BKA Trojaner 1.14 Win XP entfernen.

cosinus · 10.10.2012, 14:47

Wenn die Entschlüsselungstools und auch die Schattenkopien nicht helfen, dann halt eben nur noch Backups! Aber wer macht schon Backups

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Diddlhase · 10.10.2012, 18:46

Hier das nächste Log-File:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.10.2012 19:23:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
255,54 Mb Total Physical Memory | 145,45 Mb Available Physical Memory | 56,92% Memory free
746,34 Mb Paging File | 566,95 Mb Available in Paging File | 75,96% Paging File free
Paging file location(s): C:\pagefile.sys 512 512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 22,33 Gb Total Space | 5,59 Gb Free Space | 25,05% Space Free | Partition Type: FAT32
Drive D: | 14,89 Gb Total Space | 9,03 Gb Free Space | 60,63% Space Free | Partition Type: FAT32
 
Computer Name: *****Y | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 19:06:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.02.15 20:10:56 | 000,688,184 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.12.19 17:37:00 | 000,104,528 | ---- | M] (NewSoft Technology Corporation) -- C:\Programme\NewSoft\Smart Start UP\PnPDetect.exe
PRC - [2004.07.14 16:01:12 | 000,397,312 | ---- | M] (T-Systems Nova, Berkom) -- C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
PRC - [2004.07.14 16:00:44 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) -- C:\Programme\T-DSL SpeedManager\TSMSvc.exe
PRC - [2002.01.09 21:53:14 | 000,200,704 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Programme\FinePixViewer\QuickDCF.exe
PRC - [2001.08.17 10:35:08 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.09.16 16:35:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.25 19:34:02 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.07.14 16:00:44 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) [On_Demand | Running] -- C:\Programme\T-DSL SpeedManager\TSMSvc.exe -- (TSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\NETPPPOI.SYS -- (NETPPPOI)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.06.27 14:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007.06.27 14:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.03.11 17:44:26 | 000,009,696 | ---- | M] (T-Systems Nova GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS -- (TNPacket)
DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002.06.24 06:30:58 | 000,045,568 | R--- | M] (D-Link Corporation               ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DLKRTL.SYS -- (DFE528TX)
DRV - [2002.06.21 14:39:28 | 000,469,935 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctxh51.sys -- (ham50)
DRV - [2001.11.08 02:00:00 | 000,488,656 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2001.11.08 02:00:00 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2001.08.17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001.08.17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)
DRV - [2000.10.15 18:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2000.03.29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-583907252-1580436667-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-583907252-1580436667-854245398-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-583907252-1580436667-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.16 16:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.16 16:33:14 | 000,000,000 | ---D | M]
 
[2008.09.19 18:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions
[2007.05.06 16:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions
[2012.09.02 09:11:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@babylon.com
[2012.09.02 09:15:26 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@funmoods.com
[2012.09.02 08:58:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com
[2012.09.19 16:27:24 | 000,000,935 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\EyLAoqnjoynjEynjEynj
[2012.09.19 16:27:24 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\JOQrvOQNJguNvg
[2012.09.19 16:27:24 | 000,002,347 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\xdsfxdtfxUsfxUtVGdtV
[2012.09.16 16:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.16 16:35:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npstrlnk.dll
[2012.05.26 09:18:58 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012.05.26 09:18:58 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.26 09:18:58 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.26 09:18:58 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.26 09:18:58 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 19:34:14 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2012.10.03 13:58:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Smart Start UP] C:\Programme\NewSoft\Smart Start UP\PnPDetect.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [T-DSL SpeedMgr] C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom)
O4 - HKU\S-1-5-21-583907252-1580436667-854245398-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O15 - HKU\S-1-5-21-583907252-1580436667-854245398-1003\..Trusted Domains: ebay.de ([www] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2E98543-868A-4B22-8287-055B3BD13882}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Album Schnellstart.lnk - C:\Programme\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE - (Ulead Systems, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Programme\Napster\napster.exe (Napster)
MsConfig - StartUpReg: NeroCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: T-DSL SpeedMgr - hkey= - key= - C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
 
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22C65B08-6BB9-480B-ABC3-72C11774AA9B}S11782 - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 19:11:50 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.10.04 17:47:24 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.10.04 17:27:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes
[2012.10.04 17:26:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.10.04 17:26:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.04 17:26:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.04 17:26:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.03 16:42:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\PictureConverter
[2012.10.03 16:25:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles
[2012.10.03 14:53:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
[2012.10.03 14:51:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
[2012.10.03 13:58:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.27 22:18:55 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\avg_avct_stb_all_2013_2667_cm10.exe
[2012.09.27 21:21:58 | 153,633,520 | ---- | C] (Symantec Corporation) -- C:\NIS_20.1.0.24_SYMTB_TMD_MRFTT_394_7618.exe
[2012.09.16 16:33:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 18:33:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.10 17:54:54 | 268,017,664 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 17:54:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.09 19:51:50 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.05 21:14:24 | 000,022,016 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.04 17:49:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.10.04 17:27:02 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.03 16:25:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.09.27 22:19:00 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\avg_avct_stb_all_2013_2667_cm10.exe
[2012.09.27 07:57:06 | 153,633,520 | ---- | M] (Symantec Corporation) -- C:\NIS_20.1.0.24_SYMTB_TMD_MRFTT_394_7618.exe
[2012.09.17 16:09:24 | 000,004,513 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2012.09.17 16:09:20 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2012.09.16 16:26:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.04 17:27:00 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.03 16:25:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2012.09.02 10:53:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2006.10.07 20:14:31 | 000,113,043 | ---- | C] () -- C:\Programme\flt_tools.rar
[2005.11.30 19:09:54 | 000,022,016 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.21 16:27:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2012.06.28 23:32:24 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2005.05.26 14:48:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007.05.24 17:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2007.07.16 21:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Newsoft
[2009.07.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2011.12.28 19:56:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2005.05.26 14:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-Online
[2005.05.27 12:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Teledat
[2005.10.03 11:22:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FUJIFILM
[2007.05.24 17:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-DSL SpeedManager
[2009.07.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sony
[2010.03.28 17:42:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\TeamViewer
[2010.04.26 18:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SpeedProject
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2003.02.16 13:14:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft
[2003.02.16 13:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Identities
[2003.02.16 17:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft Web Folders
[2003.02.16 17:43:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Adobe
[2003.02.23 10:18:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Help
[2005.05.26 14:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-Online
[2005.05.27 12:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Teledat
[2005.05.29 14:00:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Macromedia
[2005.10.03 11:22:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FUJIFILM
[2007.05.06 16:43:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla
[2007.05.11 21:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun
[2007.05.24 17:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-DSL SpeedManager
[2009.07.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sony
[2009.07.21 16:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\DivX
[2009.12.10 19:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\vlc
[2010.03.28 17:42:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\TeamViewer
[2010.04.26 18:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SpeedProject
[2010.08.25 20:48:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\AVS4YOU
[2011.11.06 10:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\dvdcss
[2011.12.28 19:55:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\InstallShield
[2011.12.28 20:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Roxio
[2012.09.02 08:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ArcSoft
[2012.09.03 21:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sony Corporation
[2012.10.04 17:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
[2012.09.27 07:57:06 | 153,633,520 | ---- | M] (Symantec Corporation) -- C:\NIS_20.1.0.24_SYMTB_TMD_MRFTT_394_7618.exe
[2012.09.27 22:19:00 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\avg_avct_stb_all_2013_2667_cm10.exe
[2004.05.02 15:18:36 | 000,340,776 | ---- | M] (Microsoft Corporation) -- C:\Windows-KB841720-ENU.exe
[2004.05.02 15:14:40 | 002,715,928 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB835732-x86-DEU.EXE
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2003.02.16 13:13:02 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2003.02.16 13:13:02 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003.02.16 13:13:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

--- --- ---

cosinus · 11.10.2012, 11:37

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Diddlhase · 11.10.2012, 16:04

Hier der Inhalt der ADW-Cleaner-Datei:

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 11/10/2012 um 17:01:11 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : ***** - *****Y
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [10865 octets] - [05/10/2012 19:50:52]
AdwCleaner[S1].txt - [11119 octets] - [08/10/2012 19:36:42]
AdwCleaner[R2].txt - [721 octets] - [11/10/2012 17:01:11]

########## EOF - C:\AdwCleaner[R2].txt - [780 octets] ##########

cosinus · 11.10.2012, 16:17

Bitte auch die älteren Logs vom adwCleaner posten

Diddlhase · 12.10.2012, 11:49

Die einzigen beiden Logs vom Adw-Cleaner befinden sich schon auf dieser Seite ganz oben. Mehr habe ich hierzu nicht.

cosinus · 12.10.2012, 14:33

Ach die sind das gewesen? ok

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Diddlhase · 13.10.2012, 11:00

Anbei das OTL-File:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 13.10.2012 11:41:59 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
255,54 Mb Total Physical Memory | 160,38 Mb Available Physical Memory | 62,76% Memory free
746,34 Mb Paging File | 571,67 Mb Available in Paging File | 76,60% Paging File free
Paging file location(s): C:\pagefile.sys 512 512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 22,33 Gb Total Space | 5,38 Gb Free Space | 24,10% Space Free | Partition Type: FAT32
Drive D: | 14,89 Gb Total Space | 9,03 Gb Free Space | 60,63% Space Free | Partition Type: FAT32
 
Computer Name: *****Y | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 19:06:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.02.15 20:10:56 | 000,688,184 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.12.19 17:37:00 | 000,104,528 | ---- | M] (NewSoft Technology Corporation) -- C:\Programme\NewSoft\Smart Start UP\PnPDetect.exe
PRC - [2004.07.14 16:01:12 | 000,397,312 | ---- | M] (T-Systems Nova, Berkom) -- C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
PRC - [2004.07.14 16:00:44 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) -- C:\Programme\T-DSL SpeedManager\TSMSvc.exe
PRC - [2002.01.09 21:53:14 | 000,200,704 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Programme\FinePixViewer\QuickDCF.exe
PRC - [2001.08.17 10:35:08 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005.10.19 11:56:28 | 000,125,952 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.09.16 16:35:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.07.14 16:00:44 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) [On_Demand | Running] -- C:\Programme\T-DSL SpeedManager\TSMSvc.exe -- (TSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\NETPPPOI.SYS -- (NETPPPOI)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.06.27 14:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007.06.27 14:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.03.11 17:44:26 | 000,009,696 | ---- | M] (T-Systems Nova GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS -- (TNPacket)
DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002.06.24 06:30:58 | 000,045,568 | R--- | M] (D-Link Corporation               ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DLKRTL.SYS -- (DFE528TX)
DRV - [2002.06.21 14:39:28 | 000,469,935 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctxh51.sys -- (ham50)
DRV - [2001.11.08 02:00:00 | 000,488,656 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2001.11.08 02:00:00 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2001.08.17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001.08.17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)
DRV - [2000.10.15 18:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2000.03.29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-583907252-1580436667-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-583907252-1580436667-854245398-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-583907252-1580436667-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.16 16:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.16 16:33:14 | 000,000,000 | ---D | M]
 
[2008.09.19 18:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions
[2007.05.06 16:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions
[2012.09.02 09:11:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@babylon.com
[2012.09.02 09:15:26 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@funmoods.com
[2012.09.02 08:58:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com
[2012.09.19 16:27:24 | 000,000,935 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\EyLAoqnjoynjEynjEynj
[2012.09.19 16:27:24 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\JOQrvOQNJguNvg
[2012.09.19 16:27:24 | 000,002,347 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\xdsfxdtfxUsfxUtVGdtV
[2012.09.16 16:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.16 16:35:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npstrlnk.dll
[2012.05.26 09:18:58 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012.05.26 09:18:58 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.26 09:18:58 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.26 09:18:58 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.26 09:18:58 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 19:34:14 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2012.10.03 13:58:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Smart Start UP] C:\Programme\NewSoft\Smart Start UP\PnPDetect.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [T-DSL SpeedMgr] C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O15 - HKU\S-1-5-21-583907252-1580436667-854245398-1003\..Trusted Domains: ebay.de ([www] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2E98543-868A-4B22-8287-055B3BD13882}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Album Schnellstart.lnk - C:\Programme\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE - (Ulead Systems, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Programme\Napster\napster.exe (Napster)
MsConfig - StartUpReg: NeroCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: T-DSL SpeedMgr - hkey= - key= - C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
 
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22C65B08-6BB9-480B-ABC3-72C11774AA9B}S11782 - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 19:11:50 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.10.04 17:47:24 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.10.04 17:27:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes
[2012.10.04 17:26:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.10.04 17:26:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.04 17:26:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.04 17:26:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.03 16:42:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\PictureConverter
[2012.10.03 16:25:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles
[2012.10.03 14:53:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
[2012.10.03 14:51:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
[2012.10.03 13:58:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.27 22:18:55 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\avg_avct_stb_all_2013_2667_cm10.exe
[2012.09.27 21:21:58 | 153,633,520 | ---- | C] (Symantec Corporation) -- C:\NIS_20.1.0.24_SYMTB_TMD_MRFTT_394_7618.exe
[2012.09.16 16:33:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.13 11:31:02 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.13 11:31:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.13 11:30:58 | 268,017,664 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.11 16:57:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.10.05 21:14:24 | 000,022,016 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.04 17:49:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.10.04 17:27:02 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.03 16:25:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.09.27 22:19:00 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\avg_avct_stb_all_2013_2667_cm10.exe
[2012.09.27 07:57:06 | 153,633,520 | ---- | M] (Symantec Corporation) -- C:\NIS_20.1.0.24_SYMTB_TMD_MRFTT_394_7618.exe
[2012.09.17 16:09:24 | 000,004,513 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2012.09.17 16:09:20 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.04 17:27:00 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.03 16:25:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2012.09.02 10:53:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2006.10.07 20:14:31 | 000,113,043 | ---- | C] () -- C:\Programme\flt_tools.rar
[2005.11.30 19:09:54 | 000,022,016 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.21 16:27:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2012.06.28 23:32:24 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2005.05.26 14:48:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007.05.24 17:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2007.07.16 21:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Newsoft
[2009.07.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2011.12.28 19:56:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2005.05.26 14:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-Online
[2005.05.27 12:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Teledat
[2005.10.03 11:22:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FUJIFILM
[2007.05.24 17:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-DSL SpeedManager
[2009.07.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sony
[2010.03.28 17:42:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\TeamViewer
[2010.04.26 18:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SpeedProject
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2003.02.16 13:14:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft
[2003.02.16 13:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Identities
[2003.02.16 17:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft Web Folders
[2003.02.16 17:43:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Adobe
[2003.02.23 10:18:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Help
[2005.05.26 14:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-Online
[2005.05.27 12:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Teledat
[2005.05.29 14:00:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Macromedia
[2005.10.03 11:22:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FUJIFILM
[2007.05.06 16:43:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla
[2007.05.11 21:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun
[2007.05.24 17:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-DSL SpeedManager
[2009.07.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sony
[2009.07.21 16:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\DivX
[2009.12.10 19:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\vlc
[2010.03.28 17:42:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\TeamViewer
[2010.04.26 18:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SpeedProject
[2010.08.25 20:48:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\AVS4YOU
[2011.11.06 10:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\dvdcss
[2011.12.28 19:55:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\InstallShield
[2011.12.28 20:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Roxio
[2012.09.02 08:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ArcSoft
[2012.09.03 21:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sony Corporation
[2012.10.04 17:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
[2012.09.27 07:57:06 | 153,633,520 | ---- | M] (Symantec Corporation) -- C:\NIS_20.1.0.24_SYMTB_TMD_MRFTT_394_7618.exe
[2012.09.27 22:19:00 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\avg_avct_stb_all_2013_2667_cm10.exe
[2004.05.02 15:18:36 | 000,340,776 | ---- | M] (Microsoft Corporation) -- C:\Windows-KB841720-ENU.exe
[2004.05.02 15:14:40 | 002,715,928 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB835732-x86-DEU.EXE
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2003.02.16 13:13:02 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2003.02.16 13:13:02 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003.02.16 13:13:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

--- --- ---

cosinus · 13.10.2012, 16:43

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
[2012.09.02 09:11:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@babylon.com
[2012.09.02 09:15:26 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@funmoods.com
[2012.09.02 08:58:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com
[2012.09.19 16:27:24 | 000,000,935 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\EyLAoqnjoynjEynjEynj
[2012.09.19 16:27:24 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\JOQrvOQNJguNvg
[2012.09.19 16:27:24 | 000,002,347 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\xdsfxdtfxUsfxUtVGdtV
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\T-Online\EMAIL4\XlaeXDTsplaeXl
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Diddlhase · 16.10.2012, 18:36

Logfile OTL-Fix

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@funmoods.com\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@funmoods.com\content\images folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\ffxtlbr@funmoods.com folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\EyLAoqnjoynjEynjEynj moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\JOQrvOQNJguNvg moved successfully.
File C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\ekfk864n.default\searchplugins\xdsfxdtfxUsfxUtVGdtV not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\T-Online\EMAIL4\XlaeXDTsplaeXl moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 918937 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: *****
->Temp folder emptied: 321356792 bytes
->Temporary Internet Files folder emptied: 355689 bytes
->Java cache emptied: 35388 bytes
->FireFox cache emptied: 334892075 bytes
->Flash cache emptied: 31614 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138908 bytes
%systemroot%\System32 .tmp files removed: 7176071 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80140466 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 712,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10162012_192532

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 17.10.2012, 13:21

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Diddlhase · 19.10.2012, 19:07

Hier das Log vom TDSS-Killer

Code:

ATTFilter

19:56:27.0381 3484  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:56:28.0002 3484  ============================================================
19:56:28.0002 3484  Current date / time: 2012/10/19 19:56:28.0002
19:56:28.0002 3484  SystemInfo:
19:56:28.0002 3484  
19:56:28.0002 3484  OS Version: 5.1.2600 ServicePack: 3.0
19:56:28.0002 3484  Product type: Workstation
19:56:28.0002 3484  ComputerName: *****Y
19:56:28.0012 3484  UserName: *****
19:56:28.0012 3484  Windows directory: C:\WINDOWS
19:56:28.0012 3484  System windows directory: C:\WINDOWS
19:56:28.0012 3484  Processor architecture: Intel x86
19:56:28.0012 3484  Number of processors: 1
19:56:28.0012 3484  Page size: 0x1000
19:56:28.0012 3484  Boot type: Normal boot
19:56:28.0012 3484  ============================================================
19:56:30.0616 3484  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:56:30.0706 3484  ============================================================
19:56:30.0706 3484  \Device\Harddisk0\DR0:
19:56:30.0706 3484  MBR partitions:
19:56:30.0706 3484  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2CB0CE6
19:56:30.0746 3484  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x2CB0D64, BlocksNum 0x1DD06DB
19:56:30.0746 3484  ============================================================
19:56:30.0766 3484  C: <-> \Device\Harddisk0\DR0\Partition1
19:56:30.0796 3484  D: <-> \Device\Harddisk0\DR0\Partition2
19:56:30.0957 3484  ============================================================
19:56:30.0957 3484  Initialize success
19:56:30.0957 3484  ============================================================
19:56:50.0705 3528  ============================================================
19:56:50.0705 3528  Scan started
19:56:50.0705 3528  Mode: Manual; 
19:56:50.0705 3528  ============================================================
19:56:51.0266 3528  ================ Scan system memory ========================
19:56:51.0276 3528  System memory - ok
19:56:51.0306 3528  ================ Scan services =============================
19:56:51.0506 3528  Abiosdsk - ok
19:56:51.0566 3528  abp480n5 - ok
19:56:51.0787 3528  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
19:56:51.0797 3528  ACDaemon - ok
19:56:51.0897 3528  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:56:51.0917 3528  ACPI - ok
19:56:51.0977 3528  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:56:51.0977 3528  ACPIEC - ok
19:56:52.0027 3528  adpu160m - ok
19:56:52.0107 3528  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:56:52.0117 3528  aec - ok
19:56:52.0217 3528  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
19:56:52.0227 3528  Afc - ok
19:56:52.0337 3528  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:56:52.0367 3528  AFD - ok
19:56:52.0417 3528  Aha154x - ok
19:56:52.0457 3528  aic78u2 - ok
19:56:52.0518 3528  aic78xx - ok
19:56:52.0628 3528  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:56:52.0628 3528  Alerter - ok
19:56:52.0698 3528  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
19:56:52.0698 3528  ALG - ok
19:56:52.0758 3528  AliIde - ok
19:56:52.0818 3528  amsint - ok
19:56:52.0928 3528  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:56:52.0968 3528  AppMgmt - ok
19:56:53.0018 3528  asc - ok
19:56:53.0078 3528  asc3350p - ok
19:56:53.0138 3528  asc3550 - ok
19:56:53.0279 3528  [ 20D04091EBA710F6988F710507D85868 ] Aspi32          C:\WINDOWS\system32\drivers\Aspi32.sys
19:56:53.0279 3528  Aspi32 - ok
19:56:53.0469 3528  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:56:53.0469 3528  aspnet_state - ok
19:56:53.0549 3528  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:56:53.0549 3528  AsyncMac - ok
19:56:53.0599 3528  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:56:53.0599 3528  atapi - ok
19:56:53.0669 3528  Atdisk - ok
19:56:53.0739 3528  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:56:53.0739 3528  Atmarpc - ok
19:56:53.0809 3528  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:56:53.0819 3528  AudioSrv - ok
19:56:53.0890 3528  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:56:53.0890 3528  audstub - ok
19:56:53.0940 3528  [ EB0EF89CCD0191AEC96CD6093FB9770F ] AVMWAN          C:\WINDOWS\system32\DRIVERS\avmwan.sys
19:56:53.0940 3528  AVMWAN - ok
19:56:54.0000 3528  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:56:54.0000 3528  Beep - ok
19:56:54.0140 3528  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:56:54.0180 3528  BITS - ok
19:56:54.0300 3528  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
19:56:54.0310 3528  Browser - ok
19:56:54.0400 3528  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:56:54.0400 3528  cbidf2k - ok
19:56:54.0430 3528  cd20xrnt - ok
19:56:54.0510 3528  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:56:54.0510 3528  Cdaudio - ok
19:56:54.0591 3528  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:56:54.0591 3528  Cdfs - ok
19:56:54.0641 3528  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:56:54.0651 3528  Cdrom - ok
19:56:54.0691 3528  Changer - ok
19:56:54.0781 3528  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc           C:\WINDOWS\System32\cisvc.exe
19:56:54.0781 3528  cisvc - ok
19:56:54.0821 3528  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:56:54.0831 3528  ClipSrv - ok
19:56:54.0951 3528  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:56:54.0971 3528  clr_optimization_v2.0.50727_32 - ok
19:56:55.0021 3528  CmdIde - ok
19:56:55.0171 3528  COMSysApp - ok
19:56:55.0262 3528  Cpqarray - ok
19:56:55.0382 3528  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:56:55.0402 3528  CryptSvc - ok
19:56:55.0432 3528  dac2w2k - ok
19:56:55.0492 3528  dac960nt - ok
19:56:55.0672 3528  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:56:55.0722 3528  DcomLaunch - ok
19:56:55.0782 3528  [ 5E575AB625ED64C1B20517713201B3EE ] DFE528TX        C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
19:56:55.0782 3528  DFE528TX - ok
19:56:55.0872 3528  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:56:55.0882 3528  Dhcp - ok
19:56:55.0973 3528  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:56:55.0973 3528  Disk - ok
19:56:56.0063 3528  dmadmin - ok
19:56:56.0253 3528  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:56:56.0303 3528  dmboot - ok
19:56:56.0383 3528  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:56:56.0393 3528  dmio - ok
19:56:56.0483 3528  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:56:56.0483 3528  dmload - ok
19:56:56.0583 3528  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:56:56.0583 3528  dmserver - ok
19:56:56.0654 3528  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:56:56.0654 3528  DMusic - ok
19:56:56.0734 3528  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:56:56.0744 3528  Dnscache - ok
19:56:56.0894 3528  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:56:56.0904 3528  Dot3svc - ok
19:56:56.0944 3528  dpti2o - ok
19:56:57.0014 3528  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:56:57.0014 3528  drmkaud - ok
19:56:57.0124 3528  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:56:57.0134 3528  EapHost - ok
19:56:57.0224 3528  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:56:57.0234 3528  ERSvc - ok
19:56:57.0335 3528  [ A55DD7D8CED5D2624A9EE2DDA7BE0319 ] es1371          C:\WINDOWS\system32\drivers\es1371mp.sys
19:56:57.0335 3528  es1371 - ok
19:56:57.0445 3528  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
19:56:57.0455 3528  Eventlog - ok
19:56:57.0585 3528  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\System32\es.dll
19:56:57.0605 3528  EventSystem - ok
19:56:57.0685 3528  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:56:57.0685 3528  Fastfat - ok
19:56:57.0795 3528  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:56:57.0805 3528  FastUserSwitchingCompatibility - ok
19:56:57.0895 3528  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:56:57.0895 3528  Fdc - ok
19:56:57.0945 3528  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:56:57.0955 3528  Fips - ok
19:56:57.0995 3528  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:56:58.0005 3528  Flpydisk - ok
19:56:58.0106 3528  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:56:58.0146 3528  FltMgr - ok
19:56:58.0356 3528  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:56:58.0356 3528  FontCache3.0.0.0 - ok
19:56:58.0426 3528  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:56:58.0426 3528  Fs_Rec - ok
19:56:58.0526 3528  [ A36E8BEEDB3AACA09BF55A1D17904BC8 ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
19:56:58.0536 3528  FTDIBUS - ok
19:56:58.0666 3528  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:56:58.0676 3528  Ftdisk - ok
19:56:58.0757 3528  [ A14A1F4BB391DF9C233CB5DBD05FEB70 ] FTSER2K         C:\WINDOWS\system32\drivers\ftser2k.sys
19:56:58.0757 3528  FTSER2K - ok
19:56:58.0887 3528  [ 5A92558DE1A7948AC821AD83A73275CF ] fxusbase        C:\WINDOWS\system32\DRIVERS\fxusbase.sys
19:56:58.0937 3528  fxusbase - ok
19:56:58.0977 3528  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:56:58.0977 3528  gameenum - ok
19:56:59.0057 3528  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:56:59.0057 3528  Gpc - ok
19:56:59.0197 3528  [ 575976CD9F6A60BE788F8AEBAEF44AE5 ] ham50           C:\WINDOWS\system32\DRIVERS\ctxh51.sys
19:56:59.0227 3528  ham50 - ok
19:56:59.0367 3528  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:56:59.0367 3528  helpsvc - ok
19:56:59.0538 3528  HidServ - ok
19:56:59.0648 3528  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:56:59.0648 3528  HidUsb - ok
19:56:59.0808 3528  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:56:59.0808 3528  hkmsvc - ok
19:56:59.0848 3528  hpn - ok
19:56:59.0908 3528  hpt3xx - ok
19:57:00.0088 3528  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:57:00.0108 3528  HTTP - ok
19:57:00.0199 3528  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:57:00.0209 3528  HTTPFilter - ok
19:57:00.0259 3528  i2omgmt - ok
19:57:00.0299 3528  i2omp - ok
19:57:00.0389 3528  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:57:00.0389 3528  i8042prt - ok
19:57:00.0499 3528  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:57:00.0569 3528  IDriverT - ok
19:57:00.0900 3528  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:57:00.0960 3528  idsvc - ok
19:57:01.0010 3528  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\drivers\Imapi.sys
19:57:01.0020 3528  Imapi - ok
19:57:01.0180 3528  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\System32\imapi.exe
19:57:01.0200 3528  ImapiService - ok
19:57:01.0260 3528  ini910u - ok
19:57:01.0350 3528  IntelIde - ok
19:57:01.0400 3528  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:57:01.0400 3528  ip6fw - ok
19:57:01.0470 3528  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:57:01.0480 3528  IpFilterDriver - ok
19:57:01.0541 3528  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:57:01.0541 3528  IpInIp - ok
19:57:01.0651 3528  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:57:01.0651 3528  IpNat - ok
19:57:01.0701 3528  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:57:01.0721 3528  IPSec - ok
19:57:01.0761 3528  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:57:01.0761 3528  IRENUM - ok
19:57:01.0891 3528  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:57:01.0891 3528  isapnp - ok
19:57:02.0041 3528  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:57:02.0051 3528  Kbdclass - ok
19:57:02.0131 3528  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:57:02.0151 3528  kmixer - ok
19:57:02.0282 3528  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:57:02.0292 3528  KSecDD - ok
19:57:02.0412 3528  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:57:02.0412 3528  lanmanserver - ok
19:57:02.0572 3528  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:57:02.0582 3528  lanmanworkstation - ok
19:57:02.0612 3528  lbrtfdc - ok
19:57:02.0752 3528  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:57:02.0762 3528  LmHosts - ok
19:57:02.0842 3528  [ A2AE666CEE860BABE7FA6F1662B71737 ] MASPINT         C:\WINDOWS\system32\drivers\MASPINT.sys
19:57:02.0842 3528  MASPINT - ok
19:57:02.0943 3528  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
19:57:02.0943 3528  MBAMProtector - ok
19:57:03.0163 3528  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:57:03.0203 3528  MBAMScheduler - ok
19:57:03.0333 3528  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:57:03.0383 3528  MBAMService - ok
19:57:03.0503 3528  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:57:03.0523 3528  Messenger - ok
19:57:03.0583 3528  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:57:03.0583 3528  mnmdd - ok
19:57:03.0734 3528  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
19:57:03.0744 3528  mnmsrvc - ok
19:57:03.0814 3528  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:57:03.0824 3528  Modem - ok
19:57:03.0924 3528  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:57:03.0924 3528  Mouclass - ok
19:57:04.0034 3528  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:57:04.0044 3528  mouhid - ok
19:57:04.0134 3528  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:57:04.0134 3528  MountMgr - ok
19:57:04.0605 3528  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:57:04.0725 3528  MozillaMaintenance - ok
19:57:04.0785 3528  mraid35x - ok
19:57:05.0236 3528  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:57:05.0296 3528  MRxDAV - ok
19:57:05.0907 3528  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:57:06.0107 3528  MRxSmb - ok
19:57:06.0257 3528  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
19:57:06.0267 3528  MSDTC - ok
19:57:06.0438 3528  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:57:06.0468 3528  Msfs - ok
19:57:06.0588 3528  MSIServer - ok
19:57:06.0718 3528  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:57:06.0718 3528  MSKSSRV - ok
19:57:06.0838 3528  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:57:06.0848 3528  MSPCLOCK - ok
19:57:06.0918 3528  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:57:06.0918 3528  MSPQM - ok
19:57:07.0068 3528  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:57:07.0068 3528  mssmbios - ok
19:57:07.0209 3528  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:57:07.0219 3528  Mup - ok
19:57:07.0860 3528  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:57:07.0980 3528  napagent - ok
19:57:08.0280 3528  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:57:08.0300 3528  NDIS - ok
19:57:08.0380 3528  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:57:08.0390 3528  NdisTapi - ok
19:57:08.0460 3528  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:57:08.0471 3528  Ndisuio - ok
19:57:08.0561 3528  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:57:08.0561 3528  NdisWan - ok
19:57:08.0731 3528  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:57:08.0731 3528  NDProxy - ok
19:57:08.0921 3528  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:57:08.0951 3528  NetBIOS - ok
19:57:09.0121 3528  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:57:09.0141 3528  NetBT - ok
19:57:09.0422 3528  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:57:09.0442 3528  NetDDE - ok
19:57:09.0502 3528  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:57:09.0512 3528  NetDDEdsdm - ok
19:57:09.0642 3528  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\System32\lsass.exe
19:57:09.0642 3528  Netlogon - ok
19:57:11.0765 3528  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
19:57:11.0925 3528  Netman - ok
19:57:11.0956 3528  NETPPPOI - ok
19:57:12.0606 3528  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:57:12.0677 3528  NetTcpPortSharing - ok
19:57:12.0947 3528  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:57:12.0977 3528  Nla - ok
19:57:13.0097 3528  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:57:13.0097 3528  Npfs - ok
19:57:13.0578 3528  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:57:13.0628 3528  Ntfs - ok
19:57:13.0738 3528  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
19:57:13.0758 3528  NtLmSsp - ok
19:57:14.0149 3528  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:57:14.0259 3528  NtmsSvc - ok
19:57:14.0359 3528  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:57:14.0359 3528  Null - ok
19:57:18.0034 3528  [ F7EE020DC255B40A83899C53D4147746 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:57:18.0916 3528  nv - ok
19:57:20.0277 3528  [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4             C:\WINDOWS\system32\DRIVERS\nv4.sys
19:57:20.0468 3528  nv4 - ok
19:57:20.0718 3528  [ F5CA5A3E07FE3FEFA48B620A25BE5863 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
19:57:20.0728 3528  NVSvc - ok
19:57:20.0818 3528  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:57:20.0818 3528  NwlnkFlt - ok
19:57:20.0858 3528  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:57:20.0858 3528  NwlnkFwd - ok
19:57:20.0958 3528  [ A7AF0C0860F1C43FC6581BA8A99EABEF ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
19:57:20.0968 3528  P3 - ok
19:57:21.0059 3528  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:57:21.0059 3528  Parport - ok
19:57:21.0099 3528  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:57:21.0109 3528  PartMgr - ok
19:57:21.0149 3528  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:57:21.0149 3528  ParVdm - ok
19:57:21.0279 3528  [ D0084A9ADE989FE703E4F22171F4E4DC ] PCANDIS5        C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS
19:57:21.0279 3528  PCANDIS5 - ok
19:57:21.0339 3528  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:57:21.0339 3528  PCI - ok
19:57:21.0409 3528  PCIDump - ok
19:57:21.0469 3528  PCIIde - ok
19:57:21.0569 3528  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:57:21.0599 3528  Pcmcia - ok
19:57:21.0629 3528  PDCOMP - ok
19:57:21.0690 3528  PDFRAME - ok
19:57:21.0750 3528  PDRELI - ok
19:57:21.0820 3528  PDRFRAME - ok
19:57:21.0850 3528  perc2 - ok
19:57:21.0910 3528  perc2hib - ok
19:57:22.0200 3528  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
19:57:22.0210 3528  PlugPlay - ok
19:57:22.0451 3528  [ B597C2C966B447E011B4AE1B4D053677 ] PMBDeviceInfoProvider C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
19:57:22.0491 3528  PMBDeviceInfoProvider - ok
19:57:22.0661 3528  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
19:57:22.0671 3528  PolicyAgent - ok
19:57:22.0761 3528  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:57:22.0761 3528  PptpMiniport - ok
19:57:22.0831 3528  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:57:22.0851 3528  ProtectedStorage - ok
19:57:22.0921 3528  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:57:22.0921 3528  PSched - ok
19:57:22.0991 3528  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:57:22.0991 3528  Ptilink - ok
19:57:23.0041 3528  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:57:23.0072 3528  PxHelp20 - ok
19:57:23.0102 3528  ql1080 - ok
19:57:23.0162 3528  Ql10wnt - ok
19:57:23.0222 3528  ql12160 - ok
19:57:23.0282 3528  ql1240 - ok
19:57:23.0342 3528  ql1280 - ok
19:57:23.0402 3528  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:57:23.0412 3528  RasAcd - ok
19:57:23.0552 3528  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:57:23.0562 3528  RasAuto - ok
19:57:23.0622 3528  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:57:23.0622 3528  Rasl2tp - ok
19:57:23.0752 3528  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:57:23.0773 3528  RasMan - ok
19:57:23.0813 3528  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:57:23.0823 3528  RasPppoe - ok
19:57:23.0883 3528  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:57:23.0883 3528  Raspti - ok
19:57:23.0983 3528  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:57:24.0003 3528  Rdbss - ok
19:57:24.0083 3528  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:57:24.0083 3528  RDPCDD - ok
19:57:24.0203 3528  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:57:24.0223 3528  rdpdr - ok
19:57:24.0323 3528  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:57:24.0333 3528  RDPWD - ok
19:57:24.0443 3528  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:57:24.0453 3528  RDSessMgr - ok
19:57:24.0514 3528  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:57:24.0524 3528  redbook - ok
19:57:24.0664 3528  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:57:24.0694 3528  RemoteAccess - ok
19:57:24.0794 3528  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:57:24.0804 3528  RemoteRegistry - ok
19:57:24.0884 3528  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
19:57:24.0884 3528  ROOTMODEM - ok
19:57:24.0974 3528  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\System32\locator.exe
19:57:24.0974 3528  RpcLocator - ok
19:57:25.0155 3528  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:57:25.0195 3528  RpcSs - ok
19:57:25.0285 3528  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\System32\rsvp.exe
19:57:25.0295 3528  RSVP - ok
19:57:25.0395 3528  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:57:25.0395 3528  rtl8139 - ok
19:57:25.0475 3528  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:57:25.0485 3528  SamSs - ok
19:57:25.0745 3528  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:57:25.0745 3528  SCardSvr - ok
19:57:25.0896 3528  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:57:25.0916 3528  Schedule - ok
19:57:26.0016 3528  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:57:26.0016 3528  Secdrv - ok
19:57:26.0156 3528  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:57:26.0166 3528  seclogon - ok
19:57:26.0266 3528  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
19:57:26.0276 3528  SENS - ok
19:57:26.0316 3528  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:57:26.0316 3528  serenum - ok
19:57:26.0396 3528  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:57:26.0396 3528  Serial - ok
19:57:26.0536 3528  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:57:26.0536 3528  Sfloppy - ok
19:57:26.0687 3528  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:57:26.0717 3528  SharedAccess - ok
19:57:26.0847 3528  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:57:26.0857 3528  ShellHWDetection - ok
19:57:26.0917 3528  Simbad - ok
19:57:26.0977 3528  Sparrow - ok
19:57:27.0057 3528  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:57:27.0067 3528  splitter - ok
19:57:27.0177 3528  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:57:27.0177 3528  Spooler - ok
19:57:27.0258 3528  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:57:27.0258 3528  sr - ok
19:57:27.0398 3528  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\System32\srsvc.dll
19:57:27.0428 3528  srservice - ok
19:57:27.0558 3528  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:57:27.0648 3528  Srv - ok
19:57:27.0758 3528  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:57:27.0768 3528  SSDPSRV - ok
19:57:27.0888 3528  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:57:27.0918 3528  stisvc - ok
19:57:27.0989 3528  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:57:27.0989 3528  swenum - ok
19:57:28.0059 3528  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:57:28.0069 3528  swmidi - ok
19:57:28.0149 3528  SwPrv - ok
19:57:28.0209 3528  symc810 - ok
19:57:28.0269 3528  symc8xx - ok
19:57:28.0329 3528  sym_hi - ok
19:57:28.0379 3528  sym_u3 - ok
19:57:28.0449 3528  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:57:28.0459 3528  sysaudio - ok
19:57:28.0569 3528  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:57:28.0599 3528  SysmonLog - ok
19:57:28.0710 3528  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:57:28.0730 3528  TapiSrv - ok
19:57:28.0840 3528  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:57:28.0870 3528  Tcpip - ok
19:57:28.0960 3528  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:57:28.0960 3528  TDPIPE - ok
19:57:29.0000 3528  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:57:29.0000 3528  TDTCP - ok
19:57:29.0050 3528  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:57:29.0050 3528  TermDD - ok
19:57:29.0190 3528  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:57:29.0220 3528  TermService - ok
19:57:29.0320 3528  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:57:29.0331 3528  Themes - ok
19:57:29.0441 3528  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
19:57:29.0451 3528  TlntSvr - ok
19:57:29.0611 3528  [ 52AB2F2B0D2FD7CC2FDB489C449FEB8E ] TNPacket        C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
19:57:29.0611 3528  TNPacket - ok
19:57:29.0671 3528  TosIde - ok
19:57:29.0761 3528  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:57:29.0771 3528  TrkWks - ok
19:57:29.0911 3528  [ BF2236A5A39B21F694CCD7B5A6639E71 ] TSMService      C:\Programme\T-DSL SpeedManager\tsmsvc.exe
19:57:29.0911 3528  TSMService - ok
19:57:30.0001 3528  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:57:30.0011 3528  Udfs - ok
19:57:30.0042 3528  ultra - ok
19:57:30.0192 3528  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:57:30.0222 3528  Update - ok
19:57:30.0322 3528  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:57:30.0342 3528  upnphost - ok
19:57:30.0432 3528  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
19:57:30.0462 3528  UPS - ok
19:57:30.0532 3528  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:57:30.0532 3528  usbehci - ok
19:57:30.0622 3528  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:57:30.0642 3528  usbhub - ok
19:57:30.0682 3528  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:57:30.0692 3528  usbohci - ok
19:57:30.0763 3528  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:57:30.0763 3528  usbprint - ok
19:57:30.0823 3528  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:57:30.0833 3528  USBSTOR - ok
19:57:30.0893 3528  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:57:30.0893 3528  usbuhci - ok
19:57:30.0943 3528  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:57:30.0943 3528  VgaSave - ok
19:57:31.0003 3528  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:57:31.0023 3528  viaagp - ok
19:57:31.0123 3528  [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1         C:\WINDOWS\system32\DRIVERS\viaagp1.sys
19:57:31.0123 3528  viaagp1 - ok
19:57:31.0203 3528  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
19:57:31.0223 3528  ViaIde - ok
19:57:31.0293 3528  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:57:31.0293 3528  VolSnap - ok
19:57:31.0424 3528  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:57:31.0464 3528  VSS - ok
19:57:31.0554 3528  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\System32\w32time.dll
19:57:31.0574 3528  W32Time - ok
19:57:31.0664 3528  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:57:31.0664 3528  Wanarp - ok
19:57:31.0704 3528  WDICA - ok
19:57:31.0784 3528  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:57:31.0784 3528  wdmaud - ok
19:57:31.0854 3528  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:57:31.0854 3528  WebClient - ok
19:57:32.0004 3528  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:57:32.0034 3528  winmgmt - ok
19:57:32.0225 3528  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
19:57:32.0235 3528  WmdmPmSN - ok
19:57:32.0445 3528  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:57:32.0485 3528  Wmi - ok
19:57:32.0645 3528  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:57:32.0645 3528  WmiApSrv - ok
19:57:32.0735 3528  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:57:32.0735 3528  WpdUsb - ok
19:57:32.0906 3528  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:57:32.0916 3528  wscsvc - ok
19:57:33.0006 3528  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:57:33.0006 3528  wuauserv - ok
19:57:33.0116 3528  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:57:33.0146 3528  WudfPf - ok
19:57:33.0236 3528  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:57:33.0246 3528  WudfRd - ok
19:57:33.0376 3528  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:57:33.0386 3528  WudfSvc - ok
19:57:33.0557 3528  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:57:33.0637 3528  WZCSVC - ok
19:57:33.0717 3528  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:57:33.0737 3528  xmlprov - ok
19:57:33.0787 3528  ================ Scan global ===============================
19:57:33.0977 3528  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:57:34.0137 3528  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:57:34.0278 3528  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:57:34.0398 3528  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:57:34.0408 3528  [Global] - ok
19:57:34.0438 3528  ================ Scan MBR ==================================
19:57:34.0478 3528  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:57:35.0289 3528  \Device\Harddisk0\DR0 - ok
19:57:35.0319 3528  ================ Scan VBR ==================================
19:57:35.0349 3528  [ C2D7C41DAF3BE3CEF9945F7FC866A742 ] \Device\Harddisk0\DR0\Partition1
19:57:35.0349 3528  \Device\Harddisk0\DR0\Partition1 - ok
19:57:35.0389 3528  [ B760064A667EC7D49EC02756F690298C ] \Device\Harddisk0\DR0\Partition2
19:57:35.0399 3528  \Device\Harddisk0\DR0\Partition2 - ok
19:57:35.0409 3528  ============================================================
19:57:35.0409 3528  Scan finished
19:57:35.0409 3528  ============================================================
19:57:35.0499 3520  Detected object count: 0
19:57:35.0499 3520  Actual detected object count: 0
19:57:49.0940 3548  ============================================================
19:57:49.0940 3548  Scan started
19:57:49.0940 3548  Mode: Manual; SigCheck; TDLFS; 
19:57:49.0940 3548  ============================================================
19:57:50.0251 3548  ================ Scan system memory ========================
19:57:50.0251 3548  System memory - ok
19:57:50.0281 3548  ================ Scan services =============================
19:57:50.0481 3548  Abiosdsk - ok
19:57:50.0571 3548  abp480n5 - ok
19:57:50.0791 3548  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
19:57:53.0425 3548  ACDaemon - ok
19:57:53.0545 3548  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:57:58.0803 3548  ACPI - ok
19:57:58.0863 3548  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:57:59.0284 3548  ACPIEC - ok
19:57:59.0364 3548  adpu160m - ok
19:57:59.0454 3548  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:57:59.0894 3548  aec - ok
19:58:00.0015 3548  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
19:58:00.0045 3548  Afc - ok
19:58:00.0155 3548  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:58:00.0285 3548  AFD - ok
19:58:00.0345 3548  Aha154x - ok
19:58:00.0425 3548  aic78u2 - ok
19:58:00.0515 3548  aic78xx - ok
19:58:00.0726 3548  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:58:01.0156 3548  Alerter - ok
19:58:01.0226 3548  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
19:58:01.0657 3548  ALG - ok
19:58:01.0717 3548  AliIde - ok
19:58:01.0797 3548  amsint - ok
19:58:01.0937 3548  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:58:02.0348 3548  AppMgmt - ok
19:58:02.0408 3548  asc - ok
19:58:02.0498 3548  asc3350p - ok
19:58:02.0558 3548  asc3550 - ok
19:58:02.0739 3548  [ 20D04091EBA710F6988F710507D85868 ] Aspi32          C:\WINDOWS\system32\drivers\Aspi32.sys
19:58:02.0789 3548  Aspi32 ( UnsignedFile.Multi.Generic ) - warning
19:58:02.0789 3548  Aspi32 - detected UnsignedFile.Multi.Generic (1)
19:58:03.0039 3548  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:58:03.0069 3548  aspnet_state - ok
19:58:03.0119 3548  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:58:03.0510 3548  AsyncMac - ok
19:58:03.0580 3548  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:58:04.0030 3548  atapi - ok
19:58:04.0090 3548  Atdisk - ok
19:58:04.0171 3548  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:58:04.0571 3548  Atmarpc - ok
19:58:04.0741 3548  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:58:05.0172 3548  AudioSrv - ok
19:58:05.0232 3548  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:58:05.0713 3548  audstub - ok
19:58:05.0793 3548  [ EB0EF89CCD0191AEC96CD6093FB9770F ] AVMWAN          C:\WINDOWS\system32\DRIVERS\avmwan.sys
19:58:05.0833 3548  AVMWAN ( UnsignedFile.Multi.Generic ) - warning
19:58:05.0833 3548  AVMWAN - detected UnsignedFile.Multi.Generic (1)
19:58:05.0923 3548  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:58:06.0464 3548  Beep - ok
19:58:06.0624 3548  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:58:07.0135 3548  BITS - ok
19:58:07.0255 3548  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
19:58:07.0325 3548  Browser - ok
19:58:07.0395 3548  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:58:07.0906 3548  cbidf2k - ok
19:58:07.0936 3548  cd20xrnt - ok
19:58:08.0006 3548  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:58:08.0547 3548  Cdaudio - ok
19:58:08.0597 3548  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:58:09.0048 3548  Cdfs - ok
19:58:09.0098 3548  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:58:09.0508 3548  Cdrom - ok
19:58:09.0548 3548  Changer - ok
19:58:09.0658 3548  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc           C:\WINDOWS\System32\cisvc.exe
19:58:10.0099 3548  cisvc - ok
19:58:10.0169 3548  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:58:10.0580 3548  ClipSrv - ok
19:58:10.0720 3548  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:58:10.0750 3548  clr_optimization_v2.0.50727_32 - ok
19:58:10.0780 3548  CmdIde - ok
19:58:10.0970 3548  COMSysApp - ok
19:58:11.0061 3548  Cpqarray - ok
19:58:11.0191 3548  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:58:11.0591 3548  CryptSvc - ok
19:58:11.0631 3548  dac2w2k - ok
19:58:11.0691 3548  dac960nt - ok
19:58:11.0862 3548  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:58:12.0092 3548  DcomLaunch - ok
19:58:12.0152 3548  [ 5E575AB625ED64C1B20517713201B3EE ] DFE528TX        C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
19:58:12.0272 3548  DFE528TX - ok
19:58:12.0352 3548  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:58:12.0793 3548  Dhcp - ok
19:58:12.0833 3548  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:58:13.0264 3548  Disk - ok
19:58:13.0334 3548  dmadmin - ok
19:58:13.0534 3548  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:58:14.0035 3548  dmboot - ok
19:58:14.0125 3548  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:58:14.0616 3548  dmio - ok
19:58:14.0686 3548  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:58:15.0176 3548  dmload - ok
19:58:15.0267 3548  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:58:15.0647 3548  dmserver - ok
19:58:15.0737 3548  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:58:16.0138 3548  DMusic - ok
19:58:16.0228 3548  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:58:16.0298 3548  Dnscache - ok
19:58:16.0418 3548  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:58:16.0849 3548  Dot3svc - ok
19:58:16.0889 3548  dpti2o - ok
19:58:16.0969 3548  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:58:17.0550 3548  drmkaud - ok
19:58:17.0640 3548  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:58:18.0061 3548  EapHost - ok
19:58:18.0141 3548  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:58:18.0561 3548  ERSvc - ok
19:58:18.0651 3548  [ A55DD7D8CED5D2624A9EE2DDA7BE0319 ] es1371          C:\WINDOWS\system32\drivers\es1371mp.sys
19:58:19.0142 3548  es1371 - ok
19:58:19.0292 3548  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
19:58:19.0423 3548  Eventlog - ok
19:58:19.0503 3548  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\System32\es.dll
19:58:19.0603 3548  EventSystem - ok
19:58:19.0673 3548  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:58:20.0053 3548  Fastfat - ok
19:58:20.0154 3548  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:58:20.0204 3548  FastUserSwitchingCompatibility - ok
19:58:20.0264 3548  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:58:20.0644 3548  Fdc - ok
19:58:20.0664 3548  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:58:21.0305 3548  Fips - ok
19:58:21.0375 3548  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:58:21.0866 3548  Flpydisk - ok
19:58:22.0397 3548  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:58:23.0048 3548  FltMgr - ok
19:58:23.0629 3548  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:58:23.0689 3548  FontCache3.0.0.0 - ok
19:58:23.0789 3548  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:58:24.0320 3548  Fs_Rec - ok
19:58:24.0450 3548  [ A36E8BEEDB3AACA09BF55A1D17904BC8 ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
19:58:24.0490 3548  FTDIBUS - ok
19:58:24.0740 3548  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:58:25.0441 3548  Ftdisk - ok
19:58:25.0561 3548  [ A14A1F4BB391DF9C233CB5DBD05FEB70 ] FTSER2K         C:\WINDOWS\system32\drivers\ftser2k.sys
19:58:25.0611 3548  FTSER2K - ok
19:58:25.0942 3548  [ 5A92558DE1A7948AC821AD83A73275CF ] fxusbase        C:\WINDOWS\system32\DRIVERS\fxusbase.sys
19:58:26.0152 3548  fxusbase ( UnsignedFile.Multi.Generic ) - warning
19:58:26.0152 3548  fxusbase - detected UnsignedFile.Multi.Generic (1)
19:58:26.0252 3548  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:58:26.0863 3548  gameenum - ok
19:58:27.0013 3548  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:58:27.0664 3548  Gpc - ok
19:58:27.0885 3548  [ 575976CD9F6A60BE788F8AEBAEF44AE5 ] ham50           C:\WINDOWS\system32\DRIVERS\ctxh51.sys
19:58:28.0085 3548  ham50 ( UnsignedFile.Multi.Generic ) - warning
19:58:28.0085 3548  ham50 - detected UnsignedFile.Multi.Generic (1)
19:58:28.0235 3548  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:58:28.0936 3548  helpsvc - ok
19:58:29.0607 3548  HidServ - ok
19:58:29.0707 3548  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:58:30.0108 3548  HidUsb - ok
19:58:30.0278 3548  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:58:30.0739 3548  hkmsvc - ok
19:58:30.0769 3548  hpn - ok
19:58:30.0829 3548  hpt3xx - ok
19:58:31.0019 3548  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:58:31.0220 3548  HTTP - ok
19:58:31.0330 3548  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:58:31.0890 3548  HTTPFilter - ok
19:58:31.0981 3548  i2omgmt - ok
19:58:32.0081 3548  i2omp - ok
19:58:32.0291 3548  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:58:32.0972 3548  i8042prt - ok
19:58:33.0252 3548  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:58:33.0353 3548  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:58:33.0353 3548  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:58:34.0004 3548  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:58:34.0534 3548  idsvc - ok
19:58:34.0574 3548  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\drivers\Imapi.sys
19:58:35.0015 3548  Imapi - ok
19:58:35.0145 3548  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\System32\imapi.exe
19:58:35.0636 3548  ImapiService - ok
19:58:35.0726 3548  ini910u - ok
19:58:35.0806 3548  IntelIde - ok
19:58:35.0926 3548  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:58:36.0297 3548  ip6fw - ok
19:58:36.0357 3548  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:58:36.0848 3548  IpFilterDriver - ok
19:58:36.0888 3548  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:58:37.0288 3548  IpInIp - ok
19:58:37.0368 3548  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:58:37.0809 3548  IpNat - ok
19:58:37.0909 3548  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:58:38.0270 3548  IPSec - ok
19:58:38.0330 3548  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:58:38.0710 3548  IRENUM - ok
19:58:38.0790 3548  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:58:39.0191 3548  isapnp - ok
19:58:39.0251 3548  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:58:39.0632 3548  Kbdclass - ok
19:58:39.0722 3548  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:58:40.0132 3548  kmixer - ok
19:58:40.0212 3548  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:58:40.0303 3548  KSecDD - ok
19:58:40.0393 3548  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:58:40.0483 3548  lanmanserver - ok
19:58:40.0573 3548  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:58:40.0663 3548  lanmanworkstation - ok
19:58:40.0693 3548  lbrtfdc - ok
19:58:40.0883 3548  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:58:41.0284 3548  LmHosts - ok
19:58:41.0374 3548  [ A2AE666CEE860BABE7FA6F1662B71737 ] MASPINT         C:\WINDOWS\system32\drivers\MASPINT.sys
19:58:41.0404 3548  MASPINT ( UnsignedFile.Multi.Generic ) - warning
19:58:41.0404 3548  MASPINT - detected UnsignedFile.Multi.Generic (1)
19:58:41.0484 3548  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
19:58:41.0544 3548  MBAMProtector - ok
19:58:41.0755 3548  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:58:41.0875 3548  MBAMScheduler - ok
19:58:42.0035 3548  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:58:42.0275 3548  MBAMService - ok
19:58:42.0325 3548  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:58:42.0756 3548  Messenger - ok
19:58:42.0816 3548  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:58:43.0317 3548  mnmdd - ok
19:58:43.0487 3548  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
19:58:43.0858 3548  mnmsrvc - ok
19:58:43.0918 3548  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:58:44.0358 3548  Modem - ok
19:58:44.0418 3548  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:58:44.0819 3548  Mouclass - ok
19:58:44.0889 3548  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:58:45.0390 3548  mouhid - ok
19:58:45.0470 3548  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:58:45.0831 3548  MountMgr - ok
19:58:45.0971 3548  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:58:46.0061 3548  MozillaMaintenance - ok
19:58:46.0121 3548  mraid35x - ok
19:58:46.0241 3548  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:58:46.0702 3548  MRxDAV - ok
19:58:46.0832 3548  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:58:47.0002 3548  MRxSmb - ok
19:58:47.0102 3548  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
19:58:47.0463 3548  MSDTC - ok
19:58:47.0553 3548  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:58:47.0944 3548  Msfs - ok
19:58:48.0014 3548  MSIServer - ok
19:58:48.0114 3548  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:58:48.0494 3548  MSKSSRV - ok
19:58:48.0554 3548  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:58:48.0925 3548  MSPCLOCK - ok
19:58:48.0985 3548  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:58:49.0356 3548  MSPQM - ok
19:58:49.0426 3548  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:58:49.0816 3548  mssmbios - ok
19:58:49.0906 3548  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:58:50.0007 3548  Mup - ok
19:58:50.0157 3548  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:58:50.0527 3548  napagent - ok
19:58:50.0617 3548  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:58:51.0038 3548  NDIS - ok
19:58:51.0318 3548  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:58:51.0378 3548  NdisTapi - ok
19:58:51.0429 3548  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:58:51.0799 3548  Ndisuio - ok
19:58:51.0839 3548  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:58:52.0230 3548  NdisWan - ok
19:58:52.0320 3548  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:58:52.0400 3548  NDProxy - ok
19:58:52.0490 3548  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:58:52.0831 3548  NetBIOS - ok
19:58:52.0901 3548  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:58:53.0291 3548  NetBT - ok
19:58:53.0411 3548  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:58:53.0792 3548  NetDDE - ok
19:58:53.0842 3548  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:58:54.0203 3548  NetDDEdsdm - ok
19:58:54.0303 3548  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\System32\lsass.exe
19:58:54.0663 3548  Netlogon - ok
19:58:54.0813 3548  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
19:58:55.0224 3548  Netman - ok
19:58:55.0254 3548  NETPPPOI - ok
19:58:55.0404 3548  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:58:55.0474 3548  NetTcpPortSharing - ok
19:58:55.0615 3548  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:58:55.0675 3548  Nla - ok
19:58:55.0785 3548  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:58:56.0125 3548  Npfs - ok
19:58:56.0245 3548  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:58:56.0726 3548  Ntfs - ok
19:58:56.0786 3548  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
19:58:57.0197 3548  NtLmSsp - ok
19:58:57.0357 3548  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:58:57.0788 3548  NtmsSvc - ok
19:58:57.0858 3548  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:58:58.0328 3548  Null - ok
19:58:58.0819 3548  [ F7EE020DC255B40A83899C53D4147746 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:58:59.0280 3548  nv - ok
19:58:59.0470 3548  [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4             C:\WINDOWS\system32\DRIVERS\nv4.sys
19:59:00.0101 3548  nv4 - ok
19:59:00.0181 3548  [ F5CA5A3E07FE3FEFA48B620A25BE5863 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
19:59:00.0241 3548  NVSvc - ok
19:59:00.0301 3548  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:59:00.0832 3548  NwlnkFlt - ok
19:59:00.0872 3548  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:59:01.0423 3548  NwlnkFwd - ok
19:59:01.0503 3548  [ A7AF0C0860F1C43FC6581BA8A99EABEF ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
19:59:01.0874 3548  P3 - ok
19:59:01.0914 3548  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:59:02.0264 3548  Parport - ok
19:59:02.0324 3548  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:59:02.0715 3548  PartMgr - ok
19:59:02.0775 3548  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:59:03.0276 3548  ParVdm - ok
19:59:03.0386 3548  [ D0084A9ADE989FE703E4F22171F4E4DC ] PCANDIS5        C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS
19:59:03.0416 3548  PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
19:59:03.0416 3548  PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
19:59:03.0506 3548  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:59:03.0846 3548  PCI - ok
19:59:03.0907 3548  PCIDump - ok
19:59:03.0937 3548  PCIIde - ok
19:59:04.0037 3548  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:59:04.0417 3548  Pcmcia - ok
19:59:04.0447 3548  PDCOMP - ok
19:59:04.0507 3548  PDFRAME - ok
19:59:04.0567 3548  PDRELI - ok
19:59:04.0597 3548  PDRFRAME - ok
19:59:04.0658 3548  perc2 - ok
19:59:04.0698 3548  perc2hib - ok
19:59:04.0978 3548  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
19:59:05.0128 3548  PlugPlay - ok
19:59:05.0359 3548  [ B597C2C966B447E011B4AE1B4D053677 ] PMBDeviceInfoProvider C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
19:59:05.0489 3548  PMBDeviceInfoProvider - ok
19:59:05.0629 3548  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
19:59:05.0949 3548  PolicyAgent - ok
19:59:05.0989 3548  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:59:06.0340 3548  PptpMiniport - ok
19:59:06.0430 3548  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:59:06.0781 3548  ProtectedStorage - ok
19:59:06.0871 3548  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:59:07.0201 3548  PSched - ok
19:59:07.0281 3548  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:59:07.0852 3548  Ptilink - ok
19:59:07.0902 3548  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:59:07.0942 3548  PxHelp20 - ok
19:59:07.0982 3548  ql1080 - ok
19:59:08.0012 3548  Ql10wnt - ok
19:59:08.0072 3548  ql12160 - ok
19:59:08.0133 3548  ql1240 - ok
19:59:08.0193 3548  ql1280 - ok
19:59:08.0263 3548  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:59:08.0774 3548  RasAcd - ok
19:59:08.0904 3548  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:59:09.0244 3548  RasAuto - ok
19:59:09.0324 3548  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:59:09.0655 3548  Rasl2tp - ok
19:59:09.0775 3548  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:59:10.0155 3548  RasMan - ok
19:59:10.0226 3548  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:59:10.0586 3548  RasPppoe - ok
19:59:10.0656 3548  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:59:11.0197 3548  Raspti - ok
19:59:11.0277 3548  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:59:11.0618 3548  Rdbss - ok
19:59:11.0688 3548  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:59:12.0168 3548  RDPCDD - ok
19:59:12.0289 3548  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:59:12.0639 3548  rdpdr - ok
19:59:12.0749 3548  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:59:12.0879 3548  RDPWD - ok
19:59:13.0010 3548  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:59:13.0370 3548  RDSessMgr - ok
19:59:13.0460 3548  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:59:13.0811 3548  redbook - ok
19:59:13.0931 3548  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:59:14.0281 3548  RemoteAccess - ok
19:59:14.0372 3548  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:59:14.0702 3548  RemoteRegistry - ok
19:59:14.0772 3548  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
19:59:15.0323 3548  ROOTMODEM - ok
19:59:15.0383 3548  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\System32\locator.exe
19:59:15.0734 3548  RpcLocator - ok
19:59:15.0884 3548  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:59:16.0044 3548  RpcSs - ok
19:59:16.0164 3548  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\System32\rsvp.exe
19:59:16.0615 3548  RSVP - ok
19:59:16.0675 3548  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:59:16.0995 3548  rtl8139 - ok
19:59:17.0105 3548  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:59:17.0426 3548  SamSs - ok
19:59:17.0506 3548  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:59:17.0877 3548  SCardSvr - ok
19:59:18.0007 3548  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:59:18.0377 3548  Schedule - ok
19:59:18.0467 3548  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:59:18.0788 3548  Secdrv - ok
19:59:18.0928 3548  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:59:19.0269 3548  seclogon - ok
19:59:19.0359 3548  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
19:59:19.0719 3548  SENS - ok
19:59:19.0799 3548  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:59:20.0130 3548  serenum - ok
19:59:20.0200 3548  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:59:20.0560 3548  Serial - ok
19:59:20.0681 3548  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:59:21.0051 3548  Sfloppy - ok
19:59:21.0191 3548  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:59:21.0612 3548  SharedAccess - ok
19:59:21.0682 3548  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:59:21.0722 3548  ShellHWDetection - ok
19:59:21.0772 3548  Simbad - ok
19:59:21.0822 3548  Sparrow - ok
19:59:21.0902 3548  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:59:22.0243 3548  splitter - ok
19:59:22.0343 3548  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:59:22.0423 3548  Spooler - ok
19:59:22.0483 3548  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:59:22.0844 3548  sr - ok
19:59:23.0014 3548  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\System32\srsvc.dll
19:59:23.0364 3548  srservice - ok
19:59:23.0505 3548  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:59:23.0655 3548  Srv - ok
19:59:23.0735 3548  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:59:24.0116 3548  SSDPSRV - ok
19:59:24.0236 3548  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:59:24.0626 3548  stisvc - ok
19:59:24.0696 3548  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:59:25.0017 3548  swenum - ok
19:59:25.0087 3548  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:59:25.0427 3548  swmidi - ok
19:59:25.0498 3548  SwPrv - ok
19:59:25.0558 3548  symc810 - ok
19:59:25.0618 3548  symc8xx - ok
19:59:25.0678 3548  sym_hi - ok
19:59:25.0738 3548  sym_u3 - ok
19:59:25.0778 3548  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:59:26.0118 3548  sysaudio - ok
19:59:26.0209 3548  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:59:26.0579 3548  SysmonLog - ok
19:59:26.0699 3548  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:59:27.0090 3548  TapiSrv - ok
19:59:27.0200 3548  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:59:27.0310 3548  Tcpip - ok
19:59:27.0350 3548  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:59:27.0701 3548  TDPIPE - ok
19:59:27.0801 3548  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:59:28.0151 3548  TDTCP - ok
19:59:28.0191 3548  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:59:28.0522 3548  TermDD - ok
19:59:28.0652 3548  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:59:29.0053 3548  TermService - ok
19:59:29.0123 3548  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:59:29.0163 3548  Themes - ok
19:59:29.0273 3548  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
19:59:29.0623 3548  TlntSvr - ok
19:59:29.0744 3548  [ 52AB2F2B0D2FD7CC2FDB489C449FEB8E ] TNPacket        C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
19:59:29.0764 3548  TNPacket ( UnsignedFile.Multi.Generic ) - warning
19:59:29.0764 3548  TNPacket - detected UnsignedFile.Multi.Generic (1)
19:59:29.0824 3548  TosIde - ok
19:59:29.0934 3548  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:59:30.0254 3548  TrkWks - ok
19:59:30.0385 3548  [ BF2236A5A39B21F694CCD7B5A6639E71 ] TSMService      C:\Programme\T-DSL SpeedManager\tsmsvc.exe
19:59:30.0415 3548  TSMService ( UnsignedFile.Multi.Generic ) - warning
19:59:30.0415 3548  TSMService - detected UnsignedFile.Multi.Generic (1)
19:59:30.0475 3548  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:59:30.0825 3548  Udfs - ok
19:59:30.0865 3548  ultra - ok
19:59:30.0975 3548  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:59:31.0356 3548  Update - ok
19:59:31.0476 3548  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:59:31.0847 3548  upnphost - ok
19:59:31.0937 3548  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
19:59:32.0307 3548  UPS - ok
19:59:32.0367 3548  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:59:32.0708 3548  usbehci - ok
19:59:32.0768 3548  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:59:33.0098 3548  usbhub - ok
19:59:33.0149 3548  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:59:33.0489 3548  usbohci - ok
19:59:33.0549 3548  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:59:33.0900 3548  usbprint - ok
19:59:33.0940 3548  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:59:34.0300 3548  USBSTOR - ok
19:59:34.0340 3548  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:59:34.0741 3548  usbuhci - ok
19:59:34.0871 3548  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:59:35.0252 3548  VgaSave - ok
19:59:35.0462 3548  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:59:35.0852 3548  viaagp - ok
19:59:36.0033 3548  [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1         C:\WINDOWS\system32\DRIVERS\viaagp1.sys
19:59:36.0123 3548  viaagp1 - ok
19:59:36.0193 3548  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
19:59:36.0543 3548  ViaIde - ok
19:59:36.0854 3548  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:59:37.0224 3548  VolSnap - ok
19:59:38.0216 3548  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:59:38.0817 3548  VSS - ok
19:59:39.0408 3548  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\System32\w32time.dll
19:59:39.0928 3548  W32Time - ok
19:59:40.0199 3548  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:59:40.0579 3548  Wanarp - ok
19:59:40.0639 3548  WDICA - ok
19:59:40.0800 3548  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:59:41.0150 3548  wdmaud - ok
19:59:41.0410 3548  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:59:41.0801 3548  WebClient - ok
19:59:42.0222 3548  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:59:42.0602 3548  winmgmt - ok
19:59:42.0903 3548  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
19:59:43.0073 3548  WmdmPmSN - ok
19:59:44.0054 3548  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:59:45.0146 3548  Wmi - ok
19:59:45.0266 3548  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:59:45.0667 3548  WmiApSrv - ok
19:59:45.0717 3548  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:59:45.0847 3548  WpdUsb - ok
19:59:46.0137 3548  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:59:46.0568 3548  wscsvc - ok
19:59:46.0678 3548  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:59:47.0209 3548  wuauserv - ok
19:59:47.0299 3548  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:59:47.0419 3548  WudfPf - ok
19:59:47.0519 3548  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:59:47.0659 3548  WudfRd - ok
19:59:47.0840 3548  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:59:48.0040 3548  WudfSvc - ok
19:59:48.0320 3548  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:59:49.0011 3548  WZCSVC - ok
19:59:49.0132 3548  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:59:49.0672 3548  xmlprov - ok
19:59:49.0692 3548  ================ Scan global ===============================
19:59:49.0953 3548  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:59:50.0203 3548  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:59:50.0353 3548  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:59:50.0534 3548  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:59:50.0544 3548  [Global] - ok
19:59:50.0584 3548  ================ Scan MBR ==================================
19:59:50.0624 3548  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:59:52.0546 3548  \Device\Harddisk0\DR0 - ok
19:59:52.0566 3548  ================ Scan VBR ==================================
19:59:52.0587 3548  [ B10890FDEADAC1EB32C166EFFC76C386 ] \Device\Harddisk0\DR0\Partition1
19:59:52.0587 3548  \Device\Harddisk0\DR0\Partition1 - ok
19:59:52.0717 3548  [ B760064A667EC7D49EC02756F690298C ] \Device\Harddisk0\DR0\Partition2
19:59:52.0727 3548  \Device\Harddisk0\DR0\Partition2 - ok
19:59:52.0747 3548  ============================================================
19:59:52.0747 3548  Scan finished
19:59:52.0747 3548  ============================================================
19:59:52.0957 3540  Detected object count: 9
19:59:52.0957 3540  Actual detected object count: 9
20:03:01.0318 3540  Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:01.0318 3540  Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:01.0318 3540  AVMWAN ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:01.0318 3540  AVMWAN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:01.0338 3540  fxusbase ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:01.0338 3540  fxusbase ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:01.0368 3540  ham50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:01.0368 3540  ham50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:01.0398 3540  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:01.0398 3540  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:01.0418 3540  MASPINT ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:01.0418 3540  MASPINT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:01.0448 3540  PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:01.0448 3540  PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:01.0468 3540  TNPacket ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:01.0468 3540  TNPacket ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:01.0498 3540  TSMService ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:01.0498 3540  TSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:42.0978 3480  Deinitialize success

cosinus · 21.10.2012, 11:09

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Diddlhase · 24.10.2012, 06:58

Ich habe alle Hinweise befolgt aber der Combofix konnte nicht durchgeführt werden, da er jedesmal nur bis zum Fenster Autoscan kommt, mit dem Hinweis, dass der Vorgang ca. 10 Minuten dauert und sich bei stark infizierten Rechnern gut und gerne verdoppeln kann. 2 mal habe ich den Vorgang 2 Stunden und weitere 2 mal je 1 Stunde laufen lassen. Wie bereits erwähnt, alles ohne Erfolg. Der Cursor blinkt aber weiter scheint nichts zu passieren.
Ich möchte den Threat an dieser Stelle aber jetzt auch endgültig beenden, da ich nicht gewillt bin noch weitere Zeit zu investieren und auch niemand anderen mehr damit zu belästigen. Ich bin dir sehr dankbar für die bislang geleistete Hilfe und habe mich mit dem aktuellen Zustand inzwischen abgefunden. Die wichtigsten Daten sind wieder da und das reicht mir soweit. Danke nochmals und vielleicht bis irgendwann.

cosinus · 24.10.2012, 15:35

Wir wären eh fast fertig gewesen, CF will nicht immer.

Mach bitte wenigstens noch Kontrollscans mit SUPERAntiSpyware und Malwarebytes

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

11.10.2012, 16:17	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA Trojaner 1.14 Win XP entfernen. Bitte auch die älteren Logs vom adwCleaner posten __________________ Logfiles bitte immer in CODE-Tags posten

BKA Trojaner 1.14 Win XP entfernen.

Log-Analyse und Auswertung: BKA Trojaner 1.14 Win XP entfernen.