Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Blue Screen beim Anmelden oder auch während der Nutzung des PC's (https://www.trojaner-board.de/108524-blue-screen-beim-anmelden-waehrend-nutzung-pcs.html)

villakarow 24.01.2012 08:58
Blue Screen beim Anmelden oder auch während der Nutzung des PC's
 
Hallo Helfer,

ich habe sehr oft beim Hochfahren des PC's einen Blue Sreen und dann folgende Fehlermeldung (mal die eine, mal die andere): "Page fault in non page area" oder irgendwas mit "nvmf6232.sys" (konnte nicht so schnell lesen). Ich habe zunächst gedacht, dass dies daran liegt, weil mein Systemlaufwerk voll war (nur noch ein paar MB frei). Das habe ich dann jedoch erweitert und der Fehler tritt weiterhin auf. Ich habe dann per google euch gefunden und auch bereits die Scans gemacht. Bedanke mich bereits jetzt für eure Hilfe.

Hier die OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 24.01.2012 00:11:42 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 75,90% Memory free
6,00 Gb Paging File | 5,41 Gb Available in Paging File | 90,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 257,01 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
Drive F: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 14,65 Gb Total Space | 12,24 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 393,01 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive Y: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: CSC-CACHE
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PS3 Media Server) --  File not found
SRV - (Radio.fx) -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (StarMoney 7.0 OnlineUpdate) -- G:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (CLKMSVC10_E1A16B3C) -- G:\Program Files\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (SONICWALL_NetExtender) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\system32\drivers\WinUSB.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (NinjaUSB) -- C:\Windows\System32\drivers\NinjaUSB.sys ()
DRV - (NxDrv) -- C:\Windows\System32\drivers\NxDrv.sys (SonicWALL Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys (SiSoftware)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (FireDTV_DVBS2) -- C:\Windows\System32\drivers\FireDTV_BDA_DVBS2.sys (digital everywhere)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\Windows\System32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 0B 0A 86 3F 34 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.12.06 21:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 03:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 03:24:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
 
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.19 22:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.26 12:36:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.20 19:14:57 | 000,000,000 | ---D | M] (Vodafone Video Plugin for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\vodafone_video_plugin@vodafone.com
[2011.11.13 14:06:24 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\11-suche.xml
[2010.07.17 14:38:43 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\conduit.xml
[2011.11.13 14:06:24 | 000,002,226 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\englische-ergebnisse.xml
[2011.11.13 14:06:24 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\gmx-suche.xml
[2011.11.13 14:06:24 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\lastminute.xml
[2011.11.13 14:06:24 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\webde-suche.xml
[2012.01.08 03:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.06 21:02:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.01.08 03:24:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.15 23:57:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.15 23:57:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.15 23:57:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.15 23:57:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.15 23:57:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.15 23:57:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] G:\Program Files\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LGODDFU] G:\Program Files\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [RemoteControl9] G:\Program Files\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mysap.com ([tcs]  in Local intranet)
O15 - HKCU\..Trusted Domains: mysap.com ([tcs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*]  in Local intranet)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656]  in Local intranet)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26FD08B-C89E-4C7B-BB14-75191404BEDB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (AirfoilInject3.dll) -C:\Windows\System32\AirfoilInject3.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell - "" = AutoRun
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.24 00:01:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.19 23:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.19 23:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.19 23:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.16 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SonicWALL SSL-VPN NetExtender
[2012.01.16 14:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\SonicWALL
[2012.01.15 19:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\ProgDVB
[2012.01.15 18:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.01.15 18:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.01.15 18:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.01.15 18:09:45 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2012.01.15 17:18:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.01.15 17:18:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.01.15 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ECE5F498-1FE2-4D5D-80D7-2D7D0119A693}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{17E6614C-5078-4717-8A54-35BFC711C460}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{08FCFB46-B553-48A7-BFE5-9303BA82F62E}
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2012.01.13 22:08:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.13 22:08:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.13 21:58:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.08 16:20:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.08 16:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.01.08 16:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012.01.08 13:53:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2012.01.07 23:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.01 19:02:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Seas0nPass
[2012.01.01 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\***\CyberLink
[2012.01.01 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2012.01.01 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go
[2012.01.01 15:52:51 | 000,000,000 | ---D | C] -- C:\Temp
[2012.01.01 15:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2012.01.01 15:51:36 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6KO.DLL
[2012.01.01 15:51:36 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemdisp.tlb
[2012.01.01 15:51:35 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2012.01.01 15:45:12 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2012.01.01 15:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.01.01 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2012.01.01 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2012.01.01 15:36:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.01.01 15:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012.01.01 15:36:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.01.01 15:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011.12.29 14:04:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{476EF0BB-04D2-4678-8A2C-67248D68924A}
[2011.12.29 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0DC5FC1E-84E2-49E0-9598-025BDD6B7509}
[2011.12.29 12:02:32 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011.12.29 11:43:13 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.12.29 11:43:12 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011.12.29 11:43:04 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.12.29 11:39:47 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 00:10:13 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:05 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.23 23:49:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.23 23:35:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.23 23:35:20 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.23 07:49:37 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.23 07:49:37 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 00:53:27 | 000,007,595 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.17 23:01:01 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.17 23:01:01 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.17 23:01:01 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.17 23:01:01 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.16 14:46:24 | 000,014,976 | ---- | M] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 14:43:16 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2012.01.16 11:10:53 | 000,668,751 | ---- | M] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.16 08:27:42 | 000,302,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.15 18:32:41 | 000,266,087 | ---- | M] () -- C:\Windows\hpwins23.dat
[2012.01.15 18:15:43 | 000,002,029 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.08 18:37:39 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2012.01.01 16:03:54 | 000,000,750 | ---- | M] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:56:10 | 000,000,283 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:53:52 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:35:09 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2011.12.29 12:00:18 | 000,000,020 | ---- | M] () -- C:\Windows\ÈùZ
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.24 00:10:13 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:16 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.16 14:46:21 | 000,014,976 | ---- | C] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 10:13:24 | 000,668,751 | ---- | C] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.15 18:15:43 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.15 18:13:28 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.01.15 18:07:33 | 000,266,087 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012.01.02 23:52:52 | 000,262,526 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012.01.01 15:52:43 | 000,000,750 | ---- | C] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:51:54 | 000,000,283 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:35:09 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2011.12.29 12:01:37 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.12.29 12:00:33 | 000,001,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.12.29 12:00:16 | 000,000,020 | ---- | C] () -- C:\Windows\ÈùZ
[2011.12.08 23:46:58 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.10.19 21:25:26 | 000,162,440 | ---- | C] () -- C:\Windows\System32\AirfoilInject3.dll
[2011.07.24 17:01:20 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.06.13 13:30:30 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.13 13:29:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.05 21:09:48 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.01.07 19:15:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.07 19:15:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.07 19:15:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.07 19:15:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.07 19:15:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.07 19:15:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.07 19:15:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.07 19:15:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.07 19:15:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.07 19:15:31 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.07 19:15:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.07 19:15:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.07 19:15:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.07 19:15:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.07 19:15:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.21 03:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.17 17:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.12.06 16:20:31 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010.11.01 16:41:15 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p15].bmp
[2010.11.01 16:41:08 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p14].bmp
[2010.11.01 16:41:02 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p13].bmp
[2010.11.01 16:40:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p12].bmp
[2010.11.01 16:40:50 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p11].bmp
[2010.11.01 16:40:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p10].bmp
[2010.11.01 16:40:36 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p09].bmp
[2010.11.01 16:40:26 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p08].bmp
[2010.11.01 16:40:17 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p07].bmp
[2010.11.01 16:40:07 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p06].bmp
[2010.11.01 16:39:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p05].bmp
[2010.11.01 16:39:49 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p04].bmp
[2010.11.01 16:39:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p03].bmp
[2010.11.01 16:39:38 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p02].bmp
[2010.09.07 16:48:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.26 23:32:11 | 000,000,133 | ---- | C] () -- C:\Windows\MUSCDPL.INI
[2010.08.26 23:24:27 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.08.26 22:16:29 | 000,000,061 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.03 20:38:25 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.08.03 19:46:37 | 012,939,264 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.07.15 18:08:13 | 000,023,699 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.07.10 22:51:57 | 000,007,595 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.05.02 15:51:38 | 000,019,647 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.05.01 11:15:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.03 19:14:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.02.11 21:02:19 | 000,024,704 | ---- | C] () -- C:\Windows\System32\drivers\NinjaUSB.sys
[2010.01.23 00:25:05 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.12.31 09:49:40 | 000,023,040 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.29 18:32:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.27 13:59:34 | 000,001,092 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009.12.27 13:41:44 | 000,000,739 | ---- | C] () -- C:\Windows\wiso.ini
[2009.12.27 12:51:29 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.11.06 10:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,302,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
 
========== LOP Check ==========
 
[2011.11.20 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2009.12.27 13:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2010.11.15 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.09.12 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DScaler4
[2010.07.29 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.23 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.01.23 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.11.26 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.07.02 12:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MonkeyTunes
[2012.01.08 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.11 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.07.10 23:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2009.12.27 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.03.04 14:52:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.01.30 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2012.01.11 23:55:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2010.11.21 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.08.06 14:44:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2010.02.14 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.01.23 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2011.11.23 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
[2011.11.26 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2011.11.07 22:22:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Hier die Extras.txt:
OTL Logfile:
Code:
OTL Extras logfile created on: 24.01.2012 00:11:42 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 75,90% Memory free
6,00 Gb Paging File | 5,41 Gb Available in Paging File | 90,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 257,01 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
Drive F: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 14,65 Gb Total Space | 12,24 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 393,01 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive Y: | 99,55 Gb Total Space | 62,46 Gb Free Space | 62,75% Space Free | Partition Type: CSC-CACHE
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{291D8FE1-ED05-4934-80CE-A5F6B7A8718D}" = MySQL Server 5.1
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5285987F-41E8-49B5-9143-72FE789C3FC8}_is1" = MonkeyTunes 1.5.2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C056FA6-E362-467B-8160-062E9474FEE5}" = SlimDX Redistributable for .NET 2.0 (March 2011)
"{7C68B60E-D6E6-4A9A-A181-A9D59133F8D0}" = StarMoney 7.0
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour-Druckdienste
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EF06A6A8-6B81-4A09-8223-789953972FFF}" = SonicWALL SSL-VPN NetExtender
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Airfoil" = Airfoil
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FileZilla Client" = FileZilla Client 3.5.3
"Free Studio_is1" = Free Studio version 4.8
"Freemake Video Converter_is1" = Freemake Video Converter version 1.1.6
"HandBrake" = HandBrake 0.9.5
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"MediaInfo" = MediaInfo 0.7.52
"MediaMonkey_is1" = MediaMonkey 3.2
"MediaPortal" = MediaPortal
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.49a
"NVIDIA Drivers" = NVIDIA Drivers
"Power Tab Editor 1.7" = Power Tab Editor 1.7
"Power TabV1" = Power Tab - Beta 0.98
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 6 Host" = TeamViewer 6 Host
"Tobit Radio.fx Server" = Radio.fx
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 04.12.2010 14:06:56 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
Error - 04.12.2010 14:23:23 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
Error - 04.12.2010 14:24:01 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
Error - 04.12.2010 14:57:57 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
Error - 04.12.2010 14:57:57 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
Error - 04.12.2010 14:57:57 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
Error - 04.12.2010 15:01:52 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
Error - 04.12.2010 16:05:54 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
Error - 04.12.2010 17:03:28 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
Error - 04.12.2010 17:54:37 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


Hier die defogger_disable.txt
Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:10 on 24/01/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Und schließlich gmer.txt:
[code]
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-24 08:34:19
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000068 SAMSUNG_ rev.CR10
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\ugloipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1          82277369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2  822B0D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000053      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 25.01.2012 12:40
Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

villakarow 28.01.2012 22:31
Hi Arne,

habe die Scans gemacht. Hier die mbmam.txt:
Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.28.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

28.01.2012 13:07:39
mbam-log-2012-01-28 (13-07-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 563568
Laufzeit: 2 Stunde(n), 26 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Hier die log.txt von ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cfc396c07e28d742a69c0bb39e58d7cf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 07:01:11
# local_time=2012-01-28 08:01:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 35442338 35442338 0 0
# compatibility_mode=5893 16776573 100 94 12194 79396398 0 0
# compatibility_mode=8192 67108863 100 0 151 151 0 0
# scanned=392081
# found=0
# cleaned=0
# scan_time=12064
Vielen Dank schon mal bis hierher.
Heiko

cosinus 29.01.2012 18:53
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

villakarow 30.01.2012 00:39
Nein, malewarebytes kannte ich bisher nicht, also noch nie vorher benutzt.

cosinus 30.01.2012 10:32
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

villakarow 30.01.2012 23:02
Hi Arne,

habe neu gescannt:

OTL Logfile:
Code:
OTL logfile created on: 30.01.2012 21:07:02 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,28% Memory free
6,00 Gb Paging File | 4,68 Gb Available in Paging File | 78,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,55 Gb Total Space | 61,64 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 257,52 Gb Free Space | 90,93% Space Free | Partition Type: NTFS
Drive G: | 14,65 Gb Total Space | 12,24 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 372,18 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - G:\Program Files\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
PRC - G:\Program Files\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\System32\AirfoilInject3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - G:\Program Files\Power2Go\CLMLSvcPS.dll ()
MOD - G:\Program Files\Power2Go\CLMediaLibrary.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PS3 Media Server) --  File not found
SRV - (Radio.fx) -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (StarMoney 7.0 OnlineUpdate) -- G:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (CLKMSVC10_E1A16B3C) -- G:\Program Files\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (SONICWALL_NetExtender) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\system32\drivers\WinUSB.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (NinjaUSB) -- C:\Windows\System32\drivers\NinjaUSB.sys ()
DRV - (NxDrv) -- C:\Windows\System32\drivers\NxDrv.sys (SonicWALL Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys (SiSoftware)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (FireDTV_DVBS2) -- C:\Windows\System32\drivers\FireDTV_BDA_DVBS2.sys (digital everywhere)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\Windows\System32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 0B 0A 86 3F 34 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.12.06 21:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 03:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 03:24:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 18:15:22 | 000,000,000 | ---D | M]
 
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.14 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.28 16:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.26 12:36:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.20 19:14:57 | 000,000,000 | ---D | M] (Vodafone Video Plugin for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lfn93vsx.default\extensions\vodafone_video_plugin@vodafone.com
[2011.11.13 14:06:24 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\11-suche.xml
[2010.07.17 14:38:43 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\conduit.xml
[2011.11.13 14:06:24 | 000,002,226 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\englische-ergebnisse.xml
[2011.11.13 14:06:24 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\gmx-suche.xml
[2011.11.13 14:06:24 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\lastminute.xml
[2011.11.13 14:06:24 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\webde-suche.xml
[2012.01.08 03:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.06 21:02:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFN93VSX.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.01.08 03:24:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.15 23:57:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.15 23:57:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.15 23:57:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.15 23:57:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.15 23:57:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.15 23:57:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] G:\Program Files\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LGODDFU] G:\Program Files\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl9] G:\Program Files\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mysap.com ([tcs]  in Local intranet)
O15 - HKCU\..Trusted Domains: mysap.com ([tcs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*]  in Local intranet)
O15 - HKCU\..Trusted Domains: sap-ag.de ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656]  in Local intranet)
O15 - HKCU\..Trusted Domains: sapbydesign.com ([my020656] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26FD08B-C89E-4C7B-BB14-75191404BEDB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (AirfoilInject3.dll) -C:\Windows\System32\AirfoilInject3.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell - "" = AutoRun
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iTunes.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0 HD Edition.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - C:\Program Files\WISO\Sparbuch 2010\meinsparbuchheute.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - G:\Program Files\WISO2011\mshaktuell.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: AirPort Base Station Agent - hkey= - key= - C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= -  File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: MDS_Menu - hkey= - key= - G:\Program Files\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: NeroCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - G:\Program Files\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - G:\Program Files\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - G:\Program Files\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - G:\Program Files\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.29 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.29 12:49:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gsmartcontrol
[2012.01.29 12:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2012.01.29 12:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2012.01.29 12:32:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy
[2012.01.28 16:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.28 16:37:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.01.28 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.01.28 13:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.28 13:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.28 13:05:47 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.28 13:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.24 00:01:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.19 23:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.19 23:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.19 23:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.16 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SonicWALL SSL-VPN NetExtender
[2012.01.16 14:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\SonicWALL
[2012.01.15 19:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\ProgDVB
[2012.01.15 18:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.01.15 18:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.01.15 18:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.01.15 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ECE5F498-1FE2-4D5D-80D7-2D7D0119A693}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{17E6614C-5078-4717-8A54-35BFC711C460}
[2012.01.15 16:11:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{08FCFB46-B553-48A7-BFE5-9303BA82F62E}
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
[2012.01.14 12:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2012.01.08 16:20:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.08 16:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.01.08 16:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012.01.08 13:53:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2012.01.07 23:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.01 19:02:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Seas0nPass
[2012.01.01 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\***\CyberLink
[2012.01.01 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2012.01.01 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go
[2012.01.01 15:52:51 | 000,000,000 | ---D | C] -- C:\Temp
[2012.01.01 15:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2012.01.01 15:51:35 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2012.01.01 15:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.01.01 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2012.01.01 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2012.01.01 15:36:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.01.01 15:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012.01.01 15:36:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.01.01 15:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.01.01 15:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.30 18:32:45 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.30 18:32:45 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.30 18:32:45 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.30 18:32:45 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.30 16:32:04 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.30 16:32:04 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.30 16:24:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.30 16:24:12 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.30 00:46:26 | 403,615,835 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.29 01:15:33 | 000,302,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.28 16:36:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.01.28 13:05:51 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 00:10:13 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:05 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.23 23:49:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.21 00:53:27 | 000,007,595 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2012.01.19 12:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.16 14:46:24 | 000,014,976 | ---- | M] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 14:43:16 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2012.01.16 11:10:53 | 000,668,751 | ---- | M] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.15 18:32:41 | 000,266,087 | ---- | M] () -- C:\Windows\hpwins23.dat
[2012.01.15 18:15:43 | 000,002,029 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.01 16:03:54 | 000,000,750 | ---- | M] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:56:10 | 000,000,283 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:53:52 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012.01.01 15:35:09 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.30 00:46:26 | 403,615,835 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.28 13:05:51 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 00:10:13 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.24 00:04:16 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2012.01.24 00:02:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.18 01:32:49 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.01.16 14:46:21 | 000,014,976 | ---- | C] () -- C:\Users\***\Desktop\Betriebswirtschaftlicher_Bebauungsplan_-_tabellarische_Darstellung.pdf
[2012.01.16 10:13:24 | 000,668,751 | ---- | C] () -- C:\Users\***\Desktop\Schadenanzeige_bavaria vn.pdf
[2012.01.15 18:15:43 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.01.15 18:13:28 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.01.15 18:07:33 | 000,266,087 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012.01.02 23:52:52 | 000,262,526 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012.01.01 15:52:43 | 000,000,750 | ---- | C] () -- C:\Users\***\Desktop\Blu-ray Disc Suite.lnk
[2012.01.01 15:51:54 | 000,000,283 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012.01.01 15:35:09 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2011.12.08 23:46:58 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.10.19 21:25:26 | 000,162,440 | ---- | C] () -- C:\Windows\System32\AirfoilInject3.dll
[2011.07.24 17:01:20 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.06.13 13:30:30 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.13 13:29:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.05 21:09:48 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.01.07 19:15:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.07 19:15:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.07 19:15:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.07 19:15:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.07 19:15:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.07 19:15:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.07 19:15:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.07 19:15:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.07 19:15:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.07 19:15:31 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.07 19:15:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.07 19:15:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.07 19:15:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.07 19:15:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.07 19:15:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.07 19:15:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.07 19:15:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.21 03:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.17 17:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.12.06 16:20:31 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010.11.01 16:41:15 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p15].bmp
[2010.11.01 16:41:08 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p14].bmp
[2010.11.01 16:41:02 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p13].bmp
[2010.11.01 16:40:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p12].bmp
[2010.11.01 16:40:50 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p11].bmp
[2010.11.01 16:40:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p10].bmp
[2010.11.01 16:40:36 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p09].bmp
[2010.11.01 16:40:26 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p08].bmp
[2010.11.01 16:40:17 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p07].bmp
[2010.11.01 16:40:07 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p06].bmp
[2010.11.01 16:39:56 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p05].bmp
[2010.11.01 16:39:49 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p04].bmp
[2010.11.01 16:39:43 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p03].bmp
[2010.11.01 16:39:38 | 002,529,622 | ---- | C] () -- C:\Users\***\AppData\Local\[j0002]-[p02].bmp
[2010.09.07 16:48:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.26 23:32:11 | 000,000,133 | ---- | C] () -- C:\Windows\MUSCDPL.INI
[2010.08.26 23:24:27 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.08.26 22:16:29 | 000,000,061 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.03 20:38:25 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.08.03 19:46:37 | 012,939,264 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.07.15 18:08:13 | 000,023,699 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.07.10 22:51:57 | 000,007,595 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.05.02 15:51:38 | 000,019,647 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.05.01 11:15:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.03 19:14:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.02.11 21:02:19 | 000,024,704 | ---- | C] () -- C:\Windows\System32\drivers\NinjaUSB.sys
[2010.01.23 00:25:05 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.12.31 09:49:40 | 000,023,040 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.29 18:32:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.27 13:59:34 | 000,001,092 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009.12.27 13:41:44 | 000,000,739 | ---- | C] () -- C:\Windows\wiso.ini
[2009.12.27 12:51:29 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.11.06 10:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,302,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
 
========== LOP Check ==========
 
[2011.11.20 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2009.12.27 13:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2010.11.15 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.09.12 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DScaler4
[2010.07.29 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.23 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.01.23 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.29 12:53:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gsmartcontrol
[2011.11.26 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.07.02 12:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MonkeyTunes
[2012.01.08 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.11 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.07.10 23:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.01.29 12:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2009.12.27 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.03.04 14:52:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.01.30 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2012.01.11 23:55:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2010.11.21 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.08.06 14:44:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2010.02.14 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.01.23 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2011.11.23 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
[2011.11.26 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.01.24 22:56:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.03 15:18:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.01.28 13:03:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahead
[2011.11.20 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.01.03 01:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2010.08.03 20:50:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2009.12.27 13:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2012.01.08 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2010.05.26 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.11.15 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.09.12 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DScaler4
[2012.01.19 00:12:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2010.07.29 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.07.29 14:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.23 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.01.23 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.29 12:53:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gsmartcontrol
[2011.11.26 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.07.31 17:57:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HP
[2012.01.02 23:38:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HpUpdate
[2009.12.27 12:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.01.07 19:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2009.12.27 12:46:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.01.28 13:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.08.05 23:50:01 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.07.02 12:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MonkeyTunes
[2012.01.29 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.01.08 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.11 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.07.10 23:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.01.29 12:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2009.12.27 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.03.04 14:52:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.01.30 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2010.01.02 21:44:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2012.01.11 23:55:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2010.11.09 19:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2010.11.09 19:05:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.11.21 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.08.06 14:44:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2010.02.14 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.01.23 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2012.01.14 01:55:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.11.23 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
[2011.11.26 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2010.02.26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010.05.08 11:33:08 | 000,089,831 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.09.06 22:03:32 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.12.29 05:16:44 | 028,994,072 | ---- | M] (TuneUp Media, Inc.) -- C:\Users\***\AppData\Roaming\OpenCandy\BBC06AB6447543E480F923E8312A9C09\TuneUp_OpenCandy_PC_2.2.7_CMPID-276.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2009.08.04 16:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sataraid\nvstor32.sys
[2009.08.04 16:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sataraid\nvstor32.sys
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sata_ide\nvstor32.sys
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sata_ide\nvstor32.sys
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_40ee9c3d357e7b66\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
Beste Grüße
Heiko

cosinus 31.01.2012 08:34
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=14597
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.web.de/tb/mff_startpage_home"
FF - prefs.js..keyword.URL: "http://go.web.de/tb/mff_keyurl_search/?su="
[2010.07.17 14:38:43 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\conduit.xml
O4 - HKLM..\Run: []  File not found
O20 - AppInit_DLLs: (AirfoilInject3.dll) -C:\Windows\System32\AirfoilInject3.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell - "" = AutoRun
O33 - MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\Shell\AutoRun\command - "" = G:\pushinst.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

villakarow 31.01.2012 10:30
OTL Fix ist gemacht.

Code:
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://go.web.de/tb/mff_startpage_home" removed from browser.startup.homepage
Prefs.js: "hxxp://go.web.de/tb/mff_keyurl_search/?su=" removed from keyword.URL
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:AirfoilInject3.dll deleted successfully.
File pInit_DLLs: (AirfoilInject3.dll) -C:\Windows\System32\AirfoilInject3.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46b40bec-f2dc-11de-a292-0019665398bd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46b40bec-f2dc-11de-a292-0019665398bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46b40bec-f2dc-11de-a292-0019665398bd}\ not found.
File G:\pushinst.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Heiko
->Temp folder emptied: 1451191 bytes
->Temporary Internet Files folder emptied: 1593707 bytes
->Java cache emptied: 28762954 bytes
->FireFox cache emptied: 380464684 bytes
->Flash cache emptied: 1633 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 438816 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196694 bytes
RecycleBin emptied: 213478780 bytes
 
Total Files Cleaned = 597,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01312012_101915

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Vielen Dank.
Beste Grüße
Heiko

cosinus 31.01.2012 12:30
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

villakarow 01.02.2012 07:58
tdss ist auch gemacht.

Code:
07:49:44.0223 3164        TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
07:49:44.0536 3164        ============================================================
07:49:44.0536 3164        Current date / time: 2012/02/01 07:49:44.0536
07:49:44.0536 3164        SystemInfo:
07:49:44.0536 3164       
07:49:44.0536 3164        OS Version: 6.1.7601 ServicePack: 1.0
07:49:44.0536 3164        Product type: Workstation
07:49:44.0536 3164        ComputerName: HEIKO-PC
07:49:44.0536 3164        UserName: Heiko
07:49:44.0536 3164        Windows directory: C:\Windows
07:49:44.0536 3164        System windows directory: C:\Windows
07:49:44.0536 3164        Processor architecture: Intel x86
07:49:44.0536 3164        Number of processors: 1
07:49:44.0536 3164        Page size: 0x1000
07:49:44.0536 3164        Boot type: Normal boot
07:49:44.0536 3164        ============================================================
07:49:45.0653 3164        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:49:45.0653 3164        Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:49:45.0668 3164        \Device\Harddisk0\DR0:
07:49:45.0668 3164        MBR used
07:49:45.0668 3164        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7186F8
07:49:45.0668 3164        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC718800, BlocksNum 0x23668000
07:49:45.0684 3164        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38639000, BlocksNum 0x1D4C000
07:49:45.0684 3164        \Device\Harddisk1\DR1:
07:49:45.0684 3164        MBR used
07:49:45.0684 3164        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74704D70
07:49:45.0856 3164        Initialize success
07:49:45.0856 3164        ============================================================
07:50:07.0074 3020        ============================================================
07:50:07.0074 3020        Scan started
07:50:07.0074 3020        Mode: Manual; SigCheck; TDLFS;
07:50:07.0074 3020        ============================================================
07:50:08.0042 3020        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
07:50:08.0136 3020        1394ohci - ok
07:50:08.0199 3020        61883          (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
07:50:08.0230 3020        61883 - ok
07:50:08.0277 3020        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
07:50:08.0308 3020        ACPI - ok
07:50:08.0339 3020        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
07:50:08.0386 3020        AcpiPmi - ok
07:50:08.0496 3020        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
07:50:08.0511 3020        adp94xx - ok
07:50:08.0542 3020        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
07:50:08.0574 3020        adpahci - ok
07:50:08.0605 3020        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
07:50:08.0621 3020        adpu320 - ok
07:50:08.0699 3020        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
07:50:08.0746 3020        AFD - ok
07:50:08.0777 3020        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
07:50:08.0777 3020        agp440 - ok
07:50:08.0824 3020        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
07:50:08.0839 3020        aic78xx - ok
07:50:08.0902 3020        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
07:50:08.0917 3020        aliide - ok
07:50:08.0980 3020        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
07:50:08.0980 3020        amdagp - ok
07:50:09.0027 3020        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
07:50:09.0027 3020        amdide - ok
07:50:09.0074 3020        amdiox86 - ok
07:50:09.0136 3020        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
07:50:09.0167 3020        AmdK8 - ok
07:50:09.0402 3020        amdkmdag        (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
07:50:09.0621 3020        amdkmdag - ok
07:50:09.0683 3020        amdkmdap        (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
07:50:09.0714 3020        amdkmdap - ok
07:50:09.0761 3020        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
07:50:09.0808 3020        AmdPPM - ok
07:50:09.0871 3020        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
07:50:09.0886 3020        amdsata - ok
07:50:09.0917 3020        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
07:50:09.0933 3020        amdsbs - ok
07:50:09.0980 3020        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
07:50:09.0980 3020        amdxata - ok
07:50:10.0027 3020        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
07:50:10.0089 3020        AppID - ok
07:50:10.0183 3020        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
07:50:10.0214 3020        arc - ok
07:50:10.0246 3020        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
07:50:10.0261 3020        arcsas - ok
07:50:10.0339 3020        aswFsBlk        (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
07:50:10.0386 3020        aswFsBlk - ok
07:50:10.0433 3020        aswMonFlt      (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
07:50:10.0433 3020        aswMonFlt - ok
07:50:10.0464 3020        aswRdr          (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
07:50:10.0496 3020        aswRdr - ok
07:50:10.0558 3020        aswSnx          (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
07:50:10.0589 3020        aswSnx - ok
07:50:10.0636 3020        aswSP          (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
07:50:10.0667 3020        aswSP - ok
07:50:10.0699 3020        aswTdi          (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
07:50:10.0714 3020        aswTdi - ok
07:50:10.0746 3020        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
07:50:10.0792 3020        AsyncMac - ok
07:50:10.0824 3020        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
07:50:10.0839 3020        atapi - ok
07:50:10.0928 3020        AtiHDAudioService (35207458c90f55c61247de139a6a243a) C:\Windows\system32\drivers\AtihdW73.sys
07:50:10.0944 3020        AtiHDAudioService - ok
07:50:11.0022 3020        AtiHdmiService  (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
07:50:11.0038 3020        AtiHdmiService - ok
07:50:11.0288 3020        atikmdag        (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
07:50:11.0459 3020        atikmdag - ok
07:50:11.0616 3020        Avc            (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
07:50:11.0631 3020        Avc - ok
07:50:11.0678 3020        AVCSTRM        (1983e63a12427f8f26d625ceb5cd01fc) C:\Windows\system32\DRIVERS\avcstrm.sys
07:50:11.0725 3020        AVCSTRM - ok
07:50:11.0756 3020        avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
07:50:11.0788 3020        avmeject ( UnsignedFile.Multi.Generic ) - warning
07:50:11.0788 3020        avmeject - detected UnsignedFile.Multi.Generic (1)
07:50:11.0850 3020        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
07:50:11.0897 3020        b06bdrv - ok
07:50:11.0959 3020        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
07:50:11.0975 3020        b57nd60x - ok
07:50:12.0022 3020        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
07:50:12.0069 3020        Beep - ok
07:50:12.0116 3020        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
07:50:12.0147 3020        blbdrive - ok
07:50:12.0225 3020        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
07:50:12.0256 3020        bowser - ok
07:50:12.0288 3020        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:50:12.0334 3020        BrFiltLo - ok
07:50:12.0366 3020        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:50:12.0397 3020        BrFiltUp - ok
07:50:12.0444 3020        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
07:50:12.0475 3020        Brserid - ok
07:50:12.0522 3020        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
07:50:12.0538 3020        BrSerWdm - ok
07:50:12.0584 3020        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:50:12.0616 3020        BrUsbMdm - ok
07:50:12.0647 3020        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
07:50:12.0678 3020        BrUsbSer - ok
07:50:12.0725 3020        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
07:50:12.0756 3020        BTHMODEM - ok
07:50:12.0819 3020        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
07:50:12.0866 3020        cdfs - ok
07:50:12.0948 3020        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
07:50:12.0965 3020        cdrom - ok
07:50:13.0012 3020        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
07:50:13.0043 3020        circlass - ok
07:50:13.0106 3020        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
07:50:13.0122 3020        CLFS - ok
07:50:13.0215 3020        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
07:50:13.0247 3020        CmBatt - ok
07:50:13.0278 3020        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
07:50:13.0293 3020        cmdide - ok
07:50:13.0356 3020        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
07:50:13.0387 3020        CNG - ok
07:50:13.0418 3020        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
07:50:13.0418 3020        Compbatt - ok
07:50:13.0497 3020        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
07:50:13.0528 3020        CompositeBus - ok
07:50:13.0590 3020        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
07:50:13.0590 3020        crcdisk - ok
07:50:13.0668 3020        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
07:50:13.0715 3020        CSC - ok
07:50:13.0793 3020        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
07:50:13.0840 3020        DfsC - ok
07:50:13.0887 3020        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
07:50:13.0950 3020        discache - ok
07:50:13.0997 3020        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
07:50:14.0012 3020        Disk - ok
07:50:14.0090 3020        Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
07:50:14.0122 3020        Dot4 - ok
07:50:14.0184 3020        Dot4Print      (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:50:14.0231 3020        Dot4Print - ok
07:50:14.0278 3020        dot4usb        (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
07:50:14.0309 3020        dot4usb - ok
07:50:14.0356 3020        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
07:50:14.0372 3020        drmkaud - ok
07:50:14.0418 3020        DSDrv4 - ok
07:50:14.0497 3020        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
07:50:14.0528 3020        DXGKrnl - ok
07:50:14.0653 3020        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
07:50:14.0762 3020        ebdrv - ok
07:50:14.0856 3020        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
07:50:14.0887 3020        elxstor - ok
07:50:14.0934 3020        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
07:50:14.0965 3020        ErrDev - ok
07:50:15.0028 3020        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
07:50:15.0075 3020        exfat - ok
07:50:15.0106 3020        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
07:50:15.0153 3020        fastfat - ok
07:50:15.0231 3020        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
07:50:15.0262 3020        fdc - ok
07:50:15.0293 3020        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
07:50:15.0309 3020        FileInfo - ok
07:50:15.0356 3020        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
07:50:15.0403 3020        Filetrace - ok
07:50:15.0465 3020        FireDTV_DVBS2  (c12c61b294d0f9f02819622d6b28766d) C:\Windows\system32\DRIVERS\FireDTV_BDA_DVBS2.sys
07:50:15.0481 3020        FireDTV_DVBS2 ( UnsignedFile.Multi.Generic ) - warning
07:50:15.0481 3020        FireDTV_DVBS2 - detected UnsignedFile.Multi.Generic (1)
07:50:15.0512 3020        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
07:50:15.0543 3020        flpydisk - ok
07:50:15.0590 3020        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
07:50:15.0606 3020        FltMgr - ok
07:50:15.0668 3020        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
07:50:15.0668 3020        FsDepends - ok
07:50:15.0700 3020        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
07:50:15.0715 3020        Fs_Rec - ok
07:50:15.0778 3020        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
07:50:15.0793 3020        fvevol - ok
07:50:15.0840 3020        FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
07:50:15.0887 3020        FWLANUSB - ok
07:50:15.0918 3020        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:50:15.0934 3020        gagp30kx - ok
07:50:16.0012 3020        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:50:16.0012 3020        GEARAspiWDM - ok
07:50:16.0059 3020        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
07:50:16.0090 3020        hcw85cir - ok
07:50:16.0153 3020        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
07:50:16.0200 3020        HdAudAddService - ok
07:50:16.0247 3020        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
07:50:16.0262 3020        HDAudBus - ok
07:50:16.0309 3020        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
07:50:16.0340 3020        HidBatt - ok
07:50:16.0372 3020        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
07:50:16.0418 3020        HidBth - ok
07:50:16.0481 3020        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
07:50:16.0497 3020        HidIr - ok
07:50:16.0559 3020        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
07:50:16.0575 3020        HidUsb - ok
07:50:16.0668 3020        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
07:50:16.0684 3020        HpSAMD - ok
07:50:16.0762 3020        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
07:50:16.0825 3020        HTTP - ok
07:50:16.0872 3020        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
07:50:16.0887 3020        hwpolicy - ok
07:50:16.0918 3020        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
07:50:16.0934 3020        i8042prt - ok
07:50:17.0000 3020        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
07:50:17.0032 3020        iaStorV - ok
07:50:17.0094 3020        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
07:50:17.0094 3020        iirsp - ok
07:50:17.0344 3020        IntcAzAudAddService (441a9adce9394e18ff6c23f77c983c04) C:\Windows\system32\drivers\RTKVHDA.sys
07:50:17.0469 3020        IntcAzAudAddService - ok
07:50:17.0500 3020        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
07:50:17.0516 3020        intelide - ok
07:50:17.0594 3020        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
07:50:17.0610 3020        intelppm - ok
07:50:17.0657 3020        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:50:17.0704 3020        IpFilterDriver - ok
07:50:17.0766 3020        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
07:50:17.0797 3020        IPMIDRV - ok
07:50:17.0829 3020        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
07:50:17.0875 3020        IPNAT - ok
07:50:17.0938 3020        irda            (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
07:50:17.0985 3020        irda - ok
07:50:18.0016 3020        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
07:50:18.0047 3020        IRENUM - ok
07:50:18.0110 3020        irsir          (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
07:50:18.0141 3020        irsir - ok
07:50:18.0188 3020        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
07:50:18.0188 3020        isapnp - ok
07:50:18.0235 3020        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\DRIVERS\msiscsi.sys
07:50:18.0266 3020        iScsiPrt - ok
07:50:18.0297 3020        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
07:50:18.0313 3020        kbdclass - ok
07:50:18.0360 3020        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
07:50:18.0391 3020        kbdhid - ok
07:50:18.0438 3020        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
07:50:18.0469 3020        KSecDD - ok
07:50:18.0516 3020        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
07:50:18.0532 3020        KSecPkg - ok
07:50:18.0641 3020        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
07:50:18.0688 3020        lltdio - ok
07:50:18.0750 3020        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:50:18.0766 3020        LSI_FC - ok
07:50:18.0797 3020        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:50:18.0813 3020        LSI_SAS - ok
07:50:18.0829 3020        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:50:18.0860 3020        LSI_SAS2 - ok
07:50:18.0891 3020        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:50:18.0907 3020        LSI_SCSI - ok
07:50:18.0954 3020        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
07:50:19.0016 3020        luafv - ok
07:50:19.0072 3020        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
07:50:19.0120 3020        MBAMProtector - ok
07:50:19.0166 3020        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
07:50:19.0182 3020        megasas - ok
07:50:19.0213 3020        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
07:50:19.0245 3020        MegaSR - ok
07:50:19.0276 3020        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
07:50:19.0323 3020        Modem - ok
07:50:19.0385 3020        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
07:50:19.0416 3020        monitor - ok
07:50:19.0463 3020        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
07:50:19.0479 3020        mouclass - ok
07:50:19.0541 3020        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
07:50:19.0557 3020        mouhid - ok
07:50:19.0604 3020        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
07:50:19.0620 3020        mountmgr - ok
07:50:19.0651 3020        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
07:50:19.0666 3020        mpio - ok
07:50:19.0698 3020        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
07:50:19.0760 3020        mpsdrv - ok
07:50:19.0807 3020        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
07:50:19.0854 3020        MRxDAV - ok
07:50:19.0901 3020        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:50:19.0932 3020        mrxsmb - ok
07:50:19.0979 3020        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:50:20.0010 3020        mrxsmb10 - ok
07:50:20.0060 3020        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:50:20.0076 3020        mrxsmb20 - ok
07:50:20.0107 3020        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
07:50:20.0138 3020        msahci - ok
07:50:20.0169 3020        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
07:50:20.0169 3020        msdsm - ok
07:50:20.0248 3020        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
07:50:20.0279 3020        Msfs - ok
07:50:20.0310 3020        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
07:50:20.0357 3020        mshidkmdf - ok
07:50:20.0388 3020        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
07:50:20.0404 3020        msisadrv - ok
07:50:20.0466 3020        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
07:50:20.0529 3020        MSKSSRV - ok
07:50:20.0560 3020        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
07:50:20.0607 3020        MSPCLOCK - ok
07:50:20.0638 3020        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
07:50:20.0685 3020        MSPQM - ok
07:50:20.0716 3020        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
07:50:20.0748 3020        MsRPC - ok
07:50:20.0794 3020        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
07:50:20.0794 3020        mssmbios - ok
07:50:20.0826 3020        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
07:50:20.0873 3020        MSTEE - ok
07:50:20.0904 3020        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
07:50:20.0935 3020        MTConfig - ok
07:50:20.0966 3020        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
07:50:20.0982 3020        Mup - ok
07:50:21.0061 3020        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
07:50:21.0077 3020        NativeWifiP - ok
07:50:21.0155 3020        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
07:50:21.0170 3020        NDIS - ok
07:50:21.0217 3020        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
07:50:21.0280 3020        NdisCap - ok
07:50:21.0311 3020        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
07:50:21.0358 3020        NdisTapi - ok
07:50:21.0405 3020        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
07:50:21.0452 3020        Ndisuio - ok
07:50:21.0514 3020        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
07:50:21.0561 3020        NdisWan - ok
07:50:21.0624 3020        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
07:50:21.0670 3020        NDProxy - ok
07:50:21.0733 3020        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
07:50:21.0811 3020        NetBIOS - ok
07:50:21.0874 3020        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
07:50:21.0920 3020        NetBT - ok
07:50:22.0061 3020        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
07:50:22.0077 3020        nfrd960 - ok
07:50:22.0139 3020        NinjaUSB        (16220ba146234625b50c055f413edf03) C:\Windows\system32\drivers\NinjaUSB.sys
07:50:22.0170 3020        NinjaUSB ( UnsignedFile.Multi.Generic ) - warning
07:50:22.0170 3020        NinjaUSB - detected UnsignedFile.Multi.Generic (1)
07:50:22.0217 3020        nmwcd - ok
07:50:22.0233 3020        nmwcdc - ok
07:50:22.0264 3020        nmwcdnsu - ok
07:50:22.0311 3020        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
07:50:22.0358 3020        Npfs - ok
07:50:22.0389 3020        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
07:50:22.0436 3020        nsiproxy - ok
07:50:22.0530 3020        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
07:50:22.0577 3020        Ntfs - ok
07:50:22.0608 3020        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
07:50:22.0655 3020        Null - ok
07:50:22.0702 3020        NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
07:50:22.0733 3020        NVENETFD - ok
07:50:22.0811 3020        NVNET          (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
07:50:22.0827 3020        NVNET - ok
07:50:22.0874 3020        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
07:50:22.0889 3020        nvraid - ok
07:50:22.0920 3020        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
07:50:22.0936 3020        nvstor - ok
07:50:22.0999 3020        nvstor32        (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
07:50:23.0014 3020        nvstor32 - ok
07:50:23.0061 3020        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
07:50:23.0083 3020        nv_agp - ok
07:50:23.0153 3020        NxDrv          (cdf2a5f20509593140f8b3b965448c5b) C:\Windows\system32\DRIVERS\NxDrv.sys
07:50:23.0168 3020        NxDrv - ok
07:50:23.0200 3020        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
07:50:23.0215 3020        ohci1394 - ok
07:50:23.0293 3020        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
07:50:23.0325 3020        Parport - ok
07:50:23.0387 3020        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
07:50:23.0387 3020        partmgr - ok
07:50:23.0418 3020        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
07:50:23.0465 3020        Parvdm - ok
07:50:23.0512 3020        pccsmcfd - ok
07:50:23.0543 3020        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
07:50:23.0575 3020        pci - ok
07:50:23.0590 3020        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
07:50:23.0606 3020        pciide - ok
07:50:23.0653 3020        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
07:50:23.0668 3020        pcmcia - ok
07:50:23.0700 3020        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
07:50:23.0715 3020        pcw - ok
07:50:23.0762 3020        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
07:50:23.0825 3020        PEAUTH - ok
07:50:23.0997 3020        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
07:50:24.0043 3020        PptpMiniport - ok
07:50:24.0090 3020        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
07:50:24.0122 3020        Processor - ok
07:50:24.0231 3020        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
07:50:24.0278 3020        Psched - ok
07:50:24.0356 3020        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
07:50:24.0403 3020        ql2300 - ok
07:50:24.0434 3020        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
07:50:24.0450 3020        ql40xx - ok
07:50:24.0497 3020        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
07:50:24.0512 3020        QWAVEdrv - ok
07:50:24.0559 3020        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
07:50:24.0606 3020        RasAcd - ok
07:50:24.0653 3020        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:50:24.0700 3020        RasAgileVpn - ok
07:50:24.0747 3020        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:50:24.0778 3020        Rasl2tp - ok
07:50:24.0825 3020        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
07:50:24.0887 3020        RasPppoe - ok
07:50:24.0934 3020        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
07:50:24.0965 3020        RasSstp - ok
07:50:25.0028 3020        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
07:50:25.0075 3020        rdbss - ok
07:50:25.0122 3020        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
07:50:25.0137 3020        rdpbus - ok
07:50:25.0184 3020        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:50:25.0247 3020        RDPCDD - ok
07:50:25.0293 3020        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
07:50:25.0325 3020        RDPDR - ok
07:50:25.0372 3020        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
07:50:25.0418 3020        RDPENCDD - ok
07:50:25.0450 3020        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
07:50:25.0481 3020        RDPREFMP - ok
07:50:25.0543 3020        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
07:50:25.0575 3020        RdpVideoMiniport - ok
07:50:25.0606 3020        RDPWD          (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
07:50:25.0653 3020        RDPWD - ok
07:50:25.0715 3020        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
07:50:25.0747 3020        rdyboost - ok
07:50:25.0856 3020        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
07:50:25.0887 3020        rspndr - ok
07:50:25.0934 3020        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
07:50:25.0981 3020        s3cap - ok
07:50:26.0090 3020        SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
07:50:26.0137 3020        SANDRA - ok
07:50:26.0184 3020        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
07:50:26.0200 3020        sbp2port - ok
07:50:26.0247 3020        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
07:50:26.0293 3020        scfilter - ok
07:50:26.0387 3020        SCR3XX2K        (624795df1993b955b0c0a03a4612f2ec) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
07:50:26.0403 3020        SCR3XX2K - ok
07:50:26.0450 3020        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:50:26.0497 3020        secdrv - ok
07:50:26.0575 3020        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
07:50:26.0590 3020        Serenum - ok
07:50:26.0637 3020        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
07:50:26.0668 3020        Serial - ok
07:50:26.0715 3020        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
07:50:26.0731 3020        sermouse - ok
07:50:26.0809 3020        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
07:50:26.0825 3020        sffdisk - ok
07:50:26.0856 3020        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
07:50:26.0903 3020        sffp_mmc - ok
07:50:26.0950 3020        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
07:50:26.0981 3020        sffp_sd - ok
07:50:27.0012 3020        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
07:50:27.0043 3020        sfloppy - ok
07:50:27.0106 3020        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
07:50:27.0122 3020        sisagp - ok
07:50:27.0168 3020        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:50:27.0184 3020        SiSRaid2 - ok
07:50:27.0215 3020        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
07:50:27.0215 3020        SiSRaid4 - ok
07:50:27.0262 3020        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
07:50:27.0309 3020        Smb - ok
07:50:27.0387 3020        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
07:50:27.0403 3020        spldr - ok
07:50:27.0481 3020        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
07:50:27.0528 3020        srv - ok
07:50:27.0590 3020        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
07:50:27.0637 3020        srv2 - ok
07:50:27.0668 3020        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
07:50:27.0684 3020        srvnet - ok
07:50:27.0778 3020        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
07:50:27.0793 3020        stexstor - ok
07:50:27.0840 3020        StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
07:50:27.0872 3020        StillCam - ok
07:50:27.0934 3020        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
07:50:27.0950 3020        storflt - ok
07:50:27.0981 3020        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
07:50:28.0012 3020        storvsc - ok
07:50:28.0059 3020        SWDUMon        (e170114e6262b1d019f85669179a9982) C:\Windows\system32\DRIVERS\SWDUMon.sys
07:50:28.0075 3020        SWDUMon - ok
07:50:28.0106 3020        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
07:50:28.0122 3020        swenum - ok
07:50:28.0153 3020        Synth3dVsc - ok
07:50:28.0278 3020        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
07:50:28.0325 3020        Tcpip - ok
07:50:28.0403 3020        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
07:50:28.0434 3020        TCPIP6 - ok
07:50:28.0497 3020        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
07:50:28.0543 3020        tcpipreg - ok
07:50:28.0606 3020        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
07:50:28.0637 3020        TDPIPE - ok
07:50:28.0668 3020        TDTCP          (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
07:50:28.0715 3020        TDTCP - ok
07:50:28.0778 3020        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
07:50:28.0825 3020        tdx - ok
07:50:28.0918 3020        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
07:50:28.0934 3020        TermDD - ok
07:50:29.0012 3020        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:50:29.0059 3020        tssecsrv - ok
07:50:29.0106 3020        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
07:50:29.0153 3020        TsUsbFlt - ok
07:50:29.0194 3020        tsusbhub - ok
07:50:29.0257 3020        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
07:50:29.0289 3020        tunnel - ok
07:50:29.0335 3020        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
07:50:29.0351 3020        uagp35 - ok
07:50:29.0414 3020        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
07:50:29.0460 3020        udfs - ok
07:50:29.0523 3020        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
07:50:29.0554 3020        uliagpkx - ok
07:50:29.0601 3020        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
07:50:29.0617 3020        umbus - ok
07:50:29.0664 3020        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
07:50:29.0695 3020        UmPass - ok
07:50:29.0742 3020        upperdev - ok
07:50:29.0789 3020        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
07:50:29.0804 3020        USBAAPL - ok
07:50:29.0851 3020        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
07:50:29.0898 3020        usbaudio - ok
07:50:29.0945 3020        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
07:50:29.0976 3020        usbccgp - ok
07:50:30.0054 3020        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
07:50:30.0070 3020        usbcir - ok
07:50:30.0132 3020        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
07:50:30.0196 3020        usbehci - ok
07:50:30.0243 3020        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
07:50:30.0274 3020        usbhub - ok
07:50:30.0321 3020        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
07:50:30.0352 3020        usbohci - ok
07:50:30.0399 3020        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
07:50:30.0430 3020        usbprint - ok
07:50:30.0477 3020        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
07:50:30.0508 3020        usbscan - ok
07:50:30.0571 3020        usbser          (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
07:50:30.0618 3020        usbser - ok
07:50:30.0665 3020        UsbserFilt - ok
07:50:30.0696 3020        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:50:30.0711 3020        USBSTOR - ok
07:50:30.0758 3020        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
07:50:30.0774 3020        usbuhci - ok
07:50:30.0836 3020        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
07:50:30.0852 3020        vdrvroot - ok
07:50:30.0899 3020        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
07:50:30.0930 3020        vga - ok
07:50:30.0977 3020        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
07:50:31.0008 3020        VgaSave - ok
07:50:31.0040 3020        VGPU - ok
07:50:31.0071 3020        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
07:50:31.0086 3020        vhdmp - ok
07:50:31.0133 3020        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
07:50:31.0149 3020        viaagp - ok
07:50:31.0180 3020        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
07:50:31.0228 3020        ViaC7 - ok
07:50:31.0275 3020        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
07:50:31.0291 3020        viaide - ok
07:50:31.0322 3020        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
07:50:31.0337 3020        vmbus - ok
07:50:31.0384 3020        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
07:50:31.0416 3020        VMBusHID - ok
07:50:31.0462 3020        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
07:50:31.0478 3020        volmgr - ok
07:50:31.0525 3020        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
07:50:31.0541 3020        volmgrx - ok
07:50:31.0587 3020        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
07:50:31.0603 3020        volsnap - ok
07:50:31.0650 3020        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
07:50:31.0666 3020        vsmraid - ok
07:50:31.0712 3020        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
07:50:31.0744 3020        vwifibus - ok
07:50:31.0822 3020        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
07:50:31.0884 3020        WacomPen - ok
07:50:31.0978 3020        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:32.0025 3020        WANARP - ok
07:50:32.0041 3020        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:32.0072 3020        Wanarpv6 - ok
07:50:32.0181 3020        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
07:50:32.0212 3020        Wd - ok
07:50:32.0291 3020        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:50:32.0306 3020        Wdf01000 - ok
07:50:32.0431 3020        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
07:50:32.0478 3020        WfpLwf - ok
07:50:32.0525 3020        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
07:50:32.0541 3020        WIMMount - ok
07:50:32.0681 3020        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.sys
07:50:32.0712 3020        WinUsb - ok
07:50:32.0775 3020        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
07:50:32.0775 3020        WmiAcpi - ok
07:50:32.0869 3020        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
07:50:32.0931 3020        ws2ifsl - ok
07:50:33.0009 3020        WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
07:50:33.0041 3020        WSDPrintDevice - ok
07:50:33.0134 3020        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
07:50:33.0166 3020        WudfPf - ok
07:50:33.0197 3020        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:50:33.0251 3020        WUDFRd - ok
07:50:33.0325 3020        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:50:33.0387 3020        \Device\Harddisk0\DR0 - ok
07:50:33.0434 3020        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
07:50:33.0528 3020        \Device\Harddisk1\DR1 - ok
07:50:33.0543 3020        Boot (0x1200)  (a11cfed18139b59dc341dc9544783ffa) \Device\Harddisk0\DR0\Partition0
07:50:33.0543 3020        \Device\Harddisk0\DR0\Partition0 - ok
07:50:33.0575 3020        Boot (0x1200)  (a53a1d4a951a27cecd5ba0d91bf45654) \Device\Harddisk0\DR0\Partition1
07:50:33.0575 3020        \Device\Harddisk0\DR0\Partition1 - ok
07:50:33.0606 3020        Boot (0x1200)  (89aeecf08a7900763fa0aa26da4de842) \Device\Harddisk0\DR0\Partition2
07:50:33.0606 3020        \Device\Harddisk0\DR0\Partition2 - ok
07:50:33.0637 3020        Boot (0x1200)  (92d6dda1262f58b1afe315b4ac1768b3) \Device\Harddisk1\DR1\Partition0
07:50:33.0653 3020        \Device\Harddisk1\DR1\Partition0 - ok
07:50:33.0653 3020        ============================================================
07:50:33.0653 3020        Scan finished
07:50:33.0653 3020        ============================================================
07:50:33.0684 5388        Detected object count: 3
07:50:33.0684 5388        Actual detected object count: 3
07:50:56.0209 5388        avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:56.0209 5388        avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:56.0225 5388        FireDTV_DVBS2 ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:56.0225 5388        FireDTV_DVBS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:56.0225 5388        NinjaUSB ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:56.0225 5388        NinjaUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vielen Dank.
Beste Grüße
Heiko

villakarow 08.02.2012 07:40
Hallo Arne,

wollte mal nachfragen wie es weitergeht.

Außerdem hatte ich heute wieder einen Blue Screen mit dem Fehlerhinweis
"Bad Pool Header".

Bin ratlos.

Vielen Dank.
Heiko

cosinus 08.02.2012 11:36
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

villakarow 08.02.2012 18:14
Alles gemacht.

[code]
Combofix Logfile:
Code:
ComboFix 12-02-08.01 - Heiko 08.02.2012  17:52:19.1.1 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3071.1770 [GMT 1:00]
ausgeführt von:: c:\users\Heiko\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml9C51.tmp
c:\programdata\xml9DB9.tmp
c:\programdata\xml9E56.tmp
c:\users\Heiko\4.0
c:\windows\system32\smtp.ocx
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-08 bis 2012-02-08  ))))))))))))))))))))))))))))))
.
.
2012-02-08 17:06 . 2012-02-08 17:06        --------        d-----w-        c:\users\Heiko\AppData\Local\temp
2012-02-08 17:06 . 2012-02-08 17:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-08 16:52 . 2012-02-08 16:52        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E7B155-99E8-4D41-93EB-4B8CB1736958}\offreg.dll
2012-02-07 20:11 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E7B155-99E8-4D41-93EB-4B8CB1736958}\mpengine.dll
2012-02-04 17:18 . 2012-02-04 17:18        --------        d-----w-        c:\program files\watchmi
2012-02-04 17:18 . 2012-02-04 17:18        --------        d-----w-        c:\programdata\TvdPersonal
2012-01-31 09:19 . 2012-01-31 09:19        --------        d-----w-        C:\_OTL
2012-01-29 11:49 . 2012-01-29 11:53        --------        d-----w-        c:\users\Heiko\AppData\Roaming\gsmartcontrol
2012-01-29 11:34 . 2012-01-29 14:08        --------        d-----w-        c:\program files\TuneUpMedia
2012-01-29 11:33 . 2012-01-29 14:08        --------        d-----w-        c:\programdata\TuneUpMedia
2012-01-29 11:32 . 2012-01-29 11:32        --------        d-----w-        c:\users\Heiko\AppData\Roaming\OpenCandy
2012-01-28 15:37 . 2012-01-28 15:37        --------        d-----w-        c:\program files\ESET
2012-01-28 12:05 . 2012-01-28 12:05        --------        d-----w-        c:\users\Heiko\AppData\Roaming\Malwarebytes
2012-01-28 12:05 . 2012-01-28 12:05        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-28 12:05 . 2012-01-28 12:05        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-01-28 12:05 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-19 22:35 . 2012-01-19 22:35        --------        d-----w-        c:\program files\iPod
2012-01-19 22:35 . 2012-01-29 11:34        --------        d-----w-        c:\program files\iTunes
2012-01-16 13:31 . 2012-01-16 13:31        --------        d-----w-        c:\program files\SonicWALL
2012-01-15 18:40 . 2012-01-16 13:42        --------        d-----w-        c:\program files\ProgDVB
2012-01-15 17:14 . 2012-01-15 17:14        --------        d-----w-        c:\programdata\HP Product Assistant
2012-01-15 17:11 . 2012-01-15 17:11        --------        d-----w-        c:\program files\Common Files\HP
2012-01-15 17:09 . 2009-10-16 05:55        271704        ----a-w-        c:\windows\system32\hpzids01.dll
2012-01-15 16:18 . 2011-11-17 05:41        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-01-15 16:18 . 2011-11-17 05:34        224768        ----a-w-        c:\windows\system32\schannel.dll
2012-01-15 16:18 . 2011-11-17 05:41        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-01-15 16:18 . 2011-11-17 05:39        369352        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-01-15 16:18 . 2011-11-17 05:35        314880        ----a-w-        c:\windows\system32\webio.dll
2012-01-15 16:18 . 2011-11-17 05:32        1038848        ----a-w-        c:\windows\system32\lsasrv.dll
2012-01-15 16:18 . 2011-11-17 05:29        22528        ----a-w-        c:\windows\system32\lsass.exe
2012-01-15 16:18 . 2011-11-17 05:34        15872        ----a-w-        c:\windows\system32\sspisrv.dll
2012-01-15 16:18 . 2011-11-17 05:34        100352        ----a-w-        c:\windows\system32\sspicli.dll
2012-01-15 16:18 . 2011-11-17 05:34        22016        ----a-w-        c:\windows\system32\secur32.dll
2012-01-14 11:35 . 2012-01-14 11:35        --------        d-----w-        c:\program files\MediaInfo
2012-01-13 21:08 . 2011-11-17 05:38        1288472        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-13 21:08 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\system32\quartz.dll
2012-01-13 21:08 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-13 20:58 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\system32\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-12-27 11:58        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-19 11:15 . 2010-01-22 23:25        3537752        ----a-w-        c:\windows\RXSUnins.exe
2012-01-19 11:15 . 2010-01-22 23:25        3537752        ----a-w-        c:\windows\RXCUnins.exe
2012-01-15 23:30 . 2010-05-19 20:38        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-08 17:37 . 2012-01-01 14:45        29480        ----a-w-        c:\windows\system32\msxml3a.dll
2012-01-08 17:37 . 2009-12-27 11:37        505128        ----a-w-        c:\windows\system32\msvcp71.dll
2012-01-08 17:37 . 2009-12-27 11:37        353576        ----a-w-        c:\windows\system32\msvcr71.dll
2012-01-01 14:53 . 2012-01-01 14:51        16384        ----a-w-        c:\windows\system32\lgfwunis.exe
2011-12-29 10:49 . 2011-12-29 10:50        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-28 18:01 . 2010-12-14 10:33        41184        ----a-w-        c:\windows\avastSS.scr
2011-11-28 18:01 . 2009-12-27 11:37        199816        ----a-w-        c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-05-28 16:25        435032        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2009-12-27 11:37        314456        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2009-12-27 11:37        34392        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2009-12-27 11:37        52952        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2009-12-27 11:37        55128        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2009-12-27 11:37        20568        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-11-26 15:07 . 2010-05-11 11:05        1092400        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-24 04:25 . 2011-12-15 20:31        2342912        ----a-w-        c:\windows\system32\win32k.sys
2011-11-21 21:24 . 2011-05-19 21:00        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-01 22:38 . 2011-11-15 22:57        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01        122512        ----a-w-        c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2012-01-18 2057048]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"CLMLServer"="g:\program files\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"RemoteControl9"="g:\program files\PowerDVD9\PDVD9Serv.exe" [2010-08-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]
"LGODDFU"="g:\program files\fwupdate.exe" [2012-01-01 557056]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-06-22 1103744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
watchmi tray.lnk - c:\windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_STARTUP_F1540F35F9254DF584F2487D88448402.exe [2012-2-4 300928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iTunes.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk
backup=c:\windows\pss\iTunes.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0 HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.0 HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
2009-11-11 14:17        771360        ----a-w-        c:\program files\AirPort\APAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 00:52        59240        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41        49208        ----a-w-        c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2010-04-22 12:10        2363392        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2009-02-25 13:40        218408        ------w-        g:\program files\MediaShow4\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-08-06 18:03        155648        ----a-w-        c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-02 20:42        198160        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-19 21:16        222504        ------w-        g:\program files\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2009-05-19 21:16        222504        ------w-        g:\program files\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2008-12-03 21:15        218408        ------w-        g:\program files\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2010-06-02 12:54        222504        ------w-        g:\program files\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe
.
R2 CLKMSVC10_E1A16B3C;CyberLink Product - 2012/01/08 18:39;g:\program files\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 watchmi;watchmi service;c:\program files\watchmi\TvdService.exe [2012-01-31 70144]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-26 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
R3 NinjaUSB;Freecom Turbo USB 2.0;c:\windows\system32\drivers\NinjaUSB.sys [2010-02-11 24704]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-08-07 12984]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [x]
R4 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;g:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2012-01-26 3665752]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2345848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
S3 FireDTV_DVBS2;DVBS2 Service;c:\windows\system32\DRIVERS\FireDTV_BDA_DVBS2.sys [2009-07-21 35712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2009-10-21 22600]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2011-09-07 59776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_E1A16B3C
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 12:09        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mysap.com\tcs
Trusted Zone: sap-ag.de\*
Trusted Zone: sapbydesign.com\my020656
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\lfn93vsx.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVMWlanClient - c:\program files\avmwlanstick\FRITZWLANMini.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-iTunesHelper - d:\itunes\iTunesHelper.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-08  18:11:07
ComboFix-quarantined-files.txt  2012-02-08 17:11
.
Vor Suchlauf: 14 Verzeichnis(se), 64.999.129.088 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 64.950.505.472 Bytes frei
.
- - End Of File - - 03D14EFE6662AC7F5C0E23A6E1455622

Vielen Dank
Heiko

cosinus 09.02.2012 11:31
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:01 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19