285c) H:\windows\system32\DRIVERS\usbhub.sys
12:07:01.0953 5748	usbhub - ok
12:07:01.0968 5748	usbohci         (0daecce65366ea32b162f85f07c6753b) H:\windows\system32\DRIVERS\usbohci.sys
12:07:02.0031 5748	usbohci - ok
12:07:02.0062 5748	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) H:\windows\system32\DRIVERS\usbscan.sys
12:07:02.0125 5748	usbscan - ok
12:07:02.0187 5748	usbser          (1c888b000c2f9492f4b15b5b6b84873e) H:\windows\system32\drivers\usbser.sys
12:07:02.0250 5748	usbser - ok
12:07:02.0281 5748	UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) H:\windows\system32\DRIVERS\usbser_lowerfltj.sys
12:07:02.0312 5748	UsbserFilt - ok
12:07:02.0328 5748	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) H:\windows\system32\DRIVERS\USBSTOR.SYS
12:07:02.0406 5748	USBSTOR - ok
12:07:02.0421 5748	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) H:\windows\system32\DRIVERS\usbuhci.sys
12:07:02.0484 5748	usbuhci - ok
12:07:02.0500 5748	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) H:\windows\system32\Drivers\usbvideo.sys
12:07:02.0562 5748	usbvideo - ok
12:07:02.0578 5748	V0700Afx        (c51cdb764c274a5ad997c03b0dbe8aec) H:\windows\system32\DRIVERS\V0700Afx.sys
12:07:02.0625 5748	V0700Afx - ok
12:07:02.0640 5748	V0700Vid        (e81f311e5e586f27aa1fae034f10c839) H:\windows\system32\DRIVERS\V0700Vid.sys
12:07:02.0703 5748	V0700Vid - ok
12:07:02.0718 5748	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) H:\windows\System32\drivers\vga.sys
12:07:02.0781 5748	VgaSave - ok
12:07:02.0843 5748	VIAHdAudAddService (ac3d98797520265b333dc54c327aa390) H:\windows\system32\drivers\viahduaa.sys
12:07:02.0890 5748	VIAHdAudAddService - ok
12:07:02.0906 5748	ViaIde - ok
12:07:02.0953 5748	VolSnap         (a5a712f4e880874a477af790b5186e1d) H:\windows\system32\drivers\VolSnap.sys
12:07:03.0015 5748	VolSnap - ok
12:07:03.0046 5748	vsbus           (3995d1e95f3c621467da4bce868cdc90) H:\windows\system32\DRIVERS\vsb.sys
12:07:03.0046 5748	vsbus ( UnsignedFile.Multi.Generic ) - warning
12:07:03.0046 5748	vsbus - detected UnsignedFile.Multi.Generic (1)
12:07:03.0078 5748	vserial         (3feb02f2eebaa3f099e279c258ef786e) H:\windows\system32\DRIVERS\vserial.sys
12:07:03.0078 5748	vserial ( UnsignedFile.Multi.Generic ) - warning
12:07:03.0078 5748	vserial - detected UnsignedFile.Multi.Generic (1)
12:07:03.0125 5748	VSS             (68f106273be29e7b7ef8266977268e78) H:\windows\System32\vssvc.exe
12:07:03.0187 5748	VSS - ok
12:07:03.0218 5748	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) H:\WINDOWS\System32\w32time.dll
12:07:03.0265 5748	W32Time - ok
12:07:03.0296 5748	Wanarp          (e20b95baedb550f32dd489265c1da1f6) H:\windows\system32\DRIVERS\wanarp.sys
12:07:03.0343 5748	Wanarp - ok
12:07:03.0390 5748	Wdf01000        (d918617b46457b9ac28027722e30f647) H:\windows\system32\DRIVERS\Wdf01000.sys
12:07:03.0406 5748	Wdf01000 - ok
12:07:03.0406 5748	WDICA - ok
12:07:03.0421 5748	wdmaud          (6768acf64b18196494413695f0c3a00f) H:\windows\system32\drivers\wdmaud.sys
12:07:03.0484 5748	wdmaud - ok
12:07:03.0500 5748	WebClient       (81727c9873e3905a2ffc1ebd07265002) H:\windows\System32\webclnt.dll
12:07:03.0562 5748	WebClient - ok
12:07:03.0609 5748	winmgmt         (6f3f3973d97714cc5f906a19fe883729) H:\windows\system32\wbem\WMIsvc.dll
12:07:03.0687 5748	winmgmt - ok
12:07:03.0718 5748	WinRM           (f10075c2ec96d2eb118012e78ece2fc2) H:\windows\system32\WsmSvc.dll
12:07:03.0812 5748	WinRM - ok
12:07:03.0906 5748	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:07:03.0968 5748	wlidsvc - ok
12:07:04.0015 5748	WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) H:\WINDOWS\system32\MsPMSPSv.exe
12:07:04.0015 5748	WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
12:07:04.0015 5748	WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
12:07:04.0046 5748	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) H:\WINDOWS\system32\MsPMSNSv.dll
12:07:04.0062 5748	WmdmPmSN - ok
12:07:04.0109 5748	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) H:\windows\System32\advapi32.dll
12:07:04.0156 5748	Wmi - ok
12:07:04.0203 5748	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) H:\windows\system32\DRIVERS\wmiacpi.sys
12:07:04.0265 5748	WmiAcpi - ok
12:07:04.0281 5748	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) H:\WINDOWS\System32\wbem\wmiapsrv.exe
12:07:04.0343 5748	WmiApSrv - ok
12:07:04.0390 5748	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) H:\Programme\Windows Media Player\WMPNetwk.exe
12:07:04.0468 5748	WMPNetworkSvc - ok
12:07:04.0484 5748	WpdUsb          (cf4def1bf66f06964dc0d91844239104) H:\windows\system32\DRIVERS\wpdusb.sys
12:07:04.0515 5748	WpdUsb - ok
12:07:04.0625 5748	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:07:04.0656 5748	WPFFontCache_v0400 - ok
12:07:04.0687 5748	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) H:\windows\system32\wscsvc.dll
12:07:04.0750 5748	wscsvc - ok
12:07:04.0781 5748	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) H:\windows\system32\DRIVERS\WSTCODEC.SYS
12:07:04.0843 5748	WSTCODEC - ok
12:07:04.0859 5748	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) H:\WINDOWS\system32\wuauserv.dll
12:07:04.0937 5748	wuauserv - ok
12:07:04.0968 5748	WudfPf          (eaa6324f51214d2f6718977ec9ce0def) H:\windows\system32\DRIVERS\WudfPf.sys
12:07:04.0984 5748	WudfPf - ok
12:07:05.0015 5748	WudfRd          (f91ff1e51fca30b3c3981db7d5924252) H:\windows\system32\DRIVERS\wudfrd.sys
12:07:05.0015 5748	WudfRd - ok
12:07:05.0031 5748	WudfSvc         (ddee3682fe97037c45f4d7ab467cb8b6) H:\windows\System32\WUDFSvc.dll
12:07:05.0046 5748	WudfSvc - ok
12:07:05.0093 5748	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) H:\windows\System32\wzcsvc.dll
12:07:05.0218 5748	WZCSVC - ok
12:07:05.0281 5748	xmlprov         (0ada34871a2e1cd2caafed1237a47750) H:\windows\System32\xmlprov.dll
12:07:05.0343 5748	xmlprov - ok
12:07:05.0375 5748	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:07:05.0578 5748	\Device\Harddisk0\DR0 - ok
12:07:05.0593 5748	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:07:05.0640 5748	\Device\Harddisk1\DR1 - ok
12:07:05.0656 5748	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk2\DR2
12:07:05.0718 5748	\Device\Harddisk2\DR2 - ok
12:07:05.0718 5748	Boot (0x1200)   (016ece64f77f370ba431ef2fb8854cac) \Device\Harddisk0\DR0\Partition0
12:07:05.0734 5748	\Device\Harddisk0\DR0\Partition0 - ok
12:07:05.0734 5748	Boot (0x1200)   (833153dc2395a4f4ba96460f6b995434) \Device\Harddisk1\DR1\Partition0
12:07:05.0734 5748	\Device\Harddisk1\DR1\Partition0 - ok
12:07:05.0734 5748	Boot (0x1200)   (414c8de7aa3ebcf05f4696d92377de3e) \Device\Harddisk2\DR2\Partition0
12:07:05.0734 5748	\Device\Harddisk2\DR2\Partition0 - ok
12:07:05.0734 5748	============================================================
12:07:05.0734 5748	Scan finished
12:07:05.0734 5748	============================================================
12:07:05.0843 4232	Detected object count: 41
12:07:05.0843 4232	Actual detected object count: 41
12:07:21.0312 4232	Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0312 4232	Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0312 4232	AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0312 4232	AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0312 4232	Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0312 4232	Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0312 4232	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0312 4232	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0312 4232	CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0312 4232	CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0312 4232	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0312 4232	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0312 4232	Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0312 4232	Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0312 4232	Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0312 4232	Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0312 4232	Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0312 4232	Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0312 4232	CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	imagedrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	imagedrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	imagesrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	imagesrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	MDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	Pivot ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	Pivot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	pivotmou ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	pivotmou ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0328 4232	RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0328 4232	RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	SWAS_Core ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	SWAS_Core ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	SWAS_Report_Plugin ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	SWAS_Report_Plugin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	SWAS_Srv_DriverManagement ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	SWAS_Srv_DriverManagement ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	SWAS_Srv_LDD ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	SWAS_Srv_LDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0343 4232	Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0343 4232	Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0359 4232	UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0359 4232	UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0359 4232	vsbus ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0359 4232	vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0359 4232	vserial ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0359 4232	vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:21.0359 4232	WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:21.0359 4232	WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 03.04.2012, 16:06

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

02.04.2012, 14:37	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA Virus 1.09 - OTL Logfile Auswertung Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

02.04.2012, 15:37	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA Virus 1.09 - OTL Logfile Auswertung Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> BKA Virus 1.09 - OTL Logfile Auswertung

BKA Virus 1.09 - OTL Logfile Auswertung

Log-Analyse und Auswertung: BKA Virus 1.09 - OTL Logfile Auswertung