Virus: Bundespolizei, ukash, verschlüsselte Dateien

cosinus · 06.09.2012, 13:18

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Technofreak1 · 07.09.2012, 05:29

Hallo

hier das Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.09.2012 06:11:10 - Run 2
OTL by OldTimer - Version 3.2.61.1     Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,04 Mb Total Physical Memory | 670,89 Mb Available Physical Memory | 65,64% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,21 Gb Total Space | 12,19 Gb Free Space | 22,91% Space Free | Partition Type: NTFS
Drive D: | 53,70 Gb Total Space | 53,63 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive F: | 15,01 Gb Total Space | 14,75 Gb Free Space | 98,28% Space Free | Partition Type: FAT32
 
Computer Name: DENNY | User Name: Denny1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.07 06:08:26 | 000,599,552 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.05.06 23:37:46 | 000,262,401 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.05.06 23:37:46 | 000,147,201 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.05.06 23:37:46 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.24 13:05:36 | 000,132,560 | ---- | M] (United Internet AG) -- C:\Programme\WEB.DE SmartSurfer\SmurfService.exe
PRC - [2006.12.19 15:59:44 | 000,020,480 | ---- | M] (Logitech) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2006.08.25 07:42:30 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Denny1\Lokale Einstellungen\Temp\RtkBtMnt.exe
PRC - [2006.08.10 19:29:14 | 000,352,256 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.08.09 22:29:38 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2006.08.09 22:29:36 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2006.08.09 22:29:08 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2006.08.09 22:28:36 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2006.08.09 22:28:36 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006.07.20 22:15:32 | 000,593,920 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.01.24 18:00:08 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2006.01.17 10:45:32 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.12.27 15:50:28 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005.06.08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Video\LogiTray.exe
PRC - [2005.06.08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Video\FxSvr2.exe
PRC - [2004.04.08 06:01:22 | 000,496,752 | ---- | M] (America Online, Inc) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe
PRC - [2004.04.08 06:01:20 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.08 14:19:58 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e996b743\mscorlib.dll
MOD - [2012.02.08 14:19:46 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9e408746\system.drawing.dll
MOD - [2012.02.01 20:02:32 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_0009325d\system.windows.forms.dll
MOD - [2012.01.25 21:06:52 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b31f1bb0\system.dll
MOD - [2012.01.25 21:06:46 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.25 21:06:44 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
MOD - [2008.05.06 23:37:46 | 000,339,968 | ---- | M] () -- C:\Programme\AntiVir PersonalEdition Classic\sqlite3.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.02.15 05:16:38 | 000,057,451 | ---- | M] () -- C:\Programme\ICQLite\ICQLiteShell.dll
MOD - [2006.12.19 15:59:44 | 000,143,360 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll
MOD - [2006.12.19 15:59:44 | 000,114,688 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll
MOD - [2006.12.19 15:59:44 | 000,049,152 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
MOD - [2006.12.19 15:59:44 | 000,020,480 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
MOD - [2006.12.19 15:59:44 | 000,020,480 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2006.08.25 07:31:36 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006.08.25 07:30:38 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.08.09 22:29:48 | 000,192,616 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2006.08.09 22:29:48 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2006.08.09 22:29:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2006.08.09 22:29:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2006.08.09 22:29:38 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2006.08.09 22:29:36 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2006.03.09 18:33:06 | 000,073,728 | ---- | M] () -- C:\Programme\WEB.DE SmartSurfer\xmltok.dll
MOD - [2006.03.09 18:33:06 | 000,049,152 | ---- | M] () -- C:\Programme\WEB.DE SmartSurfer\xmlparse.dll
MOD - [2006.01.20 15:56:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2006.01.20 15:56:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2006.01.17 10:46:48 | 000,053,248 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2005.12.27 15:50:26 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2004.04.08 06:03:26 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\aol\ACS\DE\DialerRes.dll
MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.05.06 23:37:46 | 000,147,201 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.05.06 23:37:46 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.04.08 20:01:40 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007.09.24 13:05:36 | 000,132,560 | ---- | M] (United Internet AG) [Auto | Running] -- C:\Programme\WEB.DE SmartSurfer\SmurfService.exe -- (SmartSurferManager)
SRV - [2006.08.09 22:29:38 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2006.08.09 22:29:36 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2006.08.09 22:28:36 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.01.23 12:41:42 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Unknown] -- C:\Programme\WinPCap\rpcapd.exe -- (rpcapd)
SRV - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.04.08 06:01:20 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008.05.06 23:37:46 | 000,049,472 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2008.03.02 18:44:04 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.03.02 18:44:04 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007.09.16 16:43:08 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007.06.28 11:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.06.28 11:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.05.09 18:59:44 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2006.08.29 23:20:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006.06.28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.06.16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006.06.16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.06.16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.04.03 12:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006.03.09 17:20:10 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.01.23 12:41:42 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006.01.23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006.01.23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2006.01.17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006.01.17 10:19:46 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006.01.17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.01.17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.01.17 10:15:26 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006.01.17 10:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.01.17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.10.31 14:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.10.31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005.10.24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.10.15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005.09.15 18:00:50 | 000,972,568 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Capi20.sys -- (CAPI20)
DRV - [2005.09.13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005.09.09 15:30:12 | 000,198,118 | ---- | M] (DeTeWe Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtwmnic5.sys -- (dtwmnic5)
DRV - [2005.09.09 15:30:12 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DETEWECP.SYS -- (DETEWECP)
DRV - [2005.06.30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.05.27 10:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2005.05.27 10:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005.05.27 10:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.05.02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.10.21 13:31:14 | 000,038,691 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004.10.21 13:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004.10.21 13:30:38 | 000,024,671 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2003.01.10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.23 21:01:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.04 20:22:08 | 000,000,000 | ---D | M]
 
[2008.08.26 12:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Extensions
[2007.01.06 20:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions
[2012.07.26 19:52:18 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.09.03 20:54:48 | 000,000,000 | ---D | M] ("I Want This") -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com
[2012.04.30 14:39:12 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\ffxtlbr@babylon.com
[2012.09.04 19:34:32 | 000,518,756 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\toolbar@web.de.xpi
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\AdEtqfnGjUEtqfLGjU
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\DOaQsNpJlgTusrXvlOaus
[2012.07.16 17:35:52 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\fLxjUosyVLxAUos
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\gaQerpJlgTuerpJlgT
[2012.07.16 17:35:52 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\GGggOoEeesVVJJvAA
[2012.07.16 17:35:52 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\icqplugin.src
[2012.07.16 17:35:52 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\jaatttNNnLLDDDUUuQyy
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\JlgspvDgaQeNpvDgaQerp
[2012.07.16 17:35:52 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\JlgTQerpJlgTuerXvlOaQ
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\JlgTQerpJlgTusrXvlOaQ
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\jUosyVnxAdosqfnGj
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\lOTQerpJlOTusrXvlOaQe
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\nGjdEtqfLGjUEty
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\NpJderXvlErpJl
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\NXvDOaQsNpJlgTus
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\pJDgTuerXJlOausNpvD
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\pppxxxggoooeefVVJ
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\QeNpJDgTQeNpJlgT
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\QerpJlgTusrXvl
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\QEtyfLxAdosqfnG
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\qfnVLxAUosqVnGAn
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\qqqXppGGOOgEEsssf
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\TQerXJlgTuerXJlOT
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\tyfLxjUotyVLxAUEs
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\tyVLxAUotyVLxAd
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\UEtyfLxAUotyVLxAUo
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\UotqVnGAdEsqfnGjUEtqf
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\VLxAUosyVnGvdET
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\yfLGAUEtqfLGjdEtqf
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\yVnxAdosqVnGjUEtyfL
[2012.09.04 20:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.17 21:01:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.04 20:22:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.02.23 21:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.02.23 21:01:30 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.29 15:02:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe ()
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [routcnf] C:\Programme\DeTeWe\OpenCom X32\routcnf.exe /capiactive File not found
O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006..\Run: [320D180E] C:\Dokumente und Einstellungen\Denny1\Mrryynn\ymykcpfknjy.exe File not found
O4 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006..\Run: [ICQ] ~"C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O4 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73D713EF-8D3E-4A3C-BBF3-01E7A0CB36BB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.25 07:43:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.11.04 17:32:36 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{21f29b46-0626-11dc-b317-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {642FA2FD-0AFB-F465-0652-0C51E2B78EA9} - NetShow
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {91FF19F5-4FF9-4FA4-68D5-87BF1AEFAE25} - Viewpoint Media Player
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {9EA20C2F-5A90-2FCC-31B2-EC365B6044A1} - Viewpoint Media Player
ActiveX: {B2B5DE73-BF92-A38D-63E3-0257F8167B4C} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.04 20:22:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2012.08.21 20:22:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.08.20 22:12:27 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Denny1\Desktop\esetsmartinstaller_deu(1).exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.05 20:11:58 | 000,000,449 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012.09.05 20:11:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.05 20:09:40 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.09.05 20:09:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.05 20:08:54 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.04 21:02:43 | 000,511,265 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Desktop\adwcleaner.exe
[2012.09.04 19:56:52 | 000,001,479 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Desktop\Windows-Explorer.lnk
[2012.09.04 19:43:02 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012.09.03 23:36:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.08.20 22:12:38 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Denny1\Desktop\esetsmartinstaller_deu(1).exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.04 21:02:42 | 000,511,265 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\Desktop\adwcleaner.exe
[2012.09.03 23:36:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.30 22:25:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\defogger_reenable
[2012.07.26 20:47:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012.07.26 20:45:31 | 000,312,615 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.07.26 20:45:16 | 000,249,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.07.26 19:57:26 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.03.20 22:16:26 | 000,008,682 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\overlay.ini
[2012.03.20 22:16:26 | 000,000,269 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\medcd.ini
[2012.03.20 22:16:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\vorlagen.ini
[2007.01.06 21:32:52 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\oaQsNXJlOausNXJlOTusr
[2006.12.18 20:50:37 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.16 22:27:15 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Denny1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2006.08.25 07:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2007.01.06 20:27:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2007.01.20 16:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOONTY
[2009.03.17 21:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2006.12.18 17:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NtiDvdCopy
[2006.12.16 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2009.04.25 09:55:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEB.DE SmartSurfer
[2007.10.02 17:55:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEBDE
[2006.08.25 07:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Acer
[2006.08.25 07:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Acer
[2006.12.19 16:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\FotoWire
[2008.01.06 14:47:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ICQ
[2007.02.05 16:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ICQ Toolbar
[2007.02.13 20:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ICQLite
[2008.11.13 10:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\MSNInstaller
[2012.07.26 19:52:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\QuickScan
[2007.01.27 18:31:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ScanSoft
[2007.01.06 20:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\SmartSurfer
[2010.03.15 16:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\WEB.DE SmartSurfer
[2007.01.06 20:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\WEBDE
[2012.09.05 20:10:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SmartSurfer
[2008.03.25 12:24:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\SmartSurfer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2006.08.25 07:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Acer
[2006.12.18 17:38:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Adobe
[2007.10.08 14:48:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\AdobeUM
[2006.08.29 23:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\AOL
[2006.12.16 17:00:50 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Brother
[2006.12.18 17:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\CyberLink
[2006.12.19 16:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\FotoWire
[2006.12.20 15:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Help
[2008.01.06 14:47:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ICQ
[2007.02.05 16:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ICQ Toolbar
[2007.02.13 20:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ICQLite
[2006.08.25 07:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Identities
[2007.11.18 17:17:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\InstallShield
[2006.12.16 17:13:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Logitech
[2006.12.16 22:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Macromedia
[2012.07.30 22:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Malwarebytes
[2006.08.25 07:11:50 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Microsoft
[2009.02.08 19:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Microsoft Games
[2007.01.06 20:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla
[2008.11.13 10:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\MSNInstaller
[2012.07.26 19:52:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\QuickScan
[2007.01.27 18:31:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ScanSoft
[2009.02.07 20:14:22 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\SecuROM
[2007.01.06 20:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\SmartSurfer
[2007.02.25 22:28:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Sun
[2010.03.15 16:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\WEB.DE SmartSurfer
[2007.01.06 20:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\WEBDE
[2006.08.29 23:21:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\You've Got Pictures Screensaver
 
< %APPDATA%\*.exe /s >
[2012.07.16 17:35:44 | 019,900,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
[2012.07.16 17:36:08 | 000,827,368 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\MSNInstaller\msnauins.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.07 11:24:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.07 11:24:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.08.25 07:11:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.08.25 07:11:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.08.25 07:11:16 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

--- --- ---

Silvio

cosinus · 07.09.2012, 11:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
MOD - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = http://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2
FF - user.js - File not found
[2012.07.26 19:52:18 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.09.03 20:54:48 | 000,000,000 | ---D | M] ("I Want This") -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com
[2012.04.30 14:39:12 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\ffxtlbr@babylon.com
[2012.09.04 19:34:32 | 000,518,756 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\toolbar@web.de.xpi
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\AdEtqfnGjUEtqfLGjU
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\DOaQsNpJlgTusrXvlOaus
[2012.07.16 17:35:52 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\fLxjUosyVLxAUos
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\gaQerpJlgTuerpJlgT
[2012.07.16 17:35:52 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\GGggOoEeesVVJJvAA
[2012.07.16 17:35:52 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\icqplugin.src
[2012.07.16 17:35:52 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\jaatttNNnLLDDDUUuQyy
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\JlgspvDgaQeNpvDgaQerp
[2012.07.16 17:35:52 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\JlgTQerpJlgTuerXvlOaQ
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\JlgTQerpJlgTusrXvlOaQ
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\jUosyVnxAdosqfnGj
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\lOTQerpJlOTusrXvlOaQe
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\nGjdEtqfLGjUEty
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\NpJderXvlErpJl
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\NXvDOaQsNpJlgTus
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\pJDgTuerXJlOausNpvD
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\pppxxxggoooeefVVJ
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\QeNpJDgTQeNpJlgT
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\QerpJlgTusrXvl
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\QEtyfLxAdosqfnG
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\qfnVLxAUosqVnGAn
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\qqqXppGGOOgEEsssf
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\TQerXJlgTuerXJlOT
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\tyfLxjUotyVLxAUEs
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\tyVLxAUotyVLxAd
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\UEtyfLxAUotyVLxAUo
[2012.07.16 17:35:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\UotqVnGAdEsqfnGjUEtqf
[2012.07.16 17:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\VLxAUosyVnGvdET
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\yfLGAUEtqfLGjdEtqf
[2012.07.16 17:35:54 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\yVnxAdosqVnGjUEtyfL
[2009.03.17 21:01:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.23 21:01:30 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006..\Run: [320D180E] C:\Dokumente und Einstellungen\Denny1\Mrryynn\ymykcpfknjy.exe File not found
O4 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006..\Run: [ICQ] ~"C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-15292347-1679001385-2916872427-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.25 07:43:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.11.04 17:32:36 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{21f29b46-0626-11dc-b317-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe
:Files
C:\Programme\ICQToolbar*
C:\Programme\ICQ6Toolbar
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\oaQsNXJlOausNXJlOTusr
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ICQ Toolbar
C:\Programme\I Want This
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Technofreak1 · 10.09.2012, 19:21

Hallo

das Programm und auch Windows hängt sich beim Ausführen von OTL auf. Es kommt ganz unten im Fenster noch "Killing Processes" oder so ähnlich, aber dann passiert nicht mehr.

Was läuft da falsch?

Silvio

cosinus · 10.09.2012, 21:05

Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

Technofreak1 · 10.09.2012, 22:01

So,

habe es im Abgesicherten Modus versucht. Mit Netzwerktreibern kam nen Bluescreen (eine Ahnung was, Neustart war noch aktiviert), der normale abgesicherte Modus hat funktioniert. Hier das Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-15292347-1679001385-2916872427-1006\Software\Microsoft\Internet Explorer\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}\ not found.
Registry key HKEY_USERS\S-1-5-21-15292347-1679001385-2916872427-1006\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-15292347-1679001385-2916872427-1006\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\skin\images folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\locale\ro-RO folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com\skin folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com\locale folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\crossriderapp2258@crossrider.com folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\extensions\toolbar@web.de.xpi moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\AdEtqfnGjUEtqfLGjU moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\DOaQsNpJlgTusrXvlOaus moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\fLxjUosyVLxAUos moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\gaQerpJlgTuerpJlgT moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\GGggOoEeesVVJJvAA moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\icqplugin.src moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\jaatttNNnLLDDDUUuQyy moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\JlgspvDgaQeNpvDgaQerp moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\JlgTQerpJlgTuerXvlOaQ moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\JlgTQerpJlgTusrXvlOaQ moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\jUosyVnxAdosqfnGj moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\lOTQerpJlOTusrXvlOaQe moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\nGjdEtqfLGjUEty moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\NpJderXvlErpJl moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\NXvDOaQsNpJlgTus moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\pJDgTuerXJlOausNpvD moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\pppxxxggoooeefVVJ moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\QeNpJDgTQeNpJlgT moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\QerpJlgTusrXvl moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\QEtyfLxAdosqfnG moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\qfnVLxAUosqVnGAn moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\qqqXppGGOOgEEsssf moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\TQerXJlgTuerXJlOT moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\tyfLxjUotyVLxAUEs moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\tyVLxAUotyVLxAd moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\UEtyfLxAUotyVLxAUo moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\UotqVnGAdEsqfnGjUEtqf moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\VLxAUosyVnGvdET moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\yfLGAUEtqfLGjdEtqf moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\searchplugins\yVnxAdosqVnGjUEtyfL moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-15292347-1679001385-2916872427-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_USERS\S-1-5-21-15292347-1679001385-2916872427-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-15292347-1679001385-2916872427-1006\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-15292347-1679001385-2916872427-1006\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-15292347-1679001385-2916872427-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21f29b46-0626-11dc-b317-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21f29b46-0626-11dc-b317-00038a000015}\ not found.
File F:\setupSNK.exe not found.
========== FILES ==========
C:\Programme\ICQToolbar\Cache folder moved successfully.
C:\Programme\ICQToolbar folder moved successfully.
C:\Programme\ICQToolbar3107\Cache folder moved successfully.
C:\Programme\ICQToolbar3107 folder moved successfully.
C:\Programme\ICQ6Toolbar folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\oaQsNXJlOausNXJlOTusr moved successfully.
C:\Dokumente und Einstellungen\Denny1\Anwendungsdaten\ICQ Toolbar folder moved successfully.
File\Folder C:\Programme\I Want This not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.
 
Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.
Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 507904 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: All Users
 
User: Besitzer
 
User: Default User
->Temp folder emptied: 507904 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Denny1
->Temp folder emptied: 1450459129 bytes
->Temporary Internet Files folder emptied: 190567445 bytes
->Java cache emptied: 75017561 bytes
->FireFox cache emptied: 114759527 bytes
->Flash cache emptied: 20838 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1788258 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 109681 bytes
%systemroot%\System32 .tmp files removed: 2833287 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41721705 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.791,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Besitzer
 
User: Default User
 
User: Denny1
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09102012_224814

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Silvio

cosinus · 10.09.2012, 22:16

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Technofreak1 · 11.09.2012, 04:57

Hallo

hier das Log:

Code:

ATTFilter

05:37:19.0593 0716  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
05:37:19.0656 0716  ============================================================
05:37:19.0656 0716  Current date / time: 2012/09/11 05:37:19.0656
05:37:19.0656 0716  SystemInfo:
05:37:19.0656 0716  
05:37:19.0656 0716  OS Version: 5.1.2600 ServicePack: 3.0
05:37:19.0656 0716  Product type: Workstation
05:37:19.0656 0716  ComputerName: DENNY
05:37:19.0656 0716  UserName: Denny1
05:37:19.0656 0716  Windows directory: C:\WINDOWS
05:37:19.0656 0716  System windows directory: C:\WINDOWS
05:37:19.0656 0716  Processor architecture: Intel x86
05:37:19.0656 0716  Number of processors: 2
05:37:19.0656 0716  Page size: 0x1000
05:37:19.0656 0716  Boot type: Normal boot
05:37:19.0656 0716  ============================================================
05:37:21.0406 0716  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
05:37:21.0406 0716  Drive \Device\Harddisk1\DR6 - Size: 0x3C1800000 (15.02 Gb), SectorSize: 0x200, Cylinders: 0x7A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:37:21.0406 0716  ============================================================
05:37:21.0406 0716  \Device\Harddisk0\DR0:
05:37:21.0406 0716  MBR partitions:
05:37:21.0406 0716  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0x6A6B0A2
05:37:21.0406 0716  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x742D6DF, BlocksNum 0x6B660E2
05:37:21.0406 0716  \Device\Harddisk1\DR6:
05:37:21.0406 0716  MBR partitions:
05:37:21.0406 0716  \Device\Harddisk1\DR6\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1E0B42A
05:37:21.0406 0716  ============================================================
05:37:21.0453 0716  C: <-> \Device\Harddisk0\DR0\Partition1
05:37:21.0500 0716  D: <-> \Device\Harddisk0\DR0\Partition2
05:37:21.0500 0716  ============================================================
05:37:21.0500 0716  Initialize success
05:37:21.0500 0716  ============================================================
05:38:03.0578 0728  ============================================================
05:38:03.0578 0728  Scan started
05:38:03.0578 0728  Mode: Manual; SigCheck; TDLFS; 
05:38:03.0578 0728  ============================================================
05:38:03.0875 0728  ================ Scan system memory ========================
05:38:03.0875 0728  System memory - ok
05:38:03.0875 0728  ================ Scan services =============================
05:38:03.0984 0728  Abiosdsk - ok
05:38:04.0015 0728  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
05:38:06.0515 0728  abp480n5 - ok
05:38:06.0562 0728  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:38:06.0750 0728  ACPI - ok
05:38:06.0765 0728  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
05:38:06.0906 0728  ACPIEC - ok
05:38:07.0031 0728  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
05:38:07.0031 0728  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
05:38:07.0031 0728  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
05:38:07.0047 0728  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
05:38:07.0172 0728  adpu160m - ok
05:38:07.0203 0728  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
05:38:07.0328 0728  aec - ok
05:38:07.0375 0728  [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
05:38:07.0375 0728  AegisP ( UnsignedFile.Multi.Generic ) - warning
05:38:07.0375 0728  AegisP - detected UnsignedFile.Multi.Generic (1)
05:38:07.0406 0728  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
05:38:07.0484 0728  AFD - ok
05:38:07.0500 0728  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
05:38:07.0640 0728  agp440 - ok
05:38:07.0640 0728  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
05:38:07.0765 0728  agpCPQ - ok
05:38:07.0765 0728  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
05:38:07.0828 0728  Aha154x - ok
05:38:07.0843 0728  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
05:38:07.0968 0728  aic78u2 - ok
05:38:07.0968 0728  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
05:38:08.0093 0728  aic78xx - ok
05:38:08.0125 0728  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
05:38:08.0250 0728  Alerter - ok
05:38:08.0281 0728  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
05:38:08.0390 0728  ALG - ok
05:38:08.0468 0728  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
05:38:08.0593 0728  AliIde - ok
05:38:08.0593 0728  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
05:38:08.0797 0728  alim1541 - ok
05:38:08.0875 0728  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
05:38:09.0000 0728  amdagp - ok
05:38:09.0015 0728  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
05:38:09.0140 0728  amsint - ok
05:38:09.0203 0728  [ 1C51917C9B30530A781F438F6A4AC49F ] AntiVirScheduler C:\Programme\AntiVir PersonalEdition Classic\sched.exe
05:38:09.0203 0728  AntiVirScheduler ( UnsignedFile.Multi.Generic ) - warning
05:38:09.0203 0728  AntiVirScheduler - detected UnsignedFile.Multi.Generic (1)
05:38:09.0234 0728  [ 980825559F7C70B565ADD5F5C71CFE8F ] AntiVirService  C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
05:38:09.0250 0728  AntiVirService ( UnsignedFile.Multi.Generic ) - warning
05:38:09.0250 0728  AntiVirService - detected UnsignedFile.Multi.Generic (1)
05:38:09.0328 0728  [ A9EDDB65C83DB9A78DC228C74B89A788 ] AOL ACS         C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
05:38:09.0406 0728  AOL ACS - ok
05:38:09.0406 0728  AppMgmt - ok
05:38:09.0484 0728  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:38:09.0609 0728  Arp1394 - ok
05:38:09.0640 0728  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
05:38:09.0765 0728  asc - ok
05:38:09.0781 0728  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
05:38:09.0843 0728  asc3350p - ok
05:38:09.0843 0728  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
05:38:09.0968 0728  asc3550 - ok
05:38:09.0984 0728  [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM          C:\WINDOWS\system32\drivers\ASCTRM.sys
05:38:10.0000 0728  ASCTRM ( UnsignedFile.Multi.Generic ) - warning
05:38:10.0000 0728  ASCTRM - detected UnsignedFile.Multi.Generic (1)
05:38:10.0078 0728  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
05:38:10.0093 0728  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
05:38:10.0093 0728  aspnet_state - detected UnsignedFile.Multi.Generic (1)
05:38:10.0125 0728  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:38:10.0234 0728  AsyncMac - ok
05:38:10.0281 0728  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
05:38:10.0390 0728  atapi - ok
05:38:10.0406 0728  Atdisk - ok
05:38:10.0500 0728  [ 5B80E84AF6B02ECAB72DAE9AFEE06309 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
05:38:10.0531 0728  atksgt ( UnsignedFile.Multi.Generic ) - warning
05:38:10.0531 0728  atksgt - detected UnsignedFile.Multi.Generic (1)
05:38:10.0547 0728  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:38:10.0672 0728  Atmarpc - ok
05:38:10.0703 0728  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
05:38:10.0828 0728  AudioSrv - ok
05:38:10.0875 0728  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
05:38:11.0015 0728  audstub - ok
05:38:11.0062 0728  [ 71A751D7F8B0219BCF827596FC5AF318 ] avgio           C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
05:38:11.0062 0728  avgio - ok
05:38:11.0109 0728  [ 37F8550DCD2BB6A3C0D38B48559F0380 ] avgntflt        C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
05:38:11.0125 0728  avgntflt - ok
05:38:11.0250 0728  [ E1EC228D87915050BDF59F6331AD7247 ] AWService       C:\Acer\Empowering Technology\admServ.exe
05:38:11.0312 0728  AWService ( UnsignedFile.Multi.Generic ) - warning
05:38:11.0312 0728  AWService - detected UnsignedFile.Multi.Generic (1)
05:38:11.0375 0728  [ BB1A2A73F993B623F99E03ED2F9E014C ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
05:38:11.0437 0728  b57w2k - ok
05:38:11.0500 0728  [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
05:38:11.0547 0728  bcm4sbxp - ok
05:38:11.0578 0728  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
05:38:11.0703 0728  Beep - ok
05:38:11.0765 0728  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
05:38:11.0906 0728  BITS - ok
05:38:11.0922 0728  Boonty Games - ok
05:38:11.0953 0728  [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
05:38:12.0000 0728  Brother XP spl Service - ok
05:38:12.0047 0728  [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser         C:\WINDOWS\System32\browser.dll
05:38:12.0172 0728  Browser - ok
05:38:12.0203 0728  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\Drivers\BrScnUsb.sys
05:38:12.0250 0728  BrScnUsb - ok
05:38:12.0281 0728  [ F73D41FD3653FE64CC79610F7B240472 ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
05:38:12.0312 0728  btaudio ( UnsignedFile.Multi.Generic ) - warning
05:38:12.0312 0728  btaudio - detected UnsignedFile.Multi.Generic (1)
05:38:12.0343 0728  [ 4854ED2EE57769B9527680978A9DD5B4 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
05:38:12.0375 0728  BTDriver ( UnsignedFile.Multi.Generic ) - warning
05:38:12.0375 0728  BTDriver - detected UnsignedFile.Multi.Generic (1)
05:38:12.0422 0728  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
05:38:12.0547 0728  BthEnum - ok
05:38:12.0562 0728  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
05:38:12.0687 0728  BthPan - ok
05:38:12.0781 0728  [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
05:38:12.0828 0728  BTHPORT - ok
05:38:12.0875 0728  [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ         C:\WINDOWS\System32\bthserv.dll
05:38:12.0984 0728  BthServ - ok
05:38:13.0078 0728  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
05:38:13.0187 0728  BTHUSB - ok
05:38:13.0297 0728  [ 4EBD4EBFF01617FBDA6CE7963F150918 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
05:38:13.0343 0728  BTKRNL ( UnsignedFile.Multi.Generic ) - warning
05:38:13.0343 0728  BTKRNL - detected UnsignedFile.Multi.Generic (1)
05:38:13.0359 0728  [ 6D9F1D03D4EBA886E1626D856762B4F0 ] BTSERIAL        C:\WINDOWS\system32\drivers\btserial.sys
05:38:13.0375 0728  BTSERIAL ( UnsignedFile.Multi.Generic ) - warning
05:38:13.0375 0728  BTSERIAL - detected UnsignedFile.Multi.Generic (1)
05:38:13.0437 0728  [ D9E3B5AAD23BF7EFA6A5DE3C855E0DA2 ] btwdins         c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
05:38:13.0500 0728  btwdins ( UnsignedFile.Multi.Generic ) - warning
05:38:13.0500 0728  btwdins - detected UnsignedFile.Multi.Generic (1)
05:38:13.0531 0728  [ 96708D343264ABAF8AD93C464B2FC9CA ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
05:38:13.0531 0728  BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
05:38:13.0531 0728  BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
05:38:13.0562 0728  [ 3AF5757648A196E2D5E6B9C8E9C5F62E ] btwmodem        C:\WINDOWS\system32\DRIVERS\btwmodem.sys
05:38:13.0578 0728  btwmodem ( UnsignedFile.Multi.Generic ) - warning
05:38:13.0578 0728  btwmodem - detected UnsignedFile.Multi.Generic (1)
05:38:13.0609 0728  [ 589400F357F6CB156A6F804035514DA0 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
05:38:13.0625 0728  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
05:38:13.0625 0728  BTWUSB - detected UnsignedFile.Multi.Generic (1)
05:38:13.0672 0728  [ AFF3D37460CF9F60446CE9294935D6A3 ] CAPI20          C:\WINDOWS\system32\drivers\capi20.sys
05:38:13.0734 0728  CAPI20 ( UnsignedFile.Multi.Generic ) - warning
05:38:13.0734 0728  CAPI20 - detected UnsignedFile.Multi.Generic (1)
05:38:13.0781 0728  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
05:38:13.0906 0728  cbidf - ok
05:38:13.0906 0728  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
05:38:14.0031 0728  cbidf2k - ok
05:38:14.0047 0728  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:38:14.0187 0728  CCDECODE - ok
05:38:14.0187 0728  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
05:38:14.0250 0728  cd20xrnt - ok
05:38:14.0281 0728  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
05:38:14.0453 0728  Cdaudio - ok
05:38:14.0468 0728  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
05:38:14.0593 0728  Cdfs - ok
05:38:14.0672 0728  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:38:14.0797 0728  Cdrom - ok
05:38:14.0797 0728  Changer - ok
05:38:14.0843 0728  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
05:38:14.0953 0728  CiSvc - ok
05:38:15.0047 0728  [ D5C2B2085086C2B594502E23913D1CB8 ] CLCapSvc        C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
05:38:15.0062 0728  CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
05:38:15.0062 0728  CLCapSvc - detected UnsignedFile.Multi.Generic (1)
05:38:15.0109 0728  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
05:38:15.0234 0728  ClipSrv - ok
05:38:15.0250 0728  [ 2303219FA3D03DF12636DBB7AD8B6801 ] CLSched         C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
05:38:15.0265 0728  CLSched ( UnsignedFile.Multi.Generic ) - warning
05:38:15.0265 0728  CLSched - detected UnsignedFile.Multi.Generic (1)
05:38:15.0297 0728  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
05:38:15.0422 0728  CmBatt - ok
05:38:15.0437 0728  [ C687F81290303D90099B027A6474F99F ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
05:38:15.0578 0728  CmdIde - ok
05:38:15.0593 0728  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
05:38:15.0703 0728  Compbatt - ok
05:38:15.0718 0728  COMSysApp - ok
05:38:15.0734 0728  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
05:38:15.0859 0728  Cpqarray - ok
05:38:15.0875 0728  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
05:38:16.0015 0728  CryptSvc - ok
05:38:16.0047 0728  [ 5B417ED5B49D5A65355A81A2A5FBC1E0 ] CyberLink Media Library Service C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
05:38:16.0062 0728  CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
05:38:16.0062 0728  CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
05:38:16.0093 0728  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
05:38:16.0234 0728  dac2w2k - ok
05:38:16.0234 0728  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
05:38:16.0359 0728  dac960nt - ok
05:38:16.0406 0728  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
05:38:16.0453 0728  DcomLaunch - ok
05:38:16.0500 0728  [ 3FD032FE2F2AA9A7C10E37C0D5D8F746 ] DETEWECP        C:\WINDOWS\System32\drivers\detewecp.sys
05:38:16.0531 0728  DETEWECP ( UnsignedFile.Multi.Generic ) - warning
05:38:16.0531 0728  DETEWECP - detected UnsignedFile.Multi.Generic (1)
05:38:16.0562 0728  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
05:38:16.0703 0728  Dhcp - ok
05:38:16.0703 0728  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
05:38:16.0812 0728  Disk - ok
05:38:16.0843 0728  [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr         C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
05:38:16.0859 0728  DKbFltr - ok
05:38:16.0859 0728  dmadmin - ok
05:38:16.0906 0728  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
05:38:17.0062 0728  dmboot - ok
05:38:17.0093 0728  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
05:38:17.0234 0728  dmio - ok
05:38:17.0265 0728  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
05:38:17.0390 0728  dmload - ok
05:38:17.0484 0728  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
05:38:17.0593 0728  dmserver - ok
05:38:17.0609 0728  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
05:38:17.0734 0728  DMusic - ok
05:38:17.0765 0728  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
05:38:17.0875 0728  Dnscache - ok
05:38:17.0922 0728  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
05:38:18.0047 0728  Dot3svc - ok
05:38:18.0062 0728  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
05:38:18.0187 0728  dpti2o - ok
05:38:18.0218 0728  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
05:38:18.0328 0728  drmkaud - ok
05:38:18.0390 0728  [ 828EEE272EFD4784FD5DEE5F6FBCC396 ] dtwmnic5        C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys
05:38:18.0406 0728  dtwmnic5 ( UnsignedFile.Multi.Generic ) - warning
05:38:18.0406 0728  dtwmnic5 - detected UnsignedFile.Multi.Generic (1)
05:38:18.0453 0728  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
05:38:18.0593 0728  EapHost - ok
05:38:18.0625 0728  [ 5AEE9EEDCFBF2B0F9DEC53C27EE722A3 ] EMSCR           C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
05:38:18.0703 0728  EMSCR - ok
05:38:18.0703 0728  [ D68564FCFBDFC04280CDBBB37CF7EF7F ] EpmPsd          C:\WINDOWS\system32\drivers\epm-psd.sys
05:38:18.0734 0728  EpmPsd ( UnsignedFile.Multi.Generic ) - warning
05:38:18.0734 0728  EpmPsd - detected UnsignedFile.Multi.Generic (1)
05:38:18.0734 0728  [ 50425CBD80468BF53BA90F0D7CC61805 ] EpmShd          C:\WINDOWS\system32\drivers\epm-shd.sys
05:38:18.0750 0728  EpmShd ( UnsignedFile.Multi.Generic ) - warning
05:38:18.0750 0728  EpmShd - detected UnsignedFile.Multi.Generic (1)
05:38:18.0781 0728  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
05:38:18.0906 0728  ERSvc - ok
05:38:18.0906 0728  [ 8E56AB21D10C368029CEA57DE47D79C2 ] ESDCR           C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
05:38:18.0922 0728  ESDCR - ok
05:38:18.0922 0728  [ 0A58FADE5E12D3A611427292073362CB ] ESMCR           C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
05:38:18.0953 0728  ESMCR - ok
05:38:19.0015 0728  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
05:38:19.0031 0728  Eventlog - ok
05:38:19.0062 0728  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
05:38:19.0109 0728  EventSystem - ok
05:38:19.0156 0728  [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
05:38:19.0187 0728  EvtEng ( UnsignedFile.Multi.Generic ) - warning
05:38:19.0187 0728  EvtEng - detected UnsignedFile.Multi.Generic (1)
05:38:19.0218 0728  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
05:38:19.0328 0728  Fastfat - ok
05:38:19.0359 0728  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
05:38:19.0390 0728  FastUserSwitchingCompatibility - ok
05:38:19.0437 0728  [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax             C:\WINDOWS\system32\fxssvc.exe
05:38:19.0578 0728  Fax - ok
05:38:19.0656 0728  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
05:38:19.0765 0728  Fdc - ok
05:38:19.0781 0728  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
05:38:19.0906 0728  Fips - ok
05:38:19.0937 0728  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
05:38:20.0062 0728  Flpydisk - ok
05:38:20.0078 0728  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
05:38:20.0203 0728  FltMgr - ok
05:38:20.0203 0728  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:38:20.0328 0728  Fs_Rec - ok
05:38:20.0328 0728  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:38:20.0468 0728  Ftdisk - ok
05:38:20.0515 0728  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:38:20.0640 0728  Gpc - ok
05:38:20.0672 0728  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
05:38:20.0687 0728  gusvc - ok
05:38:20.0718 0728  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:38:20.0843 0728  HDAudBus - ok
05:38:20.0890 0728  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:38:21.0015 0728  helpsvc - ok
05:38:21.0031 0728  HidServ - ok
05:38:21.0047 0728  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:38:21.0187 0728  HidUsb - ok
05:38:21.0218 0728  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
05:38:21.0328 0728  hkmsvc - ok
05:38:21.0359 0728  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
05:38:21.0484 0728  hpn - ok
05:38:21.0547 0728  [ A902A7E76C245210EEE9EF5185158E9C ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
05:38:21.0625 0728  HSFHWAZL - ok
05:38:21.0703 0728  [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
05:38:21.0750 0728  HSF_DPV - ok
05:38:21.0781 0728  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
05:38:21.0812 0728  HTTP - ok
05:38:21.0843 0728  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
05:38:21.0968 0728  HTTPFilter - ok
05:38:22.0062 0728  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
05:38:22.0203 0728  i2omgmt - ok
05:38:22.0218 0728  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
05:38:22.0343 0728  i2omp - ok
05:38:22.0375 0728  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:38:22.0500 0728  i8042prt - ok
05:38:22.0562 0728  [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
05:38:22.0656 0728  ialm - ok
05:38:22.0703 0728  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
05:38:22.0734 0728  IDriverT ( UnsignedFile.Multi.Generic ) - warning
05:38:22.0734 0728  IDriverT - detected UnsignedFile.Multi.Generic (1)
05:38:22.0750 0728  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
05:38:22.0875 0728  Imapi - ok
05:38:22.0906 0728  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
05:38:23.0031 0728  ImapiService - ok
05:38:23.0062 0728  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
05:38:23.0187 0728  ini910u - ok
05:38:23.0281 0728  [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15.sys       C:\Acer\Empowering Technology\eRecovery\int15.sys
05:38:23.0281 0728  int15.sys ( UnsignedFile.Multi.Generic ) - warning
05:38:23.0297 0728  int15.sys - detected UnsignedFile.Multi.Generic (1)
05:38:23.0500 0728  [ 909D03B3B7FB7C830B74F74F4D0EA7CE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
05:38:23.0984 0728  IntcAzAudAddService - ok
05:38:24.0031 0728  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
05:38:24.0156 0728  IntelIde - ok
05:38:24.0203 0728  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:38:24.0312 0728  intelppm - ok
05:38:24.0343 0728  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
05:38:24.0468 0728  Ip6Fw - ok
05:38:24.0500 0728  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:38:24.0625 0728  IpFilterDriver - ok
05:38:24.0656 0728  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:38:24.0765 0728  IpInIp - ok
05:38:24.0859 0728  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:38:24.0968 0728  IpNat - ok
05:38:25.0047 0728  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:38:25.0172 0728  IPSec - ok
05:38:25.0203 0728  [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
05:38:25.0328 0728  irda - ok
05:38:25.0343 0728  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
05:38:25.0468 0728  IRENUM - ok
05:38:25.0578 0728  [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon           C:\WINDOWS\System32\irmon.dll
05:38:25.0703 0728  Irmon - ok
05:38:25.0718 0728  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:38:25.0828 0728  isapnp - ok
05:38:25.0906 0728  [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
05:38:25.0922 0728  JavaQuickStarterService - ok
05:38:25.0968 0728  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:38:26.0093 0728  Kbdclass - ok
05:38:26.0140 0728  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
05:38:26.0265 0728  kmixer - ok
05:38:26.0281 0728  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
05:38:26.0359 0728  KSecDD - ok
05:38:26.0406 0728  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
05:38:26.0468 0728  lanmanserver - ok
05:38:26.0515 0728  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
05:38:26.0562 0728  lanmanworkstation - ok
05:38:26.0562 0728  lbrtfdc - ok
05:38:26.0609 0728  [ 452ECFC32A4B5D9A761E113F149E1B9E ] LHidKe          C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
05:38:26.0640 0728  LHidKe - ok
05:38:26.0672 0728  [ 9C92312DD1AB42E627710FB89BBBCD1E ] LHidUsbK        C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
05:38:26.0703 0728  LHidUsbK - ok
05:38:26.0765 0728  [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
05:38:26.0781 0728  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
05:38:26.0781 0728  LightScribeService - detected UnsignedFile.Multi.Generic (1)
05:38:26.0797 0728  [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
05:38:26.0812 0728  lirsgt ( UnsignedFile.Multi.Generic ) - warning
05:38:26.0812 0728  lirsgt - detected UnsignedFile.Multi.Generic (1)
05:38:26.0843 0728  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
05:38:26.0968 0728  LmHosts - ok
05:38:26.0968 0728  [ 95871E8C4AECFED95F884D2D10B8BCFB ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
05:38:27.0000 0728  LMouKE - ok
05:38:27.0015 0728  [ C5EFBD05A5195402121711A6EBBB271F ] LVUSBSta        C:\WINDOWS\system32\drivers\lvusbsta.sys
05:38:27.0062 0728  LVUSBSta - ok
05:38:27.0078 0728  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
05:38:27.0140 0728  MBAMProtector - ok
05:38:27.0203 0728  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
05:38:27.0250 0728  MBAMService - ok
05:38:27.0281 0728  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
05:38:27.0297 0728  mdmxsdk - ok
05:38:27.0343 0728  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
05:38:27.0468 0728  Messenger - ok
05:38:27.0484 0728  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
05:38:27.0609 0728  mnmdd - ok
05:38:27.0625 0728  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
05:38:27.0750 0728  mnmsrvc - ok
05:38:27.0781 0728  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
05:38:27.0906 0728  Modem - ok
05:38:27.0922 0728  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:38:28.0047 0728  Mouclass - ok
05:38:28.0062 0728  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:38:28.0187 0728  mouhid - ok
05:38:28.0203 0728  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
05:38:28.0328 0728  MountMgr - ok
05:38:28.0328 0728  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
05:38:28.0468 0728  mraid35x - ok
05:38:28.0484 0728  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:38:28.0609 0728  MRxDAV - ok
05:38:28.0672 0728  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:38:28.0718 0728  MRxSmb - ok
05:38:28.0765 0728  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
05:38:28.0890 0728  MSDTC - ok
05:38:28.0890 0728  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
05:38:29.0015 0728  Msfs - ok
05:38:29.0031 0728  MSIServer - ok
05:38:29.0047 0728  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:38:29.0156 0728  MSKSSRV - ok
05:38:29.0187 0728  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:38:29.0312 0728  MSPCLOCK - ok
05:38:29.0312 0728  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
05:38:29.0422 0728  MSPQM - ok
05:38:29.0468 0728  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:38:29.0578 0728  mssmbios - ok
05:38:29.0578 0728  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
05:38:29.0703 0728  MSTEE - ok
05:38:29.0718 0728  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
05:38:29.0765 0728  Mup - ok
05:38:29.0781 0728  [ E91FC8B52D21E38317DC61A3C7CCFA4B ] MxlW2k          C:\WINDOWS\system32\drivers\MxlW2k.sys
05:38:29.0797 0728  MxlW2k ( UnsignedFile.Multi.Generic ) - warning
05:38:29.0797 0728  MxlW2k - detected UnsignedFile.Multi.Generic (1)
05:38:29.0812 0728  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:38:29.0937 0728  NABTSFEC - ok
05:38:29.0984 0728  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
05:38:30.0109 0728  napagent - ok
05:38:30.0172 0728  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
05:38:30.0297 0728  NDIS - ok
05:38:30.0343 0728  [ 1F76996253071CBAE0A5AB5D8551EF88 ] NdisFilt        C:\WINDOWS\system32\Drivers\NdisFilt.sys
05:38:30.0359 0728  NdisFilt ( UnsignedFile.Multi.Generic ) - warning
05:38:30.0359 0728  NdisFilt - detected UnsignedFile.Multi.Generic (1)
05:38:30.0375 0728  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:38:30.0500 0728  NdisIP - ok
05:38:30.0515 0728  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:38:30.0593 0728  NdisTapi - ok
05:38:30.0609 0728  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:38:30.0750 0728  Ndisuio - ok
05:38:30.0750 0728  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:38:30.0875 0728  NdisWan - ok
05:38:30.0906 0728  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
05:38:30.0953 0728  NDProxy - ok
05:38:30.0984 0728  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
05:38:31.0109 0728  NetBIOS - ok
05:38:31.0156 0728  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
05:38:31.0281 0728  NetBT - ok
05:38:31.0328 0728  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
05:38:31.0437 0728  NetDDE - ok
05:38:31.0437 0728  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
05:38:31.0562 0728  NetDDEdsdm - ok
05:38:31.0578 0728  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
05:38:31.0687 0728  Netlogon - ok
05:38:31.0718 0728  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
05:38:31.0859 0728  Netman - ok
05:38:31.0890 0728  [ 6A25F27202F3122A44A6B74EE46E7A76 ] NETMNT          C:\WINDOWS\system32\DRIVERS\NETMNT.sys
05:38:31.0890 0728  NETMNT ( UnsignedFile.Multi.Generic ) - warning
05:38:31.0890 0728  NETMNT - detected UnsignedFile.Multi.Generic (1)
05:38:31.0922 0728  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:38:32.0047 0728  NIC1394 - ok
05:38:32.0093 0728  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
05:38:32.0125 0728  Nla - ok
05:38:32.0140 0728  [ E380BBCAD640304737650367DDFA2366 ] nmwcd           C:\WINDOWS\system32\drivers\nmwcd.sys
05:38:32.0234 0728  nmwcd - ok
05:38:32.0281 0728  [ 9C9FF3EC04021234D6F440ACBD3B70C1 ] nmwcdcj         C:\WINDOWS\system32\drivers\nmwcdcj.sys
05:38:32.0328 0728  nmwcdcj - ok
05:38:32.0359 0728  [ D21FEE8DB254BA762656878168AC1DB6 ] NPF             C:\WINDOWS\system32\drivers\npf.sys
05:38:32.0359 0728  NPF ( UnsignedFile.Multi.Generic ) - warning
05:38:32.0359 0728  NPF - detected UnsignedFile.Multi.Generic (1)
05:38:32.0375 0728  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
05:38:32.0500 0728  Npfs - ok
05:38:32.0547 0728  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
05:38:32.0687 0728  Ntfs - ok
05:38:32.0734 0728  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
05:38:32.0750 0728  NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
05:38:32.0750 0728  NTIDrvr - detected UnsignedFile.Multi.Generic (1)
05:38:32.0765 0728  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
05:38:32.0875 0728  NtLmSsp - ok
05:38:32.0922 0728  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
05:38:33.0047 0728  NtmsSvc - ok
05:38:33.0078 0728  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
05:38:33.0203 0728  Null - ok
05:38:33.0343 0728  [ E1B2978921351B8C21A256BC4E93034C ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:38:33.0687 0728  nv - ok
05:38:33.0734 0728  [ F5BB18381410676BC77BF0D612D65590 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
05:38:33.0765 0728  NVSvc - ok
05:38:33.0812 0728  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:38:33.0937 0728  NwlnkFlt - ok
05:38:33.0953 0728  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:38:34.0062 0728  NwlnkFwd - ok
05:38:34.0078 0728  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:38:34.0203 0728  ohci1394 - ok
05:38:34.0218 0728  [ 26C4A4B64D1DD8E6FDFB2F4897BE029C ] OsaFsLoc        C:\WINDOWS\system32\drivers\OsaFsLoc.sys
05:38:34.0218 0728  OsaFsLoc ( UnsignedFile.Multi.Generic ) - warning
05:38:34.0218 0728  OsaFsLoc - detected UnsignedFile.Multi.Generic (1)
05:38:34.0250 0728  [ 9D1177C2A8DE936B33D85FF75E8CBF1A ] osaio           C:\WINDOWS\system32\drivers\osaio.sys
05:38:34.0265 0728  osaio ( UnsignedFile.Multi.Generic ) - warning
05:38:34.0265 0728  osaio - detected UnsignedFile.Multi.Generic (1)
05:38:34.0265 0728  [ 3245BEE5176697FAF0744A2E1288DC77 ] osanbm          C:\WINDOWS\system32\drivers\osanbm.sys
05:38:34.0265 0728  osanbm ( UnsignedFile.Multi.Generic ) - warning
05:38:34.0265 0728  osanbm - detected UnsignedFile.Multi.Generic (1)
05:38:34.0312 0728  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
05:38:34.0437 0728  Parport - ok
05:38:34.0437 0728  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
05:38:34.0562 0728  PartMgr - ok
05:38:34.0578 0728  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
05:38:34.0718 0728  ParVdm - ok
05:38:34.0718 0728  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
05:38:34.0828 0728  PCI - ok
05:38:34.0843 0728  PCIDump - ok
05:38:34.0843 0728  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
05:38:34.0968 0728  PCIIde - ok
05:38:34.0968 0728  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
05:38:35.0093 0728  Pcmcia - ok
05:38:35.0093 0728  PDCOMP - ok
05:38:35.0093 0728  PDFRAME - ok
05:38:35.0109 0728  PDRELI - ok
05:38:35.0109 0728  PDRFRAME - ok
05:38:35.0156 0728  [ 2A3EFD6C3F116675D149DA5E36A010A4 ] pepifilter      C:\WINDOWS\system32\DRIVERS\lv302af.sys
05:38:35.0172 0728  pepifilter - ok
05:38:35.0187 0728  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
05:38:35.0312 0728  perc2 - ok
05:38:35.0312 0728  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
05:38:35.0437 0728  perc2hib - ok
05:38:35.0515 0728  [ CEBEFEAE6156F4FEE41F56BE89EA9C96 ] PID_08A0        C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
05:38:35.0578 0728  PID_08A0 - ok
05:38:35.0593 0728  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
05:38:35.0625 0728  PlugPlay - ok
05:38:35.0640 0728  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
05:38:35.0750 0728  PolicyAgent - ok
05:38:35.0781 0728  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:38:35.0922 0728  PptpMiniport - ok
05:38:35.0922 0728  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
05:38:36.0031 0728  ProtectedStorage - ok
05:38:36.0047 0728  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
05:38:36.0156 0728  PSched - ok
05:38:36.0172 0728  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:38:36.0297 0728  Ptilink - ok
05:38:36.0312 0728  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:38:36.0328 0728  PxHelp20 - ok
05:38:36.0343 0728  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
05:38:36.0453 0728  ql1080 - ok
05:38:36.0453 0728  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
05:38:36.0593 0728  Ql10wnt - ok
05:38:36.0593 0728  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
05:38:36.0718 0728  ql12160 - ok
05:38:36.0718 0728  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
05:38:36.0843 0728  ql1240 - ok
05:38:36.0843 0728  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
05:38:36.0968 0728  ql1280 - ok
05:38:36.0984 0728  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:38:37.0109 0728  RasAcd - ok
05:38:37.0156 0728  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
05:38:37.0265 0728  RasAuto - ok
05:38:37.0281 0728  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
05:38:37.0343 0728  Rasirda - ok
05:38:37.0359 0728  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:38:37.0484 0728  Rasl2tp - ok
05:38:37.0500 0728  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
05:38:37.0640 0728  RasMan - ok
05:38:37.0640 0728  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:38:37.0765 0728  RasPppoe - ok
05:38:37.0765 0728  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
05:38:37.0890 0728  Raspti - ok
05:38:37.0937 0728  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:38:38.0047 0728  Rdbss - ok
05:38:38.0062 0728  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:38:38.0187 0728  RDPCDD - ok
05:38:38.0218 0728  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:38:38.0359 0728  rdpdr - ok
05:38:38.0375 0728  [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
05:38:38.0406 0728  RDPWD - ok
05:38:38.0437 0728  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
05:38:38.0562 0728  RDSessMgr - ok
05:38:38.0593 0728  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
05:38:38.0703 0728  redbook - ok
05:38:38.0734 0728  [ 1B2857EF12D79A9F9ADBA14B0637CBF8 ] RegSrvc         C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
05:38:38.0750 0728  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
05:38:38.0750 0728  RegSrvc - detected UnsignedFile.Multi.Generic (1)
05:38:38.0797 0728  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
05:38:38.0922 0728  RemoteAccess - ok
05:38:38.0953 0728  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
05:38:39.0062 0728  RFCOMM - ok
05:38:39.0109 0728  [ A76CDDB6D1F25797843E2557A2118E2E ] RichVideo       C:\Programme\CyberLink\Shared Files\RichVideo.exe
05:38:39.0109 0728  RichVideo ( UnsignedFile.Multi.Generic ) - warning
05:38:39.0109 0728  RichVideo - detected UnsignedFile.Multi.Generic (1)
05:38:39.0156 0728  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
05:38:39.0281 0728  ROOTMODEM - ok
05:38:39.0312 0728  [ 67C607857CCD6EBFFE768DAD5B2CA239 ] rpcapd          C:\Programme\WinPcap\rpcapd.exe
05:38:39.0312 0728  rpcapd ( UnsignedFile.Multi.Generic ) - warning
05:38:39.0312 0728  rpcapd - detected UnsignedFile.Multi.Generic (1)
05:38:39.0359 0728  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
05:38:39.0484 0728  RpcLocator - ok
05:38:39.0515 0728  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
05:38:39.0578 0728  RpcSs - ok
05:38:39.0625 0728  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
05:38:39.0734 0728  RSVP - ok
05:38:39.0797 0728  [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
05:38:39.0828 0728  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
05:38:39.0828 0728  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
05:38:39.0843 0728  [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
05:38:39.0859 0728  s24trans ( UnsignedFile.Multi.Generic ) - warning
05:38:39.0859 0728  s24trans - detected UnsignedFile.Multi.Generic (1)
05:38:39.0875 0728  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
05:38:39.0984 0728  SamSs - ok
05:38:40.0015 0728  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
05:38:40.0140 0728  SCardSvr - ok
05:38:40.0187 0728  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
05:38:40.0312 0728  Schedule - ok
05:38:40.0375 0728  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
05:38:40.0500 0728  sdbus - ok
05:38:40.0515 0728  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:38:40.0625 0728  Secdrv - ok
05:38:40.0672 0728  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
05:38:40.0797 0728  seclogon - ok
05:38:40.0797 0728  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
05:38:40.0922 0728  SENS - ok
05:38:40.0937 0728  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
05:38:41.0078 0728  Serial - ok
05:38:41.0093 0728  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
05:38:41.0203 0728  Sfloppy - ok
05:38:41.0250 0728  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
05:38:41.0390 0728  SharedAccess - ok
05:38:41.0406 0728  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
05:38:41.0422 0728  ShellHWDetection - ok
05:38:41.0422 0728  Simbad - ok
05:38:41.0453 0728  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
05:38:41.0578 0728  sisagp - ok
05:38:41.0609 0728  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:38:41.0734 0728  SLIP - ok
05:38:41.0812 0728  [ 430FED71726B8C2FAE685654032537AA ] SmartSurferManager C:\Programme\WEB.DE SmartSurfer\SmurfService.exe
05:38:41.0828 0728  SmartSurferManager - ok
05:38:41.0843 0728  [ A8EB0AA07632A4C936FF6F8EDA5BDEAD ] SMCIRDA         C:\WINDOWS\system32\DRIVERS\smcirda.sys
05:38:41.0906 0728  SMCIRDA - ok
05:38:41.0906 0728  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
05:38:41.0984 0728  Sparrow - ok
05:38:42.0000 0728  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
05:38:42.0125 0728  splitter - ok
05:38:42.0172 0728  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
05:38:42.0203 0728  Spooler - ok
05:38:42.0234 0728  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
05:38:42.0359 0728  sr - ok
05:38:42.0406 0728  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
05:38:42.0531 0728  srservice - ok
05:38:42.0562 0728  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
05:38:42.0656 0728  Srv - ok
05:38:42.0672 0728  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
05:38:42.0797 0728  SSDPSRV - ok
05:38:42.0843 0728  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
05:38:42.0968 0728  stisvc - ok
05:38:43.0000 0728  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:38:43.0125 0728  streamip - ok
05:38:43.0172 0728  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
05:38:43.0281 0728  swenum - ok
05:38:43.0312 0728  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
05:38:43.0437 0728  swmidi - ok
05:38:43.0437 0728  SwPrv - ok
05:38:43.0468 0728  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
05:38:43.0609 0728  symc810 - ok
05:38:43.0609 0728  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
05:38:43.0734 0728  symc8xx - ok
05:38:43.0734 0728  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
05:38:43.0859 0728  sym_hi - ok
05:38:43.0859 0728  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
05:38:43.0984 0728  sym_u3 - ok
05:38:44.0015 0728  [ 66F680409FC3BDDF62741E3E920A8454 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
05:38:44.0062 0728  SynTP - ok
05:38:44.0078 0728  [ E0C67BE430C6DE490D6CCAECFA071F9E ] Sysatedechas    C:\WINDOWS\system32\drivers\UBHelper.sys
05:38:44.0078 0728  Sysatedechas ( UnsignedFile.Multi.Generic ) - warning
05:38:44.0078 0728  Sysatedechas - detected UnsignedFile.Multi.Generic (1)
05:38:44.0125 0728  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
05:38:44.0250 0728  sysaudio - ok
05:38:44.0297 0728  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
05:38:44.0422 0728  SysmonLog - ok
05:38:44.0453 0728  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
05:38:44.0578 0728  TapiSrv - ok
05:38:44.0609 0728  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:38:44.0640 0728  Tcpip - ok
05:38:44.0672 0728  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
05:38:44.0797 0728  TDPIPE - ok
05:38:44.0797 0728  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
05:38:44.0937 0728  TDTCP - ok
05:38:44.0953 0728  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
05:38:45.0078 0728  TermDD - ok
05:38:45.0125 0728  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
05:38:45.0250 0728  TermService - ok
05:38:45.0281 0728  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
05:38:45.0297 0728  Themes - ok
05:38:45.0312 0728  [ D213A9247DC347F305A2D4CC9B951487 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
05:38:45.0437 0728  TosIde - ok
05:38:45.0453 0728  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
05:38:45.0578 0728  TrkWks - ok
05:38:45.0578 0728  [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper        C:\WINDOWS\system32\drivers\UBHelper.sys
05:38:45.0593 0728  UBHelper ( UnsignedFile.Multi.Generic ) - warning
05:38:45.0593 0728  UBHelper - detected UnsignedFile.Multi.Generic (1)
05:38:45.0609 0728  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
05:38:45.0765 0728  Udfs - ok
05:38:45.0765 0728  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
05:38:45.0828 0728  ultra - ok
05:38:45.0875 0728  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
05:38:45.0984 0728  Update - ok
05:38:46.0031 0728  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
05:38:46.0172 0728  upnphost - ok
05:38:46.0203 0728  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
05:38:46.0328 0728  UPS - ok
05:38:46.0359 0728  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
05:38:46.0484 0728  usbaudio - ok
05:38:46.0500 0728  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:38:46.0609 0728  usbccgp - ok
05:38:46.0656 0728  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:38:46.0781 0728  usbehci - ok
05:38:46.0797 0728  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:38:46.0922 0728  usbhub - ok
05:38:46.0953 0728  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:38:47.0062 0728  usbprint - ok
05:38:47.0078 0728  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:38:47.0187 0728  USBSTOR - ok
05:38:47.0218 0728  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:38:47.0343 0728  usbuhci - ok
05:38:47.0422 0728  [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc         C:\Programme\Windows Live\Messenger\usnsvc.exe
05:38:47.0437 0728  usnjsvc - ok
05:38:47.0453 0728  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
05:38:47.0578 0728  VgaSave - ok
05:38:47.0625 0728  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
05:38:47.0734 0728  viaagp - ok
05:38:47.0734 0728  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
05:38:47.0859 0728  ViaIde - ok
05:38:47.0875 0728  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
05:38:48.0015 0728  VolSnap - ok
05:38:48.0062 0728  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
05:38:48.0172 0728  VSS - ok
05:38:48.0218 0728  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
05:38:48.0343 0728  W32Time - ok
05:38:48.0422 0728  [ C79918A5BD269035F3A34D157401B9DF ] w39n51          C:\WINDOWS\system32\DRIVERS\w39n51.sys
05:38:48.0515 0728  w39n51 - ok
05:38:48.0593 0728  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:38:48.0718 0728  Wanarp - ok
05:38:48.0750 0728  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
05:38:48.0828 0728  wanatw - ok
05:38:48.0828 0728  WDICA - ok
05:38:48.0843 0728  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
05:38:49.0000 0728  wdmaud - ok
05:38:49.0031 0728  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
05:38:49.0156 0728  WebClient - ok
05:38:49.0203 0728  [ C1D5CBD8AA0D674DA1BA1BB189696396 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
05:38:49.0265 0728  winachsf - ok
05:38:49.0359 0728  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
05:38:49.0484 0728  winmgmt - ok
05:38:49.0547 0728  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Programme\Windows Live\installer\WLSetupSvc.exe
05:38:49.0609 0728  WLSetupSvc - ok
05:38:49.0640 0728  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
05:38:49.0672 0728  WmdmPmSN - ok
05:38:49.0687 0728  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
05:38:49.0812 0728  WmiAcpi - ok
05:38:49.0859 0728  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
05:38:50.0000 0728  WmiApSrv - ok
05:38:50.0078 0728  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
05:38:50.0140 0728  WMPNetworkSvc - ok
05:38:50.0218 0728  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
05:38:50.0343 0728  wscsvc - ok
05:38:50.0375 0728  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:38:50.0500 0728  WSTCODEC - ok
05:38:50.0531 0728  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
05:38:50.0640 0728  wuauserv - ok
05:38:50.0687 0728  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:38:50.0718 0728  WudfPf - ok
05:38:50.0718 0728  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:38:50.0750 0728  WudfRd - ok
05:38:50.0797 0728  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
05:38:50.0828 0728  WudfSvc - ok
05:38:50.0890 0728  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
05:38:51.0015 0728  WZCSVC - ok
05:38:51.0047 0728  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
05:38:51.0172 0728  xmlprov - ok
05:38:51.0218 0728  ================ Scan global ===============================
05:38:51.0265 0728  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
05:38:51.0312 0728  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
05:38:51.0328 0728  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
05:38:51.0343 0728  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
05:38:51.0343 0728  [Global] - ok
05:38:51.0343 0728  ================ Scan MBR ==================================
05:38:51.0375 0728  [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
05:38:55.0093 0728  \Device\Harddisk0\DR0 - ok
05:38:55.0093 0728  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR6
05:38:55.0250 0728  \Device\Harddisk1\DR6 - ok
05:38:55.0250 0728  ================ Scan VBR ==================================
05:38:55.0250 0728  [ 725AF7F0294DEC86036747CFAF35DD8A ] \Device\Harddisk0\DR0\Partition1
05:38:55.0250 0728  \Device\Harddisk0\DR0\Partition1 - ok
05:38:55.0281 0728  [ C341A3560CF224B81B281BA646733D62 ] \Device\Harddisk0\DR0\Partition2
05:38:55.0281 0728  \Device\Harddisk0\DR0\Partition2 - ok
05:38:55.0281 0728  [ EC82E7311077FCA615D6CF5DE4F30DC9 ] \Device\Harddisk1\DR6\Partition1
05:38:55.0281 0728  \Device\Harddisk1\DR6\Partition1 - ok
05:38:55.0281 0728  ============================================================
05:38:55.0281 0728  Scan finished
05:38:55.0281 0728  ============================================================
05:38:55.0390 2164  Detected object count: 44
05:38:55.0390 2164  Actual detected object count: 44
05:55:37.0922 2164  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0922 2164  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0922 2164  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0922 2164  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0922 2164  AntiVirScheduler ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0922 2164  AntiVirScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0922 2164  AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0922 2164  AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0937 2164  ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0937 2164  ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0937 2164  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0937 2164  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0937 2164  atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0937 2164  atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0937 2164  AWService ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0937 2164  AWService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0937 2164  btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0937 2164  btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0937 2164  BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0937 2164  BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0937 2164  BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0937 2164  BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0937 2164  BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0937 2164  BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0953 2164  btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0953 2164  btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0953 2164  BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0953 2164  BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0953 2164  btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0953 2164  btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0953 2164  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0953 2164  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0953 2164  CAPI20 ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0953 2164  CAPI20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0953 2164  CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0953 2164  CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0953 2164  CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0953 2164  CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0953 2164  CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0953 2164  CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0968 2164  DETEWECP ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0968 2164  DETEWECP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0968 2164  dtwmnic5 ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0968 2164  dtwmnic5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0968 2164  EpmPsd ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0968 2164  EpmPsd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0968 2164  EpmShd ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0968 2164  EpmShd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0968 2164  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0968 2164  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0968 2164  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0968 2164  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0968 2164  int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0968 2164  int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0968 2164  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0968 2164  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0984 2164  lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0984 2164  lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0984 2164  MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0984 2164  MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0984 2164  NdisFilt ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0984 2164  NdisFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0984 2164  NETMNT ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0984 2164  NETMNT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0984 2164  NPF ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0984 2164  NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0984 2164  NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0984 2164  NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0984 2164  OsaFsLoc ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0984 2164  OsaFsLoc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:37.0984 2164  osaio ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:37.0984 2164  osaio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:38.0000 2164  osanbm ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:38.0000 2164  osanbm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:38.0000 2164  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:38.0000 2164  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:38.0000 2164  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:38.0000 2164  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:38.0000 2164  rpcapd ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:38.0000 2164  rpcapd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:38.0000 2164  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:38.0000 2164  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:38.0000 2164  s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:38.0000 2164  s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:38.0000 2164  Sysatedechas ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:38.0000 2164  Sysatedechas ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:55:38.0000 2164  UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
05:55:38.0000 2164  UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

Silvio

cosinus · 11.09.2012, 15:49

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Technofreak1 · 11.09.2012, 18:34

Hallo

hier das Log:

[CODE]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-09-11.02 - Denny1 11.09.2012  19:16:52.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.530 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
AV: Avira AntiVir PersonalEdition *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {8597C47C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {86521C0C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85430B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559971C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858FA054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8591AC14-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8599349C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {859A529C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {859AABFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {859B6BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {859EB3B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {860F8A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8621CBFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8625A8E4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862DADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863118EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8631CA4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8631CBEC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863294FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8633ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86348BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86369054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8636A6D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8636D544-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86386DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8638A7BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86397B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8639C634-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8639DDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863A758C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863A8B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863B1054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863B8534-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863CCBFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863F6474-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863F67F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863FE5C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86406DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8640CA1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8640D784-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86414A4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86420B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8642B72C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86436A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8643865C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8643DDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8643F65C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86443924-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8644F984-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86452DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8645A36C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8646033C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86468DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86477BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86479A4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8647C46C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8647CDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86483C8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86487DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8648BA6C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8648F65C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86491BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86492624-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8649BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864A3DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864A4DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864A7704-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864AD65C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864B5DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864BA984-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864CCDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864D5A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864D5B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864D5DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864DB6AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864DC364-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864E0A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864E84F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864FD34C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864FD51C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865007CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86507874-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8650962C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8650C7A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8651A47C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8651B054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8651E3DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865259DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86525BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8652B054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8652B49C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8652D69C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8652DDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8654135C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86541A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865477EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8654B5C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8654E7A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8654E7F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86551DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86554684-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86555884-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8655D964-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86563DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86564054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8657E5E4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8658537C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8658F65C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659041C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86592054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86597054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659A43C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659E794-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659F654-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659FA1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659FB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865BBBFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865C1834-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865C3A84-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865DD634-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86608704-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86682DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86698DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {866A56CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {866A5DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {866B2664-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {866B5BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {866CE920-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8676E684-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {FFDFF540-FFA4-00EF-0D24-347CA8A3377C}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\Denny1\LOKALE~1\Temp\IadHide4.dll
c:\dokumente und einstellungen\Denny1\Lokale Einstellungen\Anwendungsdaten\I Want This
c:\dokumente und einstellungen\Denny1\Lokale Einstellungen\Anwendungsdaten\I Want This\Chrome\VfVeeeqyuQuGxpXpn
c:\dokumente und einstellungen\Denny1\Lokale Einstellungen\Temp\IadHide4.dll
c:\programme\WinPCap
c:\programme\WinPCap\daemon_mgm.exe
c:\programme\WinPCap\npf_mgm.exe
c:\programme\WinPCap\rpcapd.exe
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\WindowsUpdate.log
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\ServicePackFiles\i386\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-11 bis 2012-09-11  ))))))))))))))))))))))))))))))
.
.
2012-09-10 20:44 . 2012-09-10 20:44	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2012-09-04 18:22 . 2012-09-04 18:21	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-04 18:22 . 2012-09-04 18:21	473072	----a-w-	c:\windows\system32\deployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 18:21 . 2007-05-24 21:10	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-07-26 18:48 . 2012-07-26 18:47	102400	----a-w-	c:\windows\RegBootClean.exe
2012-07-03 11:46 . 2012-07-30 19:59	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-29 15:12 . 2012-02-23 19:01	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-19 20480]
"LogitechSoftwareUpdate"="c:\programme\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"updateMgr"="c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ntiMUI"="c:\programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-08-29 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600]
"nwiz"="nwiz.exe" [2006-06-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-08-09 151552]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2012-07-16 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\programme\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"MMTray"="c:\programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-03-31 114688]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"RealTray"="c:\programme\Real\RealPlayer\RealPlay.exe" [2006-08-29 26112]
"avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-06 262401]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-8 113664]
Adobe Reader Speed Launch.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
AOL 9.0 Tray-Symbol.lnk - c:\programme\AOL 9.0\aoltray.exe [2004-5-10 156784]
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
CAPIControl.lnk - c:\programme\DeTeWe\OpenCom X32\Capictrl.exe [2005-9-9 290913]
HomeNet Control.lnk - c:\programme\DeTeWe\OpenCom X32\HNetCtrl.exe [2005-9-9 90112]
Logitech Desktop Messenger.lnk - c:\programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-19 450560]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\KEM.exe [2006-12-16 581632]
OpenComControl.lnk - c:\programme\DeTeWe\OpenCom X32\PABXControl.exe [2005-9-16 53248]
Status Monitor.lnk - c:\programme\Brother\Brmfcmon\BrMfcWnd.exe [2006-12-16 802816]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
.
R2 CAPI20;OpenCom 31lan;c:\windows\system32\drivers\Capi20.sys [15.09.2005 18:00 972568]
R2 DETEWECP;DeTeWe CapiPort;c:\windows\system32\drivers\DETEWECP.SYS [09.09.2005 15:30 37696]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [30.07.2012 21:59 655944]
R2 SmartSurferManager;SmartSurfer Manager;c:\programme\WEB.DE SmartSurfer\SmurfService.exe [02.10.2007 17:55 132560]
R3 dtwmnic5;DeTeWe OpenCom 32;c:\windows\system32\drivers\dtwmnic5.sys [09.09.2005 15:30 198118]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30.07.2012 21:59 22344]
S4 Sysatedechas;Sysatedechas;c:\windows\system32\drivers\UBHelper.sys [17.12.2004 17:14 13952]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.2.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\dokumente und einstellungen\Denny1\Anwendungsdaten\Mozilla\Firefox\Profiles\zh7lpqht.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ICQ - ~c:\programme\ICQ6.5\ICQ.exe
HKCU-Run-320D180E - c:\dokumente und einstellungen\Denny1\Mrryynn\ymykcpfknjy.exe
HKLM-Run-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
HKLM-Run-routcnf - c:\programme\DeTeWe\OpenCom X32\routcnf.exe
AddRemove-ICQToolbar - c:\programme\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-11 19:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-15292347-1679001385-2916872427-1006\Software\SecuROM\License information*]
"datasecu"=hex:87,ca,67,54,6a,bf,15,29,81,22,25,9e,e5,64,97,ee,8d,26,d6,66,48,
   96,c1,f2,af,69,d0,65,58,05,4f,96,3b,cb,00,f0,88,bc,87,d7,0c,40,f3,46,47,a5,\
"rkeysecu"=hex:91,16,3e,8a,88,5c,28,dc,a5,09,51,12,33,0d,78,3c
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3972)
c:\dokume~1\Denny1\LOKALE~1\Temp\IadHide4.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\programme\AntiVir PersonalEdition Classic\sched.exe
c:\programme\AntiVir PersonalEdition Classic\avguard.exe
c:\progra~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\dokume~1\Denny1\LOKALE~1\Temp\RtkBtMnt.exe
c:\programme\Logitech\Video\FxSvr2.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Logitech\SetPoint\KHALMNPR.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-11  19:32:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-11 17:32
.
Vor Suchlauf: 16 Verzeichnis(se), 16.786.785.792 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 16.656.662.016 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 85082870BD5DD70D08FE0FC7DC3EF36A

--- --- ---

Silvio

cosinus · 11.09.2012, 22:56

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Technofreak1 · 12.09.2012, 21:51

Hallo

hier schon mal das Log von Gmer:

[CODE]
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 22:49:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC70P
Running: gmer.exe; Driver: C:\DOKUME~1\Denny1\LOKALE~1\Temp\fgldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

?               Combo-Fix.sys                                                                                    Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                         section is writeable [0xF6E47360, 0x22379D, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                           section is writeable [0xB9603300, 0x22020, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                           section is writeable [0xF7962300, 0x1B7E, 0xE8000020]
?               C:\ComboFix\catchme.sys                                                                          Das System kann den angegebenen Pfad nicht finden. !
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                       Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Mozilla Firefox\firefox.exe[2696] ntdll.dll!LdrLoadDll                              7C92632D 5 Bytes  JMP 01221B30 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\plugin-container.exe[3396] USER32.dll!GetWindowInfo                 7E37C49C 5 Bytes  JMP 1044A4E7 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\plugin-container.exe[3396] USER32.dll!TrackPopupMenu                7E3B531E 5 Bytes  JMP 1044AABD C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                           OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\Cdrom \Device\CdRom0                                                                     OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                         OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4fde349                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cee3c10a                      
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0014a4fde349 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cee3c10a (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

--- --- ---

Silvio

Hier das Log von Osam:

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:59:38 on 12.09.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 10.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"camcpl.cpl" - "Logitech Inc." - C:\WINDOWS\system32\camcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"prefscpl.cpl" - "RealNetworks, Inc." - C:\WINDOWS\system32\prefscpl.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic Konfiguration" - "Avira GmbH" - C:\PROGRA~1\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer EPM Power Scheme Driver" (EpmPsd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-psd.sys
"Acer EPM System Hardware Driver" (EpmShd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-shd.sys
"Acer NetMonitor Protocol" (NETMNT) - ? - C:\WINDOWS\System32\DRIVERS\NETMNT.sys  (File found, but it contains no detailed information)
"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"ASCTRM" (ASCTRM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\ASCTRM.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
"Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"Bluetooth-Modem" (btwmodem) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwmodem.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DeTeWe CapiPort" (DETEWECP) - "DeTeWe Berlin" - C:\WINDOWS\System32\drivers\detewecp.sys
"DeTeWe OpenCom 32" (dtwmnic5) - "DeTeWe Berlin" - C:\WINDOWS\System32\DRIVERS\dtwmnic5.sys
"fgldapob" (fgldapob) - ? - C:\DOKUME~1\Denny1\LOKALE~1\Temp\fgldapob.sys  (Hidden registry entry, rootkit activity | File not found)
"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\DOKUME~1\Denny1\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys
"OpenCom 31lan" (CAPI20) - "DeTeWe Berlin" - C:\WINDOWS\System32\drivers\capi20.sys
"OSA NdisFilter Protocol" (NdisFilt) - "OSA Technologies" - C:\WINDOWS\System32\Drivers\NdisFilt.sys
"OsaFsLoc" (OsaFsLoc) - "OSA Technologies" - C:\WINDOWS\system32\drivers\OsaFsLoc.sys
"osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys
"osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - "C:\Programme\WinPcap\rpcapd.exe" -d -f "C:\Programme\WinPcap\rpcapd.ini"  (File not found)
"Sysatedechas" (Sysatedechas) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "Eigene Logitech-Bilder" - "Logitech Inc." - C:\Programme\Logitech\Video\Namespc2.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\WINDOWS\system32\eDStoolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"Adobe Reader Speed Launch.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"AOL 9.0 Tray-Symbol.lnk" - "America Online, Inc." - C:\Programme\AOL 9.0\aoltray.exe  (Shortcut exists | File exists)
"OpenComControl.lnk" - "DeTeWe" - C:\Programme\DeTeWe\OpenCom X32\PABXControl.exe  (Shortcut exists | File exists)
"CAPIControl.lnk" - "DeTeWe AG & Co." - C:\Programme\DeTeWe\OpenCom X32\Capictrl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HomeNet Control.lnk" - "DeTeWe AG & Co." - C:\Programme\DeTeWe\OpenCom X32\HNetCtrl.exe  (Shortcut exists | File exists)
"Logitech Desktop Messenger.lnk" - "Logitech" - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe  (Shortcut exists | File exists)
"Logitech SetPoint.lnk" - "Logitech Inc." - C:\Programme\Logitech\SetPoint\KEM.exe  (Shortcut exists | File exists)
"Status Monitor.lnk" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LDM" - "Logitech" - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
"LogitechSoftwareUpdate" - "Logitech Inc." - C:\Programme\Logitech\Video\ManifestEngine.exe boot
"updateMgr" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - ? - C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
"ADMTray.exe" - "Avocent Inc." - "C:\Acer\Empowering Technology\admtray.exe"
"AOLDialer" - "America Online, Inc" - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
"avgnt" - "Avira GmbH" - "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
"AzMixerSel" - "Realtek Semiconductor Corp." - C:\Programme\Realtek\InstallShield\AzMixerSel.exe
"ControlCenter2.0" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"ePower_DMC" - "Acer Incorporated" - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
"eRecoveryService" - "acer Inc." - C:\Acer\Empowering Technology\eRecovery\Monitor.exe
"IndexSearch" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
"LaunchApp" - "Acer Inc." - Alaunch
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"LogitechVideoRepair" - "Logitech Inc." - C:\Programme\Logitech\Video\ISStart.exe 
"LogitechVideoTray" - "Logitech Inc." - C:\Programme\Logitech\Video\LogiTray.exe
"LVCOMSX" - "Logitech Inc." - C:\WINDOWS\system32\LVCOMSX.EXE
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MMTray" - "MUSICMATCH, Inc." - C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"ntiMUI" - ? - C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe  (File found, but it contains no detailed information)
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"PaperPort PTD" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
"PCMService" - "CyberLink Corp." - "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"RealTray" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"SetDefPrt" - "Brother Industories, Ltd." - C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
"SSBkgdUpdate" - "Scansoft, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AdminWorks Agent X6" (AWService) - "Avocent Inc." - C:\Acer\Empowering Technology\admServ.exe
"Adobe LM Service" (Adobe LM Service) - ? - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"AntiVir PersonalEdition Classic Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
"AntiVir PersonalEdition Classic Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"AOL Connectivity Service" (AOL ACS) - "America Online, Inc." - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
"ASP.NET-Statusdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"SmartSurfer Manager" (SmartSurferManager) - "United Internet AG" - C:\Programme\WEB.DE SmartSurfer\SmurfService.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Silvio

Und hier das dritte Log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 23:52:06
-----------------------------
23:52:06.640    OS Version: Windows 5.1.2600 Service Pack 3
23:52:06.640    Number of processors: 2 586 0xE08
23:52:06.640    ComputerName: DENNY  UserName: 
23:52:16.906    Initialize success
23:53:33.609    AVAST engine defs: 12091200
23:53:39.328    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:53:39.328    Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC70P Size: 114473MB BusType: 3
23:53:39.359    Disk 0 MBR read successfully
23:53:39.359    Disk 0 MBR scan
23:53:39.437    Disk 0 unknown MBR code
23:53:39.437    Disk 0 Partition 1 00     12  Compaq diag MSWIN4.1     4996 MB offset 63
23:53:39.453    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        54486 MB offset 10233405
23:53:39.484    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        54988 MB offset 121820895
23:53:39.515    Disk 0 scanning sectors +234436545
23:53:39.656    Disk 0 scanning C:\WINDOWS\system32\drivers
23:54:36.437    Service scanning
23:55:31.890    Service Sysatedechas C:\WINDOWS\C:\WINDOWS\system32\drivers\UBHelper.sys **LOCKED** 123
23:55:41.843    Modules scanning
23:56:15.406    Disk 0 trace - called modules:
23:56:15.437    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 
23:56:15.453    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87172590]
23:56:15.468    3 CLASSPNP.SYS[f76b2fd7] -> nt!IofCallDriver -> \Device\000000be[0x870cf030]
23:56:15.468    5 ACPI.sys[f74a8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x870ce940]
23:56:22.984    AVAST engine scan C:\WINDOWS
23:57:05.750    AVAST engine scan C:\WINDOWS\system32
00:06:29.265    AVAST engine scan C:\WINDOWS\system32\drivers
00:07:42.734    AVAST engine scan C:\Dokumente und Einstellungen\Denny1
00:14:02.671    AVAST engine scan C:\Dokumente und Einstellungen\All Users
00:14:42.031    Scan finished successfully
05:31:48.343    Disk 0 MBR has been saved successfully to "F:\MBR.dat"
05:31:48.375    The log file has been saved successfully to "F:\aswMBR.txt"

Silvio

cosinus · 13.09.2012, 15:28

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Technofreak1 · 13.09.2012, 20:22

Hier das Log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-13 21:18:49
-----------------------------
21:18:49.890    OS Version: Windows 5.1.2600 Service Pack 3
21:18:49.890    Number of processors: 2 586 0xE08
21:18:49.890    ComputerName: DENNY  UserName: 
21:19:06.656    Initialize success
21:20:08.312    AVAST engine defs: 12091200
21:20:18.875    Verifying
21:20:28.875    Disk 0 Windows 501 MBR fixed successfully
21:20:48.906    Disk 0 MBR has been saved successfully to "F:\MBR.dat"
21:20:49.250    The log file has been saved successfully to "F:\aswMBR1.txt"

Silvio

cosinus · 14.09.2012, 13:53

Das ist nur das Fixlog, du solltest danach auch einen neuen Scan mit aswMBR machen

10.09.2012, 21:05	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus: Bundespolizei, ukash, verschlüsselte Dateien Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus. __________________ Logfiles bitte immer in CODE-Tags posten

14.09.2012, 13:53	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus: Bundespolizei, ukash, verschlüsselte Dateien Das ist nur das Fixlog, du solltest danach auch einen neuen Scan mit aswMBR machen __________________ Logfiles bitte immer in CODE-Tags posten

Virus: Bundespolizei, ukash, verschlüsselte Dateien

Plagegeister aller Art und deren Bekämpfung: Virus: Bundespolizei, ukash, verschlüsselte Dateien