Verschlüsselungs-Trojaner TR/Jorik.Zbot.dkw

cosinus · 20.07.2012, 16:00

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Daniel Sun · 21.07.2012, 12:00

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.07.2012 11:26:17 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Daniel Sun\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 278,94 Mb Available Physical Memory | 54,59% Memory free
1,22 Gb Paging File | 0,69 Gb Available in Paging File | 56,28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,29 Gb Total Space | 2,91 Gb Free Space | 6,28% Space Free | Partition Type: NTFS
Drive D: | 37,00 Gb Total Space | 6,09 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
Drive E: | 9,76 Gb Total Space | 2,78 Gb Free Space | 28,44% Space Free | Partition Type: FAT32
Drive H: | 465,76 Gb Total Space | 74,73 Gb Free Space | 16,04% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL | User Name: Daniel Sun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.21 10:12:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\OTL.exe
PRC - [2012.05.13 10:32:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.13 10:31:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.13 10:31:55 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.13 10:31:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.04.02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SAMSUNG\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008.07.21 18:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Programme\Maxtor One touch 4\OneTouch Status\MaxMenuMgr.exe
PRC - [2008.07.21 18:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Maxtor One touch 4\Sync\SyncServices.exe
PRC - [2008.06.19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007.10.21 17:50:58 | 000,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2006.06.09 20:38:00 | 000,294,912 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Programme\FinePixViewer\QuickDCF2.exe
PRC - [2005.06.23 21:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005.04.30 18:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2005.01.11 19:18:40 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005.01.11 19:18:40 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005.01.11 19:17:20 | 000,118,926 | ---- | M] (CyberLink Corp.) -- C:\Programme\Home Cinema\PowerCinema\PCMService.exe
PRC - [2004.12.01 16:54:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004.11.29 20:55:44 | 000,569,405 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2004.11.29 20:55:10 | 001,261,652 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2004.11.02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
PRC - [2004.10.05 17:25:10 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.06.20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.08 22:51:28 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.07.08 22:46:59 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65801ce9901782d7d91bcab541ffc163\System.Windows.Forms.ni.dll
MOD - [2012.07.08 22:45:55 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.07.06 23:36:41 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
MOD - [2012.05.13 10:32:12 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.05.13 10:24:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b9a87bd4453655cef92df71d1623a50e\System.Configuration.ni.dll
MOD - [2012.05.11 22:44:06 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.11 22:37:11 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.11 22:36:43 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2008.06.19 19:08:52 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.02.22 13:44:00 | 000,061,440 | ---- | M] () -- C:\Programme\FinePixViewer\wia_register_event.dll
MOD - [2005.10.07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Programme\win rar\RarExt.dll
MOD - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
MOD - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
MOD - [2005.01.11 19:17:50 | 000,168,020 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapEngine.dll
MOD - [2005.01.11 19:17:50 | 000,057,422 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSchMgr.dll
MOD - [2005.01.11 19:17:50 | 000,028,672 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvcps.dll
MOD - [2005.01.11 19:17:14 | 000,229,458 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll
MOD - [2004.11.29 20:56:52 | 000,053,248 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.20 09:32:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.13 10:32:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.13 10:31:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 10:37:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.01.21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.01.07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008.07.21 18:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Maxtor One touch 4\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008.06.19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.04.30 18:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005.01.11 19:18:40 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\UltraStar Deluxe\zlportio.sys -- (zlportio)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\x10uif.sys -- (X10UIF)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Antivirus\BullGuard 5.0\reconn.sys -- (Reconn)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Antivirus\BullGuard 5.0\filespy5.sys -- (FileSpy5)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.05 13:11:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.05.13 10:32:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.13 10:32:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008.06.19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.06.10 22:22:52 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008.06.02 16:19:16 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008.06.02 16:19:12 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.05.03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.06.02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.02.23 19:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005.01.26 12:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005.01.10 17:54:02 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004.12.21 15:33:00 | 000,909,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.12.01 21:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.11.29 20:36:22 | 000,399,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004.11.29 20:34:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004.11.29 20:34:32 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004.11.29 20:34:20 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.11.29 20:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004.11.29 20:31:16 | 000,030,299 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004.11.29 20:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.10.29 19:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004.10.06 15:10:46 | 000,945,152 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2004.08.04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.07.22 15:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.05.27 00:07:30 | 000,067,584 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004.05.26 16:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004.01.16 14:02:58 | 000,017,408 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2000.01.08 10:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\SearchScopes\{2BA80DF8-0538-46ED-A850-D5613E0159F3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DVXE_de
IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\SearchScopes\{7798EBD2-8976-4E51-9738-7B6082A1F5FF}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.06.12 18:20:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.05.13 23:06:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.05.13 23:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7\Extensions\\Components: C:\Programme\Mozilla1.7\Components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7\Extensions\\Plugins: C:\Programme\Mozilla1.7\Plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.20 09:32:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.15 10:22:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7\Extensions\\Components: C:\Programme\Mozilla1.7\Components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7\Extensions\\Plugins: C:\Programme\Mozilla1.7\Plugins
 
[2008.10.22 14:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Mozilla\Extensions
[2012.07.08 23:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Mozilla\Firefox\Profiles\lig3szrt.default\extensions
[2012.01.11 12:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.10.21 17:44:11 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2012.07.20 09:32:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2006.01.18 13:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npsnapfish.dll
[2011.10.05 21:37:03 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.05 21:37:03 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.05 21:37:03 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 21:37:03 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 21:37:03 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 21:37:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor One touch 4\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe File not found
O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RemoteControl] C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008..\Run: [AutoStartNPSAgent] C:\Programme\SAMSUNG\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008..\Run: [ReJf5vH] C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Microsoft\Windows\rjatyd.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher 2.lnk = C:\Programme\FinePixViewer\QuickDCF2.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\Daniel Sun\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Macromedia Active Shockwave)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104261081168 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} hxxp://www.studivz.net/lib/photouploader/PhotoUploader.cab (Photo Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64E6EFBD-4F93-49EC-A677-C57C96FB2574}: NameServer = 192.168.71.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6769707-45E0-4107-A111-89987CAD1CF6}: NameServer = 213.209.104.250 213.209.104.220
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Daniel Sun\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Daniel Sun\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.30 21:26:08 | 000,000,131 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O32 - Unable to obtain root file information for disk H:\
O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell - "" = AutoRun
O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4c02ab01-15bb-11dd-b871-000e35d07965}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe
O33 - MountPoints2\{ee8d0990-2ece-11db-b5a2-00038a000015}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.21 11:24:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\OTL
[2012.07.21 10:12:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\OTL.exe
[2012.07.14 14:12:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\ESET online scanner
[2012.07.05 17:34:06 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.07.05 17:33:09 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\esetsmartinstaller_enu.exe
[2012.07.05 13:10:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.05 13:10:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Malwarebytes
[2012.07.05 13:10:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.05 13:10:08 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.05 13:07:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\Malwarebytes
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.21 11:37:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.21 10:12:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\OTL.exe
[2012.07.21 10:01:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.21 09:52:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.21 09:52:37 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 09:53:29 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2012.07.19 09:57:20 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.07.19 09:50:36 | 000,624,883 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\adwcleaner.exe
[2012.07.19 09:23:33 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.14 18:13:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.06 23:37:26 | 000,461,356 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.06 23:37:26 | 000,436,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.06 23:37:26 | 000,086,042 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.06 23:37:26 | 000,070,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.06 15:00:01 | 000,000,552 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Daniel Sun.job
[2012.07.05 17:33:10 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\esetsmartinstaller_enu.exe
[2012.07.05 13:11:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.05 13:10:10 | 000,000,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.05 13:04:20 | 000,000,554 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Wilhelm.tel.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.19 09:50:23 | 000,624,883 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\adwcleaner.exe
[2012.07.05 13:10:10 | 000,000,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.15 18:05:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.20 11:47:10 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\yNteLJfXjgGlouday
[2011.02.22 22:56:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011.02.22 22:56:32 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011.02.22 22:56:16 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\$_hpcst$.hpc
[2010.09.13 17:48:33 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.09.21 15:19:47 | 000,004,096 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\log.dat
[2005.03.09 19:12:46 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.02.23 12:07:02 | 000,056,186 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\wklnhst.dat
[2005.02.23 12:07:00 | 000,248,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.02.23 12:07:00 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[1601.02.13 10:28:18 | 000,003,836 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\GlEuUaqrssnJfXAgG
[1601.02.13 10:28:18 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\VequtaEOUlAJGXnNV
 
========== LOP Check ==========
 
[2005.01.12 08:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX
[2008.12.11 10:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development
[2012.05.24 14:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games
[2012.06.12 18:15:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy3_America
[2007.12.12 19:20:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon
[2011.04.21 14:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2008.01.21 19:30:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor
[2005.01.10 02:30:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2011.02.22 23:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2006.10.30 22:06:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2006.10.30 21:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
[2012.05.23 12:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rionix
[2009.12.07 18:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2006.10.30 21:29:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2012.05.24 15:26:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.05.10 19:39:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.05.24 14:25:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Artifex Mundi
[2012.06.12 18:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Audacity
[2012.06.12 18:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Azureus
[2012.06.12 18:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DDMSettings
[2011.11.20 16:51:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.11.30 12:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoft
[2012.06.12 18:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.06.12 18:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\FUJIFILM
[2012.04.06 16:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\gtk-2.0
[2007.12.12 19:20:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\HaCon
[2012.02.07 19:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Klett
[2008.04.24 16:46:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Leadertech
[2011.04.21 14:55:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Lexware
[2005.01.12 08:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\MAGIX
[2011.06.20 10:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\OpenOffice.org
[2011.02.22 23:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\PC Suite
[2012.06.12 18:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\pokerth
[2011.02.22 22:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Samsung
[2007.03.17 23:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Snapfish
[2005.01.12 08:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\MAGIX
[2005.01.10 17:54:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2007.02.12 13:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\X10 Commander
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.20 11:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Adobe
[2012.06.12 18:21:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\AdobeUM
[2012.06.12 18:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Ahead
[2007.01.16 10:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\AOL
[2010.09.01 13:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Apple Computer
[2012.05.24 14:25:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Artifex Mundi
[2012.06.12 18:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Audacity
[2012.02.16 18:12:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Avira
[2012.06.12 18:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Azureus
[2009.10.02 20:04:32 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Brother
[2005.02.23 12:39:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\CyberLink
[2012.06.12 18:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DDMSettings
[2011.11.20 16:51:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2010.06.01 19:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DivX
[2011.11.30 12:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoft
[2012.06.12 18:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.06.12 18:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\FUJIFILM
[2008.07.16 18:03:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Google
[2012.04.06 16:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\gtk-2.0
[2007.12.12 19:20:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\HaCon
[2012.06.12 18:21:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Help
[2005.10.14 23:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Hewlett-Packard
[2004.12.28 18:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Identities
[2009.10.02 19:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\InstallShield
[2005.01.18 09:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Intel
[2012.02.07 19:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Klett
[2008.04.24 16:46:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Leadertech
[2011.04.21 14:55:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Lexware
[2005.01.02 17:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Macromedia
[2005.01.12 08:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\MAGIX
[2012.07.05 13:10:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Malwarebytes
[2012.06.12 18:23:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Microsoft
[2008.10.22 14:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Mozilla
[2011.06.20 10:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\OpenOffice.org
[2011.02.22 23:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\PC Suite
[2007.10.21 17:44:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\PC Tools
[2012.06.12 18:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\pokerth
[2005.01.01 20:32:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Real
[2012.06.12 18:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Reallusion
[2011.02.22 22:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Samsung
[2012.06.12 18:24:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Skype
[2007.03.17 23:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Snapfish
[2005.01.01 20:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Sun
[2007.01.18 11:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Talkback
[2008.04.24 11:46:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\U3
[2012.06.12 18:24:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\vlc
[2005.01.02 10:17:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\You've Got Pictures Screensaver
 
< %APPDATA%\*.exe /s >
[2011.11.20 16:47:07 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.11.20 11:38:35 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2011.09.15 17:17:24 | 005,147,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
[2006.12.14 10:00:02 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\U3\temp\cleanup.exe
[2007.02.12 17:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
[2001.01.10 13:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.01 12:23:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.10.01 12:23:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.01 12:23:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.01 12:23:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\Malwarebytes\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.12.28 19:05:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.12.28 19:05:15 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.12.28 19:05:15 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F43B7E8F
@Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:07C99568
@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F98E6C67
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FA5F15C4
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >

--- --- ---
[/code]

LG Daniel Sun

cosinus · 23.07.2012, 13:30

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O3 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe File not found
O4 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008..\Run: [ReJf5vH] C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Microsoft\Windows\rjatyd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.30 21:26:08 | 000,000,131 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O32 - Unable to obtain root file information for disk H:\
O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell - "" = AutoRun
O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4c02ab01-15bb-11dd-b871-000e35d07965}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe
O33 - MountPoints2\{ee8d0990-2ece-11db-b5a2-00038a000015}\Shell\AutoRun\command - "" = G:\setupSNK.exe
@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F43B7E8F
@Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:07C99568
@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F98E6C67
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FA5F15C4
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Daniel Sun · 23.07.2012, 16:17

Einmal das OTL Fix Logfile:

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1201297730-1576740685-3053416582-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1201297730-1576740685-3053416582-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCLEPCI deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1201297730-1576740685-3053416582-1008\Software\Microsoft\Windows\CurrentVersion\Run\\ReJf5vH deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File  not found.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c02ab01-15bb-11dd-b871-000e35d07965}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c02ab01-15bb-11dd-b871-000e35d07965}\ not found.
File G:\wd_windows_tools\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee8d0990-2ece-11db-b5a2-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee8d0990-2ece-11db-b5a2-00038a000015}\ not found.
File G:\setupSNK.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F43B7E8F deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:07C99568 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F98E6C67 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FA5F15C4 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 369018 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 300 bytes
 
User: All Users
 
User: Besitzer
 
User: Daniel Sun
->Temp folder emptied: 73146421 bytes
->Temporary Internet Files folder emptied: 13265258 bytes
->Java cache emptied: 149180 bytes
->FireFox cache emptied: 115414121 bytes
->Flash cache emptied: 20638697 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 278662 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56775 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 42049306 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33172 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1706597 bytes
%systemroot%\System32 .tmp files removed: 8522240 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2875073 bytes
RecycleBin emptied: 4889376 bytes
 
Total Files Cleaned = 270,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Besitzer
 
User: Daniel Sun
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07232012_165210

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

LG Daniel Sun

cosinus · 24.07.2012, 10:02

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Daniel Sun · 26.07.2012, 08:52

Ist erledigt:

Code:

ATTFilter

 09:45:11.0731 2436	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:45:11.0801 2436	============================================================
09:45:11.0801 2436	Current date / time: 2012/07/26 09:45:11.0801
09:45:11.0801 2436	SystemInfo:
09:45:11.0801 2436	
09:45:11.0801 2436	OS Version: 5.1.2600 ServicePack: 3.0
09:45:11.0801 2436	Product type: Workstation
09:45:11.0801 2436	ComputerName: DANIEL
09:45:11.0801 2436	UserName: Daniel Sun
09:45:11.0801 2436	Windows directory: C:\WINDOWS
09:45:11.0801 2436	System windows directory: C:\WINDOWS
09:45:11.0801 2436	Processor architecture: Intel x86
09:45:11.0801 2436	Number of processors: 1
09:45:11.0801 2436	Page size: 0x1000
09:45:11.0801 2436	Boot type: Normal boot
09:45:11.0801 2436	============================================================
09:45:15.0526 2436	Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:45:15.0536 2436	Drive \Device\Harddisk1\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:45:15.0556 2436	============================================================
09:45:15.0556 2436	\Device\Harddisk0\DR0:
09:45:15.0556 2436	MBR partitions:
09:45:15.0556 2436	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5C9559C
09:45:15.0597 2436	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5C9561A, BlocksNum 0x49FFD1F
09:45:15.0607 2436	\Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0xA695378, BlocksNum 0x1388AFC
09:45:15.0607 2436	\Device\Harddisk1\DR5:
09:45:15.0607 2436	MBR partitions:
09:45:15.0607 2436	\Device\Harddisk1\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:45:15.0607 2436	============================================================
09:45:16.0318 2436	C: <-> \Device\Harddisk0\DR0\Partition0
09:45:16.0368 2436	D: <-> \Device\Harddisk0\DR0\Partition1
09:45:16.0368 2436	E: <-> \Device\Harddisk0\DR0\Partition2
09:45:16.0378 2436	H: <-> \Device\Harddisk1\DR5\Partition0
09:45:16.0378 2436	============================================================
09:45:16.0378 2436	Initialize success
09:45:16.0378 2436	============================================================
09:45:57.0206 2864	============================================================
09:45:57.0206 2864	Scan started
09:45:57.0206 2864	Mode: Manual; SigCheck; TDLFS; 
09:45:57.0206 2864	============================================================
09:46:04.0667 2864	3xHybrid        (97165948af80eda4a3015eb536a85818) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
09:46:09.0424 2864	3xHybrid - ok
09:46:09.0925 2864	61883           (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
09:46:14.0331 2864	61883 - ok
09:46:14.0341 2864	Abiosdsk - ok
09:46:14.0351 2864	abp480n5 - ok
09:46:17.0185 2864	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:46:17.0866 2864	ACPI - ok
09:46:18.0126 2864	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:46:18.0387 2864	ACPIEC - ok
09:46:18.0497 2864	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:46:18.0537 2864	AdobeFlashPlayerUpdateSvc - ok
09:46:18.0547 2864	adpu160m - ok
09:46:18.0587 2864	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:46:18.0747 2864	aec - ok
09:46:18.0807 2864	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:46:18.0858 2864	AFD - ok
09:46:18.0958 2864	AgereSoftModem  (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
09:46:19.0128 2864	AgereSoftModem - ok
09:46:19.0168 2864	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:46:19.0328 2864	agp440 - ok
09:46:19.0338 2864	Aha154x - ok
09:46:19.0348 2864	aic78u2 - ok
09:46:19.0358 2864	aic78xx - ok
09:46:19.0549 2864	ALCXWDM         (4e0aca5290b2966f24c45250a56c2da1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:46:19.0979 2864	ALCXWDM - ok
09:46:20.0099 2864	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
09:46:20.0270 2864	Alerter - ok
09:46:20.0280 2864	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
09:46:20.0430 2864	ALG - ok
09:46:20.0460 2864	AliIde - ok
09:46:20.0460 2864	amsint - ok
09:46:20.0590 2864	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
09:46:20.0620 2864	AntiVirSchedulerService - ok
09:46:20.0660 2864	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
09:46:20.0680 2864	AntiVirService - ok
09:46:20.0770 2864	Apple Mobile Device (d503df3aba595f551b98b9bae017a271) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:46:20.0790 2864	Apple Mobile Device - ok
09:46:20.0800 2864	AppMgmt - ok
09:46:20.0850 2864	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:46:21.0011 2864	Arp1394 - ok
09:46:21.0041 2864	Asapi           (7de1504dba7e72313bb4ca5587df86cf) C:\WINDOWS\system32\drivers\Asapi.sys
09:46:21.0041 2864	Asapi ( UnsignedFile.Multi.Generic ) - warning
09:46:21.0041 2864	Asapi - detected UnsignedFile.Multi.Generic (1)
09:46:21.0081 2864	ASAPIW2K        (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\asapiW2k.sys
09:46:21.0091 2864	ASAPIW2K ( UnsignedFile.Multi.Generic ) - warning
09:46:21.0091 2864	ASAPIW2K - detected UnsignedFile.Multi.Generic (1)
09:46:21.0101 2864	asc - ok
09:46:21.0111 2864	asc3350p - ok
09:46:21.0121 2864	asc3550 - ok
09:46:21.0251 2864	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:46:21.0261 2864	aspnet_state - ok
09:46:21.0321 2864	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:46:21.0471 2864	AsyncMac - ok
09:46:21.0501 2864	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:46:21.0652 2864	atapi - ok
09:46:21.0672 2864	Atdisk - ok
09:46:21.0742 2864	Ati HotKey Poller (95c8d501214b4ae5e786c540063d6378) C:\WINDOWS\system32\Ati2evxx.exe
09:46:21.0842 2864	Ati HotKey Poller - ok
09:46:21.0902 2864	ati2mtag        (3714f1bf8e347a66405be47af3738a2d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:46:22.0042 2864	ati2mtag - ok
09:46:22.0072 2864	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:46:22.0222 2864	Atmarpc - ok
09:46:22.0272 2864	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
09:46:22.0423 2864	AudioSrv - ok
09:46:22.0463 2864	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:46:22.0613 2864	audstub - ok
09:46:22.0643 2864	Avc             (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
09:46:22.0803 2864	Avc - ok
09:46:22.0853 2864	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:46:22.0903 2864	avgntflt - ok
09:46:22.0943 2864	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:46:22.0973 2864	avipbb - ok
09:46:23.0013 2864	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:46:23.0034 2864	avkmgr - ok
09:46:23.0094 2864	bcm4sbxp        (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:46:23.0134 2864	bcm4sbxp - ok
09:46:23.0184 2864	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:46:23.0354 2864	Beep - ok
09:46:23.0434 2864	bgsvcgen        (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe
09:46:23.0454 2864	bgsvcgen ( UnsignedFile.Multi.Generic ) - warning
09:46:23.0454 2864	bgsvcgen - detected UnsignedFile.Multi.Generic (1)
09:46:23.0524 2864	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
09:46:23.0825 2864	BITS - ok
09:46:23.0915 2864	Bonjour Service (ebad0f51d8d4dade7660b1851addbd07) C:\Programme\Bonjour\mDNSResponder.exe
09:46:23.0955 2864	Bonjour Service - ok
09:46:24.0025 2864	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
09:46:24.0155 2864	Browser - ok
09:46:24.0195 2864	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
09:46:24.0245 2864	BrScnUsb - ok
09:46:24.0315 2864	btaudio         (5d0ba6d229996a5f640f571ad478e532) C:\WINDOWS\system32\drivers\btaudio.sys
09:46:24.0375 2864	btaudio ( UnsignedFile.Multi.Generic ) - warning
09:46:24.0375 2864	btaudio - detected UnsignedFile.Multi.Generic (1)
09:46:24.0416 2864	BTDriver        (0cd9a9aadabe621b3872e54283cd4bee) C:\WINDOWS\system32\DRIVERS\btport.sys
09:46:24.0436 2864	BTDriver ( UnsignedFile.Multi.Generic ) - warning
09:46:24.0436 2864	BTDriver - detected UnsignedFile.Multi.Generic (1)
09:46:24.0476 2864	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:46:24.0636 2864	BthEnum - ok
09:46:24.0706 2864	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
09:46:24.0866 2864	BthPan - ok
09:46:24.0906 2864	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
09:46:24.0946 2864	BTHPORT - ok
09:46:24.0976 2864	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
09:46:25.0127 2864	BthServ - ok
09:46:25.0177 2864	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
09:46:25.0337 2864	BTHUSB - ok
09:46:25.0447 2864	BTKRNL          (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:46:25.0577 2864	BTKRNL ( UnsignedFile.Multi.Generic ) - warning
09:46:25.0577 2864	BTKRNL - detected UnsignedFile.Multi.Generic (1)
09:46:25.0687 2864	BTSERIAL        (ca33ae514a49105f2b6b9bd48c49d4de) C:\WINDOWS\system32\drivers\btserial.sys
09:46:25.0697 2864	BTSERIAL ( UnsignedFile.Multi.Generic ) - warning
09:46:25.0697 2864	BTSERIAL - detected UnsignedFile.Multi.Generic (1)
09:46:25.0767 2864	BTSLBCSP        (2718bb436b801b32b3bce8b1ee23968d) C:\WINDOWS\system32\drivers\btslbcsp.sys
09:46:25.0808 2864	BTSLBCSP ( UnsignedFile.Multi.Generic ) - warning
09:46:25.0808 2864	BTSLBCSP - detected UnsignedFile.Multi.Generic (1)
09:46:25.0898 2864	btwdins         (14ed6f66e516ef4ba45052c232a2350c) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
09:46:25.0968 2864	btwdins ( UnsignedFile.Multi.Generic ) - warning
09:46:25.0968 2864	btwdins - detected UnsignedFile.Multi.Generic (1)
09:46:26.0008 2864	BTWDNDIS        (59a6c89408366364ad3d8ab66c771bd5) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:46:26.0038 2864	BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
09:46:26.0038 2864	BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
09:46:26.0078 2864	BTWUSB          (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys
09:46:26.0088 2864	BTWUSB ( UnsignedFile.Multi.Generic ) - warning
09:46:26.0088 2864	BTWUSB - detected UnsignedFile.Multi.Generic (1)
09:46:26.0148 2864	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:46:26.0318 2864	cbidf2k - ok
09:46:26.0358 2864	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:46:26.0498 2864	CCDECODE - ok
09:46:26.0519 2864	cd20xrnt - ok
09:46:26.0559 2864	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:46:26.0719 2864	Cdaudio - ok
09:46:26.0739 2864	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:46:26.0869 2864	Cdfs - ok
09:46:26.0889 2864	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:46:27.0049 2864	Cdrom - ok
09:46:27.0059 2864	Changer - ok
09:46:27.0099 2864	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
09:46:27.0250 2864	CiSvc - ok
09:46:27.0400 2864	CLCapSvc        (0138fdf9018056be2d59612dae2973d6) C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
09:46:27.0410 2864	CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
09:46:27.0410 2864	CLCapSvc - detected UnsignedFile.Multi.Generic (1)
09:46:27.0450 2864	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
09:46:27.0600 2864	ClipSrv - ok
09:46:27.0760 2864	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:46:27.0780 2864	clr_optimization_v2.0.50727_32 - ok
09:46:27.0830 2864	CLSched         (c19f7d72bf0aa6882cc8a00a826f00cb) C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
09:46:27.0860 2864	CLSched ( UnsignedFile.Multi.Generic ) - warning
09:46:27.0860 2864	CLSched - detected UnsignedFile.Multi.Generic (1)
09:46:27.0901 2864	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:46:28.0041 2864	CmBatt - ok
09:46:28.0051 2864	CmdIde - ok
09:46:28.0081 2864	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:46:28.0231 2864	Compbatt - ok
09:46:28.0241 2864	COMSysApp - ok
09:46:28.0261 2864	Cpqarray - ok
09:46:28.0311 2864	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
09:46:28.0451 2864	CryptSvc - ok
09:46:28.0511 2864	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:46:28.0561 2864	CVirtA - ok
09:46:28.0742 2864	CVPND           (98b1b70e250ebca7b7a0a56ad2a7e62f) C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
09:46:28.0862 2864	CVPND - ok
09:46:28.0972 2864	CVPNDRVA        (465ced77e7c4f9d71b81ba600edafac1) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
09:46:29.0032 2864	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
09:46:29.0032 2864	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
09:46:29.0172 2864	CyberLink Media Library Service (2bb11cd367d49098d57a8638adb5bcf6) C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
09:46:29.0192 2864	CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
09:46:29.0192 2864	CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
09:46:29.0202 2864	dac2w2k - ok
09:46:29.0212 2864	dac960nt - ok
09:46:29.0373 2864	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
09:46:29.0473 2864	DcomLaunch - ok
09:46:29.0503 2864	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
09:46:29.0643 2864	Dhcp - ok
09:46:29.0713 2864	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:46:29.0843 2864	Disk - ok
09:46:29.0853 2864	dmadmin - ok
09:46:29.0903 2864	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
09:46:30.0154 2864	dmboot - ok
09:46:30.0174 2864	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
09:46:30.0334 2864	dmio - ok
09:46:30.0404 2864	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:46:30.0544 2864	dmload - ok
09:46:30.0594 2864	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
09:46:30.0745 2864	dmserver - ok
09:46:30.0765 2864	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:46:30.0915 2864	DMusic - ok
09:46:30.0965 2864	DNE             (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:46:30.0985 2864	DNE - ok
09:46:31.0025 2864	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
09:46:31.0125 2864	Dnscache - ok
09:46:31.0155 2864	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
09:46:31.0325 2864	Dot3svc - ok
09:46:31.0335 2864	dpti2o - ok
09:46:31.0406 2864	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:46:31.0546 2864	drmkaud - ok
09:46:31.0576 2864	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
09:46:31.0706 2864	EapHost - ok
09:46:31.0756 2864	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
09:46:31.0896 2864	ERSvc - ok
09:46:31.0946 2864	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
09:46:31.0976 2864	Eventlog - ok
09:46:32.0036 2864	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
09:46:32.0107 2864	EventSystem - ok
09:46:32.0137 2864	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:46:32.0287 2864	Fastfat - ok
09:46:32.0317 2864	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:46:32.0447 2864	FastUserSwitchingCompatibility - ok
09:46:32.0487 2864	Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
09:46:32.0677 2864	Fax - ok
09:46:32.0727 2864	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:46:32.0858 2864	Fdc - ok
09:46:32.0908 2864	FileSpy5 - ok
09:46:32.0928 2864	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
09:46:33.0058 2864	Fips - ok
09:46:33.0098 2864	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:46:33.0248 2864	Flpydisk - ok
09:46:33.0288 2864	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:46:33.0448 2864	FltMgr - ok
09:46:33.0559 2864	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:46:33.0579 2864	FontCache3.0.0.0 - ok
09:46:33.0619 2864	FsUsbExDisk     (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
09:46:33.0639 2864	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
09:46:33.0639 2864	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
09:46:33.0669 2864	FsUsbExService  (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe
09:46:33.0699 2864	FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
09:46:33.0699 2864	FsUsbExService - detected UnsignedFile.Multi.Generic (1)
09:46:33.0749 2864	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:46:33.0909 2864	Fs_Rec - ok
09:46:33.0959 2864	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:46:34.0129 2864	Ftdisk - ok
09:46:34.0170 2864	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:46:34.0180 2864	GEARAspiWDM - ok
09:46:34.0200 2864	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:46:34.0350 2864	Gpc - ok
09:46:34.0410 2864	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:46:34.0540 2864	helpsvc - ok
09:46:34.0550 2864	HidServ - ok
09:46:34.0580 2864	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:46:34.0720 2864	HidUsb - ok
09:46:34.0780 2864	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
09:46:34.0911 2864	hkmsvc - ok
09:46:34.0921 2864	hpn - ok
09:46:34.0961 2864	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:46:35.0021 2864	HTTP - ok
09:46:35.0041 2864	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
09:46:35.0191 2864	HTTPFilter - ok
09:46:35.0201 2864	i2omgmt - ok
09:46:35.0211 2864	i2omp - ok
09:46:35.0241 2864	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:46:35.0401 2864	i8042prt - ok
09:46:35.0511 2864	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:46:35.0511 2864	IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:46:35.0511 2864	IDriverT - detected UnsignedFile.Multi.Generic (1)
09:46:35.0632 2864	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:46:35.0732 2864	idsvc - ok
09:46:35.0832 2864	IKFileSec       (bf1d66c139a4e9be079d47fcfa993578) C:\WINDOWS\system32\drivers\ikfilesec.sys
09:46:35.0842 2864	IKFileSec - ok
09:46:35.0892 2864	IKSysFlt        (a90856d3fc565a0d0165574e51a6d088) C:\WINDOWS\system32\drivers\iksysflt.sys
09:46:35.0912 2864	IKSysFlt - ok
09:46:35.0952 2864	IKSysSec        (6ebded50d6e19879bc3a86c36d3a0f9d) C:\WINDOWS\system32\drivers\iksyssec.sys
09:46:35.0972 2864	IKSysSec - ok
09:46:36.0032 2864	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:46:36.0172 2864	Imapi - ok
09:46:36.0232 2864	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
09:46:36.0383 2864	ImapiService - ok
09:46:36.0403 2864	ini910u - ok
09:46:36.0433 2864	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:46:36.0573 2864	IntelIde - ok
09:46:36.0583 2864	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:46:36.0723 2864	intelppm - ok
09:46:36.0753 2864	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:46:36.0903 2864	Ip6Fw - ok
09:46:36.0934 2864	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:46:37.0104 2864	IpFilterDriver - ok
09:46:37.0134 2864	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:46:37.0284 2864	IpInIp - ok
09:46:37.0324 2864	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:46:37.0484 2864	IpNat - ok
09:46:37.0564 2864	iPod Service    (3c30491045dbbd44a42876b3d6f3917d) C:\Programme\iPod\bin\iPodService.exe
09:46:37.0614 2864	iPod Service - ok
09:46:37.0665 2864	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:46:37.0795 2864	IPSec - ok
09:46:37.0835 2864	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
09:46:37.0985 2864	irda - ok
09:46:38.0005 2864	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:46:38.0145 2864	IRENUM - ok
09:46:38.0195 2864	Irmon           (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
09:46:38.0346 2864	Irmon - ok
09:46:38.0386 2864	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:46:38.0516 2864	isapnp - ok
09:46:38.0616 2864	JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
09:46:38.0646 2864	JavaQuickStarterService - ok
09:46:38.0656 2864	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:46:38.0796 2864	Kbdclass - ok
09:46:38.0846 2864	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:46:38.0996 2864	kmixer - ok
09:46:39.0047 2864	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:46:39.0107 2864	KSecDD - ok
09:46:39.0147 2864	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
09:46:39.0217 2864	lanmanserver - ok
09:46:39.0267 2864	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
09:46:39.0317 2864	lanmanworkstation - ok
09:46:39.0327 2864	lbrtfdc - ok
09:46:39.0367 2864	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
09:46:39.0497 2864	LmHosts - ok
09:46:39.0567 2864	MarvinBus       (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
09:46:39.0587 2864	MarvinBus ( UnsignedFile.Multi.Generic ) - warning
09:46:39.0587 2864	MarvinBus - detected UnsignedFile.Multi.Generic (1)
09:46:39.0697 2864	Maxtor Sync Service (f96cdd0edb411c1193c5dd9925c306db) C:\Programme\Maxtor One touch 4\Sync\SyncServices.exe
09:46:39.0718 2864	Maxtor Sync Service - ok
09:46:39.0768 2864	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
09:46:39.0778 2864	MBAMSwissArmy - ok
09:46:39.0878 2864	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
09:46:39.0918 2864	MDM - ok
09:46:39.0958 2864	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
09:46:40.0098 2864	Messenger - ok
09:46:40.0138 2864	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:46:40.0298 2864	mnmdd - ok
09:46:40.0328 2864	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
09:46:40.0499 2864	mnmsrvc - ok
09:46:40.0539 2864	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
09:46:40.0689 2864	Modem - ok
09:46:40.0709 2864	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:46:40.0849 2864	Mouclass - ok
09:46:40.0889 2864	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:46:41.0049 2864	mouhid - ok
09:46:41.0069 2864	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:46:41.0210 2864	MountMgr - ok
09:46:41.0260 2864	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
09:46:41.0280 2864	MozillaMaintenance - ok
09:46:41.0310 2864	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
09:46:41.0450 2864	MPE - ok
09:46:41.0460 2864	mraid35x - ok
09:46:41.0530 2864	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:46:41.0680 2864	MRxDAV - ok
09:46:41.0750 2864	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:46:41.0881 2864	MRxSmb - ok
09:46:41.0911 2864	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
09:46:42.0051 2864	MSDTC - ok
09:46:42.0091 2864	MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
09:46:42.0271 2864	MSDV - ok
09:46:42.0291 2864	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:46:42.0431 2864	Msfs - ok
09:46:42.0441 2864	MSIServer - ok
09:46:42.0491 2864	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:46:42.0612 2864	MSKSSRV - ok
09:46:42.0632 2864	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:46:42.0782 2864	MSPCLOCK - ok
09:46:42.0822 2864	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:46:42.0972 2864	MSPQM - ok
09:46:43.0002 2864	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:46:43.0142 2864	mssmbios - ok
09:46:43.0193 2864	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:46:43.0343 2864	MSTEE - ok
09:46:43.0413 2864	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:46:43.0463 2864	Mup - ok
09:46:43.0503 2864	MxlW2k          (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
09:46:43.0523 2864	MxlW2k ( UnsignedFile.Multi.Generic ) - warning
09:46:43.0523 2864	MxlW2k - detected UnsignedFile.Multi.Generic (1)
09:46:43.0573 2864	MXOPSWD         (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
09:46:43.0663 2864	MXOPSWD - ok
09:46:43.0683 2864	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:46:43.0823 2864	NABTSFEC - ok
09:46:43.0894 2864	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
09:46:44.0064 2864	napagent - ok
09:46:44.0094 2864	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:46:44.0244 2864	NDIS - ok
09:46:44.0284 2864	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:46:44.0434 2864	NdisIP - ok
09:46:44.0494 2864	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:46:44.0564 2864	NdisTapi - ok
09:46:44.0585 2864	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:46:44.0715 2864	Ndisuio - ok
09:46:44.0745 2864	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:46:44.0885 2864	NdisWan - ok
09:46:44.0935 2864	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:46:44.0965 2864	NDProxy - ok
09:46:44.0995 2864	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:46:45.0145 2864	NetBIOS - ok
09:46:45.0175 2864	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:46:45.0336 2864	NetBT - ok
09:46:45.0376 2864	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:46:45.0526 2864	NetDDE - ok
09:46:45.0536 2864	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:46:45.0666 2864	NetDDEdsdm - ok
09:46:45.0696 2864	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:46:45.0826 2864	Netlogon - ok
09:46:45.0856 2864	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
09:46:46.0017 2864	Netman - ok
09:46:46.0157 2864	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:46:46.0177 2864	NetTcpPortSharing - ok
09:46:46.0197 2864	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:46:46.0347 2864	NIC1394 - ok
09:46:46.0397 2864	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
09:46:46.0447 2864	Nla - ok
09:46:46.0517 2864	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:46:46.0647 2864	Npfs - ok
09:46:46.0678 2864	NSCIRDA         (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
09:46:46.0818 2864	NSCIRDA - ok
09:46:46.0868 2864	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:46:47.0048 2864	Ntfs - ok
09:46:47.0078 2864	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:46:47.0208 2864	NtLmSsp - ok
09:46:47.0268 2864	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
09:46:47.0469 2864	NtmsSvc - ok
09:46:47.0519 2864	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:46:47.0659 2864	Null - ok
09:46:47.0719 2864	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:46:47.0879 2864	NwlnkFlt - ok
09:46:47.0899 2864	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:46:48.0059 2864	NwlnkFwd - ok
09:46:48.0110 2864	NwlnkIpx        (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
09:46:48.0270 2864	NwlnkIpx - ok
09:46:48.0330 2864	NwlnkNb         (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
09:46:48.0480 2864	NwlnkNb - ok
09:46:48.0500 2864	NwlnkSpx        (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
09:46:48.0660 2864	NwlnkSpx - ok
09:46:48.0680 2864	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:46:48.0821 2864	ohci1394 - ok
09:46:48.0851 2864	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
09:46:48.0991 2864	Parport - ok
09:46:49.0031 2864	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:46:49.0171 2864	PartMgr - ok
09:46:49.0211 2864	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
09:46:49.0371 2864	ParVdm - ok
09:46:49.0421 2864	pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
09:46:49.0472 2864	pccsmcfd - ok
09:46:49.0532 2864	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
09:46:49.0662 2864	PCI - ok
09:46:49.0682 2864	PCIDump - ok
09:46:49.0722 2864	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:46:49.0862 2864	PCIIde - ok
09:46:49.0912 2864	PCLEPCI         (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
09:46:49.0922 2864	PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
09:46:49.0922 2864	PCLEPCI - detected UnsignedFile.Multi.Generic (1)
09:46:49.0952 2864	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:46:50.0102 2864	Pcmcia - ok
09:46:50.0142 2864	PCTCore         (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
09:46:50.0173 2864	PCTCore - ok
09:46:50.0183 2864	PDCOMP - ok
09:46:50.0193 2864	PDFRAME - ok
09:46:50.0203 2864	PDRELI - ok
09:46:50.0213 2864	PDRFRAME - ok
09:46:50.0223 2864	perc2 - ok
09:46:50.0233 2864	perc2hib - ok
09:46:50.0313 2864	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
09:46:50.0333 2864	PlugPlay - ok
09:46:50.0373 2864	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:46:50.0503 2864	PolicyAgent - ok
09:46:50.0563 2864	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:46:50.0703 2864	PptpMiniport - ok
09:46:50.0713 2864	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:46:50.0854 2864	ProtectedStorage - ok
09:46:50.0894 2864	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:46:51.0054 2864	Ptilink - ok
09:46:51.0104 2864	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:46:51.0114 2864	PxHelp20 - ok
09:46:51.0134 2864	ql1080 - ok
09:46:51.0154 2864	Ql10wnt - ok
09:46:51.0164 2864	ql12160 - ok
09:46:51.0174 2864	ql1240 - ok
09:46:51.0184 2864	ql1280 - ok
09:46:51.0224 2864	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:46:51.0374 2864	RasAcd - ok
09:46:51.0655 2864	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
09:46:51.0805 2864	RasAuto - ok
09:46:51.0845 2864	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:46:51.0935 2864	Rasirda - ok
09:46:51.0995 2864	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:46:52.0135 2864	Rasl2tp - ok
09:46:52.0195 2864	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
09:46:52.0376 2864	RasMan - ok
09:46:52.0406 2864	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:46:52.0536 2864	RasPppoe - ok
09:46:52.0576 2864	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:46:52.0736 2864	Raspti - ok
09:46:52.0796 2864	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:46:52.0937 2864	Rdbss - ok
09:46:52.0977 2864	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:46:53.0137 2864	RDPCDD - ok
09:46:53.0187 2864	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:46:53.0257 2864	RDPWD - ok
09:46:53.0297 2864	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
09:46:53.0467 2864	RDSessMgr - ok
09:46:53.0517 2864	Reconn - ok
09:46:53.0557 2864	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:46:53.0698 2864	redbook - ok
09:46:53.0738 2864	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
09:46:53.0868 2864	RemoteAccess - ok
09:46:53.0908 2864	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:46:54.0048 2864	RFCOMM - ok
09:46:54.0078 2864	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
09:46:54.0208 2864	RpcLocator - ok
09:46:54.0268 2864	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
09:46:54.0288 2864	RpcSs - ok
09:46:54.0359 2864	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
09:46:54.0509 2864	RSVP - ok
09:46:54.0519 2864	s24trans - ok
09:46:54.0549 2864	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:46:54.0679 2864	SamSs - ok
09:46:54.0709 2864	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
09:46:54.0869 2864	SCardSvr - ok
09:46:54.0909 2864	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
09:46:55.0070 2864	Schedule - ok
09:46:55.0180 2864	sdAuxService    (2881d5c135d076bcf52b0f5ad3d8dc0b) C:\Programme\Spyware Doctor\pctsAuxs.exe
09:46:55.0220 2864	sdAuxService - ok
09:46:55.0280 2864	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:46:55.0420 2864	sdbus - ok
09:46:55.0490 2864	sdCoreService   (9caca3fad05c4b0d7967592e65b338f1) C:\Programme\Spyware Doctor\pctsSvc.exe
09:46:55.0570 2864	sdCoreService - ok
09:46:55.0650 2864	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:46:55.0781 2864	Secdrv - ok
09:46:55.0821 2864	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
09:46:55.0961 2864	seclogon - ok
09:46:56.0001 2864	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
09:46:56.0141 2864	SENS - ok
09:46:56.0171 2864	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
09:46:56.0321 2864	Serial - ok
09:46:56.0432 2864	ServiceLayer    (9d38320bb32230349379df5ddbbf7fce) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
09:46:56.0512 2864	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
09:46:56.0512 2864	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
09:46:56.0572 2864	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:46:56.0712 2864	Sfloppy - ok
09:46:56.0762 2864	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
09:46:56.0922 2864	SharedAccess - ok
09:46:56.0972 2864	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:46:56.0992 2864	ShellHWDetection - ok
09:46:57.0002 2864	Simbad - ok
09:46:57.0022 2864	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:46:57.0173 2864	SLIP - ok
09:46:57.0183 2864	Sparrow - ok
09:46:57.0203 2864	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:46:57.0363 2864	splitter - ok
09:46:57.0403 2864	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:46:57.0433 2864	Spooler - ok
09:46:57.0453 2864	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
09:46:57.0593 2864	sr - ok
09:46:57.0653 2864	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
09:46:57.0804 2864	srservice - ok
09:46:57.0874 2864	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:46:57.0974 2864	Srv - ok
09:46:58.0004 2864	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
09:46:58.0144 2864	SSDPSRV - ok
09:46:58.0184 2864	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:46:58.0194 2864	ssmdrv - ok
09:46:58.0244 2864	ss_bbus         (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
09:46:58.0274 2864	ss_bbus - ok
09:46:58.0314 2864	ss_bmdfl        (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
09:46:58.0334 2864	ss_bmdfl - ok
09:46:58.0364 2864	ss_bmdm         (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
09:46:58.0384 2864	ss_bmdm - ok
09:46:58.0424 2864	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
09:46:58.0625 2864	stisvc - ok
09:46:58.0655 2864	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:46:58.0805 2864	streamip - ok
09:46:58.0815 2864	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:46:58.0965 2864	swenum - ok
09:46:58.0985 2864	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:46:59.0125 2864	swmidi - ok
09:46:59.0135 2864	SwPrv - ok
09:46:59.0145 2864	symc810 - ok
09:46:59.0155 2864	symc8xx - ok
09:46:59.0165 2864	sym_hi - ok
09:46:59.0175 2864	sym_u3 - ok
09:46:59.0226 2864	SynTP           (1a8e6b04907687a8eed75c8031b679fd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:46:59.0286 2864	SynTP - ok
09:46:59.0326 2864	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:46:59.0456 2864	sysaudio - ok
09:46:59.0506 2864	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
09:46:59.0646 2864	SysmonLog - ok
09:46:59.0686 2864	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
09:46:59.0846 2864	TapiSrv - ok
09:46:59.0907 2864	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:46:59.0947 2864	Tcpip - ok
09:47:00.0027 2864	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:47:00.0167 2864	TDPIPE - ok
09:47:00.0217 2864	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:47:00.0367 2864	TDTCP - ok
09:47:00.0417 2864	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:47:00.0547 2864	TermDD - ok
09:47:00.0628 2864	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
09:47:00.0778 2864	TermService - ok
09:47:00.0848 2864	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
09:47:00.0858 2864	Themes - ok
09:47:00.0908 2864	tifm21          (fcbaf94b58ad03aca117c7df0eb5f446) C:\WINDOWS\system32\drivers\tifm21.sys
09:47:00.0988 2864	tifm21 - ok
09:47:00.0998 2864	TosIde - ok
09:47:01.0048 2864	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
09:47:01.0188 2864	TrkWks - ok
09:47:01.0238 2864	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:47:01.0399 2864	Udfs - ok
09:47:01.0409 2864	ultra - ok
09:47:01.0469 2864	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:47:01.0679 2864	Update - ok
09:47:01.0709 2864	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
09:47:01.0859 2864	upnphost - ok
09:47:01.0879 2864	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
09:47:02.0030 2864	UPS - ok
09:47:02.0090 2864	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:47:02.0220 2864	usbccgp - ok
09:47:02.0240 2864	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:47:02.0380 2864	usbehci - ok
09:47:02.0430 2864	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:47:02.0570 2864	usbhub - ok
09:47:02.0580 2864	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:47:02.0721 2864	usbprint - ok
09:47:02.0741 2864	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:47:02.0891 2864	usbscan - ok
09:47:02.0921 2864	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:47:03.0061 2864	usbstor - ok
09:47:03.0111 2864	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:47:03.0241 2864	usbuhci - ok
09:47:03.0281 2864	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:47:03.0442 2864	VgaSave - ok
09:47:03.0442 2864	ViaIde - ok
09:47:03.0502 2864	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
09:47:03.0632 2864	VolSnap - ok
09:47:03.0712 2864	vsdatant        (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
09:47:03.0752 2864	vsdatant - ok
09:47:03.0822 2864	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
09:47:03.0962 2864	VSS - ok
09:47:04.0173 2864	w29n51          (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
09:47:04.0884 2864	w29n51 - ok
09:47:04.0994 2864	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
09:47:05.0164 2864	W32Time - ok
09:47:05.0234 2864	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:47:05.0384 2864	Wanarp - ok
09:47:05.0394 2864	wanatw - ok
09:47:05.0404 2864	WDICA - ok
09:47:05.0455 2864	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:47:05.0615 2864	wdmaud - ok
09:47:05.0665 2864	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
09:47:05.0805 2864	WebClient - ok
09:47:05.0885 2864	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:47:06.0035 2864	winmgmt - ok
09:47:06.0095 2864	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:47:06.0206 2864	WmdmPmSN - ok
09:47:06.0246 2864	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:47:06.0396 2864	WmiApSrv - ok
09:47:06.0556 2864	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
09:47:06.0646 2864	WMPNetworkSvc - ok
09:47:06.0716 2864	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:47:06.0736 2864	WpdUsb - ok
09:47:06.0826 2864	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
09:47:06.0957 2864	wscsvc - ok
09:47:06.0997 2864	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:47:07.0147 2864	WSTCODEC - ok
09:47:07.0177 2864	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
09:47:07.0347 2864	wuauserv - ok
09:47:07.0397 2864	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:47:07.0437 2864	WudfPf - ok
09:47:07.0487 2864	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:47:07.0538 2864	WudfRd - ok
09:47:07.0548 2864	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:47:07.0568 2864	WudfSvc - ok
09:47:07.0618 2864	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
09:47:07.0838 2864	WZCSVC - ok
09:47:07.0908 2864	x10nets         (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
09:47:07.0928 2864	x10nets ( UnsignedFile.Multi.Generic ) - warning
09:47:07.0928 2864	x10nets - detected UnsignedFile.Multi.Generic (1)
09:47:07.0938 2864	X10UIF - ok
09:47:07.0978 2864	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
09:47:08.0128 2864	xmlprov - ok
09:47:08.0198 2864	XUIF            (93692d6b2fcbb63f517642048f5295fb) C:\WINDOWS\system32\Drivers\x10ufx2.sys
09:47:08.0239 2864	XUIF - ok
09:47:08.0279 2864	zlportio - ok
09:47:08.0349 2864	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
09:47:08.0889 2864	\Device\Harddisk0\DR0 - ok
09:47:08.0909 2864	MBR (0x1B8)     (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR5
09:47:09.0861 2864	\Device\Harddisk1\DR5 - ok
09:47:09.0861 2864	Boot (0x1200)   (f4dbbe9ff644837c2b48fe21715a6d57) \Device\Harddisk0\DR0\Partition0
09:47:09.0871 2864	\Device\Harddisk0\DR0\Partition0 - ok
09:47:09.0891 2864	Boot (0x1200)   (0bc102cd49f88e48572995208389ca73) \Device\Harddisk0\DR0\Partition1
09:47:09.0891 2864	\Device\Harddisk0\DR0\Partition1 - ok
09:47:09.0921 2864	Boot (0x1200)   (a0fef84d8915b75baefbd9da793105b7) \Device\Harddisk0\DR0\Partition2
09:47:09.0921 2864	\Device\Harddisk0\DR0\Partition2 - ok
09:47:09.0931 2864	Boot (0x1200)   (2727c5861400f09ddea8135a113a3b92) \Device\Harddisk1\DR5\Partition0
09:47:09.0931 2864	\Device\Harddisk1\DR5\Partition0 - ok
09:47:09.0931 2864	============================================================
09:47:09.0931 2864	Scan finished
09:47:09.0931 2864	============================================================
09:47:10.0041 3616	Detected object count: 23
09:47:10.0041 3616	Actual detected object count: 23
09:47:53.0954 3616	Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0954 3616	Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0954 3616	ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0954 3616	ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0954 3616	bgsvcgen ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0954 3616	bgsvcgen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0954 3616	btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0954 3616	btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0964 3616	BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0964 3616	BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0964 3616	BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0964 3616	BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0964 3616	BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0964 3616	BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0964 3616	BTSLBCSP ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0964 3616	BTSLBCSP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0964 3616	btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0964 3616	btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0964 3616	BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0964 3616	BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0974 3616	BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0974 3616	BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0974 3616	CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0974 3616	CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0974 3616	CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0974 3616	CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0974 3616	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0974 3616	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0974 3616	CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0974 3616	CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0974 3616	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0974 3616	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0974 3616	FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0974 3616	FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0974 3616	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0974 3616	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0984 3616	MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0984 3616	MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0984 3616	MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0984 3616	MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0984 3616	PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0984 3616	PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0984 3616	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0984 3616	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:47:53.0984 3616	x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
09:47:53.0984 3616	x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

LG Daniel Sun

cosinus · 26.07.2012, 15:10

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Daniel Sun · 27.07.2012, 12:43

Habe CF viermal laufen lassen. Jedesmal läuft das Programm bis zur Meldung "Löschen von Dateien", dann erscheint ein blauer Bildschirm mit zu viel Text für zu kurze Zeit (aber es ist eine Fehlermeldung mit einem schwerwiegenden Problem), anschließend startet der PC sofort neu, es ist aber keine .txt Datei erzeugt worden.
Hatte sämtliche Programme aus und sogar meine Firewall ausgeschaltet, hilft nix.

cosinus · 27.07.2012, 13:46

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

Daniel Sun · 27.07.2012, 17:44

Leider dreimal dasselbe Ergebnis.

Ich habe beim letzten Durchlauf mal meine externe Festplatte abgekoppelt, um zu sehen ob's daran liegt, aber auch da stürzte der PC leider ab und startete Windows neu.

Was kann ich sonst tun?

LG Daniel Sun

cosinus · 27.07.2012, 21:37

Probier CF noch ein letztes Mal aus, aber dieses Mal im abgesicherten Modus mit Netzwerktreibern

Daniel Sun · 30.07.2012, 07:34

Ich habe leider feststellen müssen, dass ich Windows nicht mehr im abgesicherten Modus gestartet bekomme, weder mit noch ohne Netzwerktreiber.

cosinus · 30.07.2012, 09:44

Na klasse

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Daniel Sun · 30.07.2012, 11:56

Wie schon vorhergesagt, GMER stürtzt leider beim Starten des Programms ab.

Die beiden nächsten Schritte haben aber problemlos geklappt.

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:51:58 on 30.07.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"%DESCRIPTION%" (X10UIF) - ? - C:\WINDOWS\System32\Drivers\x10uif.sys  (File not found)
"ASAPIW2K" (ASAPIW2K) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\Drivers\asapiW2k.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"Bluetooth Port Client Driver" (BTSLBCSP) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btslbcsp.sys
"Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"BullGuard File Monitor" (FileSpy5) - ? - C:\Programme\Antivirus\BullGuard 5.0\filespy5.sys  (File not found)
"BullGuard Mail Monitor" (Reconn) - ? - C:\Programme\Antivirus\BullGuard 5.0\reconn.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"File Security Driver" (IKFileSec) - "PCTools Research Pty Ltd." - C:\WINDOWS\system32\drivers\ikfilesec.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys
"MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys
"PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"System Filter Driver" (IKSysFlt) - "PCTools Research Pty Ltd." - C:\WINDOWS\System32\drivers\iksysflt.sys
"System Security Driver" (IKSysSec) - "PCTools Research Pty Ltd." - C:\WINDOWS\System32\drivers\iksyssec.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys
"zlportio" (zlportio) - ? - C:\Programme\UltraStar Deluxe\zlportio.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} "WidImg Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btxppanel.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 10\programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\win rar\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"MedionShop" - ? - hxxp://www.medionshop.de/  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Macromedia Active Shockwave" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\director\ie32dsw.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc.cab
{96512D57-F751-4088-A689-5778FCC77F7A} "Photo Uploader Control" - "StudiVZ" - C:\WINDOWS\Downloaded Program Files\PhotoUploader.ocx / hxxp://www.studivz.net/lib/photouploader/PhotoUploader.cab
{406B5949-7190-4245-91A9-30A17DE16AD0} "Snapfish Activia" - "Snapfish" - C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx / hxxp://www3.snapfish.de/SnapfishActivia.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"ATIPTA" - "ATI Technologies, Inc." - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
"CtrlVol" - ? - C:\Programme\Launch Manager\CtrlVol.exe  (File not found)
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"mxomssmenu" - "Maxtor Corporation" - "C:\Programme\Maxtor One touch 4\OneTouch Status\maxmenumgr.exe"
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
"PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
"PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"REGSHAVE" - "FUJI PHOTO FILM CO., LTD." - C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
"RemoteControl" - "Cyberlink Corp." - "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\WINDOWS\system32\FsUsbExService.Exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
"Maxtor Service" (Maxtor Sync Service) - "Seagate Technology LLC" - C:\Programme\Maxtor One touch 4\Sync\SyncServices.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe
"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und das Logfile von aswMBR:

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 11:57:26
-----------------------------
11:57:26.081    OS Version: Windows 5.1.2600 Service Pack 3
11:57:26.081    Number of processors: 1 586 0xD06
11:57:26.081    ComputerName: DANIEL  UserName: 
11:57:27.172    Initialize success
11:58:42.941    AVAST engine defs: 12073000
11:59:18.242    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:59:18.262    Disk 0 Vendor: ST9100823A 3.02 Size: 95396MB BusType: 3
11:59:18.312    Disk 0 MBR read successfully
11:59:18.312    Disk 0 MBR scan
11:59:18.553    Disk 0 Windows XP default MBR code
11:59:18.593    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        47402 MB offset 63
11:59:18.613    Disk 0 Partition - 00     0F Extended LBA             47889 MB offset 97080795
11:59:18.653    Disk 0 Partition 2 00     83        Linux                94 MB offset 195157620
11:59:18.693    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        37887 MB offset 97080858
11:59:18.703    Disk 0 Partition - 00     05     Extended             10001 MB offset 174674745
11:59:18.733    Disk 0 Partition 4 00     0B        FAT32 MSWIN4.1    10001 MB offset 174674808
11:59:18.773    Disk 0 scanning sectors +195350400
11:59:18.943    Disk 0 scanning C:\WINDOWS\system32\drivers
11:59:37.930    Service scanning
12:00:01.995    Modules scanning
12:00:13.862    Disk 0 trace - called modules:
12:00:13.892    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
12:00:13.912    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcbab8]
12:00:13.932    3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\00000087[0x82f849e8]
12:00:13.942    5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fab940]
12:00:14.773    AVAST engine scan C:\WINDOWS
12:00:34.962    AVAST engine scan C:\WINDOWS\system32
12:05:05.672    AVAST engine scan C:\WINDOWS\system32\drivers
12:05:29.166    AVAST engine scan C:\Dokumente und Einstellungen\Daniel Sun
12:30:34.510    AVAST engine scan C:\Dokumente und Einstellungen\All Users
12:36:06.477    Scan finished successfully
12:41:18.887    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Daniel Sun\Desktop\MBR.dat"
12:41:18.907    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Daniel Sun\Desktop\aswMBR.txt"

LG Daniel Sun

cosinus · 30.07.2012, 18:06

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

27.07.2012, 13:46	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungs-Trojaner TR/Jorik.Zbot.dkw Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

27.07.2012, 21:37	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungs-Trojaner TR/Jorik.Zbot.dkw Probier CF noch ein letztes Mal aus, aber dieses Mal im abgesicherten Modus mit Netzwerktreibern __________________ Logfiles bitte immer in CODE-Tags posten

30.07.2012, 18:06	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungs-Trojaner TR/Jorik.Zbot.dkw Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Verschlüsselungs-Trojaner TR/Jorik.Zbot.dkw

Log-Analyse und Auswertung: Verschlüsselungs-Trojaner TR/Jorik.Zbot.dkw