Trojaner - GVU (Urheberrechtsverletzung ohne Webcam)

cosinus · 14.05.2013, 10:37

Hast du schon den zweiten MBAR-Scan gemacht?

Wendel · 14.05.2013, 23:29

Hier jetzt das MBAR-Log nach dem zweiten Durchlauf:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.14.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: ACER-LAPTOP [administrator]

15.05.2013 00:04:47
mbar-log-2013-05-15 (00-04-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28270
Time elapsed: 3 hour(s), 5 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 15.05.2013, 11:15

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Wendel · 15.05.2013, 21:58

Hier anbei das aswMBR-Log:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-15 21:29:24
-----------------------------
21:29:24.929    OS Version: Windows 5.1.2600 Service Pack 2
21:29:24.944    Number of processors: 2 586 0xF0D
21:29:24.975    ComputerName: ACER-LAPTOP  UserName: Admin
21:29:33.054    Initialize success
21:39:01.022    AVAST engine defs: 13051500
21:42:25.147    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
21:42:25.163    Disk 0 Vendor: ST9160821AS 3.ALD Size: 152627MB BusType: 3
21:42:25.444    Disk 0 MBR read successfully
21:42:25.460    Disk 0 MBR scan
21:42:25.616    Disk 0 unknown MBR code
21:42:25.616    Disk 0 Partition 1 00     12  Compaq diag MSWIN4.1     6000 MB offset 63
21:42:25.788    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        73045 MB offset 12289725
21:42:25.835    Disk 0 Partition 3 00     0C    FAT32 LBA MSWIN4.1    73578 MB offset 161887005
21:42:25.944    Disk 0 scanning sectors +312576705
21:42:26.272    Disk 0 scanning C:\WINDOWS\system32\drivers
21:43:22.585    Service scanning
21:45:21.382    Modules scanning
21:45:54.116    Disk 0 trace - called modules:
21:45:54.147    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 
21:45:54.163    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871324c8]
21:45:54.179    3 CLASSPNP.SYS[f775e05b] -> nt!IofCallDriver -> \Device\000000d2[0x870ca030]
21:45:54.194    5 ACPI.sys[f7553620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x870c4d98]
21:45:55.600    AVAST engine scan C:\WINDOWS
21:47:09.585    AVAST engine scan C:\WINDOWS\system32
22:09:26.882    AVAST engine scan C:\WINDOWS\system32\drivers
22:10:35.710    AVAST engine scan C:\Dokumente und Einstellungen\Admin
22:15:11.991    AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:46:35.444    Scan finished successfully
22:47:13.835    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\MBR.dat"
22:47:13.866    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\aswMBR.txt"

Gleich weiter mit dem TDSS-Killer, richtig ?

cosinus · 15.05.2013, 22:04

ja bitte

Wendel · 15.05.2013, 22:22

Das Log vom TDSS rootkit removing tool ging ja mal vergleichsweise fix.
Dafür gibt es hier offenbar ein paar Funde:

Code:

ATTFilter

23:09:40.0522 2876  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:09:40.0538 2876  ============================================================
23:09:40.0538 2876  Current date / time: 2013/05/15 23:09:40.0538
23:09:40.0538 2876  SystemInfo:
23:09:40.0538 2876  
23:09:40.0538 2876  OS Version: 5.1.2600 ServicePack: 2.0
23:09:40.0538 2876  Product type: Workstation
23:09:40.0538 2876  ComputerName: ACER-LAPTOP
23:09:40.0538 2876  UserName: Admin
23:09:40.0538 2876  Windows directory: C:\WINDOWS
23:09:40.0538 2876  System windows directory: C:\WINDOWS
23:09:40.0538 2876  Processor architecture: Intel x86
23:09:40.0538 2876  Number of processors: 2
23:09:40.0538 2876  Page size: 0x1000
23:09:40.0538 2876  Boot type: Normal boot
23:09:40.0538 2876  ============================================================
23:09:42.0241 2876  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:09:42.0257 2876  Drive \Device\Harddisk1\DR4 - Size: 0x1D4C00000 (7.32 Gb), SectorSize: 0x200, Cylinders: 0x3BC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:09:42.0257 2876  ============================================================
23:09:42.0257 2876  \Device\Harddisk0\DR0:
23:09:42.0288 2876  MBR partitions:
23:09:42.0288 2876  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBB86BD, BlocksNum 0x8EAAC60
23:09:42.0288 2876  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x9A6331D, BlocksNum 0x8FB57A4
23:09:42.0288 2876  \Device\Harddisk1\DR4:
23:09:42.0288 2876  MBR partitions:
23:09:42.0288 2876  \Device\Harddisk1\DR4\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEA5FE0
23:09:42.0288 2876  ============================================================
23:09:42.0335 2876  C: <-> \Device\Harddisk0\DR0\Partition1
23:09:42.0350 2876  D: <-> \Device\Harddisk0\DR0\Partition2
23:09:42.0350 2876  ============================================================
23:09:42.0350 2876  Initialize success
23:09:42.0350 2876  ============================================================
23:12:14.0366 2248  ============================================================
23:12:14.0366 2248  Scan started
23:12:14.0366 2248  Mode: Manual; SigCheck; TDLFS; 
23:12:14.0366 2248  ============================================================
23:12:15.0319 2248  ================ Scan system memory ========================
23:12:15.0319 2248  System memory - ok
23:12:15.0319 2248  ================ Scan services =============================
23:12:15.0835 2248  [ 86D7B1E70661D754685B9AC6D749AAE5 ] 61883           C:\WINDOWS\system32\DRIVERS\61883.sys
23:12:19.0616 2248  61883 - ok
23:12:19.0632 2248  Abiosdsk - ok
23:12:19.0679 2248  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:12:19.0788 2248  abp480n5 - ok
23:12:19.0897 2248  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:12:20.0179 2248  ACPI - ok
23:12:20.0194 2248  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:12:20.0304 2248  ACPIEC - ok
23:12:20.0366 2248  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:12:20.0538 2248  adpu160m - ok
23:12:20.0632 2248  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:12:22.0132 2248  aec - ok
23:12:22.0241 2248  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:12:22.0366 2248  AFD - ok
23:12:22.0429 2248  [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
23:12:22.0554 2248  agp440 - ok
23:12:22.0585 2248  [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:12:22.0710 2248  agpCPQ - ok
23:12:22.0741 2248  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:12:22.0819 2248  Aha154x - ok
23:12:22.0882 2248  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:12:23.0054 2248  aic78u2 - ok
23:12:23.0085 2248  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:12:23.0241 2248  aic78xx - ok
23:12:23.0272 2248  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:12:23.0397 2248  Alerter - ok
23:12:23.0444 2248  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             C:\WINDOWS\System32\alg.exe
23:12:23.0507 2248  ALG - ok
23:12:23.0538 2248  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
23:12:23.0647 2248  AliIde - ok
23:12:23.0679 2248  [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:12:23.0819 2248  alim1541 - ok
23:12:23.0866 2248  [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:12:24.0007 2248  amdagp - ok
23:12:24.0038 2248  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
23:12:24.0100 2248  amsint - ok
23:12:24.0163 2248  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\WINDOWS\system32\Drivers\ssadadb.sys
23:12:24.0522 2248  androidusb - ok
23:12:24.0694 2248  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
23:12:24.0788 2248  AntiVirSchedulerService - ok
23:12:24.0944 2248  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
23:12:25.0100 2248  AntiVirService - ok
23:12:25.0225 2248  [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:12:25.0382 2248  AppMgmt - ok
23:12:25.0429 2248  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:12:25.0569 2248  Arp1394 - ok
23:12:25.0600 2248  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
23:12:25.0710 2248  asc - ok
23:12:25.0741 2248  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:12:25.0819 2248  asc3350p - ok
23:12:25.0835 2248  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:12:25.0944 2248  asc3550 - ok
23:12:26.0116 2248  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:12:26.0179 2248  aspnet_state - ok
23:12:26.0225 2248  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:12:26.0350 2248  AsyncMac - ok
23:12:26.0429 2248  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:12:26.0522 2248  atapi - ok
23:12:26.0538 2248  Atdisk - ok
23:12:26.0585 2248  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:12:26.0725 2248  Atmarpc - ok
23:12:26.0772 2248  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:12:26.0913 2248  AudioSrv - ok
23:12:26.0944 2248  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:12:27.0054 2248  audstub - ok
23:12:27.0100 2248  [ 87C223ADB8F7596B31CAAE3C67B16DDD ] Avc             C:\WINDOWS\system32\DRIVERS\avc.sys
23:12:27.0257 2248  Avc - ok
23:12:27.0288 2248  [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio           C:\Programme\Avira\AntiVir Desktop\avgio.sys
23:12:27.0304 2248  avgio - ok
23:12:27.0366 2248  [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:12:27.0413 2248  avgntflt - ok
23:12:27.0507 2248  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:12:27.0616 2248  avipbb - ok
23:12:27.0710 2248  [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:12:27.0882 2248  b57w2k - ok
23:12:28.0507 2248  [ E9EA635B8432D68F0005B3F6CEBAB837 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:12:29.0616 2248  BCM43XX - ok
23:12:29.0694 2248  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:12:29.0819 2248  Beep - ok
23:12:30.0038 2248  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
23:12:30.0538 2248  BITS - ok
23:12:30.0600 2248  [ 5FF9A3F3476D726AE62DA82D5DA94C36 ] BlueletAudio    C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
23:12:30.0616 2248  BlueletAudio - ok
23:12:30.0647 2248  [ BD91AFC523FD59F881E1763C38FB772F ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
23:12:30.0663 2248  BlueletSCOAudio - ok
23:12:30.0804 2248  [ E460DBC78B9162A569C6CE3B7D31216D ] BlueSoleil Hid Service C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
23:12:30.0913 2248  BlueSoleil Hid Service - ok
23:12:30.0991 2248  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         C:\WINDOWS\System32\browser.dll
23:12:31.0132 2248  Browser - ok
23:12:31.0194 2248  [ C5CCE2B26F73F8CF7F3C82159E79AA08 ] BT              C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
23:12:31.0210 2248  BT - ok
23:12:31.0257 2248  [ FB2ABC6D08D9F8D5ED8E02CBD18B39BB ] Btcsrusb        C:\WINDOWS\system32\Drivers\btcusb.sys
23:12:31.0288 2248  Btcsrusb - ok
23:12:31.0319 2248  [ CE643D0918123D76A5CAAB008FCA9663 ] BTHidEnum       C:\WINDOWS\system32\Drivers\vbtenum.sys
23:12:31.0335 2248  BTHidEnum - ok
23:12:31.0366 2248  [ DFCA4FE4C8AEC786B4D0F432EB730F48 ] BTHidMgr        C:\WINDOWS\system32\Drivers\BTHidMgr.sys
23:12:31.0397 2248  BTHidMgr - ok
23:12:31.0679 2248  [ A8EAE8E358DE3A21E6EB54F4FC7F65EC ] Ca533av         C:\WINDOWS\system32\Drivers\Ca533av.sys
23:12:32.0147 2248  Ca533av - ok
23:12:32.0257 2248  catchme - ok
23:12:32.0272 2248  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:12:32.0397 2248  cbidf - ok
23:12:32.0413 2248  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:12:32.0507 2248  cbidf2k - ok
23:12:32.0554 2248  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:12:32.0679 2248  CCDECODE - ok
23:12:32.0694 2248  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:12:32.0757 2248  cd20xrnt - ok
23:12:32.0788 2248  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:12:32.0960 2248  Cdaudio - ok
23:12:33.0007 2248  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:12:33.0194 2248  Cdfs - ok
23:12:33.0304 2248  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:12:33.0444 2248  Cdrom - ok
23:12:33.0460 2248  Changer - ok
23:12:33.0491 2248  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:12:33.0600 2248  CiSvc - ok
23:12:33.0647 2248  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:12:33.0772 2248  ClipSrv - ok
23:12:33.0850 2248  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:12:33.0960 2248  clr_optimization_v2.0.50727_32 - ok
23:12:34.0116 2248  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:12:34.0194 2248  clr_optimization_v4.0.30319_32 - ok
23:12:34.0257 2248  CLTNetCnService - ok
23:12:34.0288 2248  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:12:34.0397 2248  CmBatt - ok
23:12:34.0444 2248  [ C687F81290303D90099B027A6474F99F ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:12:34.0538 2248  CmdIde - ok
23:12:34.0554 2248  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:12:34.0679 2248  Compbatt - ok
23:12:34.0679 2248  COMSysApp - ok
23:12:34.0725 2248  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:12:34.0835 2248  Cpqarray - ok
23:12:34.0897 2248  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:12:35.0038 2248  CryptSvc - ok
23:12:35.0147 2248  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:12:35.0335 2248  dac2w2k - ok
23:12:35.0366 2248  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:12:35.0475 2248  dac960nt - ok
23:12:35.0710 2248  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:12:36.0147 2248  DcomLaunch - ok
23:12:36.0397 2248  [ 06DC2FDC6282F0D68910417B1150C848 ] derby           C:\Dokumente und Einstellungen\Anwender\Desktop\Nadine Grundschule\AZ 6-1\derby\wrapper.exe
23:12:36.0522 2248  derby ( UnsignedFile.Multi.Generic ) - warning
23:12:36.0522 2248  derby - detected UnsignedFile.Multi.Generic (1)
23:12:36.0585 2248  [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv        C:\WINDOWS\system32\drivers\dgderdrv.sys
23:12:36.0600 2248  dgderdrv - ok
23:12:36.0679 2248  [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
23:12:36.0741 2248  dg_ssudbus - ok
23:12:36.0835 2248  [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:12:36.0991 2248  Dhcp - ok
23:12:37.0038 2248  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:12:37.0147 2248  Disk - ok
23:12:37.0194 2248  [ 060DB81DFB79C8244EB65D10B6C7873F ] DKbFltr         C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
23:12:37.0241 2248  DKbFltr - ok
23:12:37.0241 2248  dmadmin - ok
23:12:37.0663 2248  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:12:38.0444 2248  dmboot - ok
23:12:38.0538 2248  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:12:38.0725 2248  dmio - ok
23:12:38.0757 2248  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:12:38.0850 2248  dmload - ok
23:12:38.0897 2248  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:12:39.0022 2248  dmserver - ok
23:12:39.0085 2248  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:12:39.0225 2248  DMusic - ok
23:12:39.0288 2248  [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:12:39.0382 2248  Dnscache - ok
23:12:39.0397 2248  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:12:39.0507 2248  dpti2o - ok
23:12:39.0522 2248  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:12:39.0632 2248  drmkaud - ok
23:12:39.0757 2248  [ D33EC04D1F0B5F388DE86CCC3333A59F ] eLockService    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
23:12:39.0788 2248  eLockService ( UnsignedFile.Multi.Generic ) - warning
23:12:39.0788 2248  eLockService - detected UnsignedFile.Multi.Generic (1)
23:12:39.0835 2248  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:12:39.0960 2248  ERSvc - ok
23:12:40.0038 2248  [ A07CA23EA361A01E627D911CF139B950 ] Eventlog        C:\WINDOWS\system32\services.exe
23:12:40.0116 2248  Eventlog - ok
23:12:40.0272 2248  [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem     C:\WINDOWS\system32\es.dll
23:12:40.0460 2248  EventSystem - ok
23:12:40.0475 2248  ewusbnet - ok
23:12:40.0585 2248  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:12:40.0772 2248  Fastfat - ok
23:12:40.0866 2248  [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:12:40.0975 2248  FastUserSwitchingCompatibility - ok
23:12:41.0147 2248  [ 030DEF1B6AD98FA70A51C9994DABC924 ] Fax             C:\WINDOWS\system32\fxssvc.exe
23:12:41.0397 2248  Fax - ok
23:12:41.0444 2248  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
23:12:41.0569 2248  Fdc - ok
23:12:41.0600 2248  [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS         C:\WINDOWS\system32\DRIVERS\fetnd5.sys
23:12:41.0694 2248  FETNDIS - ok
23:12:41.0725 2248  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:12:41.0850 2248  Fips - ok
23:12:41.0897 2248  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
23:12:42.0007 2248  Flpydisk - ok
23:12:42.0100 2248  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:12:42.0210 2248  FltMgr - ok
23:12:42.0319 2248  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:12:42.0350 2248  FontCache3.0.0.0 - ok
23:12:42.0382 2248  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:12:42.0475 2248  Fs_Rec - ok
23:12:42.0569 2248  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:12:42.0741 2248  Ftdisk - ok
23:12:42.0788 2248  [ 4216CD545E5C30807B560C5DCAA812E6 ] gagp30kx        C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
23:12:42.0913 2248  gagp30kx - ok
23:12:42.0960 2248  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:12:43.0069 2248  Gpc - ok
23:12:43.0179 2248  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:12:43.0304 2248  HDAudBus - ok
23:12:43.0366 2248  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:12:43.0538 2248  helpsvc - ok
23:12:43.0585 2248  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ         C:\WINDOWS\System32\hidserv.dll
23:12:43.0710 2248  HidServ - ok
23:12:43.0757 2248  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:12:43.0850 2248  HidUsb - ok
23:12:43.0897 2248  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
23:12:44.0007 2248  hpn - ok
23:12:44.0397 2248  [ 75F122CDCA3C71BD09089F2CA824B796 ] HPSLPSVC        C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:12:45.0007 2248  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
23:12:45.0007 2248  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
23:12:45.0069 2248  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:12:45.0382 2248  HPZid412 - ok
23:12:45.0429 2248  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:12:45.0460 2248  HPZipr12 - ok
23:12:45.0507 2248  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:12:45.0554 2248  HPZius12 - ok
23:12:45.0679 2248  [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:12:45.0835 2248  HSFHWAZL - ok
23:12:46.0319 2248  [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:12:47.0225 2248  HSF_DPV - ok
23:12:47.0397 2248  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:12:47.0600 2248  HTTP - ok
23:12:47.0663 2248  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:12:47.0772 2248  HTTPFilter - ok
23:12:47.0788 2248  hwdatacard - ok
23:12:47.0804 2248  hwusbfake - ok
23:12:47.0819 2248  [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
23:12:47.0929 2248  i2omgmt - ok
23:12:47.0960 2248  [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:12:48.0085 2248  i2omp - ok
23:12:48.0132 2248  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:12:48.0272 2248  i8042prt - ok
23:12:48.0554 2248  [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON        C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
23:12:48.0850 2248  IAANTMON - ok
23:12:51.0647 2248  [ 12C7F8D581C4A9F126F5F8F5683A1C29 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:12:57.0210 2248  ialm - ok
23:12:57.0382 2248  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:12:57.0538 2248  iaStor - ok
23:12:57.0632 2248  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:12:57.0725 2248  IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:12:57.0725 2248  IDriverT - detected UnsignedFile.Multi.Generic (1)
23:12:58.0272 2248  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:12:59.0116 2248  idsvc - ok
23:12:59.0147 2248  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:12:59.0288 2248  Imapi - ok
23:12:59.0397 2248  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:12:59.0600 2248  ImapiService - ok
23:12:59.0647 2248  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:12:59.0757 2248  ini910u - ok
23:12:59.0788 2248  [ F8F75594C17FE7BCE1B4045BB7199868 ] int15           C:\WINDOWS\system32\drivers\int15.sys
23:12:59.0804 2248  int15 - ok
23:12:59.0913 2248  [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15.sys       C:\Acer\Empowering Technology\eRecovery\int15.sys
23:12:59.0960 2248  int15.sys ( UnsignedFile.Multi.Generic ) - warning
23:12:59.0960 2248  int15.sys - detected UnsignedFile.Multi.Generic (1)
23:13:02.0100 2248  [ B45A576AD280DD4F605F58B24CDAAFE1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:13:06.0335 2248  IntcAzAudAddService - ok
23:13:06.0366 2248  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
23:13:06.0475 2248  IntelIde - ok
23:13:06.0507 2248  [ C1C2CC1DA79C5EE10457EF0A3B8568C7 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:13:06.0632 2248  intelppm - ok
23:13:06.0663 2248  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:13:06.0772 2248  Ip6Fw - ok
23:13:06.0835 2248  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:13:06.0944 2248  IpFilterDriver - ok
23:13:06.0975 2248  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:13:07.0100 2248  IpInIp - ok
23:13:07.0210 2248  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:13:07.0460 2248  IpNat - ok
23:13:07.0507 2248  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:13:07.0647 2248  IPSec - ok
23:13:07.0725 2248  [ 86C204836FEEC22510D434982D4221B8 ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
23:13:07.0819 2248  irda - ok
23:13:07.0850 2248  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:13:07.0897 2248  IRENUM - ok
23:13:07.0960 2248  [ A3D93599BDCDF7EEC273A63A23D694F8 ] Irmon           C:\WINDOWS\System32\irmon.dll
23:13:07.0975 2248  Irmon - ok
23:13:08.0022 2248  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:13:08.0147 2248  isapnp - ok
23:13:08.0335 2248  [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
23:13:08.0413 2248  JavaQuickStarterService - ok
23:13:08.0444 2248  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:13:08.0569 2248  Kbdclass - ok
23:13:08.0600 2248  [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:13:08.0725 2248  kbdhid - ok
23:13:08.0882 2248  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:13:08.0991 2248  kmixer - ok
23:13:09.0069 2248  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:13:09.0210 2248  KSecDD - ok
23:13:09.0288 2248  [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
23:13:09.0366 2248  lanmanserver - ok
23:13:09.0475 2248  [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:13:09.0585 2248  lanmanworkstation - ok
23:13:09.0600 2248  lbrtfdc - ok
23:13:09.0679 2248  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
23:13:09.0725 2248  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:13:09.0725 2248  LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:13:09.0897 2248  [ 93B73DED2BC688F140C6AE2FBAD45789 ] Live Updater Service C:\Programme\Acer\Acer Updater\UpdaterService.exe
23:13:10.0038 2248  Live Updater Service - ok
23:13:10.0085 2248  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:13:10.0210 2248  LmHosts - ok
23:13:10.0257 2248  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:13:10.0272 2248  mdmxsdk - ok
23:13:10.0335 2248  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:13:10.0444 2248  Messenger - ok
23:13:10.0491 2248  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:13:10.0585 2248  mnmdd - ok
23:13:10.0632 2248  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
23:13:10.0741 2248  mnmsrvc - ok
23:13:10.0772 2248  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:13:10.0897 2248  Modem - ok
23:13:10.0913 2248  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:13:11.0038 2248  Mouclass - ok
23:13:11.0069 2248  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:13:11.0163 2248  mouhid - ok
23:13:11.0241 2248  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:13:11.0366 2248  MountMgr - ok
23:13:11.0382 2248  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:13:11.0491 2248  mraid35x - ok
23:13:11.0616 2248  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:13:11.0757 2248  MRxDAV - ok
23:13:11.0991 2248  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:13:12.0413 2248  MRxSmb - ok
23:13:12.0444 2248  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:13:12.0538 2248  MSDTC - ok
23:13:12.0585 2248  [ 6DD721DFD2648F3F6D5808B5BA6CB095 ] MSDV            C:\WINDOWS\system32\DRIVERS\msdv.sys
23:13:12.0710 2248  MSDV - ok
23:13:12.0741 2248  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:13:12.0850 2248  Msfs - ok
23:13:12.0882 2248  [ EE55F5C64417CC369866D7EAFE9B07AB ] MSIRCOMM        C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
23:13:12.0960 2248  MSIRCOMM - ok
23:13:12.0960 2248  MSIServer - ok
23:13:12.0991 2248  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:13:13.0085 2248  MSKSSRV - ok
23:13:13.0132 2248  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:13:13.0241 2248  MSPCLOCK - ok
23:13:13.0257 2248  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:13:13.0350 2248  MSPQM - ok
23:13:13.0382 2248  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:13:13.0475 2248  mssmbios - ok
23:13:13.0522 2248  MSSQL$MSSMLBIZ - ok
23:13:13.0585 2248  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe
23:13:13.0616 2248  MSSQLServerADHelper - ok
23:13:13.0632 2248  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
23:13:13.0741 2248  MSTEE - ok
23:13:13.0819 2248  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:13:14.0038 2248  Mup - ok
23:13:14.0100 2248  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:13:14.0257 2248  NABTSFEC - ok
23:13:14.0366 2248  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:13:14.0554 2248  NDIS - ok
23:13:14.0585 2248  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:13:14.0679 2248  NdisIP - ok
23:13:14.0725 2248  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:13:14.0850 2248  NdisTapi - ok
23:13:14.0897 2248  [ 8D3CE6B579CDE8D37ACC690B67DC2106 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:13:14.0929 2248  Ndisuio - ok
23:13:14.0991 2248  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:13:15.0163 2248  NdisWan - ok
23:13:15.0179 2248  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:13:15.0304 2248  NDProxy - ok
23:13:15.0350 2248  [ 19715A9A573DAD2521348ABC74266A48 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
23:13:15.0397 2248  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:13:15.0397 2248  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:13:15.0460 2248  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:13:15.0585 2248  NetBIOS - ok
23:13:15.0679 2248  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:13:15.0866 2248  NetBT - ok
23:13:15.0960 2248  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:13:16.0147 2248  NetDDE - ok
23:13:16.0225 2248  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:13:16.0319 2248  NetDDEdsdm - ok
23:13:16.0366 2248  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:13:16.0475 2248  Netlogon - ok
23:13:16.0600 2248  [ 1E5218FBE323C375B488318950E10FB4 ] Netman          C:\WINDOWS\System32\netman.dll
23:13:16.0725 2248  Netman - ok
23:13:16.0819 2248  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:13:16.0913 2248  NetTcpPortSharing - ok
23:13:16.0975 2248  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:13:17.0116 2248  NIC1394 - ok
23:13:17.0272 2248  [ 774274C487493452DF3B0126DBE7FF3B ] Nla             C:\WINDOWS\System32\mswsock.dll
23:13:17.0429 2248  Nla - ok
23:13:17.0475 2248  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:13:17.0585 2248  Npfs - ok
23:13:17.0616 2248  [ 6216798D29C3BA9D0D6F40BBBAB694A5 ] NSCIRDA         C:\WINDOWS\system32\DRIVERS\nscirda.sys
23:13:17.0679 2248  NSCIRDA - ok
23:13:17.0991 2248  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:13:18.0491 2248  Ntfs - ok
23:13:18.0522 2248  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
23:13:18.0538 2248  NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
23:13:18.0538 2248  NTIDrvr - detected UnsignedFile.Multi.Generic (1)
23:13:18.0569 2248  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:13:18.0663 2248  NtLmSsp - ok
23:13:18.0897 2248  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:13:19.0366 2248  NtmsSvc - ok
23:13:19.0382 2248  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:13:19.0491 2248  Null - ok
23:13:19.0522 2248  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:13:19.0616 2248  NwlnkFlt - ok
23:13:19.0663 2248  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:13:19.0772 2248  NwlnkFwd - ok
23:13:20.0069 2248  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
23:13:20.0429 2248  odserv - ok
23:13:20.0507 2248  [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:13:20.0647 2248  ohci1394 - ok
23:13:20.0741 2248  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
23:13:20.0819 2248  ose - ok
23:13:20.0882 2248  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:13:21.0038 2248  Parport - ok
23:13:21.0085 2248  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:13:21.0194 2248  PartMgr - ok
23:13:21.0225 2248  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:13:21.0319 2248  ParVdm - ok
23:13:21.0382 2248  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:13:21.0491 2248  PCI - ok
23:13:21.0507 2248  PCIDump - ok
23:13:21.0522 2248  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:13:21.0632 2248  PCIIde - ok
23:13:21.0725 2248  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:13:21.0897 2248  Pcmcia - ok
23:13:21.0913 2248  PDCOMP - ok
23:13:21.0929 2248  PDFRAME - ok
23:13:21.0929 2248  PDRELI - ok
23:13:21.0944 2248  PDRFRAME - ok
23:13:21.0975 2248  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
23:13:22.0085 2248  perc2 - ok
23:13:22.0100 2248  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:13:22.0194 2248  perc2hib - ok
23:13:22.0288 2248  [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:13:22.0304 2248  PlugPlay - ok
23:13:22.0350 2248  [ B36CD3F2ECA751C0CA8B8868BD1C5449 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
23:13:22.0413 2248  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:13:22.0413 2248  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:13:22.0429 2248  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:13:22.0522 2248  PolicyAgent - ok
23:13:22.0554 2248  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:13:22.0679 2248  PptpMiniport - ok
23:13:22.0725 2248  [ 3D7F196E77F986C106E9320B81A5EBBF ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
23:13:22.0835 2248  Processor - ok
23:13:22.0850 2248  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:13:22.0944 2248  ProtectedStorage - ok
23:13:22.0991 2248  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:13:23.0147 2248  PSched - ok
23:13:23.0194 2248  [ 32338659E9DA79055406F2157CD0E1DF ] psdfilter       C:\WINDOWS\system32\Drivers\psdfilter.sys
23:13:23.0194 2248  psdfilter ( UnsignedFile.Multi.Generic ) - warning
23:13:23.0194 2248  psdfilter - detected UnsignedFile.Multi.Generic (1)
23:13:23.0257 2248  [ 4C7947014674DF40B7AF52342A9157D0 ] psdvdisk        C:\WINDOWS\system32\Drivers\psdvdisk.sys
23:13:23.0304 2248  psdvdisk ( UnsignedFile.Multi.Generic ) - warning
23:13:23.0304 2248  psdvdisk - detected UnsignedFile.Multi.Generic (1)
23:13:23.0335 2248  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:13:23.0444 2248  Ptilink - ok
23:13:23.0491 2248  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:13:23.0616 2248  ql1080 - ok
23:13:23.0647 2248  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:13:23.0757 2248  Ql10wnt - ok
23:13:23.0804 2248  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:13:23.0929 2248  ql12160 - ok
23:13:23.0960 2248  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:13:24.0069 2248  ql1240 - ok
23:13:24.0179 2248  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:13:24.0304 2248  ql1280 - ok
23:13:24.0319 2248  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:13:24.0413 2248  RasAcd - ok
23:13:24.0491 2248  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:13:24.0647 2248  RasAuto - ok
23:13:24.0679 2248  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:13:24.0741 2248  Rasirda - ok
23:13:24.0772 2248  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:13:24.0897 2248  Rasl2tp - ok
23:13:25.0022 2248  [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:13:25.0132 2248  RasMan - ok
23:13:25.0179 2248  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:13:25.0304 2248  RasPppoe - ok
23:13:25.0335 2248  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:13:25.0429 2248  Raspti - ok
23:13:25.0538 2248  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:13:25.0663 2248  Rdbss - ok
23:13:25.0710 2248  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:13:25.0819 2248  RDPCDD - ok
23:13:25.0929 2248  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:13:26.0132 2248  rdpdr - ok
23:13:26.0241 2248  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:13:26.0335 2248  RDPWD - ok
23:13:26.0444 2248  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:13:26.0616 2248  RDSessMgr - ok
23:13:26.0679 2248  [ AA56702E230860565CB8D43680F57F33 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:13:26.0804 2248  redbook - ok
23:13:26.0850 2248  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:13:27.0007 2248  RemoteAccess - ok
23:13:27.0069 2248  [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
23:13:27.0194 2248  RemoteRegistry - ok
23:13:27.0335 2248  [ 2AF094B1CE4725E4551F38FDA2348637 ] RichVideo       C:\Programme\CyberLink\Shared Files\RichVideo.exe
23:13:27.0444 2248  RichVideo ( UnsignedFile.Multi.Generic ) - warning
23:13:27.0444 2248  RichVideo - detected UnsignedFile.Multi.Generic (1)
23:13:27.0475 2248  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
23:13:27.0569 2248  ROOTMODEM - ok
23:13:27.0647 2248  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:13:27.0788 2248  RpcLocator - ok
23:13:28.0007 2248  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
23:13:28.0179 2248  RpcSs - ok
23:13:28.0272 2248  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:13:28.0444 2248  RSVP - ok
23:13:28.0538 2248  [ 815445F4676CC96BC9AEEC303C727E19 ] s116bus         C:\WINDOWS\system32\DRIVERS\s116bus.sys
23:13:28.0585 2248  s116bus - ok
23:13:28.0632 2248  [ 333D1E0743E6DE1779C3C418AC601C3A ] s116mdfl        C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
23:13:28.0647 2248  s116mdfl - ok
23:13:28.0725 2248  [ 50D6E5B021E9EC7553AB8A3553CC1B6B ] s116mdm         C:\WINDOWS\system32\DRIVERS\s116mdm.sys
23:13:28.0788 2248  s116mdm - ok
23:13:28.0866 2248  [ 1589AA53E43F8D193A7D4D580D3FFA95 ] s116mgmt        C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
23:13:28.0929 2248  s116mgmt - ok
23:13:28.0975 2248  [ 306F85733671FE507470F0273025E768 ] s116nd5         C:\WINDOWS\system32\DRIVERS\s116nd5.sys
23:13:28.0991 2248  s116nd5 - ok
23:13:29.0085 2248  [ EC32601F04A5A5DE89315D0F55E73D66 ] s116obex        C:\WINDOWS\system32\DRIVERS\s116obex.sys
23:13:29.0194 2248  s116obex - ok
23:13:29.0272 2248  [ 32E3ECB4B2B5887426EAF241A8149CDE ] s116unic        C:\WINDOWS\system32\DRIVERS\s116unic.sys
23:13:29.0319 2248  s116unic - ok
23:13:29.0350 2248  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:13:29.0444 2248  SamSs - ok
23:13:29.0522 2248  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:13:29.0679 2248  SCardSvr - ok
23:13:29.0804 2248  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:13:30.0054 2248  Schedule - ok
23:13:30.0147 2248  [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:13:30.0272 2248  sdbus - ok
23:13:30.0350 2248  [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus         C:\WINDOWS\system32\DRIVERS\SE27bus.sys
23:13:30.0382 2248  SE27bus ( UnsignedFile.Multi.Generic ) - warning
23:13:30.0382 2248  SE27bus - detected UnsignedFile.Multi.Generic (1)
23:13:30.0413 2248  [ D53E7E53107D1796825540129F8FE89F ] SE27mdfl        C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
23:13:30.0429 2248  SE27mdfl ( UnsignedFile.Multi.Generic ) - warning
23:13:30.0429 2248  SE27mdfl - detected UnsignedFile.Multi.Generic (1)
23:13:30.0507 2248  [ 2AFA2F65A6E91DA5B5070E734769827E ] SE27mdm         C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
23:13:30.0569 2248  SE27mdm ( UnsignedFile.Multi.Generic ) - warning
23:13:30.0569 2248  SE27mdm - detected UnsignedFile.Multi.Generic (1)
23:13:30.0647 2248  [ 5A33A8D7B44C7BD8ABE248B4DCD1FF3C ] SE27mgmt        C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
23:13:30.0710 2248  SE27mgmt ( UnsignedFile.Multi.Generic ) - warning
23:13:30.0725 2248  SE27mgmt - detected UnsignedFile.Multi.Generic (1)
23:13:30.0741 2248  [ BB30139683BBF3EE89EC931393D9335C ] se27nd5         C:\WINDOWS\system32\DRIVERS\se27nd5.sys
23:13:30.0772 2248  se27nd5 ( UnsignedFile.Multi.Generic ) - warning
23:13:30.0772 2248  se27nd5 - detected UnsignedFile.Multi.Generic (1)
23:13:30.0835 2248  [ 5DA6FF71E94B9134DDD094EBB09F05E6 ] SE27obex        C:\WINDOWS\system32\DRIVERS\SE27obex.sys
23:13:30.0882 2248  SE27obex ( UnsignedFile.Multi.Generic ) - warning
23:13:30.0882 2248  SE27obex - detected UnsignedFile.Multi.Generic (1)
23:13:30.0944 2248  [ 4D54A9D7C22157AB3D2442E8BCF5ECD2 ] se27unic        C:\WINDOWS\system32\DRIVERS\se27unic.sys
23:13:30.0991 2248  se27unic ( UnsignedFile.Multi.Generic ) - warning
23:13:30.0991 2248  se27unic - detected UnsignedFile.Multi.Generic (1)
23:13:31.0038 2248  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:13:31.0100 2248  Secdrv - ok
23:13:31.0163 2248  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:13:31.0272 2248  seclogon - ok
23:13:31.0319 2248  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
23:13:31.0444 2248  SENS - ok
23:13:31.0475 2248  [ A2D868AEEFF612E70E213C451A70CAFB ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:13:31.0585 2248  Serenum - ok
23:13:31.0632 2248  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
23:13:31.0772 2248  Serial - ok
23:13:31.0835 2248  [ 1D9F1BEC651815741F088A8FB88E17EE ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
23:13:31.0929 2248  sffdisk - ok
23:13:31.0944 2248  [ 586499FD312FFD7F78553F408E71682E ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
23:13:32.0054 2248  sffp_sd - ok
23:13:32.0069 2248  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:13:32.0163 2248  Sfloppy - ok
23:13:32.0350 2248  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:13:32.0772 2248  SharedAccess - ok
23:13:32.0850 2248  [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:13:32.0866 2248  ShellHWDetection - ok
23:13:32.0882 2248  Simbad - ok
23:13:32.0929 2248  [ 732D859B286DA692119F286B21A2A114 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:13:33.0054 2248  sisagp - ok
23:13:33.0179 2248  [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
23:13:33.0288 2248  SkypeUpdate - ok
23:13:33.0319 2248  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:13:33.0429 2248  SLIP - ok
23:13:38.0725 2248  [ 3708EFBAA0C3899430565E1D700F07C6 ] SNPSTD3         C:\WINDOWS\system32\DRIVERS\snpstd3.sys
23:13:48.0319 2248  SNPSTD3 - ok
23:13:48.0350 2248  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:13:48.0429 2248  Sparrow - ok
23:13:48.0460 2248  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:13:48.0507 2248  splitter - ok
23:13:48.0569 2248  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:13:48.0616 2248  Spooler - ok
23:13:48.0772 2248  [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser      C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:13:48.0897 2248  SQLBrowser - ok
23:13:48.0960 2248  [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter       C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:13:49.0022 2248  SQLWriter - ok
23:13:49.0100 2248  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:13:49.0194 2248  sr - ok
23:13:49.0319 2248  [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:13:49.0460 2248  srservice - ok
23:13:49.0679 2248  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:13:50.0054 2248  Srv - ok
23:13:50.0163 2248  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\WINDOWS\system32\DRIVERS\ssadbus.sys
23:13:50.0335 2248  ssadbus - ok
23:13:50.0366 2248  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
23:13:50.0460 2248  ssadmdfl - ok
23:13:50.0538 2248  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
23:13:50.0647 2248  ssadmdm - ok
23:13:50.0741 2248  [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd        C:\WINDOWS\system32\DRIVERS\ssadserd.sys
23:13:50.0835 2248  ssadserd - ok
23:13:50.0929 2248  [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus         C:\WINDOWS\system32\DRIVERS\sscdbus.sys
23:13:51.0054 2248  sscdbus - ok
23:13:51.0085 2248  [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl        C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
23:13:51.0116 2248  sscdmdfl - ok
23:13:51.0210 2248  [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm         C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
23:13:51.0304 2248  sscdmdm - ok
23:13:51.0382 2248  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:13:51.0475 2248  SSDPSRV - ok
23:13:51.0522 2248  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:13:51.0538 2248  ssmdrv - ok
23:13:51.0663 2248  [ 07318149E102FD9197AB444C27774372 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
23:13:51.0757 2248  ssudmdm - ok
23:13:51.0850 2248  [ 9D1A8732718438DC8C472D4D7762DE5F ] Start BT in service C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
23:13:51.0882 2248  Start BT in service - ok
23:13:51.0929 2248  [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
23:13:52.0038 2248  StillCam - ok
23:13:52.0272 2248  [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:13:52.0632 2248  stisvc - ok
23:13:52.0679 2248  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:13:52.0772 2248  streamip - ok
23:13:52.0804 2248  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:13:52.0897 2248  swenum - ok
23:13:52.0944 2248  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:13:53.0085 2248  swmidi - ok
23:13:53.0100 2248  SwPrv - ok
23:13:53.0132 2248  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
23:13:53.0257 2248  symc810 - ok
23:13:53.0288 2248  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:13:53.0382 2248  symc8xx - ok
23:13:53.0429 2248  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:13:53.0538 2248  sym_hi - ok
23:13:53.0585 2248  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:13:53.0679 2248  sym_u3 - ok
23:13:53.0804 2248  [ CC5DA243CFDAC58FC0408F7CE24084C5 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:13:53.0975 2248  SynTP - ok
23:13:54.0022 2248  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:13:54.0163 2248  sysaudio - ok
23:13:54.0241 2248  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:13:54.0397 2248  SysmonLog - ok
23:13:54.0554 2248  [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:13:54.0694 2248  TapiSrv - ok
23:13:54.0929 2248  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:13:55.0272 2248  Tcpip - ok
23:13:55.0319 2248  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:13:55.0429 2248  TDPIPE - ok
23:13:55.0475 2248  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:13:55.0569 2248  TDTCP - ok
23:13:55.0600 2248  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:13:55.0741 2248  TermDD - ok
23:13:55.0913 2248  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     C:\WINDOWS\System32\termsrv.dll
23:13:56.0210 2248  TermService - ok
23:13:56.0304 2248  [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:13:56.0319 2248  Themes - ok
23:13:56.0507 2248  [ 78213F01CE781F93180BEF5EB5B3AD81 ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
23:13:56.0725 2248  tifm21 - ok
23:13:56.0929 2248  [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
23:13:57.0022 2248  TlntSvr - ok
23:13:57.0069 2248  [ D213A9247DC347F305A2D4CC9B951487 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
23:13:57.0163 2248  TosIde - ok
23:13:57.0241 2248  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:13:57.0413 2248  TrkWks - ok
23:13:57.0460 2248  [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport        C:\WINDOWS\system32\drivers\tvicport.sys
23:13:57.0491 2248  tvicport ( UnsignedFile.Multi.Generic ) - warning
23:13:57.0491 2248  tvicport - detected UnsignedFile.Multi.Generic (1)
23:13:57.0538 2248  [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper        C:\WINDOWS\system32\drivers\UBHelper.sys
23:13:57.0554 2248  UBHelper ( UnsignedFile.Multi.Generic ) - warning
23:13:57.0554 2248  UBHelper - detected UnsignedFile.Multi.Generic (1)
23:13:57.0616 2248  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:13:57.0757 2248  Udfs - ok
23:13:57.0788 2248  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
23:13:57.0866 2248  ultra - ok
23:13:58.0069 2248  [ CED744117E91BDC0BEB810F7D8608183 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:13:58.0429 2248  Update - ok
23:13:58.0554 2248  [ 855790C1BACED245A6B210AF430ED17B ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:13:58.0710 2248  upnphost - ok
23:13:58.0741 2248  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             C:\WINDOWS\System32\ups.exe
23:13:58.0850 2248  UPS - ok
23:13:58.0913 2248  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
23:13:59.0069 2248  usbaudio - ok
23:13:59.0100 2248  [ 0C28DD9EC68CCB6E95D49BFD24FD2C11 ] USBCamera       C:\WINDOWS\system32\Drivers\Bulk533.sys
23:13:59.0116 2248  USBCamera - ok
23:13:59.0179 2248  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:13:59.0288 2248  usbccgp - ok
23:13:59.0335 2248  [ B0D7020386C7187EF9C5A9643F289CD3 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:13:59.0397 2248  usbehci - ok
23:13:59.0444 2248  [ ACE960E54148821E8E48F5D191562C28 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:13:59.0507 2248  usbhub - ok
23:13:59.0554 2248  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:13:59.0663 2248  usbprint - ok
23:13:59.0694 2248  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:13:59.0835 2248  usbscan - ok
23:13:59.0882 2248  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:13:59.0991 2248  usbstor - ok
23:14:00.0038 2248  [ FF6E4FDEB82DC228EFA490336409C6BD ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:14:00.0069 2248  usbuhci - ok
23:14:00.0132 2248  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
23:14:00.0272 2248  usbvideo - ok
23:14:00.0319 2248  [ 51750B0539986186C6931FC40D171521 ] VComm           C:\WINDOWS\system32\DRIVERS\VComm.sys
23:14:00.0350 2248  VComm - ok
23:14:00.0397 2248  [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] VcommMgr        C:\WINDOWS\system32\Drivers\VcommMgr.sys
23:14:00.0429 2248  VcommMgr - ok
23:14:00.0475 2248  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:14:00.0585 2248  VgaSave - ok
23:14:00.0616 2248  [ B2A7F67DF95E5FFF5129734F854B7705 ] VHidMinidrv     C:\WINDOWS\system32\drivers\VHIDMini.sys
23:14:00.0647 2248  VHidMinidrv - ok
23:14:00.0679 2248  [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:14:00.0788 2248  viaagp - ok
23:14:00.0804 2248  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
23:14:00.0897 2248  ViaIde - ok
23:14:00.0975 2248  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:14:01.0100 2248  VolSnap - ok
23:14:01.0272 2248  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             C:\WINDOWS\System32\vssvc.exe
23:14:01.0491 2248  VSS - ok
23:14:01.0585 2248  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         C:\WINDOWS\system32\w32time.dll
23:14:01.0788 2248  W32Time - ok
23:14:01.0819 2248  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:14:01.0929 2248  Wanarp - ok
23:14:01.0975 2248  [ B2E899062723723B3F150023B5A123AD ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
23:14:02.0116 2248  wceusbsh - ok
23:14:02.0382 2248  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:14:02.0757 2248  Wdf01000 - ok
23:14:02.0757 2248  WDICA - ok
23:14:02.0819 2248  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:14:02.0913 2248  wdmaud - ok
23:14:02.0975 2248  [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:14:03.0069 2248  WebClient - ok
23:14:03.0460 2248  [ 307D248F97835B6879BDD361086924FE ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:14:04.0116 2248  winachsf - ok
23:14:04.0335 2248  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:14:04.0507 2248  winmgmt - ok
23:14:04.0522 2248  wltrysvc - ok
23:14:04.0600 2248  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
23:14:04.0679 2248  WmdmPmSN - ok
23:14:05.0054 2248  [ C8FC9889A70E775B7C5A0BB297D6F845 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:14:05.0694 2248  Wmi - ok
23:14:05.0741 2248  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:14:05.0850 2248  WmiAcpi - ok
23:14:05.0944 2248  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:14:06.0132 2248  WmiApSrv - ok
23:14:06.0194 2248  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:14:06.0225 2248  WpdUsb - ok
23:14:06.0694 2248  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:14:07.0335 2248  WPFFontCache_v0400 - ok
23:14:07.0366 2248  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:14:07.0475 2248  WS2IFSL - ok
23:14:07.0538 2248  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:14:07.0679 2248  wscsvc - ok
23:14:07.0710 2248  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:14:07.0835 2248  WSTCODEC - ok
23:14:07.0866 2248  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:14:07.0960 2248  wuauserv - ok
23:14:08.0038 2248  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:14:08.0132 2248  WudfPf - ok
23:14:08.0179 2248  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:14:08.0241 2248  WudfRd - ok
23:14:08.0319 2248  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
23:14:08.0366 2248  WudfSvc - ok
23:14:08.0632 2248  [ EB52B74A5DAADC2CCA68B3E7D81007E6 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:14:08.0991 2248  WZCSVC - ok
23:14:09.0100 2248  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:14:09.0272 2248  xmlprov - ok
23:14:09.0319 2248  [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport         C:\WINDOWS\system32\drivers\zntport.sys
23:14:09.0319 2248  zntport ( UnsignedFile.Multi.Generic ) - warning
23:14:09.0319 2248  zntport - detected UnsignedFile.Multi.Generic (1)
23:14:09.0350 2248  ================ Scan global ===============================
23:14:09.0397 2248  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
23:14:09.0600 2248  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
23:14:09.0897 2248  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
23:14:09.0991 2248  [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
23:14:09.0991 2248  [Global] - ok
23:14:09.0991 2248  ================ Scan MBR ==================================
23:14:10.0038 2248  [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
23:14:13.0288 2248  \Device\Harddisk0\DR0 - ok
23:14:13.0304 2248  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR4
23:14:16.0757 2248  \Device\Harddisk1\DR4 - ok
23:14:16.0757 2248  ================ Scan VBR ==================================
23:14:16.0819 2248  [ 094BCB49A1AD56724E8C94CDEC429E33 ] \Device\Harddisk0\DR0\Partition1
23:14:16.0819 2248  \Device\Harddisk0\DR0\Partition1 - ok
23:14:16.0850 2248  [ E5C6E70B846D061F9A21664F64F5D626 ] \Device\Harddisk0\DR0\Partition2
23:14:16.0850 2248  \Device\Harddisk0\DR0\Partition2 - ok
23:14:16.0850 2248  [ 6797DDD23DC6B1F1D4145BD300BA1354 ] \Device\Harddisk1\DR4\Partition1
23:14:16.0850 2248  \Device\Harddisk1\DR4\Partition1 - ok
23:14:16.0850 2248  ============================================================
23:14:16.0850 2248  Scan finished
23:14:16.0850 2248  ============================================================
23:14:16.0975 0828  Detected object count: 22
23:14:16.0975 0828  Actual detected object count: 22
23:14:52.0319 0828  derby ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0319 0828  derby ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0319 0828  eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0319 0828  eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0319 0828  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0319 0828  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0335 0828  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0335 0828  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0335 0828  int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0335 0828  int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0335 0828  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0335 0828  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0335 0828  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0335 0828  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0335 0828  NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0335 0828  NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0350 0828  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0350 0828  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0350 0828  psdfilter ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0350 0828  psdfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0350 0828  psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0350 0828  psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0350 0828  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0350 0828  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0350 0828  SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0350 0828  SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0350 0828  SE27mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0350 0828  SE27mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0366 0828  SE27mdm ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0366 0828  SE27mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0366 0828  SE27mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0366 0828  SE27mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0366 0828  se27nd5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0366 0828  se27nd5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0366 0828  SE27obex ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0366 0828  SE27obex ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0366 0828  se27unic ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0366 0828  se27unic ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0366 0828  tvicport ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0366 0828  tvicport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0382 0828  UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0382 0828  UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:14:52.0382 0828  zntport ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:52.0382 0828  zntport ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 16.05.2013, 12:27

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Wendel · 18.05.2013, 16:56

Anbei das JRT-Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Admin on 18.05.2013 at 15:34:51,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.05.2013 at 15:36:57,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

dann das AdwCleaner-Log:

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 18/05/2013 um 15:42:41 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : Admin - ACER-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [1909 octets] - [18/05/2013 15:42:41]

########## EOF - C:\AdwCleaner[S1].txt - [1969 octets] ##########

Dann das OTL-Log:

Code:

ATTFilter

OTL logfile created on: 18.05.2013 16:10:09 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop\Schritt 2 OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,36 Mb Total Physical Memory | 307,48 Mb Available Physical Memory | 30,31% Memory free
2,38 Gb Paging File | 1,54 Gb Available in Paging File | 64,78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,33 Gb Total Space | 11,61 Gb Free Space | 16,28% Space Free | Partition Type: NTFS
Drive D: | 71,84 Gb Total Space | 19,51 Gb Free Space | 27,16% Space Free | Partition Type: FAT32
Drive F: | 7,31 Gb Total Space | 1,57 Gb Free Space | 21,50% Space Free | Partition Type: FAT32
 
Computer Name: ACER-LAPTOP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Dokumente und Einstellungen\Admin\Desktop\Schritt 2 OTL\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V4.20.exe (Microsoft Corporation)
PRC - d:\2fe8ca94dd2b50322e87b92daee6ff93\mrtstub.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Dokumente und Einstellungen\Anwender\Desktop\Nadine Grundschule\AZ 6-1\jre1.6.0\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
PRC - C:\Dokumente und Einstellungen\Anwender\Desktop\Nadine Grundschule\AZ 6-1\derby\wrapper.exe ()
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\WINDOWS\vsnpstd3.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2ae42fd7\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_97e900cf\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d8fb7d05\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d8985eb5\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3842bc82\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ()
MOD - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
MOD - C:\Acer\Empowering Technology\eSettings\CPUID.dll ()
MOD - C:\Dokumente und Einstellungen\Anwender\Desktop\Nadine Grundschule\AZ 6-1\derby\wrapper.exe ()
MOD - C:\Dokumente und Einstellungen\Anwender\Desktop\Nadine Grundschule\AZ 6-1\derby\wrapper.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
MOD - c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll ()
MOD - C:\WINDOWS\vsnpstd3.exe ()
MOD - C:\Acer\Empowering Technology\eRecovery\it41.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\imagefile.dll ()
MOD - C:\Acer\Empowering Technology\ePower\DialogDLL.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (BlueSoleil Hid Service) -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Start BT in service) -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
SRV - (derby) -- C:\Dokumente und Einstellungen\Anwender\Desktop\Nadine Grundschule\AZ 6-1\derby\wrapper.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe ( )
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys File not found
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys (Acer, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (s116unic) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (VHidMinidrv) -- C:\WINDOWS\system32\drivers\VHIDMini.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (se27unic) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
DRV - (se27nd5) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
DRV - (SE27mgmt) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (Ca533av) -- C:\WINDOWS\system32\drivers\Ca533av.sys (Digital Camera)
DRV - (USBCamera) -- C:\WINDOWS\system32\drivers\Bulk533.sys (USB BULK)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/
IE - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = 
IE - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\..\SearchScopes,DefaultScope = {21B87A7E-CDF4-46F5-9CD0-2DBDB4E0F98C}
IE - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\..\SearchScopes\{21B87A7E-CDF4-46F5-9CD0-2DBDB4E0F98C}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2013.05.12 22:07:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AZ 6-1.launcher.kids.lnk = C:\Dokumente und Einstellungen\Anwender\Desktop\Nadine Grundschule\AZ 6-1\Kids\az6-1.launcher.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\phase-6 Reminder.lnk = C:\Programme\phase-6\phase-6\reminder\reminder.exe (phase-6)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-558968738-4057579624-2930823220-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/30.66/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {AC3FC1E2-26B3-46E5-8EC2-B1D5E4C90331} hxxp://www.microseven.com/hrctech/front/CameraOCX.cab (CameraOCX Control)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://217.91.155.3:2250/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{342C4028-4608-4654-9639-67ABEC754DE0}: DhcpNameServer = 195.182.110.132 62.134.11.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C64732AC-D1BE-4E73-8E1D-0BEAC9F5F8A1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2013.05.18 15:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\CyberLink PowerDVD
[2013.05.18 15:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.05.18 15:33:40 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.18 15:31:21 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Admin\Desktop\JRT.exe
[2013.05.16 00:21:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\tdsskiller
[2013.05.15 22:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\aswMBR
[2013.05.13 23:15:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.05.13 22:08:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Avira
[2013.05.13 18:37:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\mbar
[2013.05.13 18:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2013.05.13 18:22:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.13 18:22:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.05.13 18:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.05.12 23:45:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Malwarebytes Anti-Malware 1.75
[2013.05.12 23:44:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer
[2013.05.12 21:39:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.05.12 21:34:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.12 21:34:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.12 21:34:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.12 21:34:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.12 21:34:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.12 21:34:18 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Verwaltung
[2013.05.12 21:34:18 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Eigene Videos
[2013.05.12 21:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.12 21:24:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Combofix
[2013.05.11 00:24:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\.az61.sound
[2013.05.11 00:24:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\.az61
[2013.05.08 12:27:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Schritt 2 OTL
[2013.05.08 12:27:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Temp
[2013.04.16 22:38:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hvxi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2013.05.18 17:11:25 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DE629F5D-64E1-4DDE-B3E4-D66254841F57}.job
[2013.05.18 15:49:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.18 15:49:32 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.18 15:40:32 | 000,632,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
[2013.05.18 15:31:28 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Admin\Desktop\JRT.exe
[2013.05.18 11:58:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.13 18:22:42 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.12 23:42:29 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.12 22:07:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.12 21:39:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.05.11 20:40:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.11 20:38:20 | 000,114,026 | ---- | M] () -- C:\WINDOWS\cjtbphe.ufq
[2013.05.11 20:38:03 | 000,051,855 | ---- | M] () -- C:\WINDOWS\hit.pir
[2013.05.11 00:24:09 | 000,001,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AZ 6-1.launcher.kids.lnk
[2013.05.08 14:36:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\DriverBoost-RTMUpdater.job
[2013.05.08 12:21:15 | 000,159,954 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Trojaner-Board.JPG
[2013.04.16 23:50:40 | 000,061,564 | ---- | M] () -- C:\WINDOWS\gkj.xar
[2013.04.16 22:42:30 | 000,101,089 | ---- | M] () -- C:\WINDOWS\htr.ivo
[2013.04.16 22:38:38 | 000,243,622 | ---- | M] () -- C:\WINDOWS\zkkv.fnk
[2013.04.16 22:36:46 | 000,211,604 | ---- | M] () -- C:\WINDOWS\larnas.vyk
[2013.04.13 08:52:56 | 000,532,548 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.13 08:52:56 | 000,098,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.13 08:52:55 | 000,564,920 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.13 08:52:55 | 000,120,612 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.02 09:25:06 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\DriverBoost-RTMScan.job
[2013.04.02 08:23:06 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\DriverBoost-RTMRules.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.18 15:40:30 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
[2013.05.13 18:22:42 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.12 21:39:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.05.12 21:39:13 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.05.12 21:34:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.12 21:34:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.12 21:34:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.12 21:34:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.12 21:34:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.11 00:23:12 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.08 12:21:15 | 000,159,954 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Trojaner-Board.JPG
[2013.04.16 22:42:16 | 000,114,026 | ---- | C] () -- C:\WINDOWS\cjtbphe.ufq
[2013.04.16 22:42:16 | 000,101,089 | ---- | C] () -- C:\WINDOWS\htr.ivo
[2013.04.16 22:38:38 | 000,243,622 | ---- | C] () -- C:\WINDOWS\zkkv.fnk
[2013.04.16 22:36:48 | 000,051,855 | ---- | C] () -- C:\WINDOWS\hit.pir
[2013.04.16 22:36:46 | 000,211,604 | ---- | C] () -- C:\WINDOWS\larnas.vyk
[2013.04.16 22:35:33 | 000,061,564 | ---- | C] () -- C:\WINDOWS\gkj.xar
[2012.06.17 23:55:33 | 000,154,104 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2012.06.17 23:55:33 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2012.06.17 23:48:09 | 000,154,121 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2012.06.17 23:48:09 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011.07.01 02:51:38 | 000,434,416 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.06.16 22:58:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.16 03:18:03 | 001,300,918 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-558968738-4057579624-2930823220-1008-0.dat
[2011.06.11 12:05:39 | 000,319,662 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2009.10.20 22:31:08 | 000,008,628 | -H-- | C] () -- C:\Programme\Gemeinsame Dateien\Fontinfo.GID
[2008.05.24 15:23:04 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.24 08:22:50 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2007.08.10 12:40:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.02.16 10:59:29 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

... schließlich noch das Extras.txt-File:

Code:

ATTFilter

OTL Extras logfile created on: 18.05.2013 16:10:09 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop\Schritt 2 OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,36 Mb Total Physical Memory | 307,48 Mb Available Physical Memory | 30,31% Memory free
2,38 Gb Paging File | 1,54 Gb Available in Paging File | 64,78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,33 Gb Total Space | 11,61 Gb Free Space | 16,28% Space Free | Partition Type: NTFS
Drive D: | 71,84 Gb Total Space | 19,51 Gb Free Space | 27,16% Space Free | Partition Type: FAT32
Drive F: | 7,31 Gb Total Space | 1,57 Gb Free Space | 21,50% Space Free | Partition Type: FAT32
 
Computer Name: ACER-LAPTOP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\Videoplayer\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Eigene Programme\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm Fotowelt] -- "C:\Eigene Programme\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "C:\Eigene Programme\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\Videoplayer\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Anwender\Desktop\Phoner lite 147\PhonerLite.exe" = C:\Dokumente und Einstellungen\Anwender\Desktop\Phoner lite 147\PhonerLite.exe:*:Enabled:VoIP Softphone -- (Heiko Sommerfeldt)
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Programme\Unified Remote\RemoteServer.exe" = C:\Programme\Unified Remote\RemoteServer.exe:*:Enabled:Unified Remote -- (Unified Remote)
"C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner lite132\PhonerLite.exe" = C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner lite132\PhonerLite.exe:*:Enabled:VoIP Softphone -- (Heiko Sommerfeldt)
"C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner lite147\PhonerLite.exe" = C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner lite147\PhonerLite.exe:*:Enabled:VoIP Softphone -- (Heiko Sommerfeldt)
"C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-Lite141\PhonerLite.exe" = C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-Lite141\PhonerLite.exe:*:Enabled:VoIP Softphone -- (Heiko Sommerfeldt)
"C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite144\PhonerLite.exe" = C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite144\PhonerLite.exe:*:Enabled:VoIP Softphone -- (Heiko Sommerfeldt)
"C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite184\PhonerLite.exe" = C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite184\PhonerLite.exe:*:Enabled:VoIP Softphone -- (Heiko Sommerfeldt)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite191\PhonerLite.exe" = C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite191\PhonerLite.exe:*:Enabled:PhonerLite VoIP Softphone -- (Heiko Sommerfeldt)
"C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite195\PhonerLite.exe" = C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite195\PhonerLite.exe:*:Enabled:PhonerLite VoIP Softphone -- (Heiko Sommerfeldt)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Temp\7zS495B\setup\HPZnui01.exe" = C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Temp\7zS495B\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite207\PhonerLite.exe" = C:\Dokumente und Einstellungen\Anwender\Desktop\Daten\Phoner Lite\Phoner-lite207\PhonerLite.exe:*:Enabled:PhonerLite VoIP Softphone -- (Heiko Sommerfeldt)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}" = DriverBoost
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0F2AF8BE-03A3-4845-81A2-9C9B3CCAE605}" = WGW Heimat- und Sachkunde 1 und 2
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{64F974D4-135B-4BB9-9791-CD94AEBDAE5C}" = WGW Deutsch 1
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABA8CC0-E3DE-4434-A7C7-180E153429B4}" = Unified Remote
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B56E0F8-762D-46F8-846D-D9609116997E}" = WGW Deutsch 3
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{8E17C794-618A-4258-B817-5C81821B0CCA}" = WGW Heimat- und Sachkunde 3 und 4
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{93FFBCB3-9DC8-4807-8E2B-D36E9C18A289}" = WGW Deutsch 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D47F8150-0A94-416D-8A59-0A2E9B9D6773}" = MediaXW
"{D4CB7852-8308-4BBB-AF7D-48F073B58507}" = Digital Cam
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{E024F0D3-63D6-4C2A-BB94-7667FB125822}" = WGW Deutsch 2
"{EABE970D-5025-4F24-9727-240742AC8A98}" = BilliBanni Vorschule Weiche Landung in Ballonien!
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"AZ 6-1.kids" = AZ 6-1.kids (remove only)
"Broadcom 802.11 Application" = Broadcom Wireless-Dienstprogramm
"Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"casinoshare" = Casino Share
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"Etiketten professionell" = Etiketten professionell
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Infothek kompakt" = Infothek kompakt
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.4088
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IPCameraDSFilter" = IP Camera DS Filter
"Lern-Karteikasten Englisch Grundschule" = Lern-Karteikasten Englisch Grundschule
"Lern-Karteikasten Mathe ab Klasse 2" = Lern-Karteikasten Mathe ab Klasse 2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mathe Klasse 1 - 4" = Mathe Klasse 1 - 4
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Kids Mathematik 2_is1" = PC-Kids Mathematik 2
"phase-6" = phase-6 2.3.2
"PROHYBRIDR" = 2007 Microsoft Office system
"Ravensburger tiptoi" = Ravensburger tiptoi
"Schlaumäuse 2_is1" = Schlaumäuse 2
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.05.2013 17:17:07 | Computer Name = ACER-LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: MediaXW -- Error 1706. An installation package for the product
 MediaXW cannot be found. Try the installation again using a valid copy of the installation
 package 'MediaXW-0.0.6[1].msi'.
 
Error - 15.05.2013 18:20:35 | Computer Name = ACER-LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: MediaXW -- Error 1706. An installation package for the product
 MediaXW cannot be found. Try the installation again using a valid copy of the installation
 package 'MediaXW-0.0.6[1].msi'.
 
Error - 18.05.2013 05:59:06 | Computer Name = ACER-LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 15466
Description = Fehler beim Entschlüsseln.
 
Error - 18.05.2013 05:59:08 | Computer Name = ACER-LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 17190
Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 1.
 
Error - 18.05.2013 09:42:08 | Computer Name = ACER-LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: MediaXW -- Error 1706. An installation package for the product
 MediaXW cannot be found. Try the installation again using a valid copy of the installation
 package 'MediaXW-0.0.6[1].msi'.
 
Error - 18.05.2013 09:51:21 | Computer Name = ACER-LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 15466
Description = Fehler beim Entschlüsseln.
 
Error - 18.05.2013 09:51:28 | Computer Name = ACER-LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 17190
Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 1.
 
Error - 18.05.2013 09:58:44 | Computer Name = ACER-LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: MediaXW -- Error 1706. An installation package for the product
 MediaXW cannot be found. Try the installation again using a valid copy of the installation
 package 'MediaXW-0.0.6[1].msi'.
 
Error - 18.05.2013 10:00:01 | Computer Name = ACER-LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: MediaXW -- Error 1706. An installation package for the product
 MediaXW cannot be found. Try the installation again using a valid copy of the installation
 package 'MediaXW-0.0.6[1].msi'.
 
Error - 18.05.2013 10:00:10 | Computer Name = ACER-LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: MediaXW -- Error 1706. An installation package for the product
 MediaXW cannot be found. Try the installation again using a valid copy of the installation
 package 'MediaXW-0.0.6[1].msi'.
 
[ OSession Events ]
Error - 15.07.2012 15:09:03 | Computer Name = ACER-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18295
 seconds with 3420 seconds of active time.  This session ended with a crash.
 
Error - 14.01.2013 19:52:58 | Computer Name = ACER-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29588
 seconds with 5280 seconds of active time.  This session ended with a crash.
 
Error - 15.04.2013 06:42:53 | Computer Name = ACER-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6300
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.05.2013 06:04:01 | Computer Name = ACER-LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1460
 
Error - 18.05.2013 06:13:09 | Computer Name = ACER-LAPTOP | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "MSIServer"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {000C101C-0000-0000-C000-000000000046}
 
Error - 18.05.2013 06:13:10 | Computer Name = ACER-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
 Installer.
 
Error - 18.05.2013 06:13:11 | Computer Name = ACER-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 18.05.2013 09:35:19 | Computer Name = ACER-LAPTOP | Source = Service Control Manager | ID = 7034
Description = Dienst "Live Updater Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 18.05.2013 09:50:49 | Computer Name = ACER-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WWL 401 Video Camera Device" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1058
 
Error - 18.05.2013 09:51:00 | Computer Name = ACER-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst eLock
 Service.
 
Error - 18.05.2013 09:53:21 | Computer Name = ACER-LAPTOP | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 18.05.2013 09:55:48 | Computer Name = ACER-LAPTOP | Source = ipnathlp | ID = 32003
Description = Der Übersetzer für Netzwerkadressen (NAT) konnte  keine Anfrage des
 Übersetzungsmoduls des Kernelmodus stellen.  Möglicherweise liegen eine falsche Konfiguration,
 unzureichende Ressourcen oder  ein interner Fehler vor.  Die Daten enthalten den Fehlercode.
 
Error - 18.05.2013 09:55:50 | Computer Name = ACER-LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1460
 
 
< End of report >

cosinus · 19.05.2013, 02:38

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
FF - user.js - File not found
[2013.04.16 22:42:16 | 000,114,026 | ---- | C] () -- C:\WINDOWS\cjtbphe.ufq
[2013.04.16 22:42:16 | 000,101,089 | ---- | C] () -- C:\WINDOWS\htr.ivo
[2013.04.16 22:38:38 | 000,243,622 | ---- | C] () -- C:\WINDOWS\zkkv.fnk
[2013.04.16 22:36:48 | 000,051,855 | ---- | C] () -- C:\WINDOWS\hit.pir
[2013.04.16 22:36:46 | 000,211,604 | ---- | C] () -- C:\WINDOWS\larnas.vyk
[2013.04.16 22:35:33 | 000,061,564 | ---- | C] () -- C:\WINDOWS\gkj.xar
[2013.04.02 09:25:06 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\DriverBoost-RTMScan.job
[2013.04.02 08:23:06 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\DriverBoost-RTMRules.job
[2013.04.16 22:38:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hvxi
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Wendel · 19.05.2013, 12:18

Hier das Textfile nach dem Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\WINDOWS\cjtbphe.ufq moved successfully.
C:\WINDOWS\htr.ivo moved successfully.
C:\WINDOWS\zkkv.fnk moved successfully.
C:\WINDOWS\hit.pir moved successfully.
C:\WINDOWS\larnas.vyk moved successfully.
C:\WINDOWS\gkj.xar moved successfully.
C:\WINDOWS\tasks\DriverBoost-RTMScan.job moved successfully.
C:\WINDOWS\tasks\DriverBoost-RTMRules.job moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hvxi folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Admin\Desktop\Schritt 2 OTL\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Admin\Desktop\Schritt 2 OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 85375631 bytes
->Temporary Internet Files folder emptied: 105087038 bytes
->Flash cache emptied: 1391 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Anwender
->Temp folder emptied: 2149709368 bytes
->Temporary Internet Files folder emptied: 1516027354 bytes
->Java cache emptied: 13469427 bytes
->Flash cache emptied: 369834 bytes
 
User: Default User
->Temp folder emptied: 15205844 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Internet
->Temp folder emptied: 225280 bytes
->Temporary Internet Files folder emptied: 2304219 bytes
->Flash cache emptied: 1090 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 401 bytes
 
User: NetworkService
->Temp folder emptied: 98304 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 90112 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 213590 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.708,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05192013_122215

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\XOUFS0N2\NDSVFVH7ZFAES2;s=i0;s=i2;s=i3;s=i4;s=i5;s=i6;s=i7;s=i8;s=i9;s=71;s=20;s=40;s=569;s=602;s=388;s=389;s=300;s=57;s=433;s=m1;s=m4;s=u15;s=u9;s=u5;s=u7;z=64;z=37;tile=1;cid=cpse_y[1] not found!
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temp\Perflib_Perfdata_324.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 19.05.2013, 20:29

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Wendel · 20.05.2013, 16:11

Teil 1 der vorherigen Aufgabe:
Vollscan mit Malwarebytes Anti-Malware (MBAM)

Durchsuchte Objekte: 427940
Laufzeit: 4 Stunde(n), 43 Minute(n), 44 Sekunde(n)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.20.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: ACER-LAPTOP [Administrator]

20.05.2013 11:49:31
mbam-log-2013-05-20 (11-49-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 427940
Laufzeit: 4 Stunde(n), 43 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\casinoshare (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Microgaming\Casino\CasinoShare\install.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

* Media MX gibt noch keine Ruhe
* Der Rechner startet sehr langsam nach einem Neustart
* Auch bis das ausgewählte Benutzerkonto gestartet ist, dauert recht lange.
(Wenns ein Auto wäre, würde man denken, man fährt mit angezogener Handbremse den Berg hoch).

Weiter geht es mit ESET Online Scanner.
Wenn dieser Scan auch so lange dauert, poste ich das Ergebnis morgen.

Kann ich in das blockierte Benutzerkonto "Anwender" schon rein
und mal schauen, ob die Blockade schon weg ist ?

Teil 2 der vorherigen Aufgabe:
Das Log vom ESET Online Scanner ist jetzt auch durch:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5f47405a66fc804ba3e20ff2954fccdf
# engine=13873
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-20 07:16:59
# local_time=2013-05-20 09:16:59 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775165 100 93 192467 105609282 6895 0
# scanned=139973
# found=0
# cleaned=0
# scan_time=13321

cosinus · 20.05.2013, 23:25

Sieht soweit ok ausm da wurden nur Müllreste gefunden

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Wendel · 20.05.2013, 23:46

Zitat:

Kann ich in das blockierte Benutzerkonto "Anwender" schon rein
und mal schauen, ob die Blockade schon weg ist ?

O.K., wenn Du mich so fragst, ob alles wieder i.O. ist, werde ich mal rein gehen und nachschauen.
Bis jetzt war ich noch nicht wieder in dem Benutzerkonto, denn ich habe auf Anweisung gewartet, daß ich nachschauen kann.
Ich werde das Ergebnis dann berichten.

Zitat:

* Der Rechner startet sehr langsam nach einem Neustart
* Auch bis das ausgewählte Benutzerkonto gestartet ist, dauert recht lange.
(Wenns ein Auto wäre, würde man denken, man fährt mit angezogener Handbremse den Berg hoch).

Dies sind derzeit noch die Hauptprobleme.
(MediaMX habe ich inzwischen auch gelöst, nach dem ich das File gefunden hatte, welches er verlangt hat.)
Sind da irgendwelche Startdateien zugemüllt, weil er sich beim Starten so schwer tut ?

Wendel · 21.05.2013, 00:16

------------------------------------------------------------------------------------

Update:

Hurra, ich bin wieder drinnen !

Das erste Posting von meinem ursprünglich gesperrten Benutzerkonto.

Vielen herzlichen Dank für Deinen genialen Support !!

Das ist mir für das Forum eine Spende wert !
(werde morgen früh gleich mal die Paypal-Daten raussuchen)

Wie gesagt, schafft der Rechner wie wild beim Start, bzw. auch nach dem Anmelden ans Benutzerkonto.
Von dem Zeitpunkt, wo er mich den Task-Manager hat anschalten lassen bis zu dem Zeitpunkt,
wo er sich einigermaßen beruhigt hat, habe ich mal ein Screen-Shot von der CPU-Auslastung angehängt.

Ist in den bisherigen Logs irgendwas aufgefallen, was dieses Verhalten erklären könnte ?

14.05.2013, 10:37	#31
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner - GVU (Urheberrechtsverletzung ohne Webcam) Hast du schon den zweiten MBAR-Scan gemacht? __________________ Logfiles bitte immer in CODE-Tags posten

15.05.2013, 22:04	#35
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner - GVU (Urheberrechtsverletzung ohne Webcam) ja bitte __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner - GVU (Urheberrechtsverletzung ohne Webcam)

Plagegeister aller Art und deren Bekämpfung: Trojaner - GVU (Urheberrechtsverletzung ohne Webcam)