loaupdt.jpg

ruufl · 23.05.2012, 09:54

Hallo ich habe windows vista benutze antivir.

Seit einiger Zeit ist mein pc langsamer, gibt piepstöne von sich (wie das warnsignal wen der virenscanner einen virus findet) und er zeigt eine Fehlermeldung an: "loaupdt.jpg funktioniert nicht mehr"
Hab schon über das problem gelesen und hoffe das ich das evtl noch mit einer rescue cd beheben kann. Oder ist das bei diesem Problem nicht mehr möglich ?

bitte um hilfe
lg ruufl

cosinus · 23.05.2012, 12:56

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

ruufl · 24.05.2012, 11:20

hallo cosinus danke für deine schnelle antwort

hab bevor ich deine antwort gelesen habe schon mal die avira rescue cd drüber laufen lassen hoffe das war jetzt nicht zu voreillig:

Code:

ATTFilter

 Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set:         8.2.10.68
VDF Version:        7.11.30.222
Scan start time: Thu May 24 10:26:02 2012
configuration file: /etc/avira/scancl.conf
WARNING: [Archive is invalid or corrupt] /media/Devices/hdb1/Program Files/WinRAR/rarnew.dat


WARNING: [The files in archive are multiple volume] /media/Devices/hdb1/Program Files/Nokia/Nokia Ovi Suite/Help/OviSuiteHelp_ger.exe --> webhelp.jar


WARNING: [The files in archive are multiple volume] /media/Devices/hdb1/Program Files/Nokia/Nokia Ovi Suite/Help/webhelp.jar


WARNING: [File is encrypted] /media/Devices/hdb1/Program Files/ICQ6.5/ConfigFiles/TopSearches.7z


WARNING: [File is encrypted] /media/Devices/hdb1/Program Files/ICQ6.5/ConfigFiles/TopSearchesDe.7z


WARNING: [Bad archive header] /media/Devices/hdb1/ProgramData/Nokia/Nokia Service Layer/A/nsl_service_module_00001/vpls/www.dsut.online.nokia.com.oti.caresuite/Products/rm-348/RM348_11.049_001_003_U236.uda.fpsx


WARNING: [Bad archive header] /media/Devices/hdb1/ProgramData/Nokia/Nokia Service Layer/A/nsl_service_module_00001/vpls/www.dsut.online.nokia.com.oti.caresuite/Products/rm-348/RM348_20.175_001_003_U236.uda.fpsx


ALERT: [JS/Expack.LU] /media/Devices/hdb1/Users/Raphael/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/6QFR252S/main[1].htm <<< Contains signature of the Java script virus JS/Expack.LU [renamed]


ALERT: [JS/Expack.LU] /media/Devices/hdb1/Users/Raphael/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/76FALT5P/index[2].htm <<< Contains signature of the Java script virus JS/Expack.LU [renamed]


ALERT: [JS/Expack.LU] /media/Devices/hdb1/Users/Raphael/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/N2MRSAIX/main[1].htm <<< Contains signature of the Java script virus JS/Expack.LU [renamed]


ALERT: [JS/Expack.LU] /media/Devices/hdb1/Users/Raphael/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/N2MRSAIX/memberphp[1].htm <<< Contains signature of the Java script virus JS/Expack.LU [renamed]


ALERT: [EXP/11-3544.CI.2] /media/Devices/hdb1/Users/Raphael/AppData/Local/Temp/M.class <<< Contains signature of the exploits EXP/11-3544.CI.2 [renamed]


ALERT: [EXP/JAVA.Ternub.Gen] /media/Devices/hdb1/Users/Raphael/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/2b958215-75edec74 --> a/a.class <<< Contains signature of the exploits EXP/JAVA.Ternub.Gen [archive scan abort]


ALERT: [EXP/11-3544.CH.2] /media/Devices/hdb1/Users/Raphael/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/25/7e337399-5cb611eb --> a/b.class <<< Contains signature of the exploits EXP/11-3544.CH.2 [archive scan abort]


ALERT: [EXP/11-3544.CH.2] /media/Devices/hdb1/Users/Raphael/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/4/1fff0c84-7475ab05 --> a/b.class <<< Contains signature of the exploits EXP/11-3544.CH.2 [archive scan abort]


ALERT: [EXP/11-3544.CH.2] /media/Devices/hdb1/Users/Raphael/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/1620d7bf-310f4062 --> a/b.class <<< Contains signature of the exploits EXP/11-3544.CH.2 [archive scan abort]


ALERT: [TR/Spy.Banker.Age.16] /media/Devices/hdb1/Users/Raphael/AppData/Roaming/AcroIEHelpe122.dll <<< Is the Trojan horse TR/Spy.Banker.Age.16 [renamed]


ALERT: [TR/Obfuscate.xinma] /media/Devices/hdb1/Users/Raphael/AppData/Roaming/Cey/woneux.exe <<< Is the Trojan horse TR/Obfuscate.xinma [renamed]


WARNING: [File is encrypted] /media/Devices/hdb1/Users/Raphael/Downloads/avira_free_antivirus_en.exe --> AVSDKList.zip


WARNING: [File is encrypted] /media/Devices/hdb1/Users/Raphael/Downloads/avira_free_antivirus_en.exe --> ManualUninstallConfig.zip


WARNING: [File is encrypted] /media/Devices/hdb1/Users/Raphael/Downloads/avira_free_antivirus_en.exe --> ProductReleaseNotes.zip


WARNING: [File is encrypted] /media/Devices/hdb1/Users/Raphael/Downloads/avira_free_antivirus_en.exe --> QATestedProducts.zip


WARNING: [Error opening file. (Input/output error)] /media/Devices/hdb5/IO.SYS


WARNING: [Unsupported archive version] /media/Devices/sda1/downloads/HSS-2.04-install-anchorfree.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/downloads/OOo_2.4.1_Win32Intel_install_de.exe


WARNING: [Bad archive format] /media/Devices/sda1/Flashythings/Emule/ebooks/45 psychologische Fachbücher dt.zip --> 45 pschologische Fachb?cher/01._Lehrbuch_fr_klinische_Psychologie_-_Psychotherapie.ace


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/burrrn_package.exe


WARNING: [Bad compressed data] /media/Devices/sda1/PC Backup/downloads/cdex_150ger.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/Cover.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/GDiVX1.9.9.exe


WARNING: [Unexpected end of file] /media/Devices/sda1/PC Backup/downloads/isobuster_10_all_lang.rar --> IsoBuster 1.0 (All languages) Setup.exe


WARNING: [Unexpected end of file] /media/Devices/sda1/PC Backup/downloads/Karaoke.wa3_CDG.exe


WARNING: [Bad compressed data] /media/Devices/sda1/PC Backup/downloads/SetupCloneCD.exe


WARNING: [Bad compressed data] /media/Devices/sda1/PC Backup/downloads/SetupCloneCD5022.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/srwa5-1.61.2.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/Streamripper wa3_153.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/winamp3_0-full.exe


WARNING: [Bad archive format] /media/Devices/sda1/PC Backup/Flashythings/Emule/ebooks/45 psychologische Fachbücher dt.zip --> 45 pschologische Fachb?cher/01._Lehrbuch_fr_klinische_Psychologie_-_Psychotherapie.ace


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/quickhelp/dfn


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/quickhelp/ihelp


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/sfimgcont


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/Versionsupdate/setup/databasedir/quickhelp/dfn


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/Versionsupdate/setup/databasedir/quickhelp/ihelp


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/Versionsupdate/setup/databasedir/sfimgcont


Statistics :
Directories............... : 34066
Archives.................. : 3962
Files..................... : 580706
Infected.............. : 11
Renamed........... : 11
Warnings.............. : 33
Suspicious............ : 0
Infections................ : 11

Malwarebytes sagt:

Code:

ATTFilter

  Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.24.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Raphael :: RAPHAEL-PC [Administrator]

24.05.2012 10:32:41
mbam-log-2012-05-24 (12-06-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387865
Laufzeit: 1 Stunde(n), 26 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\Raphael\AppData\Roaming\BAcroIEHelpe127.dll (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 3
HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Raphael\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{CBFFD663-F529-4B19-BCF7-70986EF027B8} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Raphael\AppData\Roaming\Cey\woneux.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Raphael\AppData\Roaming\BAcroIEHelpe127.dll (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Raphael\AppData\Roaming\AcroIEHelpe127.dll (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Raphael\AppData\Roaming\08038\components\AcroFF038.dll (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Raphael\AppData\Roaming\Cey\woneux.exe.vir (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Raphael\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.

(Ende)

soweit erstmal
lasse jetzt noch den ESET online scanner laufen.
achja ich hab nicht für jede externe festplatte ein eigenes kabel und kann deswegen nicht alle gleichzeitig hinhängen hoffe das ist kein problem.

Hier noch das ergebnis vom ESET online scanner

Code:

ATTFilter

 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8e69162c2ea3204ea5eb577921ec078c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-24 01:33:04
# local_time=2012-05-24 03:33:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 358440 112752098 1140 0
# compatibility_mode=5892 16776573 100 100 1441 175388262 0 0
# compatibility_mode=8192 67108863 100 0 280 280 0 0
# scanned=321786
# found=12
# cleaned=0
# scan_time=10849
C:\Users\Raphael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DIHA9E41\3f387ee66fdcbe0e1de66f0c2c216776[1].htm	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Raphael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2MRSAIX\memberphp[1].htm.vir	JS/Kryptik.MB trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Raphael\AppData\Local\Temp\M.class.vir	a variant of Java/Exploit.CVE-2011-3544.BK trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\2b958215-75edec74.vir	a variant of Java/Exploit.CVE-2012-0507.U trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e337399-5cb611eb.vir	Java/Exploit.Agent.NBC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\1fff0c84-7475ab05.vir	Java/Exploit.Agent.NBC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1620d7bf-310f4062.vir	Java/Exploit.Agent.NBC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Raphael\AppData\Roaming\AcroIEHelpe122.dll.vir	a variant of Win32/Spy.Banker.XSL trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Raphael\Downloads\YouTubeDownloaderSetup35.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
G:\Musik\mixes\Padre\Eighties classic.wma	WMA/TrojanDownloader.Wimad.D trojan (unable to clean)	00000000000000000000000000000000	I
L:\Musik\mixes\Padre\Eighties classic.wma	WMA/TrojanDownloader.Wimad.D trojan (unable to clean)	00000000000000000000000000000000	I
M:\Musik\mixes\Padre\Eighties classic.wma	WMA/TrojanDownloader.Wimad.D trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 24.05.2012, 21:40

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

ruufl · 26.05.2012, 06:48

funde waren in der quarantäne hab dort alle gelöscht.
Was muss jetzt getan werden ?

cosinus · 26.05.2012, 14:44

Aus der Q solltest du nichts löschen! Du solltest nur mit Malwarebytes die Funde entfernen, so dass die in die Q von MBAM landen!

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

ruufl · 29.05.2012, 07:42

normaler Modus von windows geht soweit ich das beurteilen kann uneingeschränkt. Piepstöne und auch die Fehlermeldung kommen nicht mehr.

Ob ich irgendwas im Startmenü vermisse kann ich leider nicht sagen das ist soviel zeug drinn was ich teilweiße gar nicht verwende. Aber das was ich benutze ist noch da.
Ein leerer Ordner namens Autostart ist dabei.

cosinus · 29.05.2012, 09:17

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

ruufl · 29.05.2012, 19:05

Muss ich virenscan auch ausschalten?
hier der Log

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.05.2012 19:34:49 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\Raphael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 54,95% Memory free
4,12 Gb Paging File | 3,32 Gb Available in Paging File | 80,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 32,48 Gb Free Space | 40,61% Space Free | Partition Type: NTFS
Drive D: | 278,09 Gb Total Space | 25,14 Gb Free Space | 9,04% Space Free | Partition Type: NTFS
Drive E: | 69,04 Gb Total Space | 0,39 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
Drive F: | 19,99 Gb Total Space | 12,06 Gb Free Space | 60,35% Space Free | Partition Type: FAT32
 
Computer Name: RAPHAEL-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C607C84-E661-401E-B66D-2448527A4647}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{24D51B02-E9DB-480B-B17E-E27F34C6760D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{30B01FBF-BB0E-4C2A-A7E6-4474391446FC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{545C2F35-23AC-4CC6-8D01-B8D6A72F30F4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{77384C50-F095-437F-AACD-A1C55A5320D1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{932A725E-A10D-4DEA-B22E-232A1BC69EF2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE1E8CBA-EF46-4AF8-8E80-7DB0ADB1E93F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F08C7009-304F-4B97-BE13-B831954550A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F0DDEC8C-A1FD-4619-BCE8-386F6D81AB8C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F37E1E6C-94A1-4F12-871B-A089F8FC6FAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09260D7B-0CA0-406B-9A79-2D163767343A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5A68BF0B-B96D-4A49-9C7E-79D3328ADF79}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{62B66B24-11D1-42E5-A5FE-BF22FA352D4F}" = dir=in | app=c:\program files\home cinema\powerdvd\powerdvd.exe | 
"{69E40F8B-D1F8-48D5-973E-32F6EFD84C29}" = dir=in | app=c:\program files\home cinema\powerdirector\pdr.exe | 
"{CECCDD47-6BA4-44C0-A33F-0D5B16A1A7E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E66A58CF-34F9-491F-944D-D843EB8B1A9A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{014D7D9D-87A5-4566-BC75-80476E61FD04}C:\users\raphael\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\raphael\desktop\age of empires ii\empires2.exe | 
"TCP Query User{11155918-6DC0-4EDB-AE05-AA7A6CAB10FA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{11444A55-D26B-4F1F-9049-870CA0876967}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{4FF28E5C-C0EB-4E56-8DA2-942AD888169C}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{532E19C4-1F4C-4DF1-8495-21C62583B810}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{63955AC2-7577-4BD2-AA95-0590D7EAA7B6}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{78AEC7DF-0729-4EB4-AE30-84242BA6C1E9}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{88A485FB-A120-472E-8425-CFC2AA3705DE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8CE217FA-E599-408D-88C5-AFEE332675DD}D:\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\trillian\trillian.exe | 
"TCP Query User{90B7727E-6D51-4A33-A80C-5EEB3DE414DA}C:\program files\fox\no one lives forever 2\lithtech.exe" = protocol=6 | dir=in | app=c:\program files\fox\no one lives forever 2\lithtech.exe | 
"TCP Query User{98E7E857-9B36-40C6-B06E-0CF0D73E818B}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{9F821C09-9D0C-4879-B697-F66BB7AF8E81}C:\users\raphael\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\raphael\desktop\age of empires ii\empires2.exe | 
"TCP Query User{BF0105E6-AB4E-4A74-8F77-AC239153477F}D:\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\trillian\trillian.exe | 
"UDP Query User{0828DDC7-2A4A-448A-BA53-6D854D020F9F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{16E95B2D-0205-43E7-87C0-44926569A9FD}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{20AB01EA-C7E7-4FCD-8830-2D909DCF6C7B}D:\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\trillian\trillian.exe | 
"UDP Query User{73D1D218-C047-4903-B44D-2000A56682CA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{7FA3BFC1-A814-4901-BB16-A0FB606ADB8D}C:\program files\fox\no one lives forever 2\lithtech.exe" = protocol=17 | dir=in | app=c:\program files\fox\no one lives forever 2\lithtech.exe | 
"UDP Query User{8950F297-CD16-426B-A746-D7D78B1A87DE}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{930D7B92-3EAD-4E51-82C5-910C154EA11D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9D7AA1C2-458E-4B5F-9E52-74193EEA0C9A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{CA598B07-4A59-438B-B707-A576D1B59AB8}D:\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\trillian\trillian.exe | 
"UDP Query User{D0E0FC9E-44B5-4AA0-921C-D3DFCE53708C}C:\users\raphael\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\raphael\desktop\age of empires ii\empires2.exe | 
"UDP Query User{D1191AE7-A1A8-4254-857D-1447646E1146}C:\users\raphael\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\raphael\desktop\age of empires ii\empires2.exe | 
"UDP Query User{F8C559E5-3776-4169-801C-3201378C40E2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{FAE9913C-F53D-4654-AE12-40BA3685972D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{41E340F0-0BD6-4A87-AF29-E9E584471756}" = VideoMate T , M , P Series  Driver
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81AB1374-098A-43CB-BE57-31CEB5EB1031}" = Nero 7 Essentials
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A600A500-6AAC-48AB-B29C-145483B3A127}" = SFirm
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D353C323-5E95-4873-9825-9FEC1C8A3794}" = Nokia Download!
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Chrome9HC" = VIA Chrome9 HC IGP Family Display
"Defraggler" = Defraggler
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Fury3" = Microsoft Fury3
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IncrediBubble" = IncrediBubble
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Streamripper" = Streamripper (Remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2012 06:23:18 | Computer Name = Raphael-PC | Source = Application Hang | ID = 1002
Description = Programm YouTubeDownloader.exe, Version 3.5.0.5 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 13ac  Anfangszeit: 01cd3416f9315c24  Zeitpunkt
 der Beendigung: 22
 
Error - 17.05.2012 06:23:49 | Computer Name = Raphael-PC | Source = Application Hang | ID = 1002
Description = Programm YouTubeDownloader.exe, Version 3.5.0.5 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 15b0  Anfangszeit: 01cd341716e852f4  Zeitpunkt
 der Beendigung: 0
 
Error - 22.05.2012 05:04:17 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0xe50, Anwendungsstartzeit 01cd37f9dce1b304.
 
Error - 22.05.2012 05:20:34 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0x410, Anwendungsstartzeit 01cd37fc23a19921.
 
Error - 22.05.2012 05:21:28 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0xd50, Anwendungsstartzeit 01cd37fc43051711.
 
Error - 22.05.2012 05:22:00 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0xa10, Anwendungsstartzeit 01cd37fc579d9cb1.
 
Error - 22.05.2012 05:24:24 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0x10c4, Anwendungsstartzeit 01cd37fcacf24ee1.
 
Error - 22.05.2012 05:26:32 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0x14b8, Anwendungsstartzeit 01cd37fcf9e3e101.
 
Error - 22.05.2012 05:27:57 | Computer Name = Raphael-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 174c  Anfangszeit: 01cd37fca8be6161  Zeitpunkt
 der Beendigung: 0
 
Error - 29.05.2012 13:33:33 | Computer Name = Raphael-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.44.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: a88  Anfangszeit: 01cd3dc08a918c30  Zeitpunkt der Beendigung:
 31
 
[ System Events ]
Error - 12.05.2012 07:15:25 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.05.2012 07:15:25 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.05.2012 07:15:25 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.05.2012 07:15:55 | Computer Name = Raphael-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.05.2012 01:35:31 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 17.05.2012 02:08:24 | Computer Name = Raphael-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.05.2012 02:08:24 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 17.05.2012 02:08:24 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.05.2012 02:08:41 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 17.05.2012 02:08:41 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

cosinus · 30.05.2012, 09:41

Das andere Log (OTL.txt) fehlt

ruufl · 30.05.2012, 17:14

hier ists:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.05.2012 19:34:49 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\Raphael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 54,95% Memory free
4,12 Gb Paging File | 3,32 Gb Available in Paging File | 80,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 32,48 Gb Free Space | 40,61% Space Free | Partition Type: NTFS
Drive D: | 278,09 Gb Total Space | 25,14 Gb Free Space | 9,04% Space Free | Partition Type: NTFS
Drive E: | 69,04 Gb Total Space | 0,39 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
Drive F: | 19,99 Gb Total Space | 12,06 Gb Free Space | 60,35% Space Free | Partition Type: FAT32
 
Computer Name: RAPHAEL-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.29 19:25:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
PRC - [2012.05.24 10:17:05 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012.05.24 10:17:03 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.07.01 17:58:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 08:04:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2003.05.15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.24 10:17:03 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.01 17:58:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 08:04:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008.01.19 09:34:44 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008.01.19 09:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.12.19 22:23:38 | 000,272,024 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.12.23 08:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011.12.23 08:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.01 17:58:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 17:58:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.25 01:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.06.23 10:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.11 12:59:48 | 000,023,192 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\xfilt.sys -- (xfilt)
DRV - [2010.02.11 12:59:18 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\videX32.sys -- (videX32)
DRV - [2009.06.10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.04.11 06:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.19 07:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2007.04.17 10:30:38 | 000,025,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2007.04.17 10:30:38 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2007.04.17 10:30:38 | 000,018,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2007.04.17 10:30:38 | 000,017,592 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2007.04.17 10:30:38 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2007.01.08 18:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006.11.02 11:49:32 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006.11.02 10:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006.11.02 10:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ergoverbund.de/
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes,DefaultScope = {8B456654-113A-43F6-B02A-A0C9DDAE8465}
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes\{6582B034-8798-4670-B8D5-46503BE6E955}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes\{8B456654-113A-43F6-B02A-A0C9DDAE8465}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.hotspotshield.com/g/?c=h"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.04.09 22:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.06 17:32:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.30 16:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.16 19:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.04.09 22:42:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Raphael\AppData\Roaming\08038 [2012.05.22 11:21:29 | 000,000,000 | ---D | M]
 
[2010.03.18 17:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions
[2012.02.19 13:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions
[2010.10.17 19:44:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.19 13:24:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.06 20:36:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.21 23:43:37 | 000,000,873 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\scgjfruf.default\searchplugins\conduit.xml
[2011.09.09 20:45:01 | 000,001,030 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\scgjfruf.default\searchplugins\wikipedia-de.xml
[2011.12.03 15:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.31 22:12:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.05.22 11:21:29 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\RAPHAEL\APPDATA\ROAMING\08038
[2012.01.23 13:35:03 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RAPHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCGJFRUF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.30 16:50:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.29 12:36:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.30 16:50:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [S3Funkey] C:\Windows\System32\S3Funkey.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SfWinStartInfo] C:\Program Files\SFirm32\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003..\Run: []  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{655FB688-C9F8-4CFC-9312-1447CDF9CCB9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7BDAAAA-E3F3-4916-A59D-B98AC7F79D5D}: DhcpNameServer = 10.87.56.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.01.30 16:37:40 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= -  File not found
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= -  File not found
MsConfig - StartUpReg: SfWinStartInfo - hkey= - key= - C:\Program Files\SFirm32\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skytel - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 1
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.29 19:25:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2012.05.29 08:32:52 | 006,236,280 | ---- | C] (Lavasoft Limited) -- C:\Users\Raphael\Desktop\Adaware_Installer.exe
[2012.05.24 12:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.24 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Desktop\01. Lehrbuch für klinische Psychologie - Psychotherapie
[2012.05.24 10:30:51 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Malwarebytes
[2012.05.24 10:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.24 10:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.24 10:30:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.24 10:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.24 10:29:19 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Raphael\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.22 11:21:29 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\08038
[2012.05.16 07:39:26 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\08036
[2012.05.12 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\08035
[2012.05.06 09:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.05.06 09:45:44 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\08033
[2012.05.05 17:50:11 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Desktop\max
[2012.04.30 09:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SFirm LOGS
[2 C:\Users\Raphael\Documents\*.tmp files -> C:\Users\Raphael\Documents\*.tmp -> ]
[1 C:\Users\Raphael\AppData\Roaming\*.tmp files -> C:\Users\Raphael\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.29 19:25:37 | 000,637,762 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.29 19:25:37 | 000,603,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.29 19:25:37 | 000,130,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.29 19:25:37 | 000,107,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.29 19:25:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2012.05.29 19:21:28 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.05.29 19:21:28 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.05.29 19:21:04 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 19:21:03 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 19:21:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.29 19:20:59 | 000,000,680 | ---- | M] () -- C:\Users\Raphael\AppData\Local\d3d9caps.dat
[2012.05.29 19:20:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.29 19:20:49 | 2078,793,728 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 08:32:54 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Users\Raphael\Desktop\Adaware_Installer.exe
[2012.05.26 13:45:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.26 12:17:01 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.05.26 08:56:14 | 020,307,352 | ---- | M] () -- C:\Users\Raphael\Documents\Iwer George_ COME TO MEH [2011 Trinidad Carnival Soca][Angel Duo Riddim, Produced By Hitz].mp4
[2012.05.26 08:02:33 | 140,473,648 | ---- | M] () -- C:\Users\Raphael\Documents\Movement Lifestyle - #11105 I Lego I Jon Mcxro.mp4
[2012.05.26 08:02:32 | 025,344,391 | ---- | M] () -- C:\Users\Raphael\Documents\Aidonia - Anyway At All, Dancehall Routine by JIFF.mp4
[2012.05.26 07:55:35 | 012,129,449 | ---- | M] () -- C:\Users\Raphael\Documents\Mavado - What's Love - May 2012.flv
[2012.05.26 07:52:06 | 012,204,417 | ---- | M] () -- C:\Users\Raphael\Documents\Konshens - Mad Mi [Bong Diggy Bang Riddim] MAY 2012.mp4
[2012.05.24 10:30:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.24 10:29:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Raphael\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.24 10:23:22 | 000,000,160 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\blckdom.res
[2012.05.24 10:10:55 | 000,370,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.23 08:44:20 | 000,057,856 | ---- | M] () -- C:\Users\Raphael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.17 08:07:08 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012.05.16 09:02:43 | 050,354,855 | ---- | M] () -- C:\Users\Raphael\Documents\Juicy Riddim Mix [April 2012] UPT - 007 Records.flv
[2012.05.16 07:40:04 | 000,230,880 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\AcroIEHelpe122.dll.vir
[2012.04.30 09:35:02 | 000,000,029 | ---- | M] () -- C:\Windows\hbcikrnl.ini.lock
[2012.04.30 09:31:36 | 000,000,061 | ---- | M] () -- C:\Windows\Setup_tmp.ini
[2 C:\Users\Raphael\Documents\*.tmp files -> C:\Users\Raphael\Documents\*.tmp -> ]
[1 C:\Users\Raphael\AppData\Roaming\*.tmp files -> C:\Users\Raphael\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.26 08:55:41 | 020,307,352 | ---- | C] () -- C:\Users\Raphael\Documents\Iwer George_ COME TO MEH [2011 Trinidad Carnival Soca][Angel Duo Riddim, Produced By Hitz].mp4
[2012.05.26 08:01:03 | 025,344,391 | ---- | C] () -- C:\Users\Raphael\Documents\Aidonia - Anyway At All, Dancehall Routine by JIFF.mp4
[2012.05.26 07:57:48 | 140,473,648 | ---- | C] () -- C:\Users\Raphael\Documents\Movement Lifestyle - #11105 I Lego I Jon Mcxro.mp4
[2012.05.26 07:53:09 | 012,129,449 | ---- | C] () -- C:\Users\Raphael\Documents\Mavado - What's Love - May 2012.flv
[2012.05.26 07:51:40 | 012,204,417 | ---- | C] () -- C:\Users\Raphael\Documents\Konshens - Mad Mi [Bong Diggy Bang Riddim] MAY 2012.mp4
[2012.05.24 11:37:35 | 004,950,135 | ---- | C] () -- C:\Users\Raphael\Desktop\01._Lehrbuch_fr_klinische_Psychologie_-_Psychotherapie.ace
[2012.05.24 10:30:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.17 08:07:08 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.05.16 08:40:30 | 050,354,855 | ---- | C] () -- C:\Users\Raphael\Documents\Juicy Riddim Mix [April 2012] UPT - 007 Records.flv
[2012.05.16 07:40:04 | 000,230,880 | ---- | C] () -- C:\Users\Raphael\AppData\Roaming\AcroIEHelpe122.dll.vir
[2012.05.07 12:07:03 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2012.04.30 09:35:02 | 000,000,029 | ---- | C] () -- C:\Windows\hbcikrnl.ini.lock
[2012.04.30 09:31:36 | 000,000,061 | ---- | C] () -- C:\Windows\Setup_tmp.ini
[2012.04.23 08:38:46 | 000,000,160 | ---- | C] () -- C:\Users\Raphael\AppData\Roaming\blckdom.res
[2012.02.10 23:01:30 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.06.15 21:50:21 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.06.15 21:50:21 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.01.09 14:56:06 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2011.01.09 14:26:52 | 000,000,354 | ---- | C] () -- C:\Windows\WININIT.INI
 
========== LOP Check ==========
 
[2012.04.23 08:38:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08032
[2012.05.06 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08033
[2012.05.12 12:54:43 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08035
[2012.05.16 07:39:26 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08036
[2012.05.22 11:21:29 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08038
[2012.05.24 12:07:15 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Cey
[2010.09.02 19:12:12 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.10 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\HTC
[2011.04.09 23:09:46 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009.08.31 18:57:48 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\ICQ
[2012.04.23 08:38:39 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\kock
[2012.05.22 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Lut
[2010.03.31 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Neverball
[2010.03.19 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Nokia
[2009.09.03 14:46:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Nseries
[2010.01.18 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\OpenOffice.org
[2009.09.03 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\PC Suite
[2009.08.29 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\streamripper
[2011.08.08 10:59:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\TVcentral-Core
[2012.05.03 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\UAs
[2009.08.28 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Ulead Systems
[2012.05.03 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\xmldm
[2012.05.29 08:42:49 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.23 08:38:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08032
[2012.05.06 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08033
[2012.05.12 12:54:43 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08035
[2012.05.16 07:39:26 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08036
[2012.05.22 11:21:29 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08038
[2011.04.09 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Adobe
[2009.09.03 12:39:22 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Ahead
[2009.11.08 12:54:02 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Apple Computer
[2011.03.13 10:27:42 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Avira
[2012.05.24 12:07:15 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Cey
[2009.12.13 19:28:10 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\CyberLink
[2010.11.21 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\DivX
[2012.05.17 10:53:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\dvdcss
[2010.09.02 19:12:12 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.28 16:43:14 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Google
[2011.04.10 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\HTC
[2011.04.09 23:09:46 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009.08.31 18:57:48 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\ICQ
[2009.08.28 16:29:04 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Identities
[2012.04.23 08:38:39 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\kock
[2012.05.22 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Lut
[2009.08.28 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Macromedia
[2012.05.24 10:30:51 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Media Center Programs
[2009.10.13 21:11:56 | 000,000,000 | --SD | M] -- C:\Users\Raphael\AppData\Roaming\Microsoft
[2010.03.18 17:27:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Mozilla
[2010.03.31 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Neverball
[2010.03.19 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Nokia
[2009.09.03 14:46:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Nseries
[2010.01.18 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\OpenOffice.org
[2010.01.18 14:30:06 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\OpenOffice.org2
[2009.09.03 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\PC Suite
[2010.03.28 14:23:40 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Real
[2009.08.29 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\streamripper
[2011.08.08 10:59:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\TVcentral-Core
[2012.05.03 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\UAs
[2009.08.28 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Ulead Systems
[2012.05.23 09:00:56 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\vlc
[2012.05.03 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2011.05.14 21:04:47 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Raphael\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.09.03 12:36:31 | 068,725,024 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2009.08.28 20:39:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.08.28 20:39:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.08.28 20:39:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2009.08.28 20:39:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.05.08 16:29:51 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.05.08 16:29:51 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2008.07.09 21:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\2K\viamraid.sys
[2008.07.09 21:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2008.07.09 21:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\SRV2003\x86\viamraid.sys
[2008.07.09 21:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\XP\x86\viamraid.sys
[2008.09.26 17:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2008.09.26 17:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\VISTA\x86\viamraid.sys
[2010.03.05 10:34:38 | 000,138,464 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=573793CAC25054F4189196150DE0E51E -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2010.03.05 10:34:38 | 000,138,464 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=573793CAC25054F4189196150DE0E51E -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\VISTA\x86\viamraid.sys
[2010.02.22 17:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\2K\viamraid.sys
[2010.02.22 17:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2010.02.22 17:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\SRV2003\x86\viamraid.sys
[2010.02.22 17:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\XP\x86\viamraid.sys
[2007.12.19 20:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007.12.19 20:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\NT4\viamraid.sys
[2007.12.19 20:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007.12.19 20:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\NT4\viamraid.sys
 
< MD5 for: VIPRT.SYS  >
[2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\System32\drivers\ViPrt.sys
[2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_86543378\ViPrt.sys
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          Schliesse bitte nun alle Programme >

< End of report >

--- --- ---

cosinus · 30.05.2012, 20:46

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.hotspotshield.com/g/?c=h"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
[2010.10.17 19:44:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.19 13:24:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.06 20:36:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.21 23:43:37 | 000,000,873 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\scgjfruf.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.01.30 16:37:40 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
:Files
C:\Users\Raphael\AppData\Roaming\0803?
C:\Users\Raphael\AppData\Roaming\blckdom.res
C:\Users\Raphael\AppData\Roaming\kock
C:\Users\Raphael\AppData\Roaming\Lut
C:\Users\Raphael\AppData\Roaming\UAs
C:\Users\Raphael\AppData\Roaming\xmldm
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ruufl · 31.05.2012, 18:07

Logfile:

Code:

ATTFilter

  All processes killed
========== OTL ==========
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.hotspotshield.com/g/?c=h" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\scgjfruf.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-3525520835-1839049092-1064679259-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-3525520835-1839049092-1064679259-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autoexec.bat moved successfully.
E:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccb2b942-76ca-11df-bc79-0019dba44eba}\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccb2b942-76ca-11df-bc79-0019dba44eba}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe not found.
========== FILES ==========
C:\Users\Raphael\AppData\Roaming\08032\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08032 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08033\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08033 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08035\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08035 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08036\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08036 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08038\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08038 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\blckdom.res moved successfully.
C:\Users\Raphael\AppData\Roaming\kock folder moved successfully.
C:\Users\Raphael\AppData\Roaming\Lut folder moved successfully.
C:\Users\Raphael\AppData\Roaming\UAs folder moved successfully.
C:\Users\Raphael\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Raphael
->Temp folder emptied: 63944526 bytes
->Temporary Internet Files folder emptied: 523868801 bytes
->Java cache emptied: 311961691 bytes
->FireFox cache emptied: 47176885 bytes
->Flash cache emptied: 59316 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55932761 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 957,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Raphael
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 05312012_190011

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 31.05.2012, 19:16

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

ruufl · 01.06.2012, 18:41

TDSS Log:

Code:

ATTFilter

  19:35:53.0559 3856	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:35:53.0777 3856	============================================================
19:35:53.0777 3856	Current date / time: 2012/06/01 19:35:53.0777
19:35:53.0777 3856	SystemInfo:
19:35:53.0777 3856	
19:35:53.0777 3856	OS Version: 6.0.6002 ServicePack: 2.0
19:35:53.0777 3856	Product type: Workstation
19:35:53.0777 3856	ComputerName: RAPHAEL-PC
19:35:53.0777 3856	UserName: Raphael
19:35:53.0777 3856	Windows directory: C:\Windows
19:35:53.0777 3856	System windows directory: C:\Windows
19:35:53.0777 3856	Processor architecture: Intel x86
19:35:53.0777 3856	Number of processors: 2
19:35:53.0777 3856	Page size: 0x1000
19:35:53.0777 3856	Boot type: Normal boot
19:35:53.0777 3856	============================================================
19:35:55.0306 3856	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:55.0306 3856	Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:55.0337 3856	============================================================
19:35:55.0337 3856	\Device\Harddisk0\DR0:
19:35:55.0337 3856	MBR partitions:
19:35:55.0337 3856	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22C2D000
19:35:55.0369 3856	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x22C2D83F, BlocksNum 0x27FFE82
19:35:55.0369 3856	\Device\Harddisk1\DR1:
19:35:55.0369 3856	MBR partitions:
19:35:55.0369 3856	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9FFEACC
19:35:55.0400 3856	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x9FFEB4A, BlocksNum 0x8A160B6
19:35:55.0400 3856	============================================================
19:35:55.0431 3856	C: <-> \Device\Harddisk1\DR1\Partition0
19:35:55.0478 3856	D: <-> \Device\Harddisk0\DR0\Partition0
19:35:55.0493 3856	E: <-> \Device\Harddisk1\DR1\Partition1
19:35:55.0509 3856	F: <-> \Device\Harddisk0\DR0\Partition1
19:35:55.0540 3856	============================================================
19:35:55.0540 3856	Initialize success
19:35:55.0540 3856	============================================================
19:37:28.0454 3580	============================================================
19:37:28.0454 3580	Scan started
19:37:28.0454 3580	Mode: Manual; SigCheck; TDLFS; 
19:37:28.0454 3580	============================================================
19:37:29.0515 3580	3xHybrid        (5abd10518dec48b4fa5ffc03b73402e5) C:\Windows\system32\DRIVERS\3xHybrid.sys
19:37:29.0764 3580	3xHybrid - ok
19:37:29.0795 3580	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:37:29.0827 3580	ACPI - ok
19:37:29.0873 3580	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:37:29.0905 3580	adp94xx - ok
19:37:29.0951 3580	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:37:29.0983 3580	adpahci - ok
19:37:30.0014 3580	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:37:30.0029 3580	adpu160m - ok
19:37:30.0045 3580	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:37:30.0076 3580	adpu320 - ok
19:37:30.0092 3580	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:37:30.0201 3580	AeLookupSvc - ok
19:37:30.0248 3580	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:37:30.0326 3580	AFD - ok
19:37:30.0357 3580	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:37:30.0388 3580	aic78xx - ok
19:37:30.0451 3580	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:37:30.0513 3580	ALG - ok
19:37:30.0591 3580	aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
19:37:30.0622 3580	aliide - ok
19:37:30.0638 3580	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:37:30.0669 3580	amdagp - ok
19:37:30.0700 3580	amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
19:37:30.0716 3580	amdide - ok
19:37:30.0763 3580	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:37:30.0965 3580	AmdK7 - ok
19:37:30.0997 3580	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:37:31.0075 3580	AmdK8 - ok
19:37:31.0246 3580	AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:37:31.0246 3580	AntiVirSchedulerService - ok
19:37:31.0293 3580	AntiVirService  (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:37:31.0309 3580	AntiVirService - ok
19:37:31.0402 3580	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:37:31.0433 3580	Appinfo - ok
19:37:31.0449 3580	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:37:31.0465 3580	arc - ok
19:37:31.0496 3580	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:37:31.0511 3580	arcsas - ok
19:37:31.0527 3580	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:31.0589 3580	AsyncMac - ok
19:37:31.0636 3580	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:37:31.0652 3580	atapi - ok
19:37:31.0683 3580	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:37:31.0730 3580	AudioEndpointBuilder - ok
19:37:31.0730 3580	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:37:31.0761 3580	Audiosrv - ok
19:37:31.0823 3580	avgio           (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
19:37:31.0839 3580	avgio - ok
19:37:31.0870 3580	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:37:31.0886 3580	avgntflt - ok
19:37:31.0933 3580	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:37:31.0948 3580	avipbb - ok
19:37:31.0964 3580	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:37:31.0995 3580	Beep - ok
19:37:32.0120 3580	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:37:32.0167 3580	BFE - ok
19:37:32.0385 3580	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:37:32.0463 3580	BITS - ok
19:37:32.0479 3580	blbdrive - ok
19:37:32.0510 3580	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:37:32.0541 3580	bowser - ok
19:37:32.0572 3580	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:37:32.0603 3580	BrFiltLo - ok
19:37:32.0619 3580	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:37:32.0650 3580	BrFiltUp - ok
19:37:32.0666 3580	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:37:32.0713 3580	Browser - ok
19:37:32.0775 3580	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:37:32.0837 3580	Brserid - ok
19:37:32.0900 3580	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:37:32.0978 3580	BrSerWdm - ok
19:37:33.0009 3580	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:37:33.0071 3580	BrUsbMdm - ok
19:37:33.0134 3580	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:37:33.0196 3580	BrUsbSer - ok
19:37:33.0274 3580	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:37:33.0337 3580	BTHMODEM - ok
19:37:33.0430 3580	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:37:33.0461 3580	cdfs - ok
19:37:33.0555 3580	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:37:33.0617 3580	cdrom - ok
19:37:33.0649 3580	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:37:33.0711 3580	CertPropSvc - ok
19:37:33.0727 3580	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:37:33.0789 3580	circlass - ok
19:37:33.0836 3580	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:37:33.0867 3580	CLFS - ok
19:37:33.0961 3580	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:37:33.0992 3580	clr_optimization_v2.0.50727_32 - ok
19:37:34.0023 3580	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:34.0039 3580	clr_optimization_v4.0.30319_32 - ok
19:37:34.0101 3580	cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
19:37:34.0117 3580	cmdide - ok
19:37:34.0148 3580	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:37:34.0163 3580	Compbatt - ok
19:37:34.0163 3580	COMSysApp - ok
19:37:34.0195 3580	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:37:34.0195 3580	crcdisk - ok
19:37:34.0226 3580	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:37:34.0288 3580	Crusoe - ok
19:37:34.0366 3580	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:37:34.0429 3580	CryptSvc - ok
19:37:34.0507 3580	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:37:34.0569 3580	DcomLaunch - ok
19:37:34.0663 3580	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:37:34.0725 3580	DfsC - ok
19:37:34.0975 3580	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:37:35.0131 3580	DFSR - ok
19:37:35.0411 3580	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:37:35.0443 3580	Dhcp - ok
19:37:35.0552 3580	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:37:35.0567 3580	disk - ok
19:37:35.0599 3580	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:37:35.0645 3580	Dnscache - ok
19:37:35.0677 3580	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:37:35.0708 3580	dot3svc - ok
19:37:35.0786 3580	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:37:35.0817 3580	DPS - ok
19:37:35.0833 3580	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:37:35.0879 3580	drmkaud - ok
19:37:35.0957 3580	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:37:36.0020 3580	DXGKrnl - ok
19:37:36.0145 3580	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:37:36.0238 3580	E1G60 - ok
19:37:36.0269 3580	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:37:36.0301 3580	EapHost - ok
19:37:36.0332 3580	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:37:36.0363 3580	Ecache - ok
19:37:36.0425 3580	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:37:36.0457 3580	ehRecvr - ok
19:37:36.0488 3580	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:37:36.0535 3580	ehSched - ok
19:37:36.0535 3580	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:37:36.0566 3580	ehstart - ok
19:37:36.0597 3580	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:37:36.0644 3580	elxstor - ok
19:37:36.0815 3580	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:37:36.0925 3580	EMDMgmt - ok
19:37:36.0987 3580	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:37:37.0049 3580	EventSystem - ok
19:37:37.0096 3580	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:37:37.0159 3580	exfat - ok
19:37:37.0190 3580	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:37:37.0237 3580	fastfat - ok
19:37:37.0268 3580	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:37:37.0346 3580	fdc - ok
19:37:37.0424 3580	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:37:37.0455 3580	fdPHost - ok
19:37:37.0502 3580	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:37:37.0564 3580	FDResPub - ok
19:37:37.0658 3580	FET5X86V        (8787449f8ef116db0e8e06c3555746a7) C:\Windows\system32\DRIVERS\fetnd5bv.sys
19:37:37.0689 3580	FET5X86V - ok
19:37:37.0720 3580	FETNDIS         (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
19:37:37.0767 3580	FETNDIS - ok
19:37:37.0814 3580	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:37:37.0829 3580	FileInfo - ok
19:37:37.0861 3580	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:37:37.0907 3580	Filetrace - ok
19:37:38.0157 3580	FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
19:37:38.0282 3580	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0282 3580	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:37:38.0563 3580	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:37:38.0656 3580	flpydisk - ok
19:37:38.0719 3580	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:37:38.0750 3580	FltMgr - ok
19:37:38.0921 3580	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:37:38.0984 3580	FontCache - ok
19:37:39.0124 3580	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:37:39.0140 3580	FontCache3.0.0.0 - ok
19:37:39.0233 3580	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:37:39.0265 3580	Fs_Rec - ok
19:37:39.0311 3580	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:37:39.0327 3580	gagp30kx - ok
19:37:39.0405 3580	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:37:39.0483 3580	gpsvc - ok
19:37:39.0623 3580	gupdate1ca2952144769d0 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:37:39.0639 3580	gupdate1ca2952144769d0 - ok
19:37:39.0639 3580	gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:37:39.0655 3580	gupdatem - ok
19:37:39.0779 3580	gusvc           (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:37:39.0795 3580	gusvc - ok
19:37:39.0889 3580	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:37:39.0920 3580	HdAudAddService - ok
19:37:40.0029 3580	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:37:40.0123 3580	HDAudBus - ok
19:37:40.0201 3580	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:37:40.0263 3580	HidBth - ok
19:37:40.0279 3580	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:37:40.0341 3580	HidIr - ok
19:37:40.0388 3580	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:37:40.0403 3580	hidserv - ok
19:37:40.0435 3580	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:37:40.0466 3580	HidUsb - ok
19:37:40.0544 3580	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:37:40.0575 3580	hkmsvc - ok
19:37:40.0606 3580	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:37:40.0622 3580	HpCISSs - ok
19:37:40.0700 3580	HTCAND32        (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:37:40.0747 3580	HTCAND32 - ok
19:37:40.0825 3580	htcnprot        (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
19:37:40.0856 3580	htcnprot - ok
19:37:40.0918 3580	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:37:40.0981 3580	HTTP - ok
19:37:41.0043 3580	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:37:41.0074 3580	i2omp - ok
19:37:41.0090 3580	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:37:41.0152 3580	i8042prt - ok
19:37:41.0230 3580	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:37:41.0277 3580	iaStorV - ok
19:37:41.0495 3580	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:37:41.0651 3580	idsvc - ok
19:37:41.0683 3580	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:37:41.0714 3580	iirsp - ok
19:37:41.0823 3580	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:37:41.0885 3580	IKEEXT - ok
19:37:42.0525 3580	IntcAzAudAddService (0dbef9cd5a2cd71240dd5afcee56d073) C:\Windows\system32\drivers\RTKVHDA.sys
19:37:42.0759 3580	IntcAzAudAddService - ok
19:37:42.0962 3580	intelide        (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
19:37:43.0009 3580	intelide - ok
19:37:43.0040 3580	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:37:43.0087 3580	intelppm - ok
19:37:43.0133 3580	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:37:43.0180 3580	IPBusEnum - ok
19:37:43.0211 3580	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:43.0258 3580	IpFilterDriver - ok
19:37:43.0336 3580	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:37:43.0383 3580	iphlpsvc - ok
19:37:43.0383 3580	IpInIp - ok
19:37:43.0414 3580	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:37:43.0492 3580	IPMIDRV - ok
19:37:43.0570 3580	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:37:43.0617 3580	IPNAT - ok
19:37:43.0664 3580	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:37:43.0711 3580	IRENUM - ok
19:37:43.0742 3580	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:37:43.0757 3580	isapnp - ok
19:37:43.0804 3580	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:37:43.0835 3580	iScsiPrt - ok
19:37:43.0851 3580	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:37:43.0882 3580	iteatapi - ok
19:37:43.0929 3580	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:37:43.0960 3580	iteraid - ok
19:37:43.0991 3580	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:37:44.0023 3580	kbdclass - ok
19:37:44.0038 3580	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:37:44.0085 3580	kbdhid - ok
19:37:44.0116 3580	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:37:44.0163 3580	KeyIso - ok
19:37:44.0194 3580	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:37:44.0272 3580	KSecDD - ok
19:37:44.0366 3580	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:37:44.0428 3580	KtmRm - ok
19:37:44.0475 3580	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:37:44.0522 3580	LanmanServer - ok
19:37:44.0615 3580	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:37:44.0647 3580	LanmanWorkstation - ok
19:37:44.0912 3580	Lavasoft Ad-Aware Service (55afd4a9d5ed4ad40d5215ccdf4d65f3) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
19:37:45.0005 3580	Lavasoft Ad-Aware Service - ok
19:37:45.0099 3580	Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:37:45.0115 3580	Lavasoft Kernexplorer - ok
19:37:45.0302 3580	Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
19:37:45.0333 3580	Lbd - ok
19:37:45.0395 3580	LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:37:45.0411 3580	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0411 3580	LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:37:45.0427 3580	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:37:45.0489 3580	lltdio - ok
19:37:45.0520 3580	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:37:45.0583 3580	lltdsvc - ok
19:37:45.0598 3580	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:37:45.0676 3580	lmhosts - ok
19:37:45.0707 3580	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:37:45.0723 3580	LSI_FC - ok
19:37:45.0754 3580	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:37:45.0770 3580	LSI_SAS - ok
19:37:45.0801 3580	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:37:45.0817 3580	LSI_SCSI - ok
19:37:45.0863 3580	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:37:45.0910 3580	luafv - ok
19:37:45.0941 3580	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:37:45.0973 3580	Mcx2Svc - ok
19:37:45.0988 3580	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:37:46.0004 3580	megasas - ok
19:37:46.0019 3580	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:37:46.0051 3580	MMCSS - ok
19:37:46.0082 3580	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:37:46.0113 3580	Modem - ok
19:37:46.0144 3580	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:37:46.0175 3580	monitor - ok
19:37:46.0222 3580	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:37:46.0238 3580	mouclass - ok
19:37:46.0253 3580	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:37:46.0285 3580	mouhid - ok
19:37:46.0316 3580	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:37:46.0316 3580	MountMgr - ok
19:37:46.0347 3580	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:37:46.0363 3580	mpio - ok
19:37:46.0394 3580	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:37:46.0425 3580	mpsdrv - ok
19:37:46.0503 3580	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:37:46.0534 3580	MpsSvc - ok
19:37:46.0550 3580	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:37:46.0565 3580	Mraid35x - ok
19:37:46.0597 3580	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:37:46.0628 3580	MRxDAV - ok
19:37:46.0643 3580	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:46.0690 3580	mrxsmb - ok
19:37:46.0721 3580	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:46.0768 3580	mrxsmb10 - ok
19:37:46.0768 3580	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:46.0815 3580	mrxsmb20 - ok
19:37:46.0846 3580	msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
19:37:46.0862 3580	msahci - ok
19:37:46.0893 3580	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:37:46.0924 3580	msdsm - ok
19:37:46.0955 3580	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:37:47.0033 3580	MSDTC - ok
19:37:47.0065 3580	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:37:47.0111 3580	Msfs - ok
19:37:47.0127 3580	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:37:47.0143 3580	msisadrv - ok
19:37:47.0189 3580	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:37:47.0236 3580	MSiSCSI - ok
19:37:47.0236 3580	msiserver - ok
19:37:47.0267 3580	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:37:47.0299 3580	MSKSSRV - ok
19:37:47.0314 3580	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:47.0361 3580	MSPCLOCK - ok
19:37:47.0377 3580	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:37:47.0408 3580	MSPQM - ok
19:37:47.0439 3580	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:37:47.0470 3580	MsRPC - ok
19:37:47.0501 3580	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:37:47.0517 3580	mssmbios - ok
19:37:47.0533 3580	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:37:47.0564 3580	MSTEE - ok
19:37:47.0595 3580	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:37:47.0611 3580	Mup - ok
19:37:47.0642 3580	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:37:47.0689 3580	napagent - ok
19:37:47.0720 3580	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:37:47.0767 3580	NativeWifiP - ok
19:37:47.0891 3580	NBService       (9576cc8e84f7ceda9189cdda1cfd4bc1) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:37:47.0954 3580	NBService ( UnsignedFile.Multi.Generic ) - warning
19:37:47.0954 3580	NBService - detected UnsignedFile.Multi.Generic (1)
19:37:48.0016 3580	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:37:48.0094 3580	NDIS - ok
19:37:48.0188 3580	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:48.0219 3580	NdisTapi - ok
19:37:48.0250 3580	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:48.0297 3580	Ndisuio - ok
19:37:48.0344 3580	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:48.0375 3580	NdisWan - ok
19:37:48.0437 3580	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:37:48.0469 3580	NDProxy - ok
19:37:48.0484 3580	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:37:48.0531 3580	NetBIOS - ok
19:37:48.0562 3580	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:37:48.0609 3580	netbt - ok
19:37:48.0640 3580	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:37:48.0656 3580	Netlogon - ok
19:37:48.0687 3580	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:37:48.0734 3580	Netman - ok
19:37:48.0796 3580	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:37:48.0827 3580	netprofm - ok
19:37:48.0921 3580	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:48.0952 3580	NetTcpPortSharing - ok
19:37:48.0983 3580	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:37:48.0999 3580	nfrd960 - ok
19:37:49.0030 3580	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:37:49.0077 3580	NlaSvc - ok
19:37:49.0186 3580	NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:37:49.0217 3580	NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0217 3580	NMIndexingService - detected UnsignedFile.Multi.Generic (1)
19:37:49.0233 3580	nmwcd           (48fb907b069524f2dc7ba62a0762850c) C:\Windows\system32\drivers\ccdcmb.sys
19:37:49.0295 3580	nmwcd - ok
19:37:49.0311 3580	nmwcdc          (2914ceb789964141ac6e22c6bc980c42) C:\Windows\system32\drivers\ccdcmbo.sys
19:37:49.0358 3580	nmwcdc - ok
19:37:49.0405 3580	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:37:49.0420 3580	Npfs - ok
19:37:49.0451 3580	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:37:49.0498 3580	nsi - ok
19:37:49.0529 3580	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:37:49.0576 3580	nsiproxy - ok
19:37:49.0670 3580	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:37:49.0763 3580	Ntfs - ok
19:37:49.0795 3580	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:37:49.0857 3580	ntrigdigi - ok
19:37:49.0873 3580	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:37:49.0904 3580	Null - ok
19:37:50.0824 3580	nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:37:52.0571 3580	nvlddmkm - ok
19:37:52.0759 3580	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:37:52.0774 3580	nvraid - ok
19:37:52.0837 3580	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:37:52.0852 3580	nvstor - ok
19:37:52.0883 3580	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:37:52.0915 3580	nv_agp - ok
19:37:52.0930 3580	NwlnkFlt - ok
19:37:52.0930 3580	NwlnkFwd - ok
19:37:53.0039 3580	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:37:53.0071 3580	odserv - ok
19:37:53.0102 3580	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
19:37:53.0164 3580	ohci1394 - ok
19:37:53.0211 3580	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:37:53.0227 3580	ose - ok
19:37:53.0305 3580	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:37:53.0383 3580	p2pimsvc - ok
19:37:53.0398 3580	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:37:53.0492 3580	p2psvc - ok
19:37:53.0539 3580	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:37:53.0601 3580	Parport - ok
19:37:53.0617 3580	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:37:53.0648 3580	partmgr - ok
19:37:53.0663 3580	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:37:53.0710 3580	Parvdm - ok
19:37:53.0773 3580	PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
19:37:53.0804 3580	PassThru Service ( UnsignedFile.Multi.Generic ) - warning
19:37:53.0804 3580	PassThru Service - detected UnsignedFile.Multi.Generic (1)
19:37:53.0835 3580	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:37:53.0897 3580	PcaSvc - ok
19:37:53.0929 3580	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:37:53.0960 3580	pccsmcfd - ok
19:37:53.0991 3580	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:37:54.0022 3580	pci - ok
19:37:54.0053 3580	pciide          (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
19:37:54.0069 3580	pciide - ok
19:37:54.0100 3580	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:37:54.0131 3580	pcmcia - ok
19:37:54.0225 3580	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:37:54.0365 3580	PEAUTH - ok
19:37:54.0490 3580	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:37:54.0631 3580	pla - ok
19:37:54.0771 3580	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:37:54.0833 3580	PlugPlay - ok
19:37:54.0896 3580	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:37:54.0927 3580	PNRPAutoReg - ok
19:37:54.0943 3580	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:37:54.0989 3580	PNRPsvc - ok
19:37:55.0021 3580	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:37:55.0067 3580	PolicyAgent - ok
19:37:55.0114 3580	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:37:55.0161 3580	PptpMiniport - ok
19:37:55.0177 3580	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:37:55.0239 3580	Processor - ok
19:37:55.0286 3580	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:37:55.0333 3580	ProfSvc - ok
19:37:55.0348 3580	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:37:55.0364 3580	ProtectedStorage - ok
19:37:55.0395 3580	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:37:55.0426 3580	PSched - ok
19:37:55.0442 3580	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\DRIVERS\PxHelp20.sys
19:37:55.0457 3580	PxHelp20 - ok
19:37:55.0520 3580	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:37:55.0582 3580	ql2300 - ok
19:37:55.0613 3580	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:37:55.0660 3580	ql40xx - ok
19:37:55.0691 3580	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:37:55.0723 3580	QWAVE - ok
19:37:55.0754 3580	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:37:55.0769 3580	QWAVEdrv - ok
19:37:55.0925 3580	R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
19:37:56.0128 3580	R300 - ok
19:37:56.0269 3580	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:37:56.0331 3580	RasAcd - ok
19:37:56.0378 3580	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:37:56.0440 3580	RasAuto - ok
19:37:56.0471 3580	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:56.0534 3580	Rasl2tp - ok
19:37:56.0581 3580	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:37:56.0627 3580	RasMan - ok
19:37:56.0674 3580	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:56.0705 3580	RasPppoe - ok
19:37:56.0737 3580	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:37:56.0768 3580	RasSstp - ok
19:37:56.0815 3580	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:37:56.0846 3580	rdbss - ok
19:37:56.0877 3580	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:56.0924 3580	RDPCDD - ok
19:37:56.0971 3580	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:37:57.0049 3580	rdpdr - ok
19:37:57.0064 3580	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:37:57.0095 3580	RDPENCDD - ok
19:37:57.0127 3580	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:37:57.0173 3580	RDPWD - ok
19:37:57.0205 3580	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:37:57.0236 3580	RemoteAccess - ok
19:37:57.0267 3580	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:37:57.0314 3580	RemoteRegistry - ok
19:37:57.0407 3580	RichVideo       (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:37:57.0439 3580	RichVideo - ok
19:37:57.0470 3580	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:37:57.0501 3580	RpcLocator - ok
19:37:57.0563 3580	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:37:57.0610 3580	RpcSs - ok
19:37:57.0673 3580	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:37:57.0735 3580	rspndr - ok
19:37:57.0766 3580	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:37:57.0797 3580	SamSs - ok
19:37:57.0844 3580	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:37:57.0860 3580	sbp2port - ok
19:37:57.0907 3580	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:37:57.0938 3580	SCardSvr - ok
19:37:58.0000 3580	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:37:58.0094 3580	Schedule - ok
19:37:58.0125 3580	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:37:58.0141 3580	SCPolicySvc - ok
19:37:58.0172 3580	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:37:58.0203 3580	SDRSVC - ok
19:37:58.0234 3580	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:37:58.0281 3580	secdrv - ok
19:37:58.0297 3580	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:37:58.0343 3580	seclogon - ok
19:37:58.0359 3580	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:37:58.0406 3580	SENS - ok
19:37:58.0437 3580	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:37:58.0484 3580	Serenum - ok
19:37:58.0499 3580	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:37:58.0562 3580	Serial - ok
19:37:58.0593 3580	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:37:58.0640 3580	sermouse - ok
19:37:58.0749 3580	ServiceLayer    (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:37:58.0827 3580	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:37:58.0827 3580	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:37:58.0921 3580	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:37:58.0967 3580	SessionEnv - ok
19:37:58.0999 3580	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:37:59.0061 3580	sffdisk - ok
19:37:59.0061 3580	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:37:59.0123 3580	sffp_mmc - ok
19:37:59.0139 3580	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:37:59.0186 3580	sffp_sd - ok
19:37:59.0201 3580	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:37:59.0264 3580	sfloppy - ok
19:37:59.0311 3580	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:37:59.0357 3580	SharedAccess - ok
19:37:59.0435 3580	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:37:59.0513 3580	ShellHWDetection - ok
19:37:59.0529 3580	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:37:59.0545 3580	SiSRaid2 - ok
19:37:59.0576 3580	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:37:59.0591 3580	SiSRaid4 - ok
19:37:59.0841 3580	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:38:00.0044 3580	slsvc - ok
19:38:00.0231 3580	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:38:00.0309 3580	SLUINotify - ok
19:38:00.0356 3580	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:38:00.0387 3580	Smb - ok
19:38:00.0418 3580	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:38:00.0449 3580	SNMPTRAP - ok
19:38:00.0481 3580	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:38:00.0496 3580	spldr - ok
19:38:00.0543 3580	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:38:00.0574 3580	Spooler - ok
19:38:00.0621 3580	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:38:00.0668 3580	srv - ok
19:38:00.0683 3580	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:38:00.0746 3580	srv2 - ok
19:38:00.0761 3580	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:38:00.0793 3580	srvnet - ok
19:38:00.0824 3580	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:38:00.0871 3580	SSDPSRV - ok
19:38:00.0902 3580	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:38:00.0902 3580	ssmdrv - ok
19:38:00.0917 3580	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:38:00.0949 3580	SstpSvc - ok
19:38:01.0011 3580	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:38:01.0058 3580	stisvc - ok
19:38:01.0089 3580	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:38:01.0105 3580	swenum - ok
19:38:01.0167 3580	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:38:01.0214 3580	swprv - ok
19:38:01.0245 3580	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:38:01.0245 3580	Symc8xx - ok
19:38:01.0261 3580	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:38:01.0276 3580	Sym_hi - ok
19:38:01.0307 3580	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:38:01.0307 3580	Sym_u3 - ok
19:38:01.0385 3580	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:38:01.0432 3580	SysMain - ok
19:38:01.0463 3580	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:38:01.0495 3580	TabletInputService - ok
19:38:01.0526 3580	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
19:38:01.0541 3580	taphss - ok
19:38:01.0573 3580	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:38:01.0635 3580	TapiSrv - ok
19:38:01.0666 3580	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:38:01.0697 3580	TBS - ok
19:38:01.0775 3580	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:38:01.0822 3580	Tcpip - ok
19:38:01.0838 3580	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:38:01.0885 3580	Tcpip6 - ok
19:38:01.0916 3580	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:38:01.0931 3580	tcpipreg - ok
19:38:01.0947 3580	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:38:01.0978 3580	TDPIPE - ok
19:38:02.0009 3580	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:38:02.0041 3580	TDTCP - ok
19:38:02.0072 3580	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:38:02.0119 3580	tdx - ok
19:38:02.0150 3580	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:38:02.0181 3580	TermDD - ok
19:38:02.0243 3580	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:38:02.0321 3580	TermService - ok
19:38:02.0353 3580	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:38:02.0384 3580	Themes - ok
19:38:02.0415 3580	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:38:02.0446 3580	THREADORDER - ok
19:38:02.0477 3580	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:38:02.0524 3580	TrkWks - ok
19:38:02.0571 3580	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:38:02.0587 3580	TrustedInstaller - ok
19:38:02.0618 3580	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:38:02.0665 3580	tssecsrv - ok
19:38:02.0680 3580	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:38:02.0696 3580	tunmp - ok
19:38:02.0711 3580	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:38:02.0743 3580	tunnel - ok
19:38:02.0774 3580	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
19:38:02.0789 3580	uagp35 - ok
19:38:02.0852 3580	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:38:02.0899 3580	udfs - ok
19:38:02.0930 3580	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:38:02.0977 3580	UI0Detect - ok
19:38:03.0008 3580	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:38:03.0023 3580	uliagpkx - ok
19:38:03.0055 3580	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:38:03.0086 3580	uliahci - ok
19:38:03.0117 3580	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:38:03.0148 3580	UlSata - ok
19:38:03.0164 3580	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:38:03.0195 3580	ulsata2 - ok
19:38:03.0226 3580	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:38:03.0257 3580	umbus - ok
19:38:03.0289 3580	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:38:03.0335 3580	upnphost - ok
19:38:03.0367 3580	upperdev        (e526a166e6acafd0a9b3841d3941669e) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:38:03.0413 3580	upperdev - ok
19:38:03.0445 3580	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:38:03.0491 3580	usbccgp - ok
19:38:03.0523 3580	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:38:03.0616 3580	usbcir - ok
19:38:03.0647 3580	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:38:03.0679 3580	usbehci - ok
19:38:03.0725 3580	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:38:03.0757 3580	usbhub - ok
19:38:03.0788 3580	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:38:03.0866 3580	usbohci - ok
19:38:03.0897 3580	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:38:03.0959 3580	usbprint - ok
19:38:03.0991 3580	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
19:38:04.0037 3580	usbser - ok
19:38:04.0069 3580	UsbserFilt      (6f3e3c6811b930d2414552a2e4a40f36) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:38:04.0131 3580	UsbserFilt - ok
19:38:04.0162 3580	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:04.0193 3580	USBSTOR - ok
19:38:04.0225 3580	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:38:04.0271 3580	usbuhci - ok
19:38:04.0318 3580	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:38:04.0365 3580	UxSms - ok
19:38:04.0427 3580	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:38:04.0474 3580	vds - ok
19:38:04.0537 3580	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:04.0568 3580	vga - ok
19:38:04.0599 3580	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:38:04.0630 3580	VgaSave - ok
19:38:04.0661 3580	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:38:04.0693 3580	viaagp - ok
19:38:04.0708 3580	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:38:04.0786 3580	ViaC7 - ok
19:38:04.0817 3580	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\DRIVERS\viaide.sys
19:38:04.0833 3580	viaide - ok
19:38:04.0849 3580	videX32         (c147afa614b9925479d47cd173329789) C:\Windows\system32\DRIVERS\videX32.sys
19:38:04.0880 3580	videX32 - ok
19:38:04.0911 3580	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:38:04.0942 3580	volmgr - ok
19:38:04.0973 3580	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:38:05.0005 3580	volmgrx - ok
19:38:05.0036 3580	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:38:05.0067 3580	volsnap - ok
19:38:05.0083 3580	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:38:05.0114 3580	vsmraid - ok
19:38:05.0207 3580	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:38:05.0254 3580	VSS - ok
19:38:05.0317 3580	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:38:05.0348 3580	W32Time - ok
19:38:05.0395 3580	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:38:05.0457 3580	WacomPen - ok
19:38:05.0473 3580	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:05.0519 3580	Wanarp - ok
19:38:05.0519 3580	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:05.0551 3580	Wanarpv6 - ok
19:38:05.0597 3580	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:38:05.0644 3580	wcncsvc - ok
19:38:05.0691 3580	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:38:05.0722 3580	WcsPlugInService - ok
19:38:05.0753 3580	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:38:05.0769 3580	Wd - ok
19:38:05.0816 3580	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:38:05.0878 3580	Wdf01000 - ok
19:38:05.0925 3580	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:38:05.0987 3580	WdiServiceHost - ok
19:38:05.0987 3580	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:38:06.0034 3580	WdiSystemHost - ok
19:38:06.0097 3580	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:38:06.0128 3580	WebClient - ok
19:38:06.0175 3580	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:38:06.0221 3580	Wecsvc - ok
19:38:06.0253 3580	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:38:06.0299 3580	wercplsupport - ok
19:38:06.0346 3580	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:38:06.0377 3580	WerSvc - ok
19:38:06.0455 3580	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:38:06.0487 3580	WinDefend - ok
19:38:06.0487 3580	WinHttpAutoProxySvc - ok
19:38:06.0533 3580	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:38:06.0580 3580	Winmgmt - ok
19:38:06.0674 3580	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:38:06.0767 3580	WinRM - ok
19:38:06.0892 3580	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:38:06.0955 3580	Wlansvc - ok
19:38:07.0017 3580	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:38:07.0064 3580	WmiAcpi - ok
19:38:07.0111 3580	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:38:07.0142 3580	wmiApSrv - ok
19:38:07.0282 3580	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:38:07.0345 3580	WMPNetworkSvc - ok
19:38:07.0376 3580	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:38:07.0407 3580	WPCSvc - ok
19:38:07.0438 3580	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:38:07.0469 3580	WPDBusEnum - ok
19:38:07.0516 3580	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:38:07.0547 3580	WpdUsb - ok
19:38:07.0657 3580	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:38:07.0703 3580	WPFFontCache_v0400 - ok
19:38:07.0735 3580	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:38:07.0766 3580	ws2ifsl - ok
19:38:07.0813 3580	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:38:07.0844 3580	wscsvc - ok
19:38:07.0844 3580	WSearch - ok
19:38:08.0015 3580	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:38:08.0078 3580	wuauserv - ok
19:38:08.0265 3580	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:38:08.0281 3580	WUDFRd - ok
19:38:08.0312 3580	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:38:08.0359 3580	wudfsvc - ok
19:38:08.0390 3580	X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
19:38:08.0405 3580	X10Hid - ok
19:38:08.0452 3580	x10nets         (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
19:38:08.0468 3580	x10nets ( UnsignedFile.Multi.Generic ) - warning
19:38:08.0468 3580	x10nets - detected UnsignedFile.Multi.Generic (1)
19:38:08.0499 3580	xfilt           (c7f0d7aa3a3c2df333afdd593106f39f) C:\Windows\system32\DRIVERS\xfilt.sys
19:38:08.0515 3580	xfilt - ok
19:38:08.0546 3580	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:38:08.0795 3580	\Device\Harddisk0\DR0 - ok
19:38:08.0827 3580	MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
19:38:09.0154 3580	\Device\Harddisk1\DR1 - ok
19:38:09.0185 3580	Boot (0x1200)   (a6c447b485102dcb13f0402e1589268c) \Device\Harddisk0\DR0\Partition0
19:38:09.0185 3580	\Device\Harddisk0\DR0\Partition0 - ok
19:38:09.0201 3580	Boot (0x1200)   (c5d0a42d20060be8802848b2f361ae6a) \Device\Harddisk0\DR0\Partition1
19:38:09.0201 3580	\Device\Harddisk0\DR0\Partition1 - ok
19:38:09.0232 3580	Boot (0x1200)   (8a5d37717f69bdc584e785f32f40b2b4) \Device\Harddisk1\DR1\Partition0
19:38:09.0232 3580	\Device\Harddisk1\DR1\Partition0 - ok
19:38:09.0263 3580	Boot (0x1200)   (69490adb609454493ee109e8e0aa0e16) \Device\Harddisk1\DR1\Partition1
19:38:09.0263 3580	\Device\Harddisk1\DR1\Partition1 - ok
19:38:09.0263 3580	============================================================
19:38:09.0263 3580	Scan finished
19:38:09.0263 3580	============================================================
19:38:09.0279 2016	Detected object count: 7
19:38:09.0279 2016	Actual detected object count: 7
19:38:28.0919 2016	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0919 2016	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:28.0919 2016	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0919 2016	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:28.0919 2016	NBService ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0919 2016	NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:28.0935 2016	NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0935 2016	NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:28.0935 2016	PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0935 2016	PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:28.0935 2016	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0935 2016	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:28.0935 2016	x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0935 2016	x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

26.05.2012, 14:44	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	loaupdt.jpg Aus der Q solltest du nichts löschen! Du solltest nur mit Malwarebytes die Funde entfernen, so dass die in die Q von MBAM landen! Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> loaupdt.jpg

30.05.2012, 09:41	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	loaupdt.jpg Das andere Log (OTL.txt) fehlt __________________ Logfiles bitte immer in CODE-Tags posten

loaupdt.jpg

Plagegeister aller Art und deren Bekämpfung: loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

loaupdt.jpg

Ähnliche Themen: loaupdt.jpg

26.05.2012, 06:48	#5
ruufl	loaupdt.jpg funde waren in der quarantäne hab dort alle gelöscht. Was muss jetzt getan werden ?

29.05.2012, 07:42	#7
ruufl	loaupdt.jpg normaler Modus von windows geht soweit ich das beurteilen kann uneingeschränkt. Piepstöne und auch die Fehlermeldung kommen nicht mehr. Ob ich irgendwas im Startmenü vermisse kann ich leider nicht sagen das ist soviel zeug drinn was ich teilweiße gar nicht verwende. Aber das was ich benutze ist noch da. Ein leerer Ordner namens Autostart ist dabei.