Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Erst HDD Smart, dann Ukash

Erst HDD Smart, dann Ukash


Plagegeister aller Art und deren Bekämpfung: Erst HDD Smart, dann Ukash

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 4 1 2 34
Alt 13.10.2012, 16:57   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Code:
ATTFilter
Scan Mode: Current user
Du hast den Haken bei Scanne alle Benutzer scannen vergessen! Bitte das Log nochmal richtig machen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.10.2012, 11:11   #17
kirsten1967
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Hallo cosinus,
Mist :-(
Sorry. Wer lesen kann usw.
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.10.2012 11:21:43 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\mob15\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,30% Memory free
3,85 Gb Paging File | 3,38 Gb Available in Paging File | 87,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 195,25 Gb Free Space | 83,84% Space Free | Partition Type: NTFS
Drive E: | 1006,22 Mb Total Space | 876,52 Mb Free Space | 87,11% Space Free | Partition Type: FAT
 
Computer Name: MOBIL15 | User Name: mob15 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.13 11:15:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mob15\Desktop\OTL.exe
PRC - [2012.08.08 22:16:03 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.05.08 21:56:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:56:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.08 21:56:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:56:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.08.18 18:26:22 | 004,730,880 | ---- | M] () -- C:\Programme\Hotkey\HotKeyDriver.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.25 15:46:32 | 000,077,824 | ---- | M] (mychat) -- C:\WINDOWS\BisonCam\BisonHK.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.03.11 17:08:50 | 000,053,248 | ---- | M] (Bison Inc.) -- C:\WINDOWS\BisonCam\DeLay.exe
PRC - [2008.01.24 21:27:53 | 006,542,616 | R--- | M] (Dassault Systemes) -- C:\Programme\Gemeinsame Dateien\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe
PRC - [2007.08.17 23:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.08 21:56:56 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.08.18 18:26:22 | 004,730,880 | ---- | M] () -- C:\Programme\Hotkey\HotKeyDriver.exe
MOD - [2008.03.25 15:44:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\BisonCam\KBHookDLL.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.13 13:30:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012.05.08 21:56:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:56:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.08 21:56:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.25 23:16:53 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.09.25 17:33:31 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.09.25 17:33:29 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.20 00:59:12 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.09.23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.05.08 21:56:56 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:56:56 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.14 09:48:04 | 000,762,232 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.03.31 15:44:46 | 001,069,608 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.03.03 06:00:00 | 000,043,392 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2008.02.26 10:01:44 | 004,737,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.12.26 04:20:20 | 000,288,000 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.04.11 10:50:12 | 000,046,080 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007.04.11 10:50:04 | 000,066,432 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.110.2:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Abacho Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Abacho Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {ba23315d-608c-4984-b402-3438dcfc5b82}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.15.1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q="
FF - prefs.js..network.proxy.http: "10.10.110.2"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.25 23:16:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.13 22:48:45 | 000,000,000 | ---D | M]
 
[2011.10.02 22:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Extensions
[2010.05.23 20:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Extensions-BackupByFirefoxPortable
[2010.05.23 20:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.08.27 19:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions
[2012.05.21 22:55:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.08.27 19:02:51 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2012.08.27 19:02:53 | 000,000,000 | ---D | M] (Abacho Community Toolbar) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}
[2012.09.27 18:49:07 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com
[2012.06.09 15:37:59 | 000,002,306 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\searchplugins\askcomsearch.xml
[2012.01.18 21:10:30 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\searchplugins\conduit.xml
[2012.01.03 11:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.19 09:31:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.04.25 23:16:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.13 22:48:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.09 04:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Programme\mozilla firefox\plugins\npEModelPlugin.dll
[2012.04.25 23:16:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.25 23:16:50 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.25 23:16:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.25 23:16:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.25 23:16:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.25 23:16:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe (Bison Inc.)
O4 - HKLM..\Run: [Hotkey Software] C:\Programme\Hotkey\HotKeyDriver.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Programme\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Programme\Gemeinsame Dateien\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systemes)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006..\Run: [gStart] C:\Programme\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.07 21:31:12 | 000,000,000 | ---D | M] - C:\Autodesk Learning -- [ NTFS ]
O32 - AutoRun File - [2008.10.07 10:06:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7abb9b8a-10ad-11df-bb5b-0090f58e766d}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\Shell\AutoRun\command - "" = qikadh.exe
O33 - MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\Shell\explore\Command - "" = qikadh.exe
O33 - MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\Shell\open\Command - "" = qikadh.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Programme\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0392B69D-CBC9-E14A-6A91-39D77D07CE99} - Uniscribe
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2184FC64-733C-C276-BD87-C807C8ABF61F} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {37D43CBC-9AFD-60C3-B80E-5A161669DB7E} - NetShow
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {51059CF0-8D4E-53F6-A562-D0D024BCF10A} - Microsoft Windows Media Player
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DD772D2A-A081-A65A-ADBD-2BC8BFAAAC33} - Themes Setup
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FCD8CB84-9787-81FE-248F-81844D602464} - DirectAnimation
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.14 11:05:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Startmenü\Programme\CyberLink PowerDVD 8
[2012.10.13 14:20:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Desktop\2012-10-13
[2012.10.13 11:18:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mob15\Desktop\OTL.exe
[2012.10.10 11:25:27 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.10.10 11:25:20 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\mob15\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 19:00:18 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.09.27 18:32:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhbujtpbjtyhmvu
[2012.09.27 14:03:03 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\mob15\Desktop\unhide.exe
[2012.09.26 21:45:44 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\mob15\Recent
[2012.09.26 20:31:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Malwarebytes
[2012.09.26 20:31:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.26 18:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.09.26 16:58:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.26 16:57:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.26 16:57:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.24 20:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Desktop\Mehrvolumenkoerper
[2012.09.24 20:33:06 | 000,000,000 | ---D | C] -- C:\SolidWorks Training Files
[2012.09.24 20:29:45 | 058,277,552 | ---- | C] (SolidWorks Corporation                                      ) -- C:\Dokumente und Einstellungen\mob15\Desktop\TRN_CDT1003_APM2010.exe
[2012.09.21 18:32:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Desktop\Physik_Techniker
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.14 11:30:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.14 11:21:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.10.14 11:05:05 | 000,176,225 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.10.14 11:05:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.14 11:04:55 | 2144,493,568 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.13 11:15:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mob15\Desktop\OTL.exe
[2012.10.12 16:38:02 | 000,109,568 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\0.2764942012265772.exe
[2012.10.10 19:05:49 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jyaafxgq.sys
[2012.10.10 11:25:13 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\mob15\Desktop\esetsmartinstaller_enu.exe
[2012.10.09 19:22:35 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.09 17:44:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.07 12:02:48 | 133,943,296 | ---- | M] (                                                            ) -- C:\Dokumente und Einstellungen\mob15\Desktop\setup_9.0.0.722_07.10.2012_06-07.exe
[2012.10.04 11:33:56 | 000,002,405 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SolidWorks 2010.lnk
[2012.10.02 10:01:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.09.28 13:29:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.27 18:32:46 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mnzzgmxmfgbozgi
[2012.09.27 14:02:35 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\mob15\Desktop\unhide.exe
[2012.09.26 20:31:23 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 20:30:44 | 058,277,552 | ---- | M] (SolidWorks Corporation                                      ) -- C:\Dokumente und Einstellungen\mob15\Desktop\TRN_CDT1003_APM2010.exe
[2012.09.24 20:29:08 | 000,000,015 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Desktop\TRN_CDT0903_APM2009.exe.htm
[2012.09.22 18:17:37 | 000,653,267 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Desktop\Flyer Fachtagung Doppelseitig (2).pdf
[2012.09.16 22:03:44 | 000,000,032 | ---- | M] () -- C:\WINDOWS\CD_Start.INI
[2012.09.16 21:08:22 | 000,511,433 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Desktop\Werkstoff_FO.pdf
 
========== Files Created - No Company Name ==========
 
[2012.10.12 16:38:01 | 000,109,568 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\0.2764942012265772.exe
[2012.10.10 19:05:49 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jyaafxgq.sys
[2012.10.07 13:16:59 | 133,943,296 | ---- | C] (                                                            ) -- C:\Dokumente und Einstellungen\mob15\Desktop\setup_9.0.0.722_07.10.2012_06-07.exe
[2012.10.07 13:09:46 | 2144,493,568 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.27 18:32:43 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mnzzgmxmfgbozgi
[2012.09.26 20:31:23 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 20:29:08 | 000,000,015 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Desktop\TRN_CDT0903_APM2009.exe.htm
[2012.09.22 18:17:37 | 000,653,267 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Desktop\Flyer Fachtagung Doppelseitig (2).pdf
[2012.09.16 21:27:34 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2012.09.16 21:08:22 | 000,511,433 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Desktop\Werkstoff_FO.pdf
[2012.07.08 14:42:42 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2012.06.18 21:04:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.18 20:58:01 | 000,061,096 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.05.29 12:51:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.16 22:49:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009.07.23 13:40:41 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.21 12:01:35 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008.10.07 10:17:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.10.07 10:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search
[2011.09.10 21:06:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2011.05.13 21:18:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DassaultSystemes
[2012.06.29 22:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Garmin
[2012.09.27 18:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhbujtpbjtyhmvu
[2008.10.07 10:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2012.06.13 18:19:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.10.07 10:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Windows Desktop Search
[2012.02.06 21:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Applian FLV and Media Player
[2011.09.10 21:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Ashampoo
[2012.01.11 20:50:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Canon
[2011.05.29 17:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DassaultSystemes
[2011.10.06 20:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DeepBurner
[2010.09.25 18:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DWGeditor
[2011.05.13 21:18:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\EDrawings
[2012.06.29 22:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Garmin
[2010.05.24 00:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\GHISLER
[2012.02.06 21:50:39 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\HASCO
[2012.10.14 11:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\IM
[2010.09.25 18:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Luxology
[2012.06.09 15:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Oracle
[2008.10.07 10:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Windows Desktop Search
[2009.04.25 11:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.07 21:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Adobe
[2012.06.22 19:30:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Apple Computer
[2012.02.06 21:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Applian FLV and Media Player
[2011.09.10 21:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Ashampoo
[2012.04.12 19:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Avira
[2012.01.11 20:50:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Canon
[2009.05.19 14:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\CyberLink
[2011.05.29 17:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DassaultSystemes
[2011.10.06 20:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DeepBurner
[2010.09.25 18:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DWGeditor
[2011.05.13 21:18:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\EDrawings
[2012.06.29 22:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Garmin
[2010.05.24 00:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\GHISLER
[2012.02.06 21:50:39 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\HASCO
[2008.10.07 10:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Identities
[2012.10.14 11:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\IM
[2008.10.07 10:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\InstallShield
[2010.09.25 18:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Luxology
[2011.12.07 21:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Macromedia
[2012.09.26 20:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Malwarebytes
[2011.12.07 22:09:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Microsoft
[2012.09.09 23:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla
[2012.06.09 15:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Oracle
[2012.10.04 11:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\SolidWorks
[2010.11.18 21:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\SolidWorks 2010
[2011.12.13 22:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Sun
[2011.12.12 12:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\U3
[2008.10.07 10:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Windows Desktop Search
[2009.04.25 11:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Windows Search
 
< %APPDATA%\*.exe /s >
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.10.07 11:58:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.10.07 11:58:53 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.10.07 11:58:53 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2008.10.07 10:08:50 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2008.10.07 10:32:35 | 000,000,252 | ---- | C] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2008.10.07 10:53:53 | 000,000,065 | R--- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012.04.22 18:04:27 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.06.13 18:17:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

< End of report >
--- --- ---

Danke,
kirsten
__________________
Alt 14.10.2012, 18:17   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
__________________
Alt 14.10.2012, 18:28   #19
kirsten1967
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Hallo Cosinus,
hier die Log Datei

Code:
ATTFilter
# AdwCleaner v2.005 - Datei am 14/10/2012 um 19:27:07 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : mob15 - MOBIL15
# Bootmodus : Normal
# Ausgeführt unter : E:\adwcleaner (1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [6159 octets] - [11/10/2012 22:43:40]
AdwCleaner[S1].txt - [5849 octets] - [12/10/2012 16:28:53]
AdwCleaner[R2].txt - [664 octets] - [14/10/2012 19:27:07]

########## EOF - C:\AdwCleaner[R2].txt - [723 octets] ##########
Sieht eigentlich leer aus, oder,
grüßle kirsten

Alt 14.10.2012, 20:10   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Ja leer und das wundert mich

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.10.2012, 17:04   #21
kirsten1967
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Hallo,
das neue log :-)

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.10.2012 17:30:32 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\mob15\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 71,33% Memory free
3,85 Gb Paging File | 3,33 Gb Available in Paging File | 86,53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 195,18 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
Drive E: | 1006,22 Mb Total Space | 875,41 Mb Free Space | 87,00% Space Free | Partition Type: FAT
 
Computer Name: MOBIL15 | User Name: mob15 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.15 16:23:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mob15\Desktop\OTL (1).exe
PRC - [2012.08.08 22:16:03 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.05.08 21:56:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:56:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.08 21:56:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:56:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.08.18 18:26:22 | 004,730,880 | ---- | M] () -- C:\Programme\Hotkey\HotKeyDriver.exe
PRC - [2008.08.13 15:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Programme\Garmin\Training Center\gStart.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.25 15:46:32 | 000,077,824 | ---- | M] (mychat) -- C:\WINDOWS\BisonCam\BisonHK.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.03.11 17:08:50 | 000,053,248 | ---- | M] (Bison Inc.) -- C:\WINDOWS\BisonCam\DeLay.exe
PRC - [2008.01.24 21:27:53 | 006,542,616 | R--- | M] (Dassault Systemes) -- C:\Programme\Gemeinsame Dateien\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe
PRC - [2007.08.17 23:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.08 21:56:56 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.08.18 18:26:22 | 004,730,880 | ---- | M] () -- C:\Programme\Hotkey\HotKeyDriver.exe
MOD - [2008.03.25 15:44:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\BisonCam\KBHookDLL.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.13 13:30:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012.05.08 21:56:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:56:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.08 21:56:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.25 23:16:53 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.09.25 17:33:31 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.09.25 17:33:29 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.20 00:59:12 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.09.23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.05.08 21:56:56 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:56:56 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.14 09:48:04 | 000,762,232 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.03.31 15:44:46 | 001,069,608 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.03.03 06:00:00 | 000,043,392 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2008.02.26 10:01:44 | 004,737,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.12.26 04:20:20 | 000,288,000 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.04.11 10:50:12 | 000,046,080 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007.04.11 10:50:04 | 000,066,432 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.110.2:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Abacho Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Abacho Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {ba23315d-608c-4984-b402-3438dcfc5b82}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.15.1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q="
FF - prefs.js..network.proxy.http: "10.10.110.2"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.25 23:16:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.13 22:48:45 | 000,000,000 | ---D | M]
 
[2011.10.02 22:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Extensions
[2010.05.23 20:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Extensions-BackupByFirefoxPortable
[2010.05.23 20:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.08.27 19:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions
[2012.05.21 22:55:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.08.27 19:02:51 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2012.08.27 19:02:53 | 000,000,000 | ---D | M] (Abacho Community Toolbar) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}
[2012.09.27 18:49:07 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com
[2012.06.09 15:37:59 | 000,002,306 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\searchplugins\askcomsearch.xml
[2012.01.18 21:10:30 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\searchplugins\conduit.xml
[2012.01.03 11:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.19 09:31:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.04.25 23:16:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.13 22:48:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.09 04:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Programme\mozilla firefox\plugins\npEModelPlugin.dll
[2012.04.25 23:16:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.25 23:16:50 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.25 23:16:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.25 23:16:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.25 23:16:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.25 23:16:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe (Bison Inc.)
O4 - HKLM..\Run: [Hotkey Software] C:\Programme\Hotkey\HotKeyDriver.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Programme\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Programme\Gemeinsame Dateien\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systemes)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006..\Run: [gStart] C:\Programme\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3168998098-1947030850-3751565249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3AD75BE-DFC8-410A-AB7E-D3095026A75B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.07 21:31:12 | 000,000,000 | ---D | M] - C:\Autodesk Learning -- [ NTFS ]
O32 - AutoRun File - [2008.10.07 10:06:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.10.07 12:11:36 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) - E:\autoruns.exe -- [ FAT ]
O33 - MountPoints2\{7abb9b8a-10ad-11df-bb5b-0090f58e766d}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\Shell\AutoRun\command - "" = qikadh.exe
O33 - MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\Shell\explore\Command - "" = qikadh.exe
O33 - MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\Shell\open\Command - "" = qikadh.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Programme\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0392B69D-CBC9-E14A-6A91-39D77D07CE99} - Uniscribe
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2184FC64-733C-C276-BD87-C807C8ABF61F} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {37D43CBC-9AFD-60C3-B80E-5A161669DB7E} - NetShow
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {51059CF0-8D4E-53F6-A562-D0D024BCF10A} - Microsoft Windows Media Player
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DD772D2A-A081-A65A-ADBD-2BC8BFAAAC33} - Themes Setup
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FCD8CB84-9787-81FE-248F-81844D602464} - DirectAnimation
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.15 16:25:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mob15\Desktop\OTL (1).exe
[2012.10.15 16:23:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Startmenü\Programme\CyberLink PowerDVD 8
[2012.10.13 14:20:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Desktop\2012-10-13
[2012.10.10 11:25:27 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.10.10 11:25:20 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\mob15\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 19:00:18 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.09.27 18:32:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhbujtpbjtyhmvu
[2012.09.27 14:03:03 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\mob15\Desktop\unhide.exe
[2012.09.26 21:45:44 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\mob15\Recent
[2012.09.26 20:31:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Malwarebytes
[2012.09.26 20:31:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.26 18:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.09.26 16:58:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.26 16:57:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.26 16:57:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.24 20:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Desktop\Mehrvolumenkoerper
[2012.09.24 20:33:06 | 000,000,000 | ---D | C] -- C:\SolidWorks Training Files
[2012.09.24 20:29:45 | 058,277,552 | ---- | C] (SolidWorks Corporation                                      ) -- C:\Dokumente und Einstellungen\mob15\Desktop\TRN_CDT1003_APM2010.exe
[2012.09.21 18:32:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mob15\Desktop\Physik_Techniker
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.15 17:30:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.15 17:21:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.10.15 16:23:31 | 000,176,225 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.10.15 16:23:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.15 16:23:21 | 2144,493,568 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.15 16:23:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mob15\Desktop\OTL (1).exe
[2012.10.15 16:22:15 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\ms.exe
[2012.10.12 16:38:02 | 000,109,568 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\0.2764942012265772.exe
[2012.10.10 19:05:49 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jyaafxgq.sys
[2012.10.10 11:25:13 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\mob15\Desktop\esetsmartinstaller_enu.exe
[2012.10.09 19:22:35 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.09 17:44:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.07 12:02:48 | 133,943,296 | ---- | M] (                                                            ) -- C:\Dokumente und Einstellungen\mob15\Desktop\setup_9.0.0.722_07.10.2012_06-07.exe
[2012.10.04 11:33:56 | 000,002,405 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SolidWorks 2010.lnk
[2012.10.02 10:01:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.09.28 13:29:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.27 18:32:46 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mnzzgmxmfgbozgi
[2012.09.27 14:02:35 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\mob15\Desktop\unhide.exe
[2012.09.26 20:31:23 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 20:30:44 | 058,277,552 | ---- | M] (SolidWorks Corporation                                      ) -- C:\Dokumente und Einstellungen\mob15\Desktop\TRN_CDT1003_APM2010.exe
[2012.09.24 20:29:08 | 000,000,015 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Desktop\TRN_CDT0903_APM2009.exe.htm
[2012.09.22 18:17:37 | 000,653,267 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Desktop\Flyer Fachtagung Doppelseitig (2).pdf
[2012.09.16 22:03:44 | 000,000,032 | ---- | M] () -- C:\WINDOWS\CD_Start.INI
[2012.09.16 21:08:22 | 000,511,433 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Desktop\Werkstoff_FO.pdf
 
========== Files Created - No Company Name ==========
 
[2012.10.15 16:22:15 | 000,110,592 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\ms.exe
[2012.10.12 16:38:01 | 000,109,568 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\0.2764942012265772.exe
[2012.10.10 19:05:49 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jyaafxgq.sys
[2012.10.07 13:16:59 | 133,943,296 | ---- | C] (                                                            ) -- C:\Dokumente und Einstellungen\mob15\Desktop\setup_9.0.0.722_07.10.2012_06-07.exe
[2012.10.07 13:09:46 | 2144,493,568 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.27 18:32:43 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mnzzgmxmfgbozgi
[2012.09.26 20:31:23 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 20:29:08 | 000,000,015 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Desktop\TRN_CDT0903_APM2009.exe.htm
[2012.09.22 18:17:37 | 000,653,267 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Desktop\Flyer Fachtagung Doppelseitig (2).pdf
[2012.09.16 21:27:34 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2012.09.16 21:08:22 | 000,511,433 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Desktop\Werkstoff_FO.pdf
[2012.07.08 14:42:42 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2012.06.18 21:04:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.18 20:58:01 | 000,061,096 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.05.29 12:51:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.16 22:49:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009.07.23 13:40:41 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.21 12:01:35 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\mob15\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008.10.07 10:17:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.10.07 10:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search
[2011.09.10 21:06:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2011.05.13 21:18:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DassaultSystemes
[2012.06.29 22:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Garmin
[2012.09.27 18:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhbujtpbjtyhmvu
[2008.10.07 10:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2012.06.13 18:19:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.10.07 10:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Windows Desktop Search
[2012.02.06 21:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Applian FLV and Media Player
[2011.09.10 21:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Ashampoo
[2012.01.11 20:50:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Canon
[2011.05.29 17:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DassaultSystemes
[2011.10.06 20:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DeepBurner
[2010.09.25 18:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DWGeditor
[2011.05.13 21:18:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\EDrawings
[2012.06.29 22:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Garmin
[2010.05.24 00:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\GHISLER
[2012.02.06 21:50:39 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\HASCO
[2012.10.15 16:23:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\IM
[2010.09.25 18:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Luxology
[2012.06.09 15:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Oracle
[2008.10.07 10:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Windows Desktop Search
[2009.04.25 11:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.07 21:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Adobe
[2012.06.22 19:30:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Apple Computer
[2012.02.06 21:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Applian FLV and Media Player
[2011.09.10 21:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Ashampoo
[2012.04.12 19:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Avira
[2012.01.11 20:50:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Canon
[2009.05.19 14:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\CyberLink
[2011.05.29 17:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DassaultSystemes
[2011.10.06 20:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DeepBurner
[2010.09.25 18:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\DWGeditor
[2011.05.13 21:18:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\EDrawings
[2012.06.29 22:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Garmin
[2010.05.24 00:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\GHISLER
[2012.02.06 21:50:39 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\HASCO
[2008.10.07 10:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Identities
[2012.10.15 16:23:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\IM
[2008.10.07 10:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\InstallShield
[2010.09.25 18:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Luxology
[2011.12.07 21:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Macromedia
[2012.09.26 20:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Malwarebytes
[2011.12.07 22:09:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Microsoft
[2012.09.09 23:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla
[2012.06.09 15:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Oracle
[2012.10.04 11:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\SolidWorks
[2010.11.18 21:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\SolidWorks 2010
[2011.12.13 22:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Sun
[2011.12.12 12:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\U3
[2008.10.07 10:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Windows Desktop Search
[2009.04.25 11:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Windows Search
 
< %APPDATA%\*.exe /s >
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.10.07 11:58:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.10.07 11:58:53 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.10.07 11:58:53 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          Schliesse bitte nun alle Programme. (Wichtig)  >
[2008.10.07 10:08:50 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2008.10.07 10:32:35 | 000,000,252 | ---- | C] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2008.10.07 10:53:53 | 000,000,065 | R--- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012.04.22 18:04:27 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.06.13 18:17:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
 
< Klicke nun bitte auf den Quick Scan Button.  >
 
< Klick auf .  >

< End of report >
--- --- ---


grüßle kirste
PS: ukash ist immer noch da

Alt 15.10.2012, 18:18   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Code:
ATTFilter
C:\Dokumente und Einstellungen\mob15\Desktop\setup_9.0.0.722_07.10.2012_06-07.exe
Was genau ist das für ein Setup? Quelle und Name der Software?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Abacho Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Abacho Customized Web Search"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q="
FF - prefs.js..extensions.enabledAddons: {ba23315d-608c-4984-b402-3438dcfc5b82}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.15.1.0
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2
[2012.08.27 19:02:51 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2012.08.27 19:02:53 | 000,000,000 | ---D | M] (Abacho Community Toolbar) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}
[2012.09.27 18:49:07 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com
[2012.06.09 15:37:59 | 000,002,306 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\searchplugins\askcomsearch.xml
[2012.01.18 21:10:30 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\searchplugins\conduit.xml
O4 - HKLM..\Run: []  File not found
O33 - MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\Shell\AutoRun\command - "" = qikadh.exe
O33 - MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\Shell\explore\Command - "" = qikadh.exe
O33 - MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\Shell\open\Command - "" = qikadh.exe
O33 - MountPoints2\{7abb9b8a-10ad-11df-bb5b-0090f58e766d}\Shell\AutoRun\command - "" = setupSNK.exe
:Files
C:\Dokumente und Einstellungen\mob15\ms.exe
C:\Dokumente und Einstellungen\mob15\0.2764942012265772.exe
C:\WINDOWS\System32\drivers\jyaafxgq.sys
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mnzzgmxmfgbozgi
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhbujtpbjtyhmvu
C:\Dokumente und Einstellungen\mob15\amsgujxeivwjhcfjjoxlbceph.exe
C:\Dokumente und Einstellungen\mob15\gbitpbfbosoe.exe
C:\Dokumente und Einstellungen\mob15\qqxxeunwnsph.exe
C:\Dokumente und Einstellungen\mob15\rotnusbppjbnnex.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.10.2012, 19:13   #23
kirsten1967
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Hallo Cosinus,
Kaspersky DE Cleaner. Quelle, ich denke Kaspersky direkt. Der Fix läuft noch.
gruß kirsten

Hallo cosinus

hier das Log nach dem Fix
Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "Abacho Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Abacho Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q=" removed from keyword.URL
Prefs.js: {ba23315d-608c-4984-b402-3438dcfc5b82}:3.15.1.0 removed from extensions.enabledAddons
Prefs.js: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.15.1.0 removed from extensions.enabledAddons
Prefs.js: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2 removed from extensions.enabledItems
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\searchplugin scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\Plugins scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\modules scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\searchplugin scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\Plugins scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\modules scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\components scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82} scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\searchplugins scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\defaults scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\searchplugins\askcomsearch.xml moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\ not found.
File qikadh.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\ not found.
File qikadh.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f4e218d-8b4f-11df-bb6e-0090f58e766d}\ not found.
File qikadh.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7abb9b8a-10ad-11df-bb5b-0090f58e766d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abb9b8a-10ad-11df-bb5b-0090f58e766d}\ not found.
File setupSNK.exe not found.
========== FILES ==========
C:\Dokumente und Einstellungen\mob15\ms.exe moved successfully.
C:\Dokumente und Einstellungen\mob15\0.2764942012265772.exe moved successfully.
C:\WINDOWS\System32\drivers\jyaafxgq.sys moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mnzzgmxmfgbozgi moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhbujtpbjtyhmvu folder moved successfully.
File\Folder C:\Dokumente und Einstellungen\mob15\amsgujxeivwjhcfjjoxlbceph.exe not found.
File\Folder C:\Dokumente und Einstellungen\mob15\gbitpbfbosoe.exe not found.
File\Folder C:\Dokumente und Einstellungen\mob15\qqxxeunwnsph.exe not found.
File\Folder C:\Dokumente und Einstellungen\mob15\rotnusbppjbnnex.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\mob15\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\mob15\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 593493 bytes
->Temporary Internet Files folder emptied: 1225419 bytes
->Java cache emptied: 13 bytes
->FireFox cache emptied: 27902139 bytes
->Flash cache emptied: 492 bytes
 
User: All Users
 
User: CURRENT_USER
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: mob15
->Temp folder emptied: 107421037 bytes
->Temporary Internet Files folder emptied: 19470868 bytes
->Java cache emptied: 1193003 bytes
->FireFox cache emptied: 58342068 bytes
->Flash cache emptied: 5460 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 726003 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8349922 bytes
RecycleBin emptied: 1318589045 bytes
 
Total Files Cleaned = 1.472,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10152012_201239

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\Plugins folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\modules folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\Plugins folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\modules folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\components folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\{ba23315d-608c-4984-b402-3438dcfc5b82} folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\mob15\Anwendungsdaten\Mozilla\Firefox\Profiles\wforuye9.default\extensions\toolbar@ask.com folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

grüßle kirsten

Alt 16.10.2012, 09:40   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.10.2012, 11:17   #25
kirsten1967
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Hallo cosinus

Code:
ATTFilter
12:11:56.0312 3408  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:11:56.0328 3408  ============================================================
12:11:56.0328 3408  Current date / time: 2012/10/16 12:11:56.0328
12:11:56.0328 3408  SystemInfo:
12:11:56.0328 3408  
12:11:56.0328 3408  OS Version: 5.1.2600 ServicePack: 3.0
12:11:56.0328 3408  Product type: Workstation
12:11:56.0328 3408  ComputerName: MOBIL15
12:11:56.0328 3408  UserName: mob15
12:11:56.0328 3408  Windows directory: C:\WINDOWS
12:11:56.0328 3408  System windows directory: C:\WINDOWS
12:11:56.0328 3408  Processor architecture: Intel x86
12:11:56.0328 3408  Number of processors: 2
12:11:56.0328 3408  Page size: 0x1000
12:11:56.0328 3408  Boot type: Normal boot
12:11:56.0328 3408  ============================================================
12:11:58.0156 3408  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:11:58.0156 3408  Drive \Device\Harddisk1\DR3 - Size: 0x3EE80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:11:58.0156 3408  ============================================================
12:11:58.0156 3408  \Device\Harddisk0\DR0:
12:11:58.0156 3408  MBR partitions:
12:11:58.0156 3408  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x1D1C06C0
12:11:58.0156 3408  \Device\Harddisk1\DR3:
12:11:58.0156 3408  MBR partitions:
12:11:58.0156 3408  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F73E0
12:11:58.0156 3408  ============================================================
12:11:58.0203 3408  C: <-> \Device\Harddisk0\DR0\Partition1
12:11:58.0203 3408  ============================================================
12:11:58.0203 3408  Initialize success
12:11:58.0203 3408  ============================================================
12:12:05.0781 3428  ============================================================
12:12:05.0781 3428  Scan started
12:12:05.0781 3428  Mode: Manual; SigCheck; TDLFS; 
12:12:05.0781 3428  ============================================================
12:12:06.0046 3428  ================ Scan system memory ========================
12:12:06.0046 3428  System memory - ok
12:12:06.0046 3428  ================ Scan services =============================
12:12:06.0203 3428  Abiosdsk - ok
12:12:06.0203 3428  abp480n5 - ok
12:12:06.0281 3428  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:12:08.0203 3428  ACPI - ok
12:12:08.0234 3428  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:12:08.0437 3428  ACPIEC - ok
12:12:08.0531 3428  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:12:08.0578 3428  AdobeFlashPlayerUpdateSvc - ok
12:12:08.0578 3428  adpu160m - ok
12:12:08.0640 3428  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:12:08.0781 3428  aec - ok
12:12:08.0812 3428  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:12:08.0953 3428  AFD - ok
12:12:08.0968 3428  Aha154x - ok
12:12:08.0968 3428  aic78u2 - ok
12:12:08.0984 3428  aic78xx - ok
12:12:09.0015 3428  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:12:09.0171 3428  Alerter - ok
12:12:09.0218 3428  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
12:12:09.0281 3428  ALG - ok
12:12:09.0281 3428  AliIde - ok
12:12:09.0281 3428  amsint - ok
12:12:09.0421 3428  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
12:12:09.0437 3428  AntiVirSchedulerService - ok
12:12:09.0484 3428  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:12:09.0500 3428  AntiVirService - ok
12:12:09.0515 3428  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:12:09.0546 3428  AntiVirWebService - ok
12:12:09.0625 3428  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:12:09.0640 3428  Apple Mobile Device - ok
12:12:09.0640 3428  AppMgmt - ok
12:12:09.0656 3428  asc - ok
12:12:09.0656 3428  asc3350p - ok
12:12:09.0656 3428  asc3550 - ok
12:12:09.0796 3428  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:12:09.0843 3428  aspnet_state - ok
12:12:09.0875 3428  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:12:09.0984 3428  AsyncMac - ok
12:12:10.0031 3428  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:12:10.0140 3428  atapi - ok
12:12:10.0171 3428  Atdisk - ok
12:12:10.0171 3428  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:12:10.0296 3428  Atmarpc - ok
12:12:10.0343 3428  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:12:10.0453 3428  AudioSrv - ok
12:12:10.0500 3428  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:12:10.0593 3428  audstub - ok
12:12:10.0593 3428  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:12:10.0640 3428  avgntflt - ok
12:12:10.0718 3428  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:12:10.0750 3428  avipbb - ok
12:12:10.0796 3428  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:12:10.0828 3428  avkmgr - ok
12:12:10.0859 3428  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:12:10.0953 3428  Beep - ok
12:12:11.0031 3428  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:12:11.0156 3428  BITS - ok
12:12:11.0250 3428  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
12:12:11.0265 3428  Bonjour Service - ok
12:12:11.0328 3428  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
12:12:11.0390 3428  Browser - ok
12:12:11.0468 3428  [ 69CB08C024E009FC033C2DF03E9C5791 ] Cam5607         C:\WINDOWS\system32\Drivers\BisonC07.sys
12:12:11.0531 3428  Cam5607 - ok
12:12:11.0578 3428  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:12:11.0703 3428  cbidf2k - ok
12:12:11.0718 3428  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:12:11.0843 3428  CCDECODE - ok
12:12:11.0843 3428  cd20xrnt - ok
12:12:11.0890 3428  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:12:12.0000 3428  Cdaudio - ok
12:12:12.0031 3428  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:12:12.0156 3428  Cdfs - ok
12:12:12.0203 3428  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:12:12.0296 3428  Cdrom - ok
12:12:12.0312 3428  Changer - ok
12:12:12.0343 3428  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:12:12.0453 3428  CiSvc - ok
12:12:12.0468 3428  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:12:12.0578 3428  ClipSrv - ok
12:12:12.0656 3428  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:12:12.0734 3428  clr_optimization_v2.0.50727_32 - ok
12:12:12.0812 3428  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:12:12.0875 3428  clr_optimization_v4.0.30319_32 - ok
12:12:12.0921 3428  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:12:13.0046 3428  CmBatt - ok
12:12:13.0046 3428  CmdIde - ok
12:12:13.0078 3428  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:12:13.0187 3428  Compbatt - ok
12:12:13.0203 3428  COMSysApp - ok
12:12:13.0375 3428  [ 20D4DF9FB904CAE0DACDAA86FE6466B9 ] CoordinatorServiceHost C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
12:12:13.0390 3428  CoordinatorServiceHost - ok
12:12:13.0406 3428  Cpqarray - ok
12:12:13.0453 3428  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:12:13.0578 3428  CryptSvc - ok
12:12:13.0578 3428  dac2w2k - ok
12:12:13.0593 3428  dac960nt - ok
12:12:13.0625 3428  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:12:13.0703 3428  DcomLaunch - ok
12:12:13.0765 3428  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:12:13.0875 3428  Dhcp - ok
12:12:13.0890 3428  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:12:14.0015 3428  Disk - ok
12:12:14.0015 3428  dmadmin - ok
12:12:14.0093 3428  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:12:14.0234 3428  dmboot - ok
12:12:14.0250 3428  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:12:14.0359 3428  dmio - ok
12:12:14.0406 3428  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:12:14.0500 3428  dmload - ok
12:12:14.0546 3428  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:12:14.0671 3428  dmserver - ok
12:12:14.0718 3428  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:12:14.0812 3428  DMusic - ok
12:12:14.0843 3428  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:12:14.0921 3428  Dnscache - ok
12:12:14.0953 3428  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:12:15.0062 3428  Dot3svc - ok
12:12:15.0062 3428  dpti2o - ok
12:12:15.0078 3428  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:12:15.0171 3428  drmkaud - ok
12:12:15.0171 3428  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:12:15.0281 3428  EapHost - ok
12:12:15.0328 3428  [ 960D07FD8A543DF9DB892845DCB414D3 ] EMSCR           C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
12:12:15.0390 3428  EMSCR - ok
12:12:15.0406 3428  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:12:15.0515 3428  ERSvc - ok
12:12:15.0531 3428  [ 7B3FE3C37FE7965B1B0EDBA4F13694EB ] ESDCR           C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
12:12:15.0578 3428  ESDCR - ok
12:12:15.0625 3428  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
12:12:15.0671 3428  Eventlog - ok
12:12:15.0734 3428  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
12:12:15.0796 3428  EventSystem - ok
12:12:15.0843 3428  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:12:16.0046 3428  Fastfat - ok
12:12:16.0125 3428  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:12:16.0171 3428  FastUserSwitchingCompatibility - ok
12:12:16.0218 3428  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
12:12:16.0312 3428  Fdc - ok
12:12:16.0343 3428  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:12:16.0437 3428  Fips - ok
12:12:16.0515 3428  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:12:16.0625 3428  FLEXnet Licensing Service - ok
12:12:16.0656 3428  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
12:12:16.0796 3428  Flpydisk - ok
12:12:16.0828 3428  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:12:16.0937 3428  FltMgr - ok
12:12:17.0046 3428  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:12:17.0062 3428  FontCache3.0.0.0 - ok
12:12:17.0093 3428  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:12:17.0203 3428  Fs_Rec - ok
12:12:17.0234 3428  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:12:17.0343 3428  Ftdisk - ok
12:12:17.0406 3428  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:12:17.0421 3428  GEARAspiWDM - ok
12:12:17.0437 3428  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:12:17.0625 3428  Gpc - ok
12:12:17.0703 3428  [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
12:12:17.0781 3428  grmnusb - ok
12:12:17.0859 3428  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:12:18.0031 3428  HDAudBus - ok
12:12:18.0109 3428  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:12:18.0250 3428  helpsvc - ok
12:12:18.0265 3428  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:12:18.0359 3428  HidServ - ok
12:12:18.0406 3428  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:12:18.0500 3428  HidUsb - ok
12:12:18.0562 3428  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:12:18.0671 3428  hkmsvc - ok
12:12:18.0687 3428  hpn - ok
12:12:18.0750 3428  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:12:18.0812 3428  HTTP - ok
12:12:18.0859 3428  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:12:19.0000 3428  HTTPFilter - ok
12:12:19.0015 3428  i2omgmt - ok
12:12:19.0015 3428  i2omp - ok
12:12:19.0062 3428  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:12:19.0203 3428  i8042prt - ok
12:12:19.0312 3428  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:12:19.0437 3428  idsvc - ok
12:12:19.0468 3428  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:12:19.0609 3428  Imapi - ok
12:12:19.0640 3428  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:12:19.0812 3428  ImapiService - ok
12:12:19.0828 3428  ini910u - ok
12:12:20.0015 3428  [ 8998A1E6F899F790E5EFF9CD2C431A23 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:12:20.0250 3428  IntcAzAudAddService - ok
12:12:20.0265 3428  IntelIde - ok
12:12:20.0312 3428  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:12:20.0421 3428  intelppm - ok
12:12:20.0437 3428  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:12:20.0562 3428  Ip6Fw - ok
12:12:20.0562 3428  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:12:20.0671 3428  IpFilterDriver - ok
12:12:20.0687 3428  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:12:20.0812 3428  IpInIp - ok
12:12:20.0843 3428  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:12:20.0953 3428  IpNat - ok
12:12:21.0015 3428  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
12:12:21.0046 3428  iPod Service - ok
12:12:21.0078 3428  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:12:21.0203 3428  IPSec - ok
12:12:21.0234 3428  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:12:21.0296 3428  IRENUM - ok
12:12:21.0343 3428  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:12:21.0453 3428  isapnp - ok
12:12:21.0515 3428  [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:12:21.0531 3428  JavaQuickStarterService - ok
12:12:21.0578 3428  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:12:21.0718 3428  Kbdclass - ok
12:12:21.0734 3428  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:12:21.0890 3428  kbdhid - ok
12:12:21.0906 3428  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:12:22.0093 3428  kmixer - ok
12:12:22.0109 3428  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:12:22.0218 3428  KSecDD - ok
12:12:22.0250 3428  [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
12:12:22.0328 3428  LanmanServer - ok
12:12:22.0343 3428  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:12:22.0421 3428  lanmanworkstation - ok
12:12:22.0437 3428  lbrtfdc - ok
12:12:22.0484 3428  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:12:22.0640 3428  LmHosts - ok
12:12:22.0687 3428  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:12:22.0796 3428  Messenger - ok
12:12:22.0828 3428  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:12:22.0953 3428  mnmdd - ok
12:12:22.0984 3428  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:12:23.0078 3428  mnmsrvc - ok
12:12:23.0109 3428  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:12:23.0218 3428  Modem - ok
12:12:23.0250 3428  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:12:23.0359 3428  Mouclass - ok
12:12:23.0406 3428  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:12:23.0500 3428  mouhid - ok
12:12:23.0515 3428  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:12:23.0640 3428  MountMgr - ok
12:12:23.0750 3428  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:12:23.0781 3428  MozillaMaintenance - ok
12:12:23.0843 3428  [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
12:12:23.0937 3428  MPE - ok
12:12:23.0953 3428  mraid35x - ok
12:12:23.0968 3428  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:12:24.0093 3428  MRxDAV - ok
12:12:24.0140 3428  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:12:24.0234 3428  MRxSmb - ok
12:12:24.0281 3428  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:12:24.0375 3428  MSDTC - ok
12:12:24.0390 3428  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:12:24.0515 3428  Msfs - ok
12:12:24.0515 3428  MSIServer - ok
12:12:24.0531 3428  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:12:24.0625 3428  MSKSSRV - ok
12:12:24.0671 3428  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:12:24.0765 3428  MSPCLOCK - ok
12:12:24.0796 3428  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:12:24.0906 3428  MSPQM - ok
12:12:24.0953 3428  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:12:25.0046 3428  mssmbios - ok
12:12:25.0078 3428  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:12:25.0171 3428  MSTEE - ok
12:12:25.0359 3428  [ 73FA09B84B23A1897809A84F976D5D99 ] msvsmon80       C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
12:12:25.0687 3428  msvsmon80 - ok
12:12:25.0765 3428  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:12:25.0828 3428  Mup - ok
12:12:25.0859 3428  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:12:26.0046 3428  NABTSFEC - ok
12:12:26.0125 3428  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:12:26.0265 3428  napagent - ok
12:12:26.0343 3428  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:12:26.0453 3428  NDIS - ok
12:12:26.0468 3428  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:12:26.0578 3428  NdisIP - ok
12:12:26.0625 3428  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:12:26.0687 3428  NdisTapi - ok
12:12:26.0718 3428  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:12:26.0906 3428  Ndisuio - ok
12:12:26.0906 3428  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:12:27.0046 3428  NdisWan - ok
12:12:27.0093 3428  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:12:27.0171 3428  NDProxy - ok
12:12:27.0187 3428  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:12:27.0312 3428  NetBIOS - ok
12:12:27.0359 3428  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:12:27.0500 3428  NetBT - ok
12:12:27.0515 3428  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:12:27.0656 3428  NetDDE - ok
12:12:27.0656 3428  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:12:27.0781 3428  NetDDEdsdm - ok
12:12:27.0812 3428  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:12:27.0921 3428  Netlogon - ok
12:12:27.0953 3428  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
12:12:28.0078 3428  Netman - ok
12:12:28.0140 3428  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:12:28.0171 3428  NetTcpPortSharing - ok
12:12:28.0218 3428  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:12:28.0250 3428  Nla - ok
12:12:28.0250 3428  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:12:28.0375 3428  Npfs - ok
12:12:28.0437 3428  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:12:28.0640 3428  Ntfs - ok
12:12:28.0656 3428  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:12:28.0781 3428  NtLmSsp - ok
12:12:28.0828 3428  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:12:28.0968 3428  NtmsSvc - ok
12:12:29.0015 3428  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:12:29.0109 3428  Null - ok
12:12:29.0359 3428  [ 0E392F36D76560AC321E56714BEF3AAB ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:12:30.0000 3428  nv - ok
12:12:30.0062 3428  [ 8FFE36AD51CC8672AD2D6008E95FB9D9 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
12:12:30.0109 3428  NVSvc - ok
12:12:30.0140 3428  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:12:30.0312 3428  NwlnkFlt - ok
12:12:30.0312 3428  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:12:30.0421 3428  NwlnkFwd - ok
12:12:30.0593 3428  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
12:12:30.0640 3428  odserv - ok
12:12:30.0734 3428  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
12:12:30.0765 3428  ose - ok
12:12:30.0828 3428  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
12:12:31.0000 3428  Parport - ok
12:12:31.0046 3428  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:12:31.0234 3428  PartMgr - ok
12:12:31.0250 3428  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:12:31.0343 3428  ParVdm - ok
12:12:31.0359 3428  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:12:31.0468 3428  PCI - ok
12:12:31.0468 3428  PCIDump - ok
12:12:31.0500 3428  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:12:31.0593 3428  PCIIde - ok
12:12:31.0640 3428  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:12:31.0765 3428  Pcmcia - ok
12:12:31.0781 3428  PDCOMP - ok
12:12:31.0781 3428  PDFRAME - ok
12:12:31.0781 3428  PDRELI - ok
12:12:31.0796 3428  PDRFRAME - ok
12:12:31.0796 3428  perc2 - ok
12:12:31.0812 3428  perc2hib - ok
12:12:31.0828 3428  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
12:12:31.0875 3428  PlugPlay - ok
12:12:31.0875 3428  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:12:31.0968 3428  PolicyAgent - ok
12:12:32.0000 3428  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:12:32.0109 3428  PptpMiniport - ok
12:12:32.0125 3428  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:12:32.0218 3428  ProtectedStorage - ok
12:12:32.0234 3428  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:12:32.0343 3428  PSched - ok
12:12:32.0343 3428  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:12:32.0437 3428  Ptilink - ok
12:12:32.0453 3428  ql1080 - ok
12:12:32.0453 3428  Ql10wnt - ok
12:12:32.0453 3428  ql12160 - ok
12:12:32.0468 3428  ql1240 - ok
12:12:32.0468 3428  ql1280 - ok
12:12:32.0500 3428  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:12:32.0609 3428  RasAcd - ok
12:12:32.0640 3428  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:12:32.0734 3428  RasAuto - ok
12:12:32.0765 3428  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:12:32.0859 3428  Rasl2tp - ok
12:12:32.0875 3428  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:12:32.0984 3428  RasMan - ok
12:12:33.0000 3428  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:12:33.0093 3428  RasPppoe - ok
12:12:33.0109 3428  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:12:33.0218 3428  Raspti - ok
12:12:33.0250 3428  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:12:33.0390 3428  Rdbss - ok
12:12:33.0421 3428  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:12:33.0515 3428  RDPCDD - ok
12:12:33.0578 3428  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:12:33.0656 3428  RDPWD - ok
12:12:33.0687 3428  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:12:33.0828 3428  RDSessMgr - ok
12:12:33.0859 3428  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:12:34.0000 3428  redbook - ok
12:12:34.0046 3428  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:12:34.0203 3428  RemoteAccess - ok
12:12:34.0265 3428  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:12:34.0421 3428  RpcLocator - ok
12:12:34.0453 3428  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:12:34.0500 3428  RpcSs - ok
12:12:34.0546 3428  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:12:34.0703 3428  RSVP - ok
12:12:34.0765 3428  [ B8A68977AB5C05990696FC0237FDA96A ] RTL8187B        C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
12:12:34.0875 3428  RTL8187B - ok
12:12:34.0906 3428  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:12:35.0062 3428  SamSs - ok
12:12:35.0078 3428  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:12:35.0187 3428  SCardSvr - ok
12:12:35.0234 3428  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:12:35.0343 3428  Schedule - ok
12:12:35.0390 3428  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:12:35.0515 3428  sdbus - ok
12:12:35.0546 3428  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:12:35.0593 3428  Secdrv - ok
12:12:35.0625 3428  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:12:35.0734 3428  seclogon - ok
12:12:35.0750 3428  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
12:12:35.0859 3428  SENS - ok
12:12:35.0890 3428  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
12:12:36.0000 3428  Serial - ok
12:12:36.0031 3428  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:12:36.0171 3428  Sfloppy - ok
12:12:36.0203 3428  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:12:36.0328 3428  SharedAccess - ok
12:12:36.0359 3428  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:12:36.0375 3428  ShellHWDetection - ok
12:12:36.0375 3428  Simbad - ok
12:12:36.0421 3428  [ A86E52C55DE3488B3FC0FF2B8AD711BF ] SiSGbeXP        C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
12:12:36.0468 3428  SiSGbeXP - ok
12:12:36.0484 3428  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:12:36.0625 3428  SLIP - ok
12:12:36.0750 3428  [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
12:12:36.0765 3428  SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:12:36.0765 3428  SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:12:36.0765 3428  Sparrow - ok
12:12:36.0781 3428  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:12:36.0906 3428  splitter - ok
12:12:36.0953 3428  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:12:37.0031 3428  Spooler - ok
12:12:37.0078 3428  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:12:37.0156 3428  sr - ok
12:12:37.0171 3428  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:12:37.0234 3428  srservice - ok
12:12:37.0281 3428  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:12:37.0390 3428  Srv - ok
12:12:37.0437 3428  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:12:37.0515 3428  SSDPSRV - ok
12:12:37.0562 3428  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:12:37.0593 3428  ssmdrv - ok
12:12:37.0656 3428  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:12:37.0875 3428  stisvc - ok
12:12:37.0890 3428  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:12:37.0984 3428  streamip - ok
12:12:38.0046 3428  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:12:38.0156 3428  swenum - ok
12:12:38.0187 3428  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:12:38.0312 3428  swmidi - ok
12:12:38.0312 3428  SwPrv - ok
12:12:38.0328 3428  symc810 - ok
12:12:38.0328 3428  symc8xx - ok
12:12:38.0343 3428  sym_hi - ok
12:12:38.0343 3428  sym_u3 - ok
12:12:38.0390 3428  [ BB9DF7D1D39033B61AE5C431EA0003EA ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:12:38.0468 3428  SynTP - ok
12:12:38.0484 3428  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:12:38.0640 3428  sysaudio - ok
12:12:38.0703 3428  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:12:38.0843 3428  SysmonLog - ok
12:12:38.0890 3428  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:12:39.0015 3428  TapiSrv - ok
12:12:39.0078 3428  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:12:39.0171 3428  Tcpip - ok
12:12:39.0218 3428  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:12:39.0359 3428  TDPIPE - ok
12:12:39.0437 3428  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:12:39.0593 3428  TDTCP - ok
12:12:39.0593 3428  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:12:39.0734 3428  TermDD - ok
12:12:39.0781 3428  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:12:39.0875 3428  TermService - ok
12:12:39.0890 3428  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:12:39.0906 3428  Themes - ok
12:12:39.0921 3428  TosIde - ok
12:12:39.0937 3428  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:12:40.0046 3428  TrkWks - ok
12:12:40.0062 3428  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:12:40.0156 3428  Udfs - ok
12:12:40.0218 3428  [ 328762250DDF538CF007CF692DD6E934 ] UDXTTM6010      C:\WINDOWS\system32\DRIVERS\UDXTTM6010.sys
12:12:40.0281 3428  UDXTTM6010 - ok
12:12:40.0296 3428  ultra - ok
12:12:40.0328 3428  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:12:40.0453 3428  Update - ok
12:12:40.0468 3428  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:12:40.0562 3428  upnphost - ok
12:12:40.0578 3428  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
12:12:40.0687 3428  UPS - ok
12:12:40.0718 3428  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
12:12:40.0765 3428  USBAAPL - ok
12:12:40.0812 3428  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:12:40.0937 3428  usbccgp - ok
12:12:40.0968 3428  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:12:41.0093 3428  usbehci - ok
12:12:41.0109 3428  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:12:41.0250 3428  usbhub - ok
12:12:41.0265 3428  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:12:41.0390 3428  usbohci - ok
12:12:41.0421 3428  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:12:41.0531 3428  usbscan - ok
12:12:41.0562 3428  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:12:41.0687 3428  USBSTOR - ok
12:12:41.0718 3428  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
12:12:41.0828 3428  usbvideo - ok
12:12:41.0937 3428  [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc         C:\Programme\Windows Live\Messenger\usnsvc.exe
12:12:41.0953 3428  usnjsvc - ok
12:12:41.0968 3428  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:12:42.0078 3428  VgaSave - ok
12:12:42.0093 3428  ViaIde - ok
12:12:42.0140 3428  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:12:42.0234 3428  VolSnap - ok
12:12:42.0265 3428  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
12:12:42.0343 3428  VSS - ok
12:12:42.0375 3428  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
12:12:42.0578 3428  W32Time - ok
12:12:42.0640 3428  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:12:42.0765 3428  Wanarp - ok
12:12:42.0765 3428  WDICA - ok
12:12:42.0796 3428  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:12:42.0937 3428  wdmaud - ok
12:12:42.0984 3428  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:12:43.0125 3428  WebClient - ok
12:12:43.0187 3428  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:12:43.0296 3428  winmgmt - ok
12:12:43.0375 3428  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Programme\Windows Live\installer\WLSetupSvc.exe
12:12:43.0453 3428  WLSetupSvc - ok
12:12:43.0484 3428  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:12:43.0562 3428  WmdmPmSN - ok
12:12:43.0593 3428  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:12:43.0703 3428  WmiAcpi - ok
12:12:43.0750 3428  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:12:43.0859 3428  WmiApSrv - ok
12:12:43.0937 3428  [ D3DBD6E76F4BE9BEE67EB631488B5F29 ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
12:12:44.0062 3428  WMPNetworkSvc - ok
12:12:44.0171 3428  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:12:44.0250 3428  WPFFontCache_v0400 - ok
12:12:44.0312 3428  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:12:44.0421 3428  WS2IFSL - ok
12:12:44.0453 3428  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:12:44.0562 3428  wscsvc - ok
12:12:44.0562 3428  WSearch - ok
12:12:44.0578 3428  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:12:44.0687 3428  WSTCODEC - ok
12:12:44.0718 3428  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:12:44.0843 3428  wuauserv - ok
12:12:44.0875 3428  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:12:44.0937 3428  WudfPf - ok
12:12:44.0968 3428  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:12:45.0015 3428  WudfRd - ok
12:12:45.0062 3428  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:12:45.0078 3428  WudfSvc - ok
12:12:45.0140 3428  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:12:45.0250 3428  WZCSVC - ok
12:12:45.0296 3428  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:12:45.0640 3428  xmlprov - ok
12:12:45.0656 3428  ================ Scan global ===============================
12:12:45.0718 3428  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
12:12:45.0765 3428  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:12:45.0781 3428  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:12:45.0859 3428  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
12:12:45.0859 3428  [Global] - ok
12:12:45.0859 3428  ================ Scan MBR ==================================
12:12:45.0875 3428  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
12:12:45.0875 3428  Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:12:45.0921 3428  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
12:12:45.0921 3428  \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
12:12:45.0953 3428  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:12:45.0953 3428  \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:12:45.0968 3428  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR3
12:12:48.0515 3428  \Device\Harddisk1\DR3 - ok
12:12:48.0515 3428  ================ Scan VBR ==================================
12:12:48.0531 3428  [ 62AE509381CFCFBB8F0723613AF4265F ] \Device\Harddisk0\DR0\Partition1
12:12:48.0531 3428  \Device\Harddisk0\DR0\Partition1 - ok
12:12:48.0531 3428  [ FC2970CBD491DE1C80717FC7038E900C ] \Device\Harddisk1\DR3\Partition1
12:12:48.0546 3428  \Device\Harddisk1\DR3\Partition1 - ok
12:12:48.0546 3428  ============================================================
12:12:48.0546 3428  Scan finished
12:12:48.0546 3428  ============================================================
12:12:48.0656 3420  Detected object count: 3
12:12:48.0656 3420  Actual detected object count: 3
12:13:38.0328 3420  SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:13:38.0328 3420  SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:13:38.0328 3420  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
12:13:38.0328 3420  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip 
12:13:38.0343 3420  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:13:38.0343 3420  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
12:13:49.0625 3564  ============================================================
12:13:49.0625 3564  Scan started
12:13:49.0625 3564  Mode: Manual; SigCheck; TDLFS; 
12:13:49.0625 3564  ============================================================
12:13:50.0140 3564  ================ Scan system memory ========================
12:13:50.0140 3564  System memory - ok
12:13:50.0140 3564  ================ Scan services =============================
12:13:50.0281 3564  Abiosdsk - ok
12:13:50.0296 3564  abp480n5 - ok
12:13:50.0343 3564  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:13:50.0531 3564  ACPI - ok
12:13:50.0562 3564  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:13:50.0656 3564  ACPIEC - ok
12:13:50.0750 3564  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:13:50.0781 3564  AdobeFlashPlayerUpdateSvc - ok
12:13:50.0781 3564  adpu160m - ok
12:13:50.0828 3564  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:13:50.0953 3564  aec - ok
12:13:51.0000 3564  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:13:51.0031 3564  AFD - ok
12:13:51.0046 3564  Aha154x - ok
12:13:51.0046 3564  aic78u2 - ok
12:13:51.0062 3564  aic78xx - ok
12:13:51.0078 3564  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:13:51.0203 3564  Alerter - ok
12:13:51.0250 3564  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
12:13:51.0312 3564  ALG - ok
12:13:51.0312 3564  AliIde - ok
12:13:51.0328 3564  amsint - ok
12:13:51.0453 3564  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
12:13:51.0468 3564  AntiVirSchedulerService - ok
12:13:51.0484 3564  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:13:51.0500 3564  AntiVirService - ok
12:13:51.0562 3564  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:13:51.0578 3564  AntiVirWebService - ok
12:13:51.0640 3564  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:13:51.0656 3564  Apple Mobile Device - ok
12:13:51.0671 3564  AppMgmt - ok
12:13:51.0671 3564  asc - ok
12:13:51.0671 3564  asc3350p - ok
12:13:51.0687 3564  asc3550 - ok
12:13:51.0796 3564  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:13:51.0828 3564  aspnet_state - ok
12:13:51.0875 3564  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:13:52.0031 3564  AsyncMac - ok
12:13:52.0078 3564  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:13:52.0187 3564  atapi - ok
12:13:52.0203 3564  Atdisk - ok
12:13:52.0203 3564  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:13:52.0296 3564  Atmarpc - ok
12:13:52.0328 3564  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:13:52.0453 3564  AudioSrv - ok
12:13:52.0484 3564  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:13:52.0578 3564  audstub - ok
12:13:52.0578 3564  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:13:52.0593 3564  avgntflt - ok
12:13:52.0656 3564  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:13:52.0671 3564  avipbb - ok
12:13:52.0671 3564  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:13:52.0687 3564  avkmgr - ok
12:13:52.0718 3564  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:13:52.0812 3564  Beep - ok
12:13:52.0875 3564  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:13:52.0984 3564  BITS - ok
12:13:53.0078 3564  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
12:13:53.0093 3564  Bonjour Service - ok
12:13:53.0156 3564  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
12:13:53.0187 3564  Browser - ok
12:13:53.0281 3564  [ 69CB08C024E009FC033C2DF03E9C5791 ] Cam5607         C:\WINDOWS\system32\Drivers\BisonC07.sys
12:13:53.0375 3564  Cam5607 - ok
12:13:53.0421 3564  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:13:53.0593 3564  cbidf2k - ok
12:13:53.0625 3564  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:13:53.0703 3564  CCDECODE - ok
12:13:53.0718 3564  cd20xrnt - ok
12:13:53.0750 3564  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:13:53.0859 3564  Cdaudio - ok
12:13:53.0890 3564  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:13:54.0000 3564  Cdfs - ok
12:13:54.0046 3564  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:13:54.0156 3564  Cdrom - ok
12:13:54.0171 3564  Changer - ok
12:13:54.0203 3564  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:13:54.0312 3564  CiSvc - ok
12:13:54.0312 3564  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:13:54.0421 3564  ClipSrv - ok
12:13:54.0500 3564  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:54.0515 3564  clr_optimization_v2.0.50727_32 - ok
12:13:54.0562 3564  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:54.0578 3564  clr_optimization_v4.0.30319_32 - ok
12:13:54.0640 3564  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:13:54.0734 3564  CmBatt - ok
12:13:54.0750 3564  CmdIde - ok
12:13:54.0750 3564  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:13:54.0859 3564  Compbatt - ok
12:13:54.0859 3564  COMSysApp - ok
12:13:55.0015 3564  [ 20D4DF9FB904CAE0DACDAA86FE6466B9 ] CoordinatorServiceHost C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
12:13:55.0046 3564  CoordinatorServiceHost - ok
12:13:55.0046 3564  Cpqarray - ok
12:13:55.0109 3564  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:13:55.0265 3564  CryptSvc - ok
12:13:55.0265 3564  dac2w2k - ok
12:13:55.0281 3564  dac960nt - ok
12:13:55.0328 3564  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:13:55.0359 3564  DcomLaunch - ok
12:13:55.0406 3564  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:13:55.0593 3564  Dhcp - ok
12:13:55.0593 3564  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:13:55.0687 3564  Disk - ok
12:13:55.0687 3564  dmadmin - ok
12:13:55.0750 3564  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:13:55.0890 3564  dmboot - ok
12:13:55.0906 3564  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:13:56.0000 3564  dmio - ok
12:13:56.0046 3564  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:13:56.0156 3564  dmload - ok
12:13:56.0171 3564  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:13:56.0265 3564  dmserver - ok
12:13:56.0312 3564  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:13:56.0406 3564  DMusic - ok
12:13:56.0421 3564  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:13:56.0437 3564  Dnscache - ok
12:13:56.0437 3564  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:13:56.0531 3564  Dot3svc - ok
12:13:56.0546 3564  dpti2o - ok
12:13:56.0562 3564  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:13:56.0640 3564  drmkaud - ok
12:13:56.0656 3564  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:13:56.0734 3564  EapHost - ok
12:13:56.0781 3564  [ 960D07FD8A543DF9DB892845DCB414D3 ] EMSCR           C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
12:13:56.0812 3564  EMSCR - ok
12:13:56.0859 3564  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:13:56.0968 3564  ERSvc - ok
12:13:56.0984 3564  [ 7B3FE3C37FE7965B1B0EDBA4F13694EB ] ESDCR           C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
12:13:57.0000 3564  ESDCR - ok
12:13:57.0031 3564  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
12:13:57.0046 3564  Eventlog - ok
12:13:57.0093 3564  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
12:13:57.0109 3564  EventSystem - ok
12:13:57.0156 3564  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:13:57.0281 3564  Fastfat - ok
12:13:57.0328 3564  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:13:57.0359 3564  FastUserSwitchingCompatibility - ok
12:13:57.0390 3564  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
12:13:57.0515 3564  Fdc - ok
12:13:57.0531 3564  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:13:57.0656 3564  Fips - ok
12:13:57.0718 3564  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:13:57.0781 3564  FLEXnet Licensing Service - ok
12:13:57.0812 3564  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
12:13:57.0937 3564  Flpydisk - ok
12:13:58.0000 3564  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:13:58.0109 3564  FltMgr - ok
12:13:58.0203 3564  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:13:58.0218 3564  FontCache3.0.0.0 - ok
12:13:58.0250 3564  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:13:58.0390 3564  Fs_Rec - ok
12:13:58.0406 3564  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:13:58.0531 3564  Ftdisk - ok
12:13:58.0578 3564  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:13:58.0593 3564  GEARAspiWDM - ok
12:13:58.0609 3564  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:13:58.0718 3564  Gpc - ok
12:13:58.0750 3564  [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
12:13:58.0796 3564  grmnusb - ok
12:13:58.0828 3564  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:13:58.0953 3564  HDAudBus - ok
12:13:59.0000 3564  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:13:59.0125 3564  helpsvc - ok
12:13:59.0156 3564  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:13:59.0296 3564  HidServ - ok
12:13:59.0343 3564  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:13:59.0468 3564  HidUsb - ok
12:13:59.0515 3564  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:13:59.0640 3564  hkmsvc - ok
12:13:59.0640 3564  hpn - ok
12:13:59.0703 3564  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:13:59.0718 3564  HTTP - ok
12:13:59.0765 3564  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:13:59.0906 3564  HTTPFilter - ok
12:13:59.0921 3564  i2omgmt - ok
12:13:59.0921 3564  i2omp - ok
12:13:59.0968 3564  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:14:00.0109 3564  i8042prt - ok
12:14:00.0218 3564  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:14:00.0312 3564  idsvc - ok
12:14:00.0343 3564  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:14:00.0484 3564  Imapi - ok
12:14:00.0531 3564  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:14:00.0687 3564  ImapiService - ok
12:14:00.0703 3564  ini910u - ok
12:14:00.0906 3564  [ 8998A1E6F899F790E5EFF9CD2C431A23 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:14:01.0187 3564  IntcAzAudAddService - ok
12:14:01.0203 3564  IntelIde - ok
12:14:01.0250 3564  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:14:01.0437 3564  intelppm - ok
12:14:01.0453 3564  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:14:01.0546 3564  Ip6Fw - ok
12:14:01.0578 3564  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:14:01.0656 3564  IpFilterDriver - ok
12:14:01.0671 3564  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:14:01.0765 3564  IpInIp - ok
12:14:01.0796 3564  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:14:01.0906 3564  IpNat - ok
12:14:01.0968 3564  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
12:14:02.0000 3564  iPod Service - ok
12:14:02.0046 3564  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:14:02.0125 3564  IPSec - ok
12:14:02.0171 3564  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:14:02.0218 3564  IRENUM - ok
12:14:02.0250 3564  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:14:02.0390 3564  isapnp - ok
12:14:02.0437 3564  [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:14:02.0453 3564  JavaQuickStarterService - ok
12:14:02.0500 3564  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:14:02.0640 3564  Kbdclass - ok
12:14:02.0656 3564  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:14:02.0781 3564  kbdhid - ok
12:14:02.0812 3564  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:14:02.0953 3564  kmixer - ok
12:14:03.0000 3564  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:14:03.0015 3564  KSecDD - ok
12:14:03.0062 3564  [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
12:14:03.0078 3564  LanmanServer - ok
12:14:03.0109 3564  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:14:03.0125 3564  lanmanworkstation - ok
12:14:03.0140 3564  lbrtfdc - ok
12:14:03.0187 3564  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:14:03.0296 3564  LmHosts - ok
12:14:03.0343 3564  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:14:03.0468 3564  Messenger - ok
12:14:03.0500 3564  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:14:03.0625 3564  mnmdd - ok
12:14:03.0671 3564  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:14:03.0796 3564  mnmsrvc - ok
12:14:03.0828 3564  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:14:03.0953 3564  Modem - ok
12:14:04.0000 3564  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:14:04.0109 3564  Mouclass - ok
12:14:04.0171 3564  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:14:04.0312 3564  mouhid - ok
12:14:04.0328 3564  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:14:04.0484 3564  MountMgr - ok
12:14:04.0531 3564  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:14:04.0546 3564  MozillaMaintenance - ok
12:14:04.0593 3564  [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
12:14:04.0718 3564  MPE - ok
12:14:04.0718 3564  mraid35x - ok
12:14:04.0750 3564  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:14:04.0875 3564  MRxDAV - ok
12:14:04.0921 3564  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:14:04.0953 3564  MRxSmb - ok
12:14:05.0000 3564  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:14:05.0125 3564  MSDTC - ok
12:14:05.0156 3564  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:14:05.0281 3564  Msfs - ok
12:14:05.0281 3564  MSIServer - ok
12:14:05.0281 3564  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:14:05.0421 3564  MSKSSRV - ok
12:14:05.0453 3564  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:14:05.0578 3564  MSPCLOCK - ok
12:14:05.0578 3564  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:14:05.0718 3564  MSPQM - ok
12:14:05.0750 3564  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:14:05.0875 3564  mssmbios - ok
12:14:05.0890 3564  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:14:06.0031 3564  MSTEE - ok
12:14:06.0218 3564  [ 73FA09B84B23A1897809A84F976D5D99 ] msvsmon80       C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
12:14:06.0359 3564  msvsmon80 - ok
12:14:06.0421 3564  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:14:06.0437 3564  Mup - ok
12:14:06.0453 3564  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:14:06.0578 3564  NABTSFEC - ok
12:14:06.0640 3564  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:14:06.0828 3564  napagent - ok
12:14:06.0875 3564  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:14:06.0953 3564  NDIS - ok
12:14:07.0000 3564  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:14:07.0093 3564  NdisIP - ok
12:14:07.0125 3564  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:14:07.0156 3564  NdisTapi - ok
12:14:07.0203 3564  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:14:07.0296 3564  Ndisuio - ok
12:14:07.0343 3564  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:14:07.0437 3564  NdisWan - ok
12:14:07.0484 3564  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:14:07.0531 3564  NDProxy - ok
12:14:07.0562 3564  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:14:07.0671 3564  NetBIOS - ok
12:14:07.0718 3564  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:14:07.0828 3564  NetBT - ok
12:14:07.0843 3564  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:14:07.0953 3564  NetDDE - ok
12:14:07.0953 3564  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:14:08.0046 3564  NetDDEdsdm - ok
12:14:08.0093 3564  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:14:08.0187 3564  Netlogon - ok
12:14:08.0218 3564  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
12:14:08.0343 3564  Netman - ok
12:14:08.0406 3564  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:14:08.0421 3564  NetTcpPortSharing - ok
12:14:08.0484 3564  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:14:08.0500 3564  Nla - ok
12:14:08.0500 3564  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:14:08.0609 3564  Npfs - ok
12:14:08.0671 3564  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:14:08.0812 3564  Ntfs - ok
12:14:08.0812 3564  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:14:08.0921 3564  NtLmSsp - ok
12:14:08.0984 3564  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:14:09.0109 3564  NtmsSvc - ok
12:14:09.0156 3564  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:14:09.0265 3564  Null - ok
12:14:09.0531 3564  [ 0E392F36D76560AC321E56714BEF3AAB ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:14:09.0796 3564  nv - ok
12:14:09.0843 3564  [ 8FFE36AD51CC8672AD2D6008E95FB9D9 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
12:14:09.0875 3564  NVSvc - ok
12:14:09.0906 3564  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:14:10.0046 3564  NwlnkFlt - ok
12:14:10.0062 3564  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:14:10.0140 3564  NwlnkFwd - ok
12:14:10.0343 3564  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
12:14:10.0343 3564  odserv - ok
12:14:10.0421 3564  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
12:14:10.0437 3564  ose - ok
12:14:10.0468 3564  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
12:14:10.0578 3564  Parport - ok
12:14:10.0609 3564  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:14:10.0734 3564  PartMgr - ok
12:14:10.0750 3564  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:14:10.0906 3564  ParVdm - ok
12:14:10.0906 3564  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:14:11.0000 3564  PCI - ok
12:14:11.0000 3564  PCIDump - ok
12:14:11.0000 3564  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:14:11.0093 3564  PCIIde - ok
12:14:11.0125 3564  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:14:11.0218 3564  Pcmcia - ok
12:14:11.0234 3564  PDCOMP - ok
12:14:11.0234 3564  PDFRAME - ok
12:14:11.0234 3564  PDRELI - ok
12:14:11.0250 3564  PDRFRAME - ok
12:14:11.0250 3564  perc2 - ok
12:14:11.0265 3564  perc2hib - ok
12:14:11.0296 3564  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
12:14:11.0312 3564  PlugPlay - ok
12:14:11.0312 3564  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:14:11.0406 3564  PolicyAgent - ok
12:14:11.0421 3564  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:14:11.0500 3564  PptpMiniport - ok
12:14:11.0515 3564  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:14:11.0593 3564  ProtectedStorage - ok
12:14:11.0609 3564  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:14:11.0703 3564  PSched - ok
12:14:11.0718 3564  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:14:11.0796 3564  Ptilink - ok
12:14:11.0812 3564  ql1080 - ok
12:14:11.0812 3564  Ql10wnt - ok
12:14:11.0812 3564  ql12160 - ok
12:14:11.0828 3564  ql1240 - ok
12:14:11.0828 3564  ql1280 - ok
12:14:11.0859 3564  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:14:11.0953 3564  RasAcd - ok
12:14:12.0000 3564  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:14:12.0093 3564  RasAuto - ok
12:14:12.0109 3564  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:14:12.0187 3564  Rasl2tp - ok
12:14:12.0203 3564  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:14:12.0312 3564  RasMan - ok
12:14:12.0328 3564  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:14:12.0406 3564  RasPppoe - ok
12:14:12.0421 3564  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:14:12.0515 3564  Raspti - ok
12:14:12.0562 3564  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:14:12.0656 3564  Rdbss - ok
12:14:12.0703 3564  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:14:12.0781 3564  RDPCDD - ok
12:14:12.0843 3564  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:14:12.0859 3564  RDPWD - ok
12:14:12.0890 3564  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:14:12.0984 3564  RDSessMgr - ok
12:14:13.0015 3564  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:14:13.0109 3564  redbook - ok
12:14:13.0140 3564  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:14:13.0265 3564  RemoteAccess - ok
12:14:13.0296 3564  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:14:13.0390 3564  RpcLocator - ok
12:14:13.0437 3564  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:14:13.0484 3564  RpcSs - ok
12:14:13.0515 3564  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:14:13.0625 3564  RSVP - ok
12:14:13.0656 3564  [ B8A68977AB5C05990696FC0237FDA96A ] RTL8187B        C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
12:14:13.0687 3564  RTL8187B - ok
12:14:13.0718 3564  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:14:13.0812 3564  SamSs - ok
12:14:13.0828 3564  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:14:13.0921 3564  SCardSvr - ok
12:14:13.0984 3564  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:14:14.0062 3564  Schedule - ok
12:14:14.0109 3564  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:14:14.0203 3564  sdbus - ok
12:14:14.0250 3564  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:14:14.0281 3564  Secdrv - ok
12:14:14.0328 3564  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:14:14.0406 3564  seclogon - ok
12:14:14.0437 3564  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
12:14:14.0531 3564  SENS - ok
12:14:14.0562 3564  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
12:14:14.0640 3564  Serial - ok
12:14:14.0671 3564  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:14:14.0781 3564  Sfloppy - ok
12:14:14.0828 3564  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:14:14.0937 3564  SharedAccess - ok
12:14:14.0953 3564  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:14:14.0968 3564  ShellHWDetection - ok
12:14:14.0984 3564  Simbad - ok
12:14:15.0046 3564  [ A86E52C55DE3488B3FC0FF2B8AD711BF ] SiSGbeXP        C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
12:14:15.0062 3564  SiSGbeXP - ok
12:14:15.0093 3564  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:14:15.0203 3564  SLIP - ok
12:14:15.0281 3564  [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
12:14:15.0281 3564  SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:14:15.0281 3564  SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:14:15.0296 3564  Sparrow - ok
12:14:15.0312 3564  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:14:15.0390 3564  splitter - ok
12:14:15.0453 3564  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:14:15.0500 3564  Spooler - ok
12:14:15.0531 3564  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:14:15.0609 3564  sr - ok
12:14:15.0625 3564  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:14:15.0703 3564  srservice - ok
12:14:15.0750 3564  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:14:15.0781 3564  Srv - ok
12:14:15.0828 3564  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:14:15.0921 3564  SSDPSRV - ok
12:14:15.0968 3564  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:14:15.0984 3564  ssmdrv - ok
12:14:16.0062 3564  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:14:16.0218 3564  stisvc - ok
12:14:16.0265 3564  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:14:16.0390 3564  streamip - ok
12:14:16.0421 3564  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:14:16.0531 3564  swenum - ok
12:14:16.0562 3564  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:14:16.0656 3564  swmidi - ok
12:14:16.0656 3564  SwPrv - ok
12:14:16.0671 3564  symc810 - ok
12:14:16.0671 3564  symc8xx - ok
12:14:16.0687 3564  sym_hi - ok
12:14:16.0687 3564  sym_u3 - ok
12:14:16.0734 3564  [ BB9DF7D1D39033B61AE5C431EA0003EA ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:14:16.0765 3564  SynTP - ok
12:14:16.0812 3564  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:14:16.0921 3564  sysaudio - ok
12:14:16.0953 3564  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:14:17.0046 3564  SysmonLog - ok
12:14:17.0093 3564  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:14:17.0203 3564  TapiSrv - ok
12:14:17.0250 3564  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:14:17.0296 3564  Tcpip - ok
12:14:17.0343 3564  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:14:17.0453 3564  TDPIPE - ok
12:14:17.0484 3564  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:14:17.0578 3564  TDTCP - ok
12:14:17.0593 3564  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:14:17.0718 3564  TermDD - ok
12:14:17.0734 3564  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:14:17.0859 3564  TermService - ok
12:14:17.0890 3564  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:14:17.0906 3564  Themes - ok
12:14:17.0906 3564  TosIde - ok
12:14:17.0937 3564  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:14:18.0046 3564  TrkWks - ok
12:14:18.0062 3564  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:14:18.0140 3564  Udfs - ok
12:14:18.0203 3564  [ 328762250DDF538CF007CF692DD6E934 ] UDXTTM6010      C:\WINDOWS\system32\DRIVERS\UDXTTM6010.sys
12:14:18.0234 3564  UDXTTM6010 - ok
12:14:18.0250 3564  ultra - ok
12:14:18.0296 3564  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:14:18.0390 3564  Update - ok
12:14:18.0421 3564  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:14:18.0500 3564  upnphost - ok
12:14:18.0515 3564  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
12:14:18.0609 3564  UPS - ok
12:14:18.0625 3564  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
12:14:18.0625 3564  USBAAPL - ok
12:14:18.0671 3564  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:14:18.0781 3564  usbccgp - ok
12:14:18.0796 3564  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:14:18.0906 3564  usbehci - ok
12:14:18.0937 3564  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:14:19.0046 3564  usbhub - ok
12:14:19.0078 3564  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:14:19.0203 3564  usbohci - ok
12:14:19.0250 3564  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:14:19.0375 3564  usbscan - ok
12:14:19.0453 3564  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:14:19.0578 3564  USBSTOR - ok
12:14:19.0625 3564  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
12:14:19.0734 3564  usbvideo - ok
12:14:19.0859 3564  [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc         C:\Programme\Windows Live\Messenger\usnsvc.exe
12:14:19.0875 3564  usnjsvc - ok
12:14:19.0921 3564  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:14:20.0062 3564  VgaSave - ok
12:14:20.0078 3564  ViaIde - ok
12:14:20.0171 3564  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:14:20.0343 3564  VolSnap - ok
12:14:20.0390 3564  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
12:14:20.0468 3564  VSS - ok
12:14:20.0515 3564  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
12:14:20.0671 3564  W32Time - ok
12:14:20.0750 3564  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:14:20.0843 3564  Wanarp - ok
12:14:20.0843 3564  WDICA - ok
12:14:20.0875 3564  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:14:20.0984 3564  wdmaud - ok
12:14:21.0062 3564  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:14:21.0140 3564  WebClient - ok
12:14:21.0234 3564  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:14:21.0375 3564  winmgmt - ok
12:14:21.0437 3564  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Programme\Windows Live\installer\WLSetupSvc.exe
12:14:21.0484 3564  WLSetupSvc - ok
12:14:21.0515 3564  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:14:21.0546 3564  WmdmPmSN - ok
12:14:21.0546 3564  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:14:21.0671 3564  WmiAcpi - ok
12:14:21.0718 3564  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:14:21.0859 3564  WmiApSrv - ok
12:14:21.0953 3564  [ D3DBD6E76F4BE9BEE67EB631488B5F29 ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
12:14:22.0031 3564  WMPNetworkSvc - ok
12:14:22.0140 3564  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:14:22.0203 3564  WPFFontCache_v0400 - ok
12:14:22.0265 3564  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:14:22.0406 3564  WS2IFSL - ok
12:14:22.0437 3564  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:14:22.0593 3564  wscsvc - ok
12:14:22.0609 3564  WSearch - ok
12:14:22.0625 3564  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:14:22.0718 3564  WSTCODEC - ok
12:14:22.0765 3564  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:14:22.0843 3564  wuauserv - ok
12:14:22.0875 3564  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:14:22.0906 3564  WudfPf - ok
12:14:22.0937 3564  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:14:22.0968 3564  WudfRd - ok
12:14:23.0015 3564  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:14:23.0031 3564  WudfSvc - ok
12:14:23.0093 3564  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:14:23.0218 3564  WZCSVC - ok
12:14:23.0250 3564  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:14:23.0406 3564  xmlprov - ok
12:14:23.0421 3564  ================ Scan global ===============================
12:14:23.0453 3564  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
12:14:23.0515 3564  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:14:23.0515 3564  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:14:23.0546 3564  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
12:14:23.0546 3564  [Global] - ok
12:14:23.0546 3564  ================ Scan MBR ==================================
12:14:23.0562 3564  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
12:14:23.0562 3564  Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:14:23.0609 3564  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
12:14:23.0609 3564  \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
12:14:23.0640 3564  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:14:23.0640 3564  \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:14:23.0656 3564  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR3
12:14:26.0343 3564  \Device\Harddisk1\DR3 - ok
12:14:26.0343 3564  ================ Scan VBR ==================================
12:14:26.0406 3564  [ 62AE509381CFCFBB8F0723613AF4265F ] \Device\Harddisk0\DR0\Partition1
12:14:26.0406 3564  \Device\Harddisk0\DR0\Partition1 - ok
12:14:26.0406 3564  [ FC2970CBD491DE1C80717FC7038E900C ] \Device\Harddisk1\DR3\Partition1
12:14:26.0406 3564  \Device\Harddisk1\DR3\Partition1 - ok
12:14:26.0406 3564  ============================================================
12:14:26.0406 3564  Scan finished
12:14:26.0406 3564  ============================================================
12:14:26.0421 3556  Detected object count: 3
12:14:26.0421 3556  Actual detected object count: 3
12:14:36.0609 3556  SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:36.0609 3556  SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:36.0609 3556  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
12:14:36.0609 3556  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip 
12:14:36.0609 3556  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:14:36.0609 3556  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
grüßle und Danke

Alt 17.10.2012, 11:34   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Code:
ATTFilter
12:14:36.0609 3556  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip 
12:14:36.0609 3556  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Diese Einträge bitte mit dem TDSS-Killer fixen. Aber bitte nur diese Einträge!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst sie bitte auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.10.2012, 07:14   #27
kirsten1967
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Okay,
habe jetzt 2 Tage versucht, das Ding zu starten, es läuft aber nicht mehr. Ich habe, denke ich, alle Varianten durch: Alte Datei- neue Datei- vom Stick- vom Desktop- im normalen Modus- im abgesicherten Modus als admin...
Was mache ich jetzt?
grüßle

Alt 21.10.2012, 12:00   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Bitte mal langsam und von vorne!
Was genau hast du gemacht, was ist jetzt der Fehler - Rechner startet nicht oder oder was?
Bitte genauer beschreiben
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.10.2012, 12:04   #29
kirsten1967
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Oh Sorry
Nein der TDSS Killer startet nicht 😒
Gruss

Alt 21.10.2012, 12:44   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Erst HDD Smart, dann Ukash - Standard

Erst HDD Smart, dann Ukash


Nachdem du die Fixes gemacht hast?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 4 1 2 34

Themen zu Erst HDD Smart, dann Ukash
abgesicherten, arbeiten, board, community, diverse, einfach, entfernt, fehlen, fehlermeldung, gen, gepostet, links, malwarebytes, modus, nicht mehr, ordner, private, programme, rechner, reparatur, smart, thread, verknüpfungen, virus, weiterhelfen


« Trojaner PUP.Blabbers | Trojaner Win32/InstalleRex.A.Gen, Win32/Adware.MultiPlug.D, Win32/InstalleRex.A.Gen »


Ähnliche Themen: Erst HDD Smart, dann Ukash


  1. Erst Pc dann teamspeak server gehackt? wer ist betroffen?
    Überwachung, Datenschutz und Spam - 15.01.2014 (2)
  2. Avira findet erst JS.Expack.EM und dann Spy.Zbot
    Log-Analyse und Auswertung - 11.03.2013 (24)
  3. Erst TR/Reveton.N.179 dann expolit.drop.gsa gefunden!
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (13)
  4. erst Polizeivirus, dann weisser Bildschirm
    Log-Analyse und Auswertung - 02.10.2012 (13)
  5. Erst TR/Spy.ZBot.efym dann TR/Trash.Gen
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  6. Erst System Repair, dann BKA-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.11.2011 (8)
  7. Erst grüner Bildschirm, dann Bluescreen Windows 7
    Alles rund um Windows - 26.10.2010 (1)
  8. Erst Vista dann XP?
    Alles rund um Windows - 11.06.2010 (31)
  9. Erst Vista dann XP?
    Mülltonne - 01.06.2010 (4)
  10. Erst TR/Crypt.ZPACK.Gen, dann 9 weitere, dann unklar (Teil 1)
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (1)
  11. Trojaner: Erst Geld, dann Internet
    Nachrichten - 01.12.2009 (0)
  12. Erst Virus,dann Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.06.2009 (6)
  13. Erst Werbepopups, dann Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 05.04.2009 (3)
  14. Erst MSN - Wurm dann Antivirus 2009
    Log-Analyse und Auswertung - 29.11.2008 (1)
  15. Erst Trojaner, dann Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 15.06.2008 (3)
  16. Erst TR/Drop.Agent.dgo.8 dann TR/Vundo.DWK
    Log-Analyse und Auswertung - 01.02.2008 (11)
  17. erst StartPage.qr.dll, dann ging nix mehr
    Plagegeister aller Art und deren Bekämpfung - 22.03.2005 (54)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Erst HDD Smart, dann Ukash - Code: Alles auswählen Aufklappen ATTFilter Scan Mode: Current user Du hast den Haken bei Scanne alle Benutzer scannen vergessen! Bitte das Log nochmal richtig machen - Erst HDD Smart, dann Ukash...
Archiv
Du betrachtest: Erst HDD Smart, dann Ukash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131