Trojaner-Board - Gema Trojaner & Windows Security Center Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Gema Trojaner & Windows Security Center Trojaner (https://www.trojaner-board.de/111532-gema-trojaner-windows-security-center-trojaner.html)

Gema Trojaner & Windows Security Center Trojaner

Halloan alle,
ich habe diese 2 blöden Trojaner auf meinem Computer.
Habe den Computer im Abgesicherten Modus gestartet,sogar da geht der Gema Trojaner auf läßt sich aber über den Task-Manager schließen.
Habe schon ein wenig hier im Forum gelesen und mir Malwarebytes runtergeladen und laufen lassen.Ich kenne mich nicht mit den ganzen Programmier Sachen aus und wäre dankbar wenn mir bitte jemand helfen könnte meinen Pc wieder in gang zu bringen.Was soll ich nun tun:heilig:
mfg mobo6new

Zitat:

Habe schon ein wenig hier im Forum gelesen und mir Malwarebytes runtergeladen und laufen lassen.

Log davon posten, alle. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Ist das Richtig?

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.14.07
 

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 8.0.6001.18702

Mone :: PUPPSIE [Administrator]
 

Schutz: Deaktiviert
 

15.03.2012 00:37:24

mbam-log-2012-03-15 (00-37-24).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 307144

Laufzeit: 2 Stunde(n), 19 Minute(n), 45 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.RansomP.Gen) -> Daten: C:\DOKUME~1\Mone\LOKALE~1\Temp\mor.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 1

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Temp\mor.exe (Trojan.RansomP.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Anscheinend sind die Trojaner weg der Computer läuft wieder normal!
Grüße

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.17.04
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Mone :: PUPPSIE [Administrator]
 

Schutz: Aktiviert
 

17.03.2012 20:22:31

mbam-log-2012-03-17 (20-22-31).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 214030

Laufzeit: 36 Minute(n), 12 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,) Gut: (userinit.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 1

C:\WINDOWS\system32\xmldm (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 3

C:\WINDOWS\system32\loaupdt.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\WINDOWS\system32\AcroIEHelpe.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

mehr hab ich nicht.
Danke für die schnelle reaktion

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ff5e106faaf488409abf6436da345433

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-20 01:08:08

# local_time=2012-03-20 02:08:08 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777191 100 0 14731 14731 0 0

# compatibility_mode=8192 67108863 100 0 4529 4529 0 0

# scanned=179896

# found=5

# cleaned=0

# scan_time=16541

C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54\1e297eb6-6a447853        Java/Exploit.Blacole.AN trojan (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\Cache(2)\0EF082BDd01        HTML/Iframe.B.Gen virus (unable to clean)        00000000000000000000000000000000        I

C:\WINDOWS\system32\10017\components\AcroFF.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I

H:\Sicherung festplatte alterPC\Mone\Anwendungsdaten\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

J:\$RECYCLE.BIN\S-1-5-21-3261699862-2530787969-3527148967-1001\$RJ3RHPM\Office 2010 x64 GER.iso        Win32/HackKMS.A application (unable to clean)        00000000000000000000000000000000

Habe alles erledigt,was ist der nächste schritt?
Bin wirklich dankbar für die hilfe.
Grüße

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 21.03.2012 00:50:28 - Run 1

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\Mone\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,20% Memory free

3,84 Gb Paging File | 3,17 Gb Available in Paging File | 82,58% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 74,52 Gb Total Space | 37,02 Gb Free Space | 49,68% Space Free | Partition Type: NTFS

Drive E: | 149,05 Gb Total Space | 104,68 Gb Free Space | 70,23% Space Free | Partition Type: NTFS

Drive G: | 7,38 Gb Total Space | 5,91 Gb Free Space | 80,10% Space Free | Partition Type: FAT32

Drive H: | 465,75 Gb Total Space | 83,10 Gb Free Space | 17,84% Space Free | Partition Type: NTFS

Drive J: | 1397,26 Gb Total Space | 155,19 Gb Free Space | 11,11% Space Free | Partition Type: NTFS

 

Computer Name: PUPPSIE | User Name: Mone | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.20 20:41:23 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mone\Desktop\OTL.exe

PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

PRC - [2011.06.09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010.05.07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2010.05.07 17:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.31 08:56:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

MOD - [2010.05.07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2010.05.07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2010.05.07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2010.05.07 17:36:20 | 000,921,944 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll

MOD - [2010.05.07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2010.05.07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010.05.07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\MpEngineStore\MpKsl1f947b4b.sys -- (MpKsl1f947b4b)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aybzhhsl)

DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.10.29 23:09:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2010.07.27 09:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2010.07.27 09:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)

DRV - [2010.07.27 09:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2010.07.27 09:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2010.05.07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2010.04.28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2010.04.06 17:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009.11.18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009.11.18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.06.29 12:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009.04.06 08:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2009.04.06 08:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

DRV - [2009.03.25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)

DRV - [2009.03.25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)

DRV - [2009.03.25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)

DRV - [2009.03.25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)

DRV - [2009.03.25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)

DRV - [2009.03.25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)

DRV - [2009.03.25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)

DRV - [2007.04.24 10:33:46 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)

DRV - [2007.04.24 10:33:46 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex)

DRV - [2007.04.24 10:33:44 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm)

DRV - [2007.04.24 10:33:42 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl)

DRV - [2007.04.24 10:33:34 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)

DRV - [2007.04.23 14:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)

DRV - [2007.04.23 14:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)

DRV - [2007.04.23 14:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)

DRV - [2007.04.23 14:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)

DRV - [2007.04.23 14:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\URLSearchHook: {6778613D-616B-4A6C-9856-65DE943CF424} - No CLSID value found

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{4ED572E1-A188-4C35-A43F-C24B08E847BC}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "https://www.payback.de/pb/id/105532/?s_ixcid=11_300_102#"

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107

FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.7

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.9

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145

FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.3

FF - prefs.js..extensions.enabledItems: {38fc2fbc-9500-46e7-8bc5-b128acd9e143}:1.5.0

FF - prefs.js..extensions.enabledItems: {31ea9703-204e-4307-8815-e9a3e087b91a}:1.4.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: {ebD9e131-818f-4298-bb90-5acac9e21ab8}:3.0.3

FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.2.4

FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.8

FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.4

FF - prefs.js..keyword.URL: "hxxp://rs.mediapimp.com/s/?src=addrbar&browser=ff&category=web&partner_id=229&toolbar_id=3&toolbar_version=8.0&q="

FF - prefs.js..network.proxy.type: 4

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.14 13:29:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 23:23:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012.03.17 09:33:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.18 10:27:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.12 15:23:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017 [2012.03.17 09:33:35 | 000,000,000 | ---D | M]

 

[2010.04.21 11:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Extensions

[2012.03.20 20:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions

[2011.12.09 17:34:34 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2012.03.16 08:52:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010.06.01 10:36:51 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}

[2010.05.29 22:23:17 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}(2)

[2012.03.04 18:35:37 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011.10.25 23:50:33 | 000,000,000 | ---D | M] (eBay Worldwide) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{ebD9e131-818f-4298-bb90-5acac9e21ab8}

[2010.05.29 15:39:14 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}(2)

[2011.12.11 00:38:58 | 000,000,000 | ---D | M] (Myibidder (Myibay) Bid Sniper for eBay) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\firefox1@myibay.com

[2011.04.14 14:44:16 | 000,000,000 | ---D | M] (Personas) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\extensions\personas@christopher.beard

[2012.01.13 09:58:56 | 000,001,666 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\searchplugins\mp3-downloads.xml

[2010.06.07 22:30:32 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\searchplugins\youtube-videosuche.xml

[2012.01.13 21:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.05.29 22:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{31EA9703-204E-4307-8815-E9A3E087B91A}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{38FC2FBC-9500-46E7-8BC5-B128ACD9E143}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{BA2430E0-5B72-4CAC-BC9E-7D1AACA75D3D}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\DEVELOPMENT@BIDBAG.DE.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MONE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VHMJP5A6.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI

[2011.12.16 23:23:27 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2010.06.06 22:20:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010.05.29 22:18:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012.03.17 09:33:35 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\10017

[2012.03.18 10:27:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.01.15 15:11:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.15 15:11:43 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.01.15 15:11:43 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.15 15:11:43 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.15 15:11:43 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.15 15:11:43 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

 

O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DelReg] C:\Programme\MSI\DualCoreCenter\DelReg.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" File not found

O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide File not found

O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271845369968 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54413FD6-6A38-41A8-A065-532A8E2DEA4B}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-527237240-1580818891-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.04.21 11:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.12.14 10:59:44 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]

O32 - AutoRun File - [2009.04.27 10:19:02 | 000,000,274 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell - "" = AutoRun

O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta

O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell - "" = AutoRun

O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm -  File not found

SafeBootNet: nm.sys -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.20 20:41:21 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mone\Desktop\OTL.exe

[2012.03.19 21:16:58 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.03.19 18:35:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Avira

[2012.03.19 18:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira

[2012.03.19 18:27:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2012.03.19 18:27:35 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2012.03.19 18:27:35 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2012.03.19 18:27:35 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2012.03.19 18:26:56 | 000,000,000 | ---D | C] -- C:\Programme\Avira

[2012.03.19 18:26:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira

[2012.03.17 10:04:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs

[2012.03.17 09:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10017

[2012.03.17 09:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock

[2012.03.15 00:04:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Malwarebytes

[2012.03.15 00:04:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.03.15 00:04:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.03.15 00:04:16 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.03.15 00:04:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.03.08 02:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva

[2012.03.08 02:19:09 | 000,000,000 | ---D | C] -- C:\Programme\Recuva

[2012.03.05 22:36:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema

[2012.03.05 22:36:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema

[2012.03.02 23:15:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\FormatFactory

[2012.02.29 16:42:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Startmenü\Programme\PhotoZoom Pro 4

[2012.02.29 16:42:25 | 000,000,000 | ---D | C] -- C:\Programme\PhotoZoom Pro 4

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.21 01:46:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.21 00:48:38 | 000,183,789 | -H-- | M] () -- C:\treeinfo.wc

[2012.03.20 20:41:23 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mone\Desktop\OTL.exe

[2012.03.20 02:46:01 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.19 21:15:47 | 002,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Desktop\esetsmartinstaller_enu.exe

[2012.03.19 18:29:01 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk

[2012.03.19 17:58:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.19 17:56:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.18 23:08:06 | 087,227,952 | ---- | M] () -- C:\avira_free_antivirus_de1200898.exe

[2012.03.18 23:05:01 | 012,038,144 | ---- | M] () -- C:\Ad-Aware_9.6_Install.exe

[2012.03.18 08:32:19 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.03.17 19:14:04 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat

[2012.03.17 19:11:04 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res

[2012.03.15 18:54:38 | 000,000,210 | -HS- | M] () -- C:\boot.ini

[2012.03.15 10:32:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.03.15 00:31:16 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.14 22:06:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.03.14 16:05:59 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.03.14 16:05:59 | 000,450,642 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.03.14 16:05:59 | 000,099,896 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.03.14 16:05:59 | 000,075,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.03.09 21:51:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2012.03.09 21:51:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2012.03.08 02:19:14 | 000,001,476 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Recuva.lnk

[2012.03.08 02:14:17 | 000,044,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.05 20:33:23 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

[2012.03.02 23:22:20 | 000,002,469 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Desktop\Pop Art Studio 6.0.lnk

[2012.02.29 16:42:49 | 000,004,440 | ---- | M] () -- C:\WINDOWS\jcqfhzm24.ini

[2012.02.29 16:42:39 | 000,000,740 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Desktop\PhotoZoom Pro 4.lnk

[2012.02.28 11:53:46 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.02.21 08:43:16 | 002,837,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012625.JPG

[2012.02.21 08:42:44 | 002,846,268 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012624.JPG

[2012.02.21 08:42:34 | 003,329,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012623.JPG

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.19 21:15:45 | 002,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Desktop\esetsmartinstaller_enu.exe

[2012.03.19 18:29:01 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk

[2012.03.18 23:07:14 | 087,227,952 | ---- | C] () -- C:\avira_free_antivirus_de1200898.exe

[2012.03.18 23:05:01 | 012,038,144 | ---- | C] () -- C:\Ad-Aware_9.6_Install.exe

[2012.03.17 19:14:04 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2012.03.17 09:33:17 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res

[2012.03.15 18:54:21 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk

[2012.03.15 00:04:25 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.08 02:19:14 | 000,001,476 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Recuva.lnk

[2012.02.29 16:42:49 | 000,004,440 | ---- | C] () -- C:\WINDOWS\jcqfhzm24.ini

[2012.02.29 16:42:38 | 000,000,740 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Desktop\PhotoZoom Pro 4.lnk

[2012.02.21 09:52:42 | 002,846,268 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012624.JPG

[2012.02.21 09:52:41 | 003,329,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012623.JPG

[2012.02.21 09:52:41 | 002,837,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Eigene Dateien\21022012625.JPG

[2012.02.15 11:38:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.04.14 13:14:24 | 000,197,308 | ---- | C] () -- C:\WINDOWS\hpwins27.dat

[2011.04.14 13:14:24 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat

[2011.03.29 22:37:22 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2011.02.24 20:43:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI

[2010.12.09 14:58:06 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI

[2010.11.14 13:06:13 | 000,044,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.10.15 12:30:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010.10.15 12:30:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010.10.15 12:29:50 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010.10.15 12:29:50 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010.07.27 09:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2010.07.27 09:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2010.07.27 09:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2010.05.18 21:32:58 | 000,000,117 | ---- | C] () -- C:\WINDOWS\Podcasts.INI

[2010.05.14 01:02:06 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010.05.07 17:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2010.05.07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2010.05.06 21:14:07 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat

[2010.05.03 12:58:42 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2010.04.27 20:55:19 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010.04.24 11:43:03 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010.04.23 19:00:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010.04.22 12:25:45 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2010.04.22 11:14:16 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010.04.21 11:57:33 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2010.04.21 11:54:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.04.21 11:53:04 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.04.21 11:29:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010.04.21 11:21:43 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll

[2010.04.21 11:17:31 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2010.04.21 11:05:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.04.21 11:00:20 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

 
 ========== LOP Check ==========

 

[2010.11.28 20:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astroburn Lite

[2011.04.14 14:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest

[2010.10.13 22:24:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus

[2011.10.11 09:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software

[2010.10.29 23:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2012.03.15 00:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema

[2010.05.29 22:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution

[2010.07.14 10:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca

[2011.06.22 20:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2010.11.17 12:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Age of Japan II

[2010.11.28 20:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Astroburn Lite

[2010.10.14 21:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Azureus

[2010.11.02 23:47:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DAEMON Tools Lite

[2011.12.17 10:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DDMSettings

[2012.01.13 11:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoft

[2012.01.13 11:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers

[2011.07.01 22:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Free MP3 WMA Cutter

[2011.06.20 08:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\FreeFLVConverter

[2012.03.15 00:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema

[2012.01.13 22:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\GHISLER

[2011.12.04 23:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gtk-2.0

[2010.04.24 11:44:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Leadertech

[2012.02.29 22:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\MyPhoneExplorer

[2010.06.11 16:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH

[2010.05.29 22:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\QuickStoresToolbar

[2010.07.14 11:18:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony

[2010.07.14 11:12:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony Setup

[2010.07.14 10:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Teleca

[2010.05.31 11:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Uniblue

[2010.08.09 12:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Windows Desktop Search

[2010.08.20 11:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Windows Search

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.05.29 09:45:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Adobe

[2010.04.22 12:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\AdobeUM

[2010.11.17 12:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Age of Japan II

[2010.10.10 23:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Ahead

[2010.12.31 17:16:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Apple Computer

[2010.11.28 20:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Astroburn Lite

[2012.03.19 18:35:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Avira

[2010.10.14 21:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Azureus

[2010.11.02 23:47:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DAEMON Tools Lite

[2011.12.17 10:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DDMSettings

[2010.04.21 20:02:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DivX

[2012.02.21 22:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\dvdcss

[2012.01.13 11:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoft

[2012.01.13 11:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers

[2011.07.01 22:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Free MP3 WMA Cutter

[2011.06.20 08:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\FreeFLVConverter

[2012.03.15 00:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema

[2012.01.13 22:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\GHISLER

[2011.07.17 23:26:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Google

[2011.12.04 23:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gtk-2.0

[2010.04.22 10:48:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Help

[2011.04.14 15:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\HP

[2012.03.12 18:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\HPAppData

[2011.09.14 16:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\HpUpdate

[2010.04.21 11:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Identities

[2010.04.24 11:44:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Leadertech

[2010.04.21 12:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Macromedia

[2012.03.15 00:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Malwarebytes

[2012.01.26 19:22:21 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft

[2010.04.21 11:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla

[2012.02.29 22:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\MyPhoneExplorer

[2010.06.11 16:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH

[2010.05.29 22:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\QuickStoresToolbar

[2012.03.13 09:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Skype

[2011.08.26 07:04:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\skypePM

[2010.07.14 11:18:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony

[2010.07.14 10:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony Ericsson

[2010.07.14 11:12:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony Setup

[2010.06.06 22:19:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sun

[2010.07.14 10:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Teleca

[2010.07.09 11:20:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\U3

[2010.05.31 11:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Uniblue

[2012.02.21 22:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\vlc

[2010.08.09 12:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Windows Desktop Search

[2010.08.20 11:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Windows Search

[2010.04.22 11:24:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.10.14 20:58:55 | 009,038,776 | ---- | M] (Vuze Inc.) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Azureus\tmp\AZU3514820647951625853.tmp\Vuze_4.5.1.0a_win32.exe

[2010.10.19 10:14:31 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2011.09.07 20:48:25 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe

[2011.11.10 21:33:26 | 000,013,094 | R--- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{FA0980C9-F697-41EF-A279-DCDD7133C688}\_58925C2FF4B65C0526B8E1.exe

[2011.11.10 21:33:26 | 000,013,094 | R--- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{FA0980C9-F697-41EF-A279-DCDD7133C688}\_6FEFF9B68218417F98F549.exe

[2011.11.10 21:33:26 | 000,013,094 | R--- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Microsoft\Installer\{FA0980C9-F697-41EF-A279-DCDD7133C688}\_D3EFA49C5227650FA0722B.exe

[2012.03.20 20:41:12 | 000,158,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\FlashGot.exe

[2010.11.17 19:04:13 | 012,500,632 | ---- | M] (                                                            ) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH\phonostar-Player\update.exe

[1 C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH\phonostar-Player\*.tmp files -> C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\phonostar GmbH\phonostar-Player\*.tmp -> ]

[2010.05.06 21:43:19 | 000,704,248 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\QuickStoresToolbar\unins000.exe

[2010.03.03 14:00:50 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\QuickStoresToolbar\Update.exe

[2010.07.14 11:13:12 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe

[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\U3\temp\cleanup.exe

[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2012.03.18 23:05:01 | 012,038,144 | ---- | M] () -- C:\Ad-Aware_9.6_Install.exe

[2012.01.12 10:00:04 | 000,883,840 | ---- | M] () -- C:\Avira-DE-Cleaner.exe

[2012.03.18 23:08:06 | 087,227,952 | ---- | M] () -- C:\avira_free_antivirus_de1200898.exe

[2012.01.13 11:01:17 | 066,566,416 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\FreeStudio.exe

[2012.01.13 10:57:53 | 019,850,888 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\FreeVideoToMP3Converter504.exe

[2012.01.05 10:38:33 | 004,629,040 | ---- | M] () -- C:\MyPhoneExplorer_Setup_1.8.2-uni.exe

[2001.05.24 11:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

 
 < MD5 for: AGP440.SYS  >

[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010.10.29 23:09:58 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

[2010.04.21 12:52:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2010.04.21 12:52:18 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2010.04.21 12:52:18 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA
 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL Extras logfile created on: 21.03.2012 00:50:28 - Run 1

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\Mone\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,20% Memory free

3,84 Gb Paging File | 3,17 Gb Available in Paging File | 82,58% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 74,52 Gb Total Space | 37,02 Gb Free Space | 49,68% Space Free | Partition Type: NTFS

Drive E: | 149,05 Gb Total Space | 104,68 Gb Free Space | 70,23% Space Free | Partition Type: NTFS

Drive G: | 7,38 Gb Total Space | 5,91 Gb Free Space | 80,10% Space Free | Partition Type: FAT32

Drive H: | 465,75 Gb Total Space | 83,10 Gb Free Space | 17,84% Space Free | Partition Type: NTFS

Drive J: | 1397,26 Gb Total Space | 155,19 Gb Free Space | 11,11% Space Free | Partition Type: NTFS

 

Computer Name: PUPPSIE | User Name: Mone | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus

"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers

"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data

"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA0980C9-F697-41EF-A279-DCDD7133C688}" = Pop Art Studio 6.0

"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Astroburn Lite" = Astroburn Lite

"Avira AntiVir Desktop" = Avira Free Antivirus

"DivX Setup" = DivX-Setup

"DualCoreCenter_is1" = DualCoreCenter

"FormatFactory" = FormatFactory 2.70

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free Audio Converter_is1" = Free Audio Converter version 2.0

"Free FLV Converter_is1" = Free FLV Converter V 6.98.0

"Free MP3 WMA Cutter_is1" = Free MP3 WMA Cutter 3.7.2.5

"Free Studio_is1" = Free Studio version 5.3.3

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.4.1228

"Free Video to Sony Phones Converter_is1" = Free Video to Sony Phones Converter version 5.0.2.1125

"Free YouTube Download_is1" = Free YouTube Download version 2.10.31

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"ie8" = Windows Internet Explorer 8

"IrfanView" = IrfanView (remove only)

"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Full)

"Liveupdate4_is1" = Liveupdate4

"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

"MPE" = MyPhoneExplorer

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition

"Nero BurnRights!UninstallKey" = Nero BurnRights (Ahead Software)

"NMPUninstallKey" = Ahead NeroMediaPlayer

"Picasa 3" = Picasa 3

"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0

"Recuva" = Recuva

"SCREEN2EXE_is1" = SCREEN2EXE 3.2 (build:2498)

"Shop for HP Supplies" = Shop for HP Supplies

"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer

"Totalcmd" = Total Commander (Remove or Repair)

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.10

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"PhotoZoom Pro 4" = BenVista PhotoZoom Pro 4.1.2

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 15.03.2012 14:37:37 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.61, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 15.03.2012 14:42:57 | Computer Name = PUPPSIE | Source = Windows Search Service | ID = 3013

Description = Eintrag <MAPI://{S-1-5-21-527237240-1580818891-839522115-1003}/PERSÖNLICHE

 ORDNER($10CDF5DA)/X/POSTEINGANG/????????????????????????> in der Hash-Zuordnung

 kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:

        Ein

 an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 

 

Error - 16.03.2012 04:42:33 | Computer Name = PUPPSIE | Source = Windows Search Service | ID = 3013

Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MONE\RECENT\STAFFEL 6.LNK>

 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex

 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

 

Error - 16.03.2012 04:42:33 | Computer Name = PUPPSIE | Source = Windows Search Service | ID = 3013

Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MONE\RECENT\STAFFEL 6.LNK>

 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex

 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

 

Error - 17.03.2012 18:23:44 | Computer Name = PUPPSIE | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung 0.9541032774843773h7i.exe, Version 5.0.2134.1,

 fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x008c9538.

 

Error - 17.03.2012 20:10:36 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung 24960-OTL.exe, Version 3.2.36.3, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 17.03.2012 21:02:02 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung 24960-OTL.exe, Version 3.2.36.3, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 17.03.2012 21:02:02 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung 24960-OTL.exe, Version 3.2.36.3, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 18.03.2012 18:23:53 | Computer Name = PUPPSIE | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung divx plus player.exe, Version 10.3.2.6, 

fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x04f35693.

 

Error - 20.03.2012 15:44:48 | Computer Name = PUPPSIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OTL.exe, Version 3.2.39.1, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 15.03.2012 05:46:46 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google

 Update-Dienst (gupdate).

 

Error - 15.03.2012 05:46:46 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 15.03.2012 06:26:40 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.

 

Error - 15.03.2012 06:26:40 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 17.03.2012 18:34:28 | Computer Name = PUPPSIE | Source = sptd | ID = 262148

Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für

  festgestellt.

 

Error - 17.03.2012 18:35:09 | Computer Name = PUPPSIE | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 17.03.2012 18:35:14 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   avgio  avipbb  Fips  intelppm  sptd  ssmdrv

 

Error - 17.03.2012 19:00:03 | Computer Name = PUPPSIE | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 19.03.2012 12:58:22 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.

 

Error - 19.03.2012 12:58:22 | Computer Name = PUPPSIE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\URLSearchHook: {6778613D-616B-4A6C-9856-65DE943CF424} - No CLSID value found

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{4ED572E1-A188-4C35-A43F-C24B08E847BC}: "URL" = http://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-527237240-1580818891-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}"

FF - prefs.js..keyword.URL: "http://rs.mediapimp.com/s/?src=addrbar&browser=ff&category=web&partner_id=229&toolbar_id=3&toolbar_version=8.0&q="

FF - prefs.js..network.proxy.type: 4

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2011.12.16 23:23:27 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2010.05.29 22:18:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [DelReg] C:\Programme\MSI\DualCoreCenter\DelReg.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" File not found

O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.04.21 11:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.12.14 10:59:44 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]

O32 - AutoRun File - [2009.04.27 10:19:02 | 000,000,274 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell - "" = AutoRun

O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta

O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell - "" = AutoRun

O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta

[2012.03.17 10:04:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs

[2012.03.17 09:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10017

[2012.03.17 09:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock

[2012.03.05 22:36:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema

[2012.03.05 22:36:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema

@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hallo habe alles so gemacht wie du geschrieben hast.
Das OTL mit kopiert und "FIX" gedrückt aber dann hat otl nur gesagt "wait untill killing" der Pc hat sich dann aufgehängt.Habe ihn dann neu gestartet alle programme im hintergtund geschlossen aber es passierte das selbe wieder.Habe ich doch was falsch gemacht?
mfg :headbang:

Wiederhol den Fix im abgesicherten Modus bitte

Code:

 All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry value HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6778613D-616B-4A6C-9856-65DE943CF424} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6778613D-616B-4A6C-9856-65DE943CF424}\ not found.

HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{4ED572E1-A188-4C35-A43F-C24B08E847BC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED572E1-A188-4C35-A43F-C24B08E847BC}\ not found.

Registry key HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.

Prefs.js: "Bing" removed from browser.search.defaultenginename

Prefs.js: "Bigpoint Games DE Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "hxxp://rs.mediapimp.com/s/?src=addrbar&browser=ff&category=web&partner_id=229&toolbar_id=3&toolbar_version=8.0&q=" removed from keyword.URL

Prefs.js: 4 removed from network.proxy.type

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.

C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.

C:\Programme\DivX\DivX OVS Helper\npovshelper.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.

C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll moved successfully.

C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content\images folder moved successfully.

C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content folder moved successfully.

C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome folder moved successfully.

C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 folder moved successfully.

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

File move failed. C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DelReg deleted successfully.

C:\Programme\MSI\DualCoreCenter\DelReg.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.

C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Lexmark X1100 Series deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogitechQuickCamRibbon deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

File  not found.

File G:\autorun.inf not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e27a215-f2c9-11e0-a2ca-4061867883b5}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7ed98d5-17f3-11e0-a286-4061867883b5}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta not found.

C:\WINDOWS\System32\UAs folder moved successfully.

C:\WINDOWS\System32\10017\components folder moved successfully.

C:\WINDOWS\System32\10017 folder moved successfully.

C:\WINDOWS\System32\kock folder moved successfully.

C:\Dokumente und Einstellungen\Mone\Anwendungsdaten\gema folder moved successfully.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema folder moved successfully.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 3411269 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 2766215 bytes

->Flash cache emptied: 321 bytes

 

User: Martin

 

User: Mone

->Temp folder emptied: 112017665774 bytes

->Temporary Internet Files folder emptied: 371388926 bytes

->Java cache emptied: 3983545 bytes

->FireFox cache emptied: 835660862 bytes

->Google Chrome cache emptied: 7709709 bytes

->Flash cache emptied: 92691316 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2502606 bytes

->Flash cache emptied: 2788 bytes

 

User: tayler

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2188044 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9797882 bytes

RecycleBin emptied: 4897663981 bytes

 

Total Files Cleaned = 112.770,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.1 log created on 03262012_173351
 

Files\Folders moved on Reboot...

C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll moved successfully.

File\Folder C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Temp\plugtmp-68\plugin-xml;sz=10x1;deliver=clipkit;pos=1;vpos=1;zz=10x1;u=pos=1,vpos=1,tile=2,zz=10x1,upc=EMI_5099973095651,r1=1,r3=1,d1=2,d15=0,v1=0,v2=0,d4=3,d8=2,d9=3,d10=1,d12=4,i2=4,i3=4,i12=4,i13=4,i21=3,i26=3,i28=4,i4 not found!

File\Folder C:\Dokumente und Einstellungen\Mone\Lokale Einstellungen\Temp\plugtmp-68\plugin-xml;sz=10x1;pos=1;vpos=1;zz=10x1;player=MTV;vtype=1;u=pos=1,vpos=1,tile=2,zz=10x1,upc=EMI_5099973095651,r1=1,r3=1,d1=2,d15=0,v1=0,v2=0,d4=3,d8=2,d9=3,d10=1,d12=4,i2=4,i3=4,i12=4,i13=4,i21=3,i26=3,i28=4 not found!
 

Registry entries deleted on Reboot...

Danke diesmal hat s gklappt!
Vielen vielen dank für sie schnelle hilfe!
mfg simone

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

 11:29:32.0437 3308        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

11:29:32.0500 3308        ============================================================

11:29:32.0500 3308        Current date / time: 2012/03/27 11:29:32.0500

11:29:32.0500 3308        SystemInfo:

11:29:32.0500 3308        

11:29:32.0500 3308        OS Version: 5.1.2600 ServicePack: 3.0

11:29:32.0500 3308        Product type: Workstation

11:29:32.0500 3308        ComputerName: PUPPSIE

11:29:32.0500 3308        UserName: Mone

11:29:32.0500 3308        Windows directory: C:\WINDOWS

11:29:32.0500 3308        System windows directory: C:\WINDOWS

11:29:32.0500 3308        Processor architecture: Intel x86

11:29:32.0500 3308        Number of processors: 2

11:29:32.0500 3308        Page size: 0x1000

11:29:32.0500 3308        Boot type: Normal boot

11:29:32.0500 3308        ============================================================

11:29:35.0171 3308        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:29:35.0171 3308        Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:29:35.0187 3308        Drive \Device\Harddisk2\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:29:35.0203 3308        \Device\Harddisk0\DR0:

11:29:35.0203 3308        MBR used

11:29:35.0203 3308        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

11:29:35.0203 3308        \Device\Harddisk1\DR2:

11:29:35.0203 3308        MBR used

11:29:35.0203 3308        \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41

11:29:35.0203 3308        \Device\Harddisk2\DR3:

11:29:35.0203 3308        MBR used

11:29:35.0203 3308        \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800

11:29:35.0828 3308        Initialize success

11:29:35.0828 3308        ============================================================

11:29:37.0687 3368        ============================================================

11:29:37.0687 3368        Scan started

11:29:37.0687 3368        Mode: Manual; 

11:29:37.0687 3368        ============================================================

11:29:39.0328 3368        Abiosdsk - ok

11:29:39.0859 3368        abp480n5 - ok

11:29:40.0468 3368        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:29:40.0484 3368        ACPI - ok

11:29:40.0890 3368        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:29:40.0890 3368        ACPIEC - ok

11:29:41.0265 3368        adpu160m - ok

11:29:41.0718 3368        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:29:41.0781 3368        aec - ok

11:29:42.0234 3368        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:29:42.0296 3368        AFD - ok

11:29:42.0687 3368        Aha154x - ok

11:29:43.0078 3368        aic78u2 - ok

11:29:43.0453 3368        aic78xx - ok

11:29:43.0812 3368        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

11:29:43.0828 3368        Alerter - ok

11:29:44.0203 3368        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

11:29:44.0203 3368        ALG - ok

11:29:44.0593 3368        AliIde - ok

11:29:45.0703 3368        Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

11:29:46.0437 3368        Ambfilt - ok

11:29:46.0875 3368        amsint - ok

11:29:47.0046 3368        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe

11:29:47.0046 3368        AntiVirSchedulerService - ok

11:29:47.0218 3368        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe

11:29:47.0234 3368        AntiVirService - ok

11:29:47.0359 3368        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:29:47.0375 3368        Apple Mobile Device - ok

11:29:47.0765 3368        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

11:29:47.0843 3368        AppMgmt - ok

11:29:48.0203 3368        asc - ok

11:29:48.0562 3368        asc3350p - ok

11:29:48.0921 3368        asc3550 - ok

11:29:49.0171 3368        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

11:29:49.0250 3368        aspnet_state - ok

11:29:49.0656 3368        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:29:49.0671 3368        AsyncMac - ok

11:29:50.0093 3368        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:29:50.0093 3368        atapi - ok

11:29:50.0468 3368        Atdisk - ok

11:29:50.0906 3368        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:29:50.0937 3368        Atmarpc - ok

11:29:51.0703 3368        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

11:29:51.0703 3368        AudioSrv - ok

11:29:52.0312 3368        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:29:52.0312 3368        audstub - ok

11:29:52.0765 3368        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

11:29:52.0765 3368        avgntflt - ok

11:29:53.0218 3368        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

11:29:53.0218 3368        avipbb - ok

11:29:53.0640 3368        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

11:29:53.0640 3368        avkmgr - ok

11:29:54.0062 3368        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:29:54.0062 3368        Beep - ok

11:29:54.0578 3368        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

11:29:54.0906 3368        BITS - ok

11:29:55.0187 3368        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe

11:29:55.0203 3368        Bonjour Service - ok

11:29:55.0625 3368        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

11:29:55.0640 3368        Browser - ok

11:29:56.0078 3368        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:29:56.0078 3368        cbidf2k - ok

11:29:56.0515 3368        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:29:56.0515 3368        CCDECODE - ok

11:29:56.0921 3368        cd20xrnt - ok

11:29:57.0343 3368        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:29:57.0359 3368        Cdaudio - ok

11:29:57.0812 3368        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:29:57.0843 3368        Cdfs - ok

11:29:58.0265 3368        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:29:58.0296 3368        Cdrom - ok

11:29:58.0687 3368        Changer - ok

11:29:59.0062 3368        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

11:29:59.0062 3368        CiSvc - ok

11:29:59.0468 3368        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

11:29:59.0484 3368        ClipSrv - ok

11:29:59.0765 3368        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:29:59.0875 3368        clr_optimization_v2.0.50727_32 - ok

11:30:00.0250 3368        CmdIde - ok

11:30:00.0593 3368        COMSysApp - ok

11:30:01.0000 3368        Cpqarray - ok

11:30:01.0390 3368        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

11:30:01.0390 3368        CryptSvc - ok

11:30:01.0765 3368        dac2w2k - ok

11:30:02.0125 3368        dac960nt - ok

11:30:02.0734 3368        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

11:30:02.0750 3368        DcomLaunch - ok

11:30:03.0234 3368        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

11:30:03.0234 3368        Dhcp - ok

11:30:03.0671 3368        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:30:03.0687 3368        Disk - ok

11:30:04.0031 3368        dmadmin - ok

11:30:04.0765 3368        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

11:30:05.0093 3368        dmboot - ok

11:30:05.0593 3368        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

11:30:05.0656 3368        dmio - ok

11:30:06.0093 3368        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:30:06.0109 3368        dmload - ok

11:30:06.0484 3368        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

11:30:06.0484 3368        dmserver - ok

11:30:06.0921 3368        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:30:06.0937 3368        DMusic - ok

11:30:07.0343 3368        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

11:30:07.0343 3368        Dnscache - ok

11:30:07.0750 3368        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

11:30:07.0812 3368        Dot3svc - ok

11:30:08.0218 3368        dpti2o - ok

11:30:08.0640 3368        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:30:08.0640 3368        drmkaud - ok

11:30:09.0046 3368        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

11:30:09.0062 3368        EapHost - ok

11:30:09.0453 3368        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

11:30:09.0453 3368        ERSvc - ok

11:30:09.0890 3368        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

11:30:09.0906 3368        Eventlog - ok

11:30:10.0375 3368        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

11:30:10.0406 3368        EventSystem - ok

11:30:11.0000 3368        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:30:11.0078 3368        Fastfat - ok

11:30:11.0500 3368        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

11:30:11.0500 3368        FastUserSwitchingCompatibility - ok

11:30:11.0921 3368        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

11:30:11.0937 3368        Fdc - ok

11:30:12.0390 3368        FilterService   (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

11:30:12.0390 3368        FilterService - ok

11:30:12.0828 3368        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

11:30:12.0828 3368        Fips - ok

11:30:13.0234 3368        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

11:30:13.0250 3368        Flpydisk - ok

11:30:13.0718 3368        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:30:13.0781 3368        FltMgr - ok

11:30:14.0062 3368        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

11:30:14.0109 3368        FontCache3.0.0.0 - ok

11:30:14.0546 3368        fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

11:30:14.0546 3368        fssfltr - ok

11:30:15.0000 3368        fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe

11:30:15.0281 3368        fsssvc - ok

11:30:15.0718 3368        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:30:15.0718 3368        Fs_Rec - ok

11:30:16.0218 3368        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:30:16.0265 3368        Ftdisk - ok

11:30:16.0687 3368        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:30:16.0687 3368        GEARAspiWDM - ok

11:30:17.0093 3368        ggflt           (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys

11:30:17.0109 3368        ggflt - ok

11:30:17.0562 3368        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

11:30:17.0578 3368        ggsemc - ok

11:30:18.0000 3368        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:30:18.0015 3368        Gpc - ok

11:30:18.0187 3368        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

11:30:18.0187 3368        gupdate - ok

11:30:18.0281 3368        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

11:30:18.0281 3368        gupdatem - ok

11:30:18.0421 3368        gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

11:30:18.0484 3368        gusvc - ok

11:30:18.0968 3368        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:30:18.0968 3368        HDAudBus - ok

11:30:19.0171 3368        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:30:19.0171 3368        helpsvc - ok

11:30:19.0625 3368        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

11:30:19.0625 3368        HidServ - ok

11:30:20.0046 3368        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:30:20.0046 3368        hidusb - ok

11:30:20.0468 3368        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

11:30:20.0500 3368        hkmsvc - ok

11:30:20.0906 3368        hpn - ok

11:30:21.0156 3368        hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

11:30:21.0156 3368        hpqcxs08 - ok

11:30:21.0359 3368        hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

11:30:21.0359 3368        hpqddsvc - ok

11:30:21.0812 3368        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

11:30:21.0828 3368        HPZid412 - ok

11:30:22.0234 3368        HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

11:30:22.0250 3368        HPZipr12 - ok

11:30:22.0703 3368        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

11:30:22.0718 3368        HPZius12 - ok

11:30:23.0250 3368        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:30:23.0250 3368        HTTP - ok

11:30:23.0640 3368        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

11:30:23.0656 3368        HTTPFilter - ok

11:30:24.0031 3368        i2omgmt - ok

11:30:24.0421 3368        i2omp - ok

11:30:24.0843 3368        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:30:24.0875 3368        i8042prt - ok

11:30:27.0750 3368        ialm            (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

11:30:30.0156 3368        ialm - ok

11:30:30.0765 3368        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:30:31.0156 3368        idsvc - ok

11:30:31.0640 3368        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:30:31.0656 3368        Imapi - ok

11:30:32.0109 3368        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

11:30:32.0109 3368        ImapiService - ok

11:30:32.0500 3368        ini910u - ok

11:30:35.0312 3368        IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:30:35.0359 3368        IntcAzAudAddService - ok

11:30:35.0734 3368        IntelIde - ok

11:30:36.0125 3368        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:30:36.0125 3368        intelppm - ok

11:30:36.0562 3368        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:30:36.0578 3368        Ip6Fw - ok

11:30:37.0000 3368        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:30:37.0000 3368        IpFilterDriver - ok

11:30:37.0390 3368        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:30:37.0406 3368        IpInIp - ok

11:30:37.0875 3368        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:30:37.0875 3368        IpNat - ok

11:30:38.0281 3368        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe

11:30:38.0281 3368        iPod Service - ok

11:30:38.0750 3368        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:30:38.0781 3368        IPSec - ok

11:30:39.0218 3368        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:30:39.0218 3368        IRENUM - ok

11:30:39.0671 3368        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:30:39.0687 3368        isapnp - ok

11:30:39.0875 3368        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

11:30:39.0875 3368        JavaQuickStarterService - ok

11:30:40.0296 3368        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:30:40.0312 3368        Kbdclass - ok

11:30:40.0734 3368        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:30:40.0734 3368        kbdhid - ok

11:30:41.0218 3368        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:30:41.0218 3368        kmixer - ok

11:30:41.0703 3368        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:30:41.0734 3368        KSecDD - ok

11:30:42.0140 3368        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

11:30:42.0140 3368        lanmanserver - ok

11:30:42.0578 3368        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

11:30:42.0578 3368        lanmanworkstation - ok

11:30:42.0953 3368        lbrtfdc - ok

11:30:43.0328 3368        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

11:30:43.0328 3368        LmHosts - ok

11:30:43.0781 3368        lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

11:30:43.0828 3368        lvpopflt - ok

11:30:44.0265 3368        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys

11:30:44.0265 3368        LVPr2Mon - ok

11:30:44.0453 3368        LVPrcSrv        (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe

11:30:44.0453 3368        LVPrcSrv - ok

11:30:45.0000 3368        LVRS            (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys

11:30:45.0000 3368        LVRS - ok

11:30:48.0218 3368        LVUVC           (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

11:30:48.0281 3368        LVUVC - ok

11:30:48.0703 3368        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

11:30:48.0703 3368        MBAMProtector - ok

11:30:49.0062 3368        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

11:30:49.0078 3368        MBAMService - ok

11:30:49.0515 3368        MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

11:30:49.0531 3368        MBAMSwissArmy - ok

11:30:49.0750 3368        MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

11:30:49.0750 3368        MDM - ok

11:30:50.0156 3368        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

11:30:50.0171 3368        Messenger - ok

11:30:50.0609 3368        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:30:50.0609 3368        mnmdd - ok

11:30:50.0984 3368        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

11:30:51.0000 3368        mnmsrvc - ok

11:30:51.0406 3368        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

11:30:51.0421 3368        Modem - ok

11:30:52.0609 3368        Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

11:30:53.0187 3368        Monfilt - ok

11:30:53.0625 3368        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:30:53.0625 3368        Mouclass - ok

11:30:54.0046 3368        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:30:54.0046 3368        mouhid - ok

11:30:54.0500 3368        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:30:54.0546 3368        MountMgr - ok

11:30:54.0906 3368        MpKsl1f947b4b - ok

11:30:55.0359 3368        mraid35x - ok

11:30:55.0859 3368        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:30:55.0937 3368        MRxDAV - ok

11:30:56.0562 3368        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:30:56.0765 3368        MRxSmb - ok

11:30:57.0156 3368        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

11:30:57.0156 3368        MSDTC - ok

11:30:57.0609 3368        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:30:57.0625 3368        Msfs - ok

11:30:57.0953 3368        MSIServer - ok

11:30:58.0359 3368        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:30:58.0359 3368        MSKSSRV - ok

11:30:58.0796 3368        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:30:58.0796 3368        MSPCLOCK - ok

11:30:59.0218 3368        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:30:59.0218 3368        MSPQM - ok

11:30:59.0781 3368        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:30:59.0781 3368        mssmbios - ok

11:31:00.0265 3368        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:31:00.0281 3368        MSTEE - ok

11:31:00.0953 3368        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:31:01.0015 3368        Mup - ok

11:31:01.0859 3368        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:31:01.0890 3368        NABTSFEC - ok

11:31:02.0437 3368        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

11:31:02.0671 3368        napagent - ok

11:31:03.0265 3368        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:31:03.0343 3368        NDIS - ok

11:31:03.0906 3368        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:31:03.0937 3368        NdisIP - ok

11:31:04.0687 3368        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:31:04.0703 3368        NdisTapi - ok

11:31:05.0187 3368        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:31:05.0187 3368        Ndisuio - ok

11:31:05.0828 3368        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:31:05.0875 3368        NdisWan - ok

11:31:06.0437 3368        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:31:06.0453 3368        NDProxy - ok

11:31:06.0921 3368        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

11:31:06.0937 3368        Net Driver HPZ12 - ok

11:31:07.0609 3368        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:31:07.0625 3368        NetBIOS - ok

11:31:08.0109 3368        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:31:08.0171 3368        NetBT - ok

11:31:08.0781 3368        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

11:31:08.0859 3368        NetDDE - ok

11:31:08.0906 3368        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

11:31:08.0906 3368        NetDDEdsdm - ok

11:31:09.0296 3368        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:31:09.0296 3368        Netlogon - ok

11:31:09.0796 3368        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

11:31:09.0812 3368        Netman - ok

11:31:10.0187 3368        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:31:10.0312 3368        NetTcpPortSharing - ok

11:31:11.0031 3368        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

11:31:11.0046 3368        Nla - ok

11:31:11.0875 3368        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:31:11.0906 3368        Npfs - ok

11:31:12.0890 3368        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:31:13.0187 3368        Ntfs - ok

11:31:13.0812 3368        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:31:13.0812 3368        NtLmSsp - ok

11:31:14.0359 3368        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

11:31:14.0640 3368        NtmsSvc - ok

11:31:15.0062 3368        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:31:15.0062 3368        Null - ok

11:31:15.0515 3368        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:31:15.0562 3368        NwlnkFlt - ok

11:31:15.0984 3368        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:31:16.0000 3368        NwlnkFwd - ok

11:31:16.0468 3368        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

11:31:16.0500 3368        Parport - ok

11:31:17.0046 3368        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:31:17.0062 3368        PartMgr - ok

11:31:17.0515 3368        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

11:31:17.0531 3368        ParVdm - ok

11:31:18.0093 3368        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

11:31:18.0125 3368        PCI - ok

11:31:18.0515 3368        PCIDump - ok

11:31:19.0078 3368        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:31:19.0078 3368        PCIIde - ok

11:31:19.0578 3368        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:31:19.0671 3368        Pcmcia - ok

11:31:20.0046 3368        PDCOMP - ok

11:31:20.0437 3368        PDFRAME - ok

11:31:20.0921 3368        PDRELI - ok

11:31:21.0312 3368        PDRFRAME - ok

11:31:21.0750 3368        perc2 - ok

11:31:22.0125 3368        perc2hib - ok

11:31:22.0937 3368        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

11:31:22.0937 3368        PlugPlay - ok

11:31:23.0328 3368        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

11:31:23.0328 3368        Pml Driver HPZ12 - ok

11:31:23.0703 3368        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:31:23.0703 3368        PolicyAgent - ok

11:31:24.0250 3368        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:31:24.0265 3368        PptpMiniport - ok

11:31:24.0718 3368        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:31:24.0718 3368        ProtectedStorage - ok

11:31:25.0296 3368        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:31:25.0328 3368        PSched - ok

11:31:26.0093 3368        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:31:26.0109 3368        Ptilink - ok

11:31:26.0546 3368        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:31:26.0609 3368        PxHelp20 - ok

11:31:27.0171 3368        ql1080 - ok

11:31:27.0562 3368        Ql10wnt - ok

11:31:28.0421 3368        ql12160 - ok

11:31:29.0390 3368        ql1240 - ok

11:31:30.0406 3368        ql1280 - ok

11:31:31.0421 3368        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:31:31.0453 3368        RasAcd - ok

11:31:32.0031 3368        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

11:31:32.0062 3368        RasAuto - ok

11:31:32.0921 3368        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:31:32.0968 3368        Rasl2tp - ok

11:31:33.0421 3368        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

11:31:33.0421 3368        RasMan - ok

11:31:34.0046 3368        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:31:34.0078 3368        RasPppoe - ok

11:31:34.0500 3368        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:31:34.0515 3368        Raspti - ok

11:31:35.0953 3368        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:31:36.0062 3368        Rdbss - ok

11:31:36.0609 3368        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:31:36.0609 3368        RDPCDD - ok

11:31:37.0359 3368        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:31:37.0453 3368        rdpdr - ok

11:31:38.0375 3368        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

11:31:38.0453 3368        RDPWD - ok

11:31:39.0203 3368        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

11:31:39.0265 3368        RDSessMgr - ok

11:31:39.0843 3368        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:31:39.0859 3368        redbook - ok

11:31:40.0343 3368        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

11:31:40.0359 3368        RemoteAccess - ok

11:31:40.0843 3368        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

11:31:40.0843 3368        RemoteRegistry - ok

11:31:41.0265 3368        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

11:31:41.0296 3368        RpcLocator - ok

11:31:42.0000 3368        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

11:31:42.0015 3368        RpcSs - ok

11:31:44.0250 3368        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

11:31:44.0390 3368        RSVP - ok

11:31:46.0765 3368        RTLE8023xp      (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

11:31:46.0875 3368        RTLE8023xp - ok

11:31:48.0625 3368        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys

11:31:48.0671 3368        s1018bus - ok

11:31:49.0156 3368        s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys

11:31:49.0156 3368        s1018mdfl - ok

11:31:49.0828 3368        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys

11:31:49.0875 3368        s1018mdm - ok

11:31:50.0328 3368        s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys

11:31:50.0406 3368        s1018mgmt - ok

11:31:51.0078 3368        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys

11:31:51.0078 3368        s1018nd5 - ok

11:31:51.0640 3368        s1018obex       (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys

11:31:51.0687 3368        s1018obex - ok

11:31:52.0156 3368        s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys

11:31:52.0203 3368        s1018unic - ok

11:31:53.0093 3368        s115bus         (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys

11:31:53.0140 3368        s115bus - ok

11:31:53.0609 3368        s115mdfl        (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys

11:31:53.0609 3368        s115mdfl - ok

11:31:54.0062 3368        s115mdm         (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys

11:31:54.0109 3368        s115mdm - ok

11:31:54.0609 3368        s115mgmt        (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys

11:31:54.0656 3368        s115mgmt - ok

11:31:55.0140 3368        s115obex        (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys

11:31:55.0187 3368        s115obex - ok

11:31:55.0640 3368        s125bus         (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys

11:31:55.0671 3368        s125bus - ok

11:31:56.0390 3368        s125mdfl        (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys

11:31:56.0406 3368        s125mdfl - ok

11:31:56.0875 3368        s125mdm         (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys

11:31:56.0921 3368        s125mdm - ok

11:31:57.0500 3368        s125mgmt        (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys

11:31:57.0546 3368        s125mgmt - ok

11:31:58.0046 3368        s125obex        (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys

11:31:58.0109 3368        s125obex - ok

11:31:58.0546 3368        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:31:58.0562 3368        SamSs - ok

11:31:58.0984 3368        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

11:31:59.0031 3368        SCardSvr - ok

11:31:59.0734 3368        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

11:31:59.0750 3368        Schedule - ok

11:32:00.0171 3368        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:32:00.0171 3368        Secdrv - ok

11:32:00.0531 3368        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

11:32:00.0531 3368        seclogon - ok

11:32:00.0906 3368        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

11:32:00.0906 3368        SENS - ok

11:32:01.0437 3368        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:32:01.0437 3368        serenum - ok

11:32:01.0890 3368        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

11:32:01.0906 3368        Serial - ok

11:32:02.0359 3368        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:32:02.0359 3368        Sfloppy - ok

11:32:02.0875 3368        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

11:32:02.0921 3368        SharedAccess - ok

11:32:03.0343 3368        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

11:32:03.0343 3368        ShellHWDetection - ok

11:32:03.0984 3368        Simbad - ok

11:32:04.0546 3368        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:32:04.0562 3368        SLIP - ok

11:32:04.0921 3368        Sparrow - ok

11:32:05.0343 3368        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:32:05.0359 3368        splitter - ok

11:32:05.0734 3368        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

11:32:05.0734 3368        Spooler - ok

11:32:06.0421 3368        sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

11:32:06.0437 3368        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

11:32:06.0437 3368        sptd ( LockedFile.Multi.Generic ) - warning

11:32:06.0437 3368        sptd - detected LockedFile.Multi.Generic (1)

11:32:06.0921 3368        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

11:32:06.0953 3368        sr - ok

11:32:07.0406 3368        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

11:32:07.0406 3368        srservice - ok

11:32:07.0984 3368        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:32:08.0156 3368        Srv - ok

11:32:08.0562 3368        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

11:32:08.0562 3368        SSDPSRV - ok

11:32:09.0328 3368        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

11:32:09.0328 3368        ssmdrv - ok

11:32:09.0843 3368        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

11:32:09.0906 3368        stisvc - ok

11:32:10.0343 3368        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:32:10.0359 3368        streamip - ok

11:32:10.0781 3368        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:32:10.0781 3368        swenum - ok

11:32:11.0203 3368        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:32:11.0218 3368        swmidi - ok

11:32:11.0640 3368        SwPrv - ok

11:32:12.0125 3368        symc810 - ok

11:32:12.0515 3368        symc8xx - ok

11:32:13.0046 3368        sym_hi - ok

11:32:13.0468 3368        sym_u3 - ok

11:32:13.0875 3368        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:32:13.0906 3368        sysaudio - ok

11:32:14.0375 3368        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

11:32:14.0406 3368        SysmonLog - ok

11:32:14.0890 3368        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

11:32:14.0890 3368        TapiSrv - ok

11:32:15.0453 3368        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS

11:32:15.0625 3368        Tcpip - ok

11:32:16.0031 3368        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:32:16.0031 3368        TDPIPE - ok

11:32:16.0718 3368        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:32:16.0734 3368        TDTCP - ok

11:32:17.0140 3368        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:32:17.0156 3368        TermDD - ok

11:32:17.0625 3368        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

11:32:17.0671 3368        TermService - ok

11:32:18.0062 3368        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

11:32:18.0078 3368        Themes - ok

11:32:18.0468 3368        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

11:32:18.0500 3368        TlntSvr - ok

11:32:18.0937 3368        TosIde - ok

11:32:19.0437 3368        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

11:32:19.0437 3368        TrkWks - ok

11:32:19.0859 3368        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:32:19.0875 3368        Udfs - ok

11:32:20.0250 3368        ultra - ok

11:32:20.0812 3368        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:32:20.0968 3368        Update - ok

11:32:21.0406 3368        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

11:32:21.0500 3368        upnphost - ok

11:32:21.0890 3368        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

11:32:21.0906 3368        UPS - ok

11:32:22.0359 3368        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:32:22.0390 3368        usbaudio - ok

11:32:22.0796 3368        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:32:22.0812 3368        usbccgp - ok

11:32:23.0234 3368        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:32:23.0250 3368        usbehci - ok

11:32:23.0703 3368        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:32:23.0718 3368        usbhub - ok

11:32:24.0328 3368        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:32:24.0343 3368        usbprint - ok

11:32:24.0750 3368        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:32:24.0765 3368        usbscan - ok

11:32:25.0171 3368        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

11:32:25.0187 3368        usbser - ok

11:32:25.0593 3368        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:32:25.0609 3368        USBSTOR - ok

11:32:26.0031 3368        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:32:26.0031 3368        usbuhci - ok

11:32:26.0546 3368        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

11:32:26.0625 3368        usbvideo - ok

11:32:27.0031 3368        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:32:27.0046 3368        VgaSave - ok

11:32:27.0421 3368        ViaIde - ok

11:32:27.0843 3368        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

11:32:27.0859 3368        VolSnap - ok

11:32:28.0359 3368        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

11:32:28.0468 3368        VSS - ok

11:32:28.0921 3368        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

11:32:28.0921 3368        W32Time - ok

11:32:29.0359 3368        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:32:29.0375 3368        Wanarp - ok

11:32:29.0953 3368        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

11:32:30.0171 3368        Wdf01000 - ok

11:32:30.0562 3368        WDICA - ok

11:32:31.0109 3368        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:32:31.0187 3368        wdmaud - ok

11:32:31.0578 3368        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

11:32:31.0593 3368        WebClient - ok

11:32:32.0015 3368        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

11:32:32.0031 3368        winmgmt - ok

11:32:32.0406 3368        WmdmPmSN        (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

11:32:32.0421 3368        WmdmPmSN - ok

11:32:33.0031 3368        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

11:32:33.0046 3368        Wmi - ok

11:32:33.0546 3368        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

11:32:33.0546 3368        WmiApSrv - ok

11:32:34.0109 3368        WMPNetworkSvc   (d3dbd6e76f4be9bee67eb631488b5f29) C:\Programme\Windows Media Player\WMPNetwk.exe

11:32:34.0593 3368        WMPNetworkSvc - ok

11:32:35.0031 3368        WpdUsb          (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

11:32:35.0046 3368        WpdUsb - ok

11:32:35.0468 3368        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

11:32:35.0468 3368        wscsvc - ok

11:32:35.0890 3368        WSearch - ok

11:32:36.0359 3368        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:32:36.0375 3368        WSTCODEC - ok

11:32:36.0765 3368        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

11:32:36.0781 3368        wuauserv - ok

11:32:37.0203 3368        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:32:37.0234 3368        WudfPf - ok

11:32:37.0656 3368        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:32:37.0687 3368        WudfRd - ok

11:32:38.0109 3368        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

11:32:38.0109 3368        WudfSvc - ok

11:32:38.0781 3368        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

11:32:38.0921 3368        WZCSVC - ok

11:32:39.0343 3368        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

11:32:39.0421 3368        xmlprov - ok

11:32:39.0843 3368        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

11:32:40.0203 3368        \Device\Harddisk0\DR0 - ok

11:32:40.0234 3368        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2

11:32:40.0234 3368        \Device\Harddisk1\DR2 - ok

11:32:40.0250 3368        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR3

11:32:40.0250 3368        \Device\Harddisk2\DR3 - ok

11:32:40.0343 3368        Boot (0x1200)   (c26e33a19b326a21b3bdfabf27f1031c) \Device\Harddisk0\DR0\Partition0

11:32:40.0390 3368        \Device\Harddisk0\DR0\Partition0 - ok

11:32:40.0390 3368        Boot (0x1200)   (afa5273584d158ddd2c8bc72c1aee70f) \Device\Harddisk1\DR2\Partition0

11:32:40.0406 3368        \Device\Harddisk1\DR2\Partition0 - ok

11:32:40.0406 3368        Boot (0x1200)   (cacc095ab2ebfa29e6482702ec7448d7) \Device\Harddisk2\DR3\Partition0

11:32:40.0421 3368        \Device\Harddisk2\DR3\Partition0 - ok

11:32:40.0421 3368        ============================================================

11:32:40.0421 3368        Scan finished

11:32:40.0421 3368        ============================================================

11:32:40.0421 0472        Detected object count: 1

11:32:40.0421 0472        Actual detected object count: 1

11:33:23.0796 0472        sptd ( LockedFile.Multi.Generic ) - skipped by user

11:33:23.0796 0472        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

11:33:35.0781 3708        ============================================================

11:33:35.0781 3708        Scan started

11:33:35.0781 3708        Mode: Manual; SigCheck; TDLFS; 

11:33:35.0781 3708        ============================================================

11:33:36.0453 3708        Abiosdsk - ok

11:33:36.0953 3708        abp480n5 - ok

11:33:37.0468 3708        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:33:45.0000 3708        ACPI - ok

11:33:45.0484 3708        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:33:45.0734 3708        ACPIEC - ok

11:33:46.0109 3708        adpu160m - ok

11:33:46.0640 3708        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:33:46.0812 3708        aec - ok

11:33:47.0296 3708        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:33:47.0468 3708        AFD - ok

11:33:47.0875 3708        Aha154x - ok

11:33:48.0281 3708        aic78u2 - ok

11:33:48.0671 3708        aic78xx - ok

11:33:49.0062 3708        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

11:33:49.0250 3708        Alerter - ok

11:33:49.0718 3708        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

11:33:49.0968 3708        ALG - ok

11:33:50.0359 3708        AliIde - ok

11:33:51.0500 3708        Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

11:33:57.0312 3708        Ambfilt - ok

11:33:57.0703 3708        amsint - ok

11:33:57.0859 3708        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe

11:33:57.0875 3708        AntiVirSchedulerService - ok

11:33:58.0062 3708        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe

11:33:58.0093 3708        AntiVirService - ok

11:33:58.0218 3708        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:33:58.0250 3708        Apple Mobile Device - ok

11:33:58.0718 3708        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

11:33:58.0968 3708        AppMgmt - ok

11:33:59.0375 3708        asc - ok

11:33:59.0765 3708        asc3350p - ok

11:34:00.0250 3708        asc3550 - ok

11:34:00.0890 3708        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

11:34:01.0093 3708        aspnet_state - ok

11:34:01.0546 3708        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:34:01.0765 3708        AsyncMac - ok

11:34:02.0296 3708        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:34:02.0515 3708        atapi - ok

11:34:02.0906 3708        Atdisk - ok

11:34:03.0343 3708        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:34:03.0515 3708        Atmarpc - ok

11:34:04.0015 3708        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

11:34:04.0250 3708        AudioSrv - ok

11:34:04.0671 3708        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:34:04.0859 3708        audstub - ok

11:34:05.0375 3708        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

11:34:05.0421 3708        avgntflt - ok

11:34:06.0046 3708        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

11:34:06.0078 3708        avipbb - ok

11:34:06.0546 3708        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

11:34:06.0562 3708        avkmgr - ok

11:34:07.0015 3708        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:34:07.0203 3708        Beep - ok

11:34:07.0921 3708        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

11:34:08.0265 3708        BITS - ok

11:34:08.0578 3708        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe

11:34:08.0718 3708        Bonjour Service - ok

11:34:09.0156 3708        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

11:34:09.0390 3708        Browser - ok

11:34:09.0796 3708        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:34:10.0015 3708        cbidf2k - ok

11:34:10.0625 3708        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:34:10.0828 3708        CCDECODE - ok

11:34:11.0218 3708        cd20xrnt - ok

11:34:11.0671 3708        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:34:11.0906 3708        Cdaudio - ok

11:34:12.0359 3708        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:34:12.0562 3708        Cdfs - ok

11:34:13.0140 3708        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:34:13.0359 3708        Cdrom - ok

11:34:13.0781 3708        Changer - ok

11:34:14.0187 3708        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

11:34:14.0437 3708        CiSvc - ok

11:34:14.0828 3708        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

11:34:15.0062 3708        ClipSrv - ok

11:34:15.0421 3708        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:34:15.0437 3708        clr_optimization_v2.0.50727_32 - ok

11:34:15.0843 3708        CmdIde - ok

11:34:16.0187 3708        COMSysApp - ok

11:34:16.0578 3708        Cpqarray - ok

11:34:16.0984 3708        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

11:34:17.0187 3708        CryptSvc - ok

11:34:17.0625 3708        dac2w2k - ok

11:34:18.0109 3708        dac960nt - ok

11:34:18.0640 3708        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

11:34:18.0859 3708        DcomLaunch - ok

11:34:19.0296 3708        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

11:34:19.0531 3708        Dhcp - ok

11:34:19.0968 3708        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:34:20.0187 3708        Disk - ok

11:34:20.0531 3708        dmadmin - ok

11:34:21.0250 3708        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

11:34:21.0750 3708        dmboot - ok

11:34:22.0281 3708        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

11:34:22.0484 3708        dmio - ok

11:34:23.0015 3708        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:34:23.0218 3708        dmload - ok

11:34:23.0609 3708        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

11:34:23.0843 3708        dmserver - ok

11:34:24.0312 3708        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:34:24.0781 3708        DMusic - ok

11:34:25.0203 3708        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

11:34:25.0328 3708        Dnscache - ok

11:34:25.0765 3708        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

11:34:25.0953 3708        Dot3svc - ok

11:34:26.0328 3708        dpti2o - ok

11:34:26.0937 3708        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:34:27.0187 3708        drmkaud - ok

11:34:27.0859 3708        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

11:34:28.0062 3708        EapHost - ok

11:34:28.0687 3708        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

11:34:28.0921 3708        ERSvc - ok

11:34:29.0593 3708        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

11:34:29.0640 3708        Eventlog - ok

11:34:30.0109 3708        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

11:34:30.0171 3708        EventSystem - ok

11:34:30.0812 3708        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:34:31.0015 3708        Fastfat - ok

11:34:31.0562 3708        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

11:34:31.0656 3708        FastUserSwitchingCompatibility - ok

11:34:32.0093 3708        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

11:34:32.0296 3708        Fdc - ok

11:34:32.0875 3708        FilterService   (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

11:34:32.0921 3708        FilterService - ok

11:34:33.0578 3708        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

11:34:33.0781 3708        Fips - ok

11:34:34.0203 3708        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

11:34:34.0421 3708        Flpydisk - ok

11:34:34.0921 3708        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:34:35.0140 3708        FltMgr - ok

11:34:35.0515 3708        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

11:34:35.0546 3708        FontCache3.0.0.0 - ok

11:34:35.0984 3708        fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

11:34:36.0000 3708        fssfltr - ok

11:34:36.0406 3708        fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe

11:34:36.0656 3708        fsssvc - ok

11:34:37.0062 3708        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:34:37.0234 3708        Fs_Rec - ok

11:34:37.0921 3708        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:34:38.0093 3708        Ftdisk - ok

11:34:38.0500 3708        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:34:38.0515 3708        GEARAspiWDM - ok

11:34:38.0921 3708        ggflt           (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys

11:34:38.0921 3708        ggflt - ok

11:34:39.0375 3708        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

11:34:39.0375 3708        ggsemc - ok

11:34:39.0812 3708        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:34:40.0125 3708        Gpc - ok

11:34:40.0281 3708        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

11:34:40.0312 3708        gupdate - ok

11:34:40.0375 3708        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

11:34:40.0390 3708        gupdatem - ok

11:34:40.0562 3708        gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

11:34:40.0578 3708        gusvc - ok

11:34:41.0078 3708        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:34:41.0234 3708        HDAudBus - ok

11:34:41.0453 3708        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:34:41.0593 3708        helpsvc - ok

11:34:41.0953 3708        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

11:34:42.0109 3708        HidServ - ok

11:34:42.0687 3708        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:34:42.0812 3708        hidusb - ok

11:34:43.0187 3708        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

11:34:43.0343 3708        hkmsvc - ok

11:34:43.0718 3708        hpn - ok

11:34:43.0953 3708        hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

11:34:43.0984 3708        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

11:34:43.0984 3708        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

11:34:44.0171 3708        hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

11:34:44.0171 3708        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

11:34:44.0171 3708        hpqddsvc - detected UnsignedFile.Multi.Generic (1)

11:34:44.0718 3708        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

11:34:44.0937 3708        HPZid412 - ok

11:34:45.0343 3708        HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

11:34:45.0375 3708        HPZipr12 - ok

11:34:45.0796 3708        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

11:34:45.0859 3708        HPZius12 - ok

11:34:46.0375 3708        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:34:46.0484 3708        HTTP - ok

11:34:46.0968 3708        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

11:34:47.0203 3708        HTTPFilter - ok

11:34:47.0578 3708        i2omgmt - ok

11:34:47.0937 3708        i2omp - ok

11:34:48.0343 3708        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:34:48.0515 3708        i8042prt - ok

11:34:51.0671 3708        ialm            (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

11:34:54.0531 3708        ialm - ok

11:34:55.0109 3708        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:34:55.0468 3708        idsvc - ok

11:34:55.0890 3708        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:34:56.0031 3708        Imapi - ok

11:34:56.0718 3708        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

11:34:56.0890 3708        ImapiService - ok

11:34:57.0265 3708        ini910u - ok

11:35:00.0093 3708        IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:35:02.0765 3708        IntcAzAudAddService - ok

11:35:03.0125 3708        IntelIde - ok

11:35:03.0640 3708        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:35:03.0812 3708        intelppm - ok

11:35:04.0218 3708        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:35:04.0375 3708        Ip6Fw - ok

11:35:04.0812 3708        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:35:04.0984 3708        IpFilterDriver - ok

11:35:05.0375 3708        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:35:05.0515 3708        IpInIp - ok

11:35:06.0031 3708        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:35:06.0171 3708        IpNat - ok

11:35:06.0562 3708        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe

11:35:06.0812 3708        iPod Service - ok

11:35:07.0234 3708        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:35:07.0390 3708        IPSec - ok

11:35:07.0812 3708        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:35:08.0000 3708        IRENUM - ok

11:35:08.0421 3708        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:35:08.0593 3708        isapnp - ok

11:35:08.0765 3708        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

11:35:08.0781 3708        JavaQuickStarterService - ok

11:35:09.0187 3708        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:35:09.0328 3708        Kbdclass - ok

11:35:09.0750 3708        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:35:09.0890 3708        kbdhid - ok

11:35:10.0531 3708        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:35:10.0671 3708        kmixer - ok

11:35:11.0109 3708        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:35:11.0203 3708        KSecDD - ok

11:35:11.0625 3708        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

11:35:11.0703 3708        lanmanserver - ok

11:35:12.0109 3708        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

11:35:12.0187 3708        lanmanworkstation - ok

11:35:12.0578 3708        lbrtfdc - ok

11:35:12.0937 3708        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

11:35:13.0078 3708        LmHosts - ok

11:35:13.0515 3708        lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

11:35:13.0546 3708        lvpopflt - ok

11:35:13.0984 3708        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys

11:35:13.0984 3708        LVPr2Mon - ok

11:35:14.0156 3708        LVPrcSrv        (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe

11:35:14.0171 3708        LVPrcSrv - ok

11:35:14.0781 3708        LVRS            (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys

11:35:14.0796 3708        LVRS - ok

11:35:17.0953 3708        LVUVC           (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

11:35:22.0828 3708        LVUVC - ok

11:35:24.0562 3708        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

11:35:24.0578 3708        MBAMProtector - ok

11:35:25.0687 3708        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

11:35:26.0109 3708        MBAMService - ok

11:35:28.0140 3708        MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

11:35:28.0234 3708        MBAMSwissArmy - ok

11:35:29.0328 3708        MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

11:35:29.0343 3708        MDM - ok

11:35:29.0734 3708        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

11:35:29.0875 3708        Messenger - ok

11:35:30.0296 3708        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:35:30.0484 3708        mnmdd - ok

11:35:30.0890 3708        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

11:35:31.0109 3708        mnmsrvc - ok

11:35:31.0531 3708        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

11:35:31.0671 3708        Modem - ok

11:35:32.0609 3708        Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

11:35:33.0218 3708        Monfilt - ok

11:35:33.0625 3708        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:35:33.0765 3708        Mouclass - ok

11:35:34.0171 3708        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:35:34.0312 3708        mouhid - ok

11:35:34.0734 3708        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:35:34.0890 3708        MountMgr - ok

11:35:35.0281 3708        MpKsl1f947b4b - ok

11:35:35.0828 3708        mraid35x - ok

11:35:36.0328 3708        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:35:36.0468 3708        MRxDAV - ok

11:35:37.0062 3708        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:35:37.0265 3708        MRxSmb - ok

11:35:37.0640 3708        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

11:35:37.0796 3708        MSDTC - ok

11:35:38.0265 3708        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:35:38.0390 3708        Msfs - ok

11:35:38.0734 3708        MSIServer - ok

11:35:39.0140 3708        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:35:39.0281 3708        MSKSSRV - ok

11:35:39.0687 3708        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:35:39.0828 3708        MSPCLOCK - ok

11:35:40.0328 3708        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:35:40.0468 3708        MSPQM - ok

11:35:40.0875 3708        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:35:41.0015 3708        mssmbios - ok

11:35:41.0468 3708        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:35:41.0687 3708        MSTEE - ok

11:35:42.0125 3708        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:35:42.0171 3708        Mup - ok

11:35:42.0593 3708        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:35:42.0734 3708        NABTSFEC - ok

11:35:43.0203 3708        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

11:35:43.0343 3708        napagent - ok

11:35:43.0843 3708        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:35:44.0093 3708        NDIS - ok

11:35:44.0468 3708        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:35:44.0609 3708        NdisIP - ok

11:35:45.0000 3708        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:35:45.0062 3708        NdisTapi - ok

11:35:45.0484 3708        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:35:45.0625 3708        Ndisuio - ok

11:35:46.0046 3708        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:35:46.0234 3708        NdisWan - ok

11:35:46.0640 3708        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:35:46.0718 3708        NDProxy - ok

11:35:47.0078 3708        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

11:35:47.0093 3708        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

11:35:47.0093 3708        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

11:35:47.0500 3708        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:35:47.0656 3708        NetBIOS - ok

11:35:48.0109 3708        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:35:48.0250 3708        NetBT - ok

11:35:48.0656 3708        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

11:35:48.0828 3708        NetDDE - ok

11:35:48.0875 3708        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

11:35:49.0000 3708        NetDDEdsdm - ok

11:35:49.0359 3708        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:35:49.0500 3708        Netlogon - ok

11:35:49.0953 3708        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

11:35:50.0093 3708        Netman - ok

11:35:50.0484 3708        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:35:50.0500 3708        NetTcpPortSharing - ok

11:35:50.0984 3708        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

11:35:51.0031 3708        Nla - ok

11:35:51.0437 3708        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:35:51.0593 3708        Npfs - ok

11:35:52.0203 3708        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:35:52.0484 3708        Ntfs - ok

11:35:53.0093 3708        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:35:53.0234 3708        NtLmSsp - ok

11:35:53.0750 3708        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

11:35:54.0015 3708        NtmsSvc - ok

11:35:54.0406 3708        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:35:54.0546 3708        Null - ok

11:35:54.0937 3708        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:35:55.0093 3708        NwlnkFlt - ok

11:35:55.0578 3708        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:35:55.0703 3708        NwlnkFwd - ok

11:35:56.0140 3708        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

11:35:56.0265 3708        Parport - ok

11:35:56.0687 3708        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:35:56.0859 3708        PartMgr - ok

11:35:57.0281 3708        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

11:35:57.0437 3708        ParVdm - ok

11:35:57.0984 3708        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

11:35:58.0140 3708        PCI - ok

11:35:58.0515 3708        PCIDump - ok

11:35:58.0937 3708        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:35:59.0078 3708        PCIIde - ok

11:36:00.0265 3708        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:36:00.0578 3708        Pcmcia - ok

11:36:01.0875 3708        PDCOMP - ok

11:36:02.0937 3708        PDFRAME - ok

11:36:04.0015 3708        PDRELI - ok

11:36:05.0531 3708        PDRFRAME - ok

11:36:07.0546 3708        perc2 - ok

11:36:08.0515 3708        perc2hib - ok

11:36:09.0046 3708        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

11:36:09.0093 3708        PlugPlay - ok

11:36:09.0500 3708        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

11:36:09.0531 3708        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

11:36:09.0531 3708        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

11:36:09.0890 3708        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:36:10.0015 3708        PolicyAgent - ok

11:36:10.0625 3708        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:36:10.0812 3708        PptpMiniport - ok

11:36:11.0156 3708        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:36:11.0296 3708        ProtectedStorage - ok

11:36:11.0734 3708        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:36:11.0875 3708        PSched - ok

11:36:12.0296 3708        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:36:12.0437 3708        Ptilink - ok

11:36:12.0843 3708        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:36:12.0843 3708        PxHelp20 - ok

11:36:13.0218 3708        ql1080 - ok

11:36:13.0578 3708        Ql10wnt - ok

11:36:13.0968 3708        ql12160 - ok

11:36:14.0343 3708        ql1240 - ok

11:36:14.0734 3708        ql1280 - ok

11:36:15.0312 3708        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:36:15.0437 3708        RasAcd - ok

11:36:15.0843 3708        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

11:36:15.0984 3708        RasAuto - ok

11:36:16.0390 3708        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:36:16.0578 3708        Rasl2tp - ok

11:36:17.0000 3708        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

11:36:17.0140 3708        RasMan - ok

11:36:17.0609 3708        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:36:17.0750 3708        RasPppoe - ok

11:36:18.0171 3708        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:36:18.0312 3708        Raspti - ok

11:36:18.0781 3708        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:36:18.0937 3708        Rdbss - ok

11:36:19.0390 3708        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:36:19.0546 3708        RDPCDD - ok

11:36:20.0046 3708        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:36:20.0234 3708        rdpdr - ok

11:36:20.0687 3708        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

11:36:20.0765 3708        RDPWD - ok

11:36:21.0187 3708        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

11:36:21.0343 3708        RDSessMgr - ok

11:36:21.0765 3708        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:36:21.0906 3708        redbook - ok

11:36:22.0265 3708        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

11:36:22.0406 3708        RemoteAccess - ok

11:36:22.0812 3708        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

11:36:22.0953 3708        RemoteRegistry - ok

11:36:23.0359 3708        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

11:36:23.0515 3708        RpcLocator - ok

11:36:24.0125 3708        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

11:36:24.0359 3708        RpcSs - ok

11:36:24.0750 3708        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

11:36:24.0890 3708        RSVP - ok

11:36:25.0359 3708        RTLE8023xp      (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

11:36:25.0500 3708        RTLE8023xp - ok

11:36:25.0953 3708        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys

11:36:25.0984 3708        s1018bus - ok

11:36:26.0500 3708        s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys

11:36:26.0500 3708        s1018mdfl - ok

11:36:26.0937 3708        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys

11:36:26.0953 3708        s1018mdm - ok

11:36:27.0406 3708        s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys

11:36:27.0515 3708        s1018mgmt - ok

11:36:27.0937 3708        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys

11:36:27.0937 3708        s1018nd5 - ok

11:36:28.0421 3708        s1018obex       (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys

11:36:28.0500 3708        s1018obex - ok

11:36:29.0046 3708        s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys

11:36:29.0078 3708        s1018unic - ok

11:36:29.0500 3708        s115bus         (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys

11:36:29.0515 3708        s115bus - ok

11:36:29.0984 3708        s115mdfl        (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys

11:36:30.0328 3708        s115mdfl - ok

11:36:30.0781 3708        s115mdm         (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys

11:36:30.0796 3708        s115mdm - ok

11:36:31.0484 3708        s115mgmt        (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys

11:36:31.0500 3708        s115mgmt - ok

11:36:31.0937 3708        s115obex        (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys

11:36:31.0953 3708        s115obex - ok

11:36:32.0390 3708        s125bus         (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys

11:36:32.0406 3708        s125bus - ok

11:36:32.0828 3708        s125mdfl        (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys

11:36:32.0843 3708        s125mdfl - ok

11:36:33.0312 3708        s125mdm         (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys

11:36:33.0328 3708        s125mdm - ok

11:36:33.0781 3708        s125mgmt        (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys

11:36:33.0796 3708        s125mgmt - ok

11:36:34.0265 3708        s125obex        (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys

11:36:34.0265 3708        s125obex - ok

11:36:34.0625 3708        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

11:36:34.0765 3708        SamSs - ok

11:36:35.0140 3708        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

11:36:35.0328 3708        SCardSvr - ok

11:36:35.0828 3708        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

11:36:36.0015 3708        Schedule - ok

11:36:36.0437 3708        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:36:36.0562 3708        Secdrv - ok

11:36:36.0921 3708        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

11:36:37.0062 3708        seclogon - ok

11:36:37.0531 3708        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

11:36:37.0718 3708        SENS - ok

11:36:38.0203 3708        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:36:38.0421 3708        serenum - ok

11:36:38.0875 3708        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

11:36:39.0156 3708        Serial - ok

11:36:40.0843 3708        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:36:41.0093 3708        Sfloppy - ok

11:36:42.0656 3708        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

11:36:44.0875 3708        SharedAccess - ok

11:36:45.0765 3708        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

11:36:45.0828 3708        ShellHWDetection - ok

11:36:46.0843 3708        Simbad - ok

11:36:48.0343 3708        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:36:48.0578 3708        SLIP - ok

11:36:49.0937 3708        Sparrow - ok

11:36:51.0406 3708        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:36:51.0640 3708        splitter - ok

11:36:52.0140 3708        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

11:36:52.0187 3708        Spooler - ok

11:36:52.0906 3708        sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

11:36:52.0906 3708        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

11:36:52.0906 3708        sptd ( LockedFile.Multi.Generic ) - warning

11:36:52.0906 3708        sptd - detected LockedFile.Multi.Generic (1)

11:36:53.0375 3708        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

11:36:53.0562 3708        sr - ok

11:36:54.0015 3708        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

11:36:54.0171 3708        srservice - ok

11:36:54.0921 3708        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:36:55.0484 3708        Srv - ok

11:36:55.0859 3708        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

11:36:56.0062 3708        SSDPSRV - ok

11:36:56.0781 3708        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

11:36:56.0796 3708        ssmdrv - ok

11:36:57.0296 3708        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

11:36:57.0625 3708        stisvc - ok

11:36:58.0109 3708        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:36:58.0328 3708        streamip - ok

11:36:58.0875 3708        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:36:59.0062 3708        swenum - ok

11:36:59.0500 3708        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:36:59.0703 3708        swmidi - ok

11:37:00.0062 3708        SwPrv - ok

11:37:00.0437 3708        symc810 - ok

11:37:00.0843 3708        symc8xx - ok

11:37:01.0500 3708        sym_hi - ok

11:37:01.0875 3708        sym_u3 - ok

11:37:02.0328 3708        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:37:02.0562 3708        sysaudio - ok

11:37:02.0968 3708        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

11:37:03.0187 3708        SysmonLog - ok

11:37:03.0750 3708        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

11:37:03.0953 3708        TapiSrv - ok

11:37:04.0531 3708        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS

11:37:04.0703 3708        Tcpip - ok

11:37:05.0125 3708        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:37:05.0281 3708        TDPIPE - ok

11:37:05.0718 3708        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:37:05.0937 3708        TDTCP - ok

11:37:06.0406 3708        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:37:06.0593 3708        TermDD - ok

11:37:07.0109 3708        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

11:37:07.0359 3708        TermService - ok

11:37:07.0781 3708        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

11:37:07.0812 3708        Themes - ok

11:37:08.0234 3708        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

11:37:08.0484 3708        TlntSvr - ok

11:37:08.0875 3708        TosIde - ok

11:37:09.0265 3708        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

11:37:09.0468 3708        TrkWks - ok

11:37:09.0921 3708        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:37:10.0093 3708        Udfs - ok

11:37:10.0500 3708        ultra - ok

11:37:11.0234 3708        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:37:11.0531 3708        Update - ok

11:37:11.0984 3708        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

11:37:12.0156 3708        upnphost - ok

11:37:12.0546 3708        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

11:37:12.0718 3708        UPS - ok

11:37:13.0281 3708        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:37:13.0484 3708        usbaudio - ok

11:37:13.0921 3708        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:37:14.0093 3708        usbccgp - ok

11:37:14.0546 3708        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:37:14.0687 3708        usbehci - ok

11:37:15.0125 3708        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:37:15.0312 3708        usbhub - ok

11:37:15.0906 3708        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:37:16.0093 3708        usbprint - ok

11:37:16.0515 3708        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:37:16.0671 3708        usbscan - ok

11:37:17.0125 3708        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

11:37:17.0328 3708        usbser - ok

11:37:17.0968 3708        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:37:18.0140 3708        USBSTOR - ok

11:37:18.0562 3708        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:37:18.0750 3708        usbuhci - ok

11:37:19.0187 3708        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

11:37:19.0390 3708        usbvideo - ok

11:37:19.0812 3708        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:37:19.0984 3708        VgaSave - ok

11:37:20.0484 3708        ViaIde - ok

11:37:20.0984 3708        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

11:37:21.0156 3708        VolSnap - ok

11:37:21.0703 3708        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

11:37:21.0921 3708        VSS - ok

11:37:22.0500 3708        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

11:37:22.0859 3708        W32Time - ok

11:37:23.0906 3708        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:37:24.0203 3708        Wanarp - ok

11:37:26.0171 3708        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

11:37:26.0484 3708        Wdf01000 - ok

11:37:30.0140 3708        WDICA - ok

11:37:33.0171 3708        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:37:33.0515 3708        wdmaud - ok

11:37:34.0968 3708        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

11:37:35.0187 3708        WebClient - ok

11:37:35.0609 3708        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

11:37:35.0812 3708        winmgmt - ok

11:37:36.0234 3708        WmdmPmSN        (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

11:37:36.0406 3708        WmdmPmSN - ok

11:37:37.0812 3708        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

11:37:39.0515 3708        Wmi - ok

11:37:40.0328 3708        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

11:37:40.0640 3708        WmiApSrv - ok

11:37:41.0687 3708        WMPNetworkSvc   (d3dbd6e76f4be9bee67eb631488b5f29) C:\Programme\Windows Media Player\WMPNetwk.exe

11:37:42.0125 3708        WMPNetworkSvc - ok

11:37:42.0718 3708        WpdUsb          (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

11:37:42.0781 3708        WpdUsb - ok

11:37:43.0203 3708        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

11:37:43.0406 3708        wscsvc - ok

11:37:43.0984 3708        WSearch - ok

11:37:44.0500 3708        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:37:44.0718 3708        WSTCODEC - ok

11:37:45.0093 3708        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

11:37:45.0312 3708        wuauserv - ok

11:37:46.0640 3708        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:37:46.0968 3708        WudfPf - ok

11:37:47.0468 3708        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:37:47.0562 3708        WudfRd - ok

11:37:47.0984 3708        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

11:37:48.0046 3708        WudfSvc - ok

11:37:49.0000 3708        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

11:37:49.0359 3708        WZCSVC - ok

11:37:49.0828 3708        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

11:37:50.0093 3708        xmlprov - ok

11:37:50.0531 3708        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

11:37:51.0250 3708        \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:37:51.0250 3708        \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:37:51.0250 3708        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2

11:37:51.0390 3708        \Device\Harddisk1\DR2 - ok

11:37:51.0406 3708        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR3

11:37:51.0687 3708        \Device\Harddisk2\DR3 - ok

11:37:51.0781 3708        Boot (0x1200)   (c26e33a19b326a21b3bdfabf27f1031c) \Device\Harddisk0\DR0\Partition0

11:37:51.0781 3708        \Device\Harddisk0\DR0\Partition0 - ok

11:37:51.0796 3708        Boot (0x1200)   (afa5273584d158ddd2c8bc72c1aee70f) \Device\Harddisk1\DR2\Partition0

11:37:51.0796 3708        \Device\Harddisk1\DR2\Partition0 - ok

11:37:51.0828 3708        Boot (0x1200)   (cacc095ab2ebfa29e6482702ec7448d7) \Device\Harddisk2\DR3\Partition0

11:37:51.0828 3708        \Device\Harddisk2\DR3\Partition0 - ok

11:37:51.0828 3708        ============================================================

11:37:51.0828 3708        Scan finished

11:37:51.0828 3708        ============================================================

11:37:51.0953 1596        Detected object count: 6

11:37:51.0953 1596        Actual detected object count: 6

11:39:12.0234 1596        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

11:39:12.0234 1596        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

11:39:12.0234 1596        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

11:39:12.0234 1596        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

11:39:12.0250 1596        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

11:39:12.0250 1596        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

11:39:12.0250 1596        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

11:39:12.0250 1596        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

11:39:12.0250 1596        sptd ( LockedFile.Multi.Generic ) - skipped by user

11:39:12.0250 1596        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

11:39:12.0250 1596        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:39:12.0250 1596        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Zitat:

11:39:12.0250 1596 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

Code:

 20:52:42.0546 1520        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

20:52:43.0968 1520        ============================================================

20:52:43.0968 1520        Current date / time: 2012/03/27 20:52:43.0968

20:52:43.0968 1520        SystemInfo:

20:52:43.0968 1520        

20:52:43.0968 1520        OS Version: 5.1.2600 ServicePack: 3.0

20:52:43.0968 1520        Product type: Workstation

20:52:43.0968 1520        ComputerName: PUPPSIE

20:52:43.0968 1520        UserName: Mone

20:52:43.0968 1520        Windows directory: C:\WINDOWS

20:52:43.0968 1520        System windows directory: C:\WINDOWS

20:52:43.0968 1520        Processor architecture: Intel x86

20:52:43.0968 1520        Number of processors: 2

20:52:43.0968 1520        Page size: 0x1000

20:52:43.0968 1520        Boot type: Normal boot

20:52:43.0968 1520        ============================================================

20:53:05.0562 1520        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:53:05.0734 1520        Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:53:05.0750 1520        Drive \Device\Harddisk2\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:53:05.0765 1520        \Device\Harddisk0\DR0:

20:53:05.0781 1520        MBR used

20:53:05.0781 1520        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

20:53:05.0781 1520        \Device\Harddisk1\DR2:

20:53:05.0781 1520        MBR used

20:53:05.0781 1520        \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41

20:53:05.0781 1520        \Device\Harddisk2\DR3:

20:53:05.0796 1520        MBR used

20:53:05.0796 1520        \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800

20:53:08.0343 1520        Initialize success

20:53:08.0343 1520        ============================================================

20:53:19.0125 0552        ============================================================

20:53:19.0125 0552        Scan started

20:53:19.0125 0552        Mode: Manual; SigCheck; TDLFS; 

20:53:19.0125 0552        ============================================================

20:53:21.0421 0552        Abiosdsk - ok

20:53:21.0828 0552        abp480n5 - ok

20:53:22.0546 0552        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:53:34.0734 0552        ACPI - ok

20:53:36.0515 0552        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:53:36.0703 0552        ACPIEC - ok

20:53:37.0281 0552        adpu160m - ok

20:53:38.0531 0552        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:53:38.0796 0552        aec - ok

20:53:41.0406 0552        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:53:42.0234 0552        AFD - ok

20:53:45.0953 0552        Aha154x - ok

20:53:47.0984 0552        aic78u2 - ok

20:53:49.0500 0552        aic78xx - ok

20:53:50.0703 0552        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

20:53:50.0921 0552        Alerter - ok

20:53:55.0671 0552        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

20:53:55.0875 0552        ALG - ok

20:53:57.0203 0552        AliIde - ok

20:54:04.0578 0552        Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

20:54:09.0171 0552        Ambfilt - ok

20:54:10.0015 0552        amsint - ok

20:54:10.0515 0552        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe

20:54:10.0546 0552        AntiVirSchedulerService - ok

20:54:10.0828 0552        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe

20:54:10.0859 0552        AntiVirService - ok

20:54:11.0140 0552        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:54:11.0156 0552        Apple Mobile Device - ok

20:54:11.0875 0552        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

20:54:12.0531 0552        AppMgmt - ok

20:54:13.0062 0552        asc - ok

20:54:14.0093 0552        asc3350p - ok

20:54:14.0921 0552        asc3550 - ok

20:54:15.0484 0552        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:54:16.0453 0552        aspnet_state - ok

20:54:17.0437 0552        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:54:17.0578 0552        AsyncMac - ok

20:54:18.0156 0552        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:54:18.0296 0552        atapi - ok

20:54:18.0937 0552        Atdisk - ok

20:54:19.0406 0552        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:54:19.0593 0552        Atmarpc - ok

20:54:20.0109 0552        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

20:54:20.0359 0552        AudioSrv - ok

20:54:21.0171 0552        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:54:21.0359 0552        audstub - ok

20:54:21.0921 0552        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

20:54:21.0937 0552        avgntflt - ok

20:54:22.0390 0552        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

20:54:22.0421 0552        avipbb - ok

20:54:22.0937 0552        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

20:54:22.0953 0552        avkmgr - ok

20:54:23.0484 0552        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:54:23.0703 0552        Beep - ok

20:54:24.0953 0552        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

20:54:26.0203 0552        BITS - ok

20:54:26.0687 0552        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe

20:54:26.0937 0552        Bonjour Service - ok

20:54:27.0718 0552        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

20:54:28.0046 0552        Browser - ok

20:54:28.0718 0552        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:54:29.0375 0552        cbidf2k - ok

20:54:29.0812 0552        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:54:29.0953 0552        CCDECODE - ok

20:54:30.0312 0552        cd20xrnt - ok

20:54:30.0734 0552        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:54:30.0875 0552        Cdaudio - ok

20:54:31.0421 0552        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:54:31.0640 0552        Cdfs - ok

20:54:32.0203 0552        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:54:32.0359 0552        Cdrom - ok

20:54:32.0734 0552        Changer - ok

20:54:33.0109 0552        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

20:54:33.0250 0552        CiSvc - ok

20:54:33.0625 0552        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

20:54:33.0765 0552        ClipSrv - ok

20:54:34.0156 0552        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:54:34.0578 0552        clr_optimization_v2.0.50727_32 - ok

20:54:35.0125 0552        CmdIde - ok

20:54:35.0453 0552        COMSysApp - ok

20:54:35.0859 0552        Cpqarray - ok

20:54:36.0468 0552        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

20:54:36.0593 0552        CryptSvc - ok

20:54:37.0000 0552        dac2w2k - ok

20:54:37.0593 0552        dac960nt - ok

20:54:38.0281 0552        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

20:54:38.0562 0552        DcomLaunch - ok

20:54:39.0156 0552        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

20:54:39.0328 0552        Dhcp - ok

20:54:39.0968 0552        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:54:40.0109 0552        Disk - ok

20:54:40.0578 0552        dmadmin - ok

20:54:44.0437 0552        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

20:54:45.0593 0552        dmboot - ok

20:54:46.0218 0552        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

20:54:46.0390 0552        dmio - ok

20:54:46.0796 0552        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:54:46.0906 0552        dmload - ok

20:54:47.0578 0552        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

20:54:47.0718 0552        dmserver - ok

20:54:48.0218 0552        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:54:48.0421 0552        DMusic - ok

20:54:48.0859 0552        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

20:54:48.0984 0552        Dnscache - ok

20:54:49.0484 0552        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

20:54:49.0750 0552        Dot3svc - ok

20:54:50.0156 0552        dpti2o - ok

20:54:50.0687 0552        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:54:50.0875 0552        drmkaud - ok

20:54:51.0296 0552        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

20:54:51.0500 0552        EapHost - ok

20:54:51.0859 0552        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

20:54:52.0000 0552        ERSvc - ok

20:54:52.0812 0552        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

20:54:52.0859 0552        Eventlog - ok

20:54:53.0328 0552        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

20:54:53.0421 0552        EventSystem - ok

20:54:53.0984 0552        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:54:54.0312 0552        Fastfat - ok

20:54:54.0953 0552        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

20:54:55.0078 0552        FastUserSwitchingCompatibility - ok

20:54:55.0515 0552        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:54:55.0687 0552        Fdc - ok

20:54:57.0265 0552        FilterService   (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

20:54:57.0265 0552        FilterService - ok

20:54:58.0593 0552        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

20:54:59.0359 0552        Fips - ok

20:54:59.0984 0552        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:55:00.0140 0552        Flpydisk - ok

20:55:00.0578 0552        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:55:00.0734 0552        FltMgr - ok

20:55:01.0000 0552        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:55:01.0109 0552        FontCache3.0.0.0 - ok

20:55:01.0531 0552        fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

20:55:01.0531 0552        fssfltr - ok

20:55:02.0062 0552        fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe

20:55:03.0375 0552        fsssvc - ok

20:55:04.0250 0552        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:55:04.0421 0552        Fs_Rec - ok

20:55:05.0671 0552        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:55:05.0906 0552        Ftdisk - ok

20:55:06.0765 0552        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:55:06.0781 0552        GEARAspiWDM - ok

20:55:07.0187 0552        ggflt           (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys

20:55:07.0203 0552        ggflt - ok

20:55:07.0718 0552        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

20:55:07.0750 0552        ggsemc - ok

20:55:08.0187 0552        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:55:08.0375 0552        Gpc - ok

20:55:08.0515 0552        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

20:55:08.0515 0552        gupdate - ok

20:55:08.0593 0552        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

20:55:08.0609 0552        gupdatem - ok

20:55:08.0734 0552        gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

20:55:08.0812 0552        gusvc - ok

20:55:09.0578 0552        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:55:10.0406 0552        HDAudBus - ok

20:55:10.0625 0552        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:55:10.0734 0552        helpsvc - ok

20:55:11.0125 0552        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

20:55:11.0250 0552        HidServ - ok

20:55:11.0671 0552        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:55:11.0796 0552        hidusb - ok

20:55:12.0203 0552        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

20:55:12.0359 0552        hkmsvc - ok

20:55:12.0765 0552        hpn - ok

20:55:12.0984 0552        hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

20:55:13.0015 0552        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

20:55:13.0015 0552        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

20:55:13.0187 0552        hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

20:55:13.0203 0552        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

20:55:13.0203 0552        hpqddsvc - detected UnsignedFile.Multi.Generic (1)

20:55:13.0609 0552        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

20:55:13.0843 0552        HPZid412 - ok

20:55:14.0218 0552        HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

20:55:14.0265 0552        HPZipr12 - ok

20:55:14.0718 0552        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

20:55:14.0781 0552        HPZius12 - ok

20:55:15.0609 0552        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:55:15.0687 0552        HTTP - ok

20:55:16.0531 0552        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

20:55:17.0046 0552        HTTPFilter - ok

20:55:18.0187 0552        i2omgmt - ok

20:55:18.0640 0552        i2omp - ok

20:55:19.0578 0552        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:55:19.0984 0552        i8042prt - ok

20:55:24.0703 0552        ialm            (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

20:55:34.0546 0552        ialm - ok

20:55:37.0484 0552        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:55:40.0265 0552        idsvc - ok

20:55:41.0250 0552        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:55:41.0484 0552        Imapi - ok

20:55:42.0406 0552        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

20:55:42.0531 0552        ImapiService - ok

20:55:42.0968 0552        ini910u - ok

20:55:48.0500 0552        IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:55:51.0359 0552        IntcAzAudAddService - ok

20:55:52.0062 0552        IntelIde - ok

20:55:53.0031 0552        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:55:53.0156 0552        intelppm - ok

20:55:54.0078 0552        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:55:54.0234 0552        Ip6Fw - ok

20:55:54.0656 0552        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:55:54.0765 0552        IpFilterDriver - ok

20:55:55.0187 0552        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:55:55.0343 0552        IpInIp - ok

20:55:55.0828 0552        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:55:55.0968 0552        IpNat - ok

20:55:56.0468 0552        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe

20:55:56.0703 0552        iPod Service - ok

20:55:57.0140 0552        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:55:57.0375 0552        IPSec - ok

20:55:57.0796 0552        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:55:57.0921 0552        IRENUM - ok

20:55:58.0453 0552        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:55:58.0625 0552        isapnp - ok

20:55:58.0796 0552        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

20:55:58.0812 0552        JavaQuickStarterService - ok

20:55:59.0437 0552        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:55:59.0687 0552        Kbdclass - ok

20:56:00.0093 0552        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:56:00.0265 0552        kbdhid - ok

20:56:01.0031 0552        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:56:01.0187 0552        kmixer - ok

20:56:01.0640 0552        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:56:01.0781 0552        KSecDD - ok

20:56:02.0187 0552        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

20:56:02.0250 0552        lanmanserver - ok

20:56:02.0671 0552        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

20:56:02.0750 0552        lanmanworkstation - ok

20:56:03.0125 0552        lbrtfdc - ok

20:56:03.0500 0552        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

20:56:03.0640 0552        LmHosts - ok

20:56:04.0093 0552        lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

20:56:04.0187 0552        lvpopflt - ok

20:56:04.0593 0552        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys

20:56:04.0609 0552        LVPr2Mon - ok

20:56:04.0843 0552        LVPrcSrv        (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe

20:56:04.0859 0552        LVPrcSrv - ok

20:56:05.0546 0552        LVRS            (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys

20:56:05.0578 0552        LVRS - ok

20:56:11.0234 0552        LVUVC           (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

20:56:18.0968 0552        LVUVC - ok

20:56:20.0265 0552        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

20:56:20.0453 0552        MBAMProtector - ok

20:56:21.0625 0552        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

20:56:22.0078 0552        MBAMService - ok

20:56:22.0671 0552        MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

20:56:22.0703 0552        MDM - ok

20:56:23.0125 0552        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

20:56:23.0375 0552        Messenger - ok

20:56:23.0968 0552        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:56:24.0093 0552        mnmdd - ok

20:56:24.0625 0552        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

20:56:24.0781 0552        mnmsrvc - ok

20:56:25.0250 0552        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

20:56:25.0484 0552        Modem - ok

20:56:26.0515 0552        Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

20:56:27.0843 0552        Monfilt - ok

20:56:28.0406 0552        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:56:28.0562 0552        Mouclass - ok

20:56:28.0968 0552        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:56:29.0109 0552        mouhid - ok

20:56:29.0625 0552        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:56:29.0812 0552        MountMgr - ok

20:56:30.0156 0552        MpKsl1f947b4b - ok

20:56:30.0640 0552        mraid35x - ok

20:56:31.0093 0552        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:56:31.0359 0552        MRxDAV - ok

20:56:31.0953 0552        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:56:32.0421 0552        MRxSmb - ok

20:56:32.0796 0552        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

20:56:32.0937 0552        MSDTC - ok

20:56:33.0390 0552        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:56:33.0546 0552        Msfs - ok

20:56:33.0859 0552        MSIServer - ok

20:56:34.0265 0552        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:56:34.0437 0552        MSKSSRV - ok

20:56:34.0843 0552        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:56:34.0984 0552        MSPCLOCK - ok

20:56:35.0500 0552        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:56:35.0671 0552        MSPQM - ok

20:56:36.0093 0552        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:56:36.0234 0552        mssmbios - ok

20:56:36.0687 0552        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:56:36.0859 0552        MSTEE - ok

20:56:37.0359 0552        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:56:37.0468 0552        Mup - ok

20:56:37.0906 0552        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:56:38.0093 0552        NABTSFEC - ok

20:56:38.0609 0552        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

20:56:38.0921 0552        napagent - ok

20:56:39.0437 0552        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:56:39.0671 0552        NDIS - ok

20:56:40.0078 0552        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:56:40.0265 0552        NdisIP - ok

20:56:40.0703 0552        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:56:40.0781 0552        NdisTapi - ok

20:56:41.0203 0552        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:56:41.0406 0552        Ndisuio - ok

20:56:41.0843 0552        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:56:42.0031 0552        NdisWan - ok

20:56:42.0453 0552        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:56:42.0546 0552        NDProxy - ok

20:56:42.0937 0552        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

20:56:42.0953 0552        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

20:56:42.0953 0552        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

20:56:43.0359 0552        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:56:43.0531 0552        NetBIOS - ok

20:56:44.0000 0552        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:56:44.0250 0552        NetBT - ok

20:56:44.0671 0552        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

20:56:44.0890 0552        NetDDE - ok

20:56:44.0953 0552        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

20:56:45.0078 0552        NetDDEdsdm - ok

20:56:45.0453 0552        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:56:45.0593 0552        Netlogon - ok

20:56:46.0031 0552        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

20:56:46.0187 0552        Netman - ok

20:56:46.0468 0552        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:56:46.0578 0552        NetTcpPortSharing - ok

20:56:47.0031 0552        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

20:56:47.0078 0552        Nla - ok

20:56:47.0515 0552        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:56:47.0687 0552        Npfs - ok

20:56:48.0328 0552        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:56:48.0906 0552        Ntfs - ok

20:56:49.0281 0552        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:56:49.0421 0552        NtLmSsp - ok

20:56:49.0937 0552        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

20:56:50.0453 0552        NtmsSvc - ok

20:56:50.0859 0552        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:56:50.0984 0552        Null - ok

20:56:51.0484 0552        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:56:51.0656 0552        NwlnkFlt - ok

20:56:52.0062 0552        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:56:52.0265 0552        NwlnkFwd - ok

20:56:52.0703 0552        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

20:56:52.0906 0552        Parport - ok

20:56:53.0390 0552        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:56:53.0609 0552        PartMgr - ok

20:56:54.0015 0552        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

20:56:54.0171 0552        ParVdm - ok

20:56:54.0609 0552        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

20:56:54.0796 0552        PCI - ok

20:56:55.0187 0552        PCIDump - ok

20:56:55.0609 0552        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:56:55.0765 0552        PCIIde - ok

20:56:56.0250 0552        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:56:56.0468 0552        Pcmcia - ok

20:56:56.0859 0552        PDCOMP - ok

20:56:57.0234 0552        PDFRAME - ok

20:56:57.0656 0552        PDRELI - ok

20:56:58.0015 0552        PDRFRAME - ok

20:56:58.0421 0552        perc2 - ok

20:56:58.0796 0552        perc2hib - ok

20:56:59.0203 0552        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

20:56:59.0234 0552        PlugPlay - ok

20:56:59.0625 0552        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

20:56:59.0640 0552        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

20:56:59.0640 0552        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

20:57:00.0015 0552        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:57:00.0125 0552        PolicyAgent - ok

20:57:00.0593 0552        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:57:00.0796 0552        PptpMiniport - ok

20:57:01.0156 0552        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:57:01.0281 0552        ProtectedStorage - ok

20:57:01.0750 0552        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:57:01.0968 0552        PSched - ok

20:57:02.0390 0552        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:57:02.0531 0552        Ptilink - ok

20:57:02.0937 0552        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:57:02.0984 0552        PxHelp20 - ok

20:57:03.0359 0552        ql1080 - ok

20:57:03.0750 0552        Ql10wnt - ok

20:57:04.0125 0552        ql12160 - ok

20:57:04.0515 0552        ql1240 - ok

20:57:04.0875 0552        ql1280 - ok

20:57:05.0281 0552        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:57:05.0453 0552        RasAcd - ok

20:57:05.0843 0552        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

20:57:06.0062 0552        RasAuto - ok

20:57:06.0578 0552        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:57:06.0765 0552        Rasl2tp - ok

20:57:07.0187 0552        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

20:57:07.0390 0552        RasMan - ok

20:57:07.0828 0552        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:57:08.0000 0552        RasPppoe - ok

20:57:08.0406 0552        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:57:08.0578 0552        Raspti - ok

20:57:09.0062 0552        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:57:09.0343 0552        Rdbss - ok

20:57:09.0750 0552        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:57:09.0890 0552        RDPCDD - ok

20:57:10.0421 0552        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:57:10.0687 0552        rdpdr - ok

20:57:11.0156 0552        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

20:57:11.0296 0552        RDPWD - ok

20:57:11.0718 0552        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

20:57:11.0953 0552        RDSessMgr - ok

20:57:12.0375 0552        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:57:12.0562 0552        redbook - ok

20:57:12.0953 0552        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

20:57:13.0140 0552        RemoteAccess - ok

20:57:13.0609 0552        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

20:57:13.0750 0552        RemoteRegistry - ok

20:57:14.0156 0552        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

20:57:14.0343 0552        RpcLocator - ok

20:57:14.0890 0552        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

20:57:15.0062 0552        RpcSs - ok

20:57:15.0500 0552        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

20:57:15.0750 0552        RSVP - ok

20:57:16.0218 0552        RTLE8023xp      (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

20:57:16.0453 0552        RTLE8023xp - ok

20:57:16.0953 0552        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys

20:57:17.0093 0552        s1018bus - ok

20:57:17.0500 0552        s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys

20:57:17.0515 0552        s1018mdfl - ok

20:57:17.0984 0552        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys

20:57:18.0046 0552        s1018mdm - ok

20:57:18.0500 0552        s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys

20:57:18.0703 0552        s1018mgmt - ok

20:57:19.0109 0552        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys

20:57:19.0140 0552        s1018nd5 - ok

20:57:19.0593 0552        s1018obex       (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys

20:57:19.0671 0552        s1018obex - ok

20:57:20.0125 0552        s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys

20:57:20.0203 0552        s1018unic - ok

20:57:20.0671 0552        s115bus         (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys

20:57:20.0734 0552        s115bus - ok

20:57:21.0156 0552        s115mdfl        (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys

20:57:21.0187 0552        s115mdfl - ok

20:57:21.0640 0552        s115mdm         (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys

20:57:21.0703 0552        s115mdm - ok

20:57:22.0218 0552        s115mgmt        (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys

20:57:22.0375 0552        s115mgmt - ok

20:57:23.0875 0552        s115obex        (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys

20:57:24.0062 0552        s115obex - ok

20:57:26.0000 0552        s125bus         (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys

20:57:26.0078 0552        s125bus - ok

20:57:27.0656 0552        s125mdfl        (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys

20:57:28.0093 0552        s125mdfl - ok

20:57:29.0875 0552        s125mdm         (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys

20:57:30.0031 0552        s125mdm - ok

20:57:31.0828 0552        s125mgmt        (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys

20:57:31.0890 0552        s125mgmt - ok

20:57:33.0000 0552        s125obex        (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys

20:57:33.0062 0552        s125obex - ok

20:57:33.0796 0552        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:57:33.0921 0552        SamSs - ok

20:57:34.0687 0552        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

20:57:34.0921 0552        SCardSvr - ok

20:57:35.0562 0552        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

20:57:35.0781 0552        Schedule - ok

20:57:36.0218 0552        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:57:36.0390 0552        Secdrv - ok

20:57:36.0750 0552        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

20:57:36.0921 0552        seclogon - ok

20:57:37.0500 0552        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

20:57:37.0671 0552        SENS - ok

20:57:38.0093 0552        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:57:38.0281 0552        serenum - ok

20:57:38.0718 0552        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

20:57:38.0921 0552        Serial - ok

20:57:39.0359 0552        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:57:39.0515 0552        Sfloppy - ok

20:57:40.0046 0552        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

20:57:40.0390 0552        SharedAccess - ok

20:57:40.0812 0552        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

20:57:40.0859 0552        ShellHWDetection - ok

20:57:41.0234 0552        Simbad - ok

20:57:41.0687 0552        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:57:41.0859 0552        SLIP - ok

20:57:42.0343 0552        Sparrow - ok

20:57:42.0750 0552        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:57:42.0921 0552        splitter - ok

20:57:43.0296 0552        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

20:57:43.0359 0552        Spooler - ok

20:57:44.0046 0552        sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

20:57:44.0046 0552        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

20:57:44.0046 0552        sptd ( LockedFile.Multi.Generic ) - warning

20:57:44.0046 0552        sptd - detected LockedFile.Multi.Generic (1)

20:57:44.0593 0552        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

20:57:44.0796 0552        sr - ok

20:57:45.0328 0552        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

20:57:45.0453 0552        srservice - ok

20:57:46.0015 0552        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:57:46.0421 0552        Srv - ok

20:57:46.0812 0552        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

20:57:46.0953 0552        SSDPSRV - ok

20:57:47.0500 0552        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

20:57:47.0515 0552        ssmdrv - ok

20:57:48.0046 0552        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

20:57:48.0468 0552        stisvc - ok

20:57:48.0906 0552        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:57:49.0093 0552        streamip - ok

20:57:49.0562 0552        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:57:49.0734 0552        swenum - ok

20:57:50.0156 0552        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:57:50.0421 0552        swmidi - ok

20:57:50.0781 0552        SwPrv - ok

20:57:51.0500 0552        symc810 - ok

20:57:51.0875 0552        symc8xx - ok

20:57:52.0312 0552        sym_hi - ok

20:57:52.0687 0552        sym_u3 - ok

20:57:53.0125 0552        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:57:53.0343 0552        sysaudio - ok

20:57:53.0750 0552        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

20:57:53.0953 0552        SysmonLog - ok

20:57:54.0546 0552        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

20:57:54.0734 0552        TapiSrv - ok

20:57:55.0406 0552        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS

20:57:55.0750 0552        Tcpip - ok

20:57:56.0187 0552        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:57:56.0375 0552        TDPIPE - ok

20:57:56.0796 0552        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:57:56.0984 0552        TDTCP - ok

20:57:57.0484 0552        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:57:57.0687 0552        TermDD - ok

20:57:58.0187 0552        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

20:57:58.0468 0552        TermService - ok

20:57:58.0875 0552        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

20:57:58.0906 0552        Themes - ok

20:57:59.0281 0552        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

20:57:59.0468 0552        TlntSvr - ok

20:57:59.0859 0552        TosIde - ok

20:58:00.0234 0552        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

20:58:00.0390 0552        TrkWks - ok

20:58:00.0812 0552        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:58:01.0015 0552        Udfs - ok

20:58:01.0437 0552        ultra - ok

20:58:02.0000 0552        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:58:02.0609 0552        Update - ok

20:58:03.0046 0552        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

20:58:03.0328 0552        upnphost - ok

20:58:03.0765 0552        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

20:58:03.0937 0552        UPS - ok

20:58:04.0375 0552        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

20:58:04.0562 0552        usbaudio - ok

20:58:04.0968 0552        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:58:05.0156 0552        usbccgp - ok

20:58:05.0609 0552        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:58:05.0781 0552        usbehci - ok

20:58:06.0218 0552        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:58:06.0421 0552        usbhub - ok

20:58:06.0843 0552        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:58:07.0031 0552        usbprint - ok

20:58:07.0468 0552        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:58:07.0640 0552        usbscan - ok

20:58:08.0062 0552        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

20:58:08.0234 0552        usbser - ok

20:58:08.0687 0552        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:58:08.0875 0552        USBSTOR - ok

20:58:09.0296 0552        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:58:09.0468 0552        usbuhci - ok

20:58:09.0906 0552        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

20:58:10.0125 0552        usbvideo - ok

20:58:10.0546 0552        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:58:10.0718 0552        VgaSave - ok

20:58:11.0109 0552        ViaIde - ok

20:58:11.0531 0552        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

20:58:11.0718 0552        VolSnap - ok

20:58:12.0203 0552        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

20:58:12.0515 0552        VSS - ok

20:58:12.0984 0552        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

20:58:13.0156 0552        W32Time - ok

20:58:13.0578 0552        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:58:13.0765 0552        Wanarp - ok

20:58:14.0390 0552        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

20:58:14.0781 0552        Wdf01000 - ok

20:58:15.0187 0552        WDICA - ok

20:58:15.0640 0552        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:58:15.0828 0552        wdmaud - ok

20:58:16.0234 0552        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

20:58:16.0406 0552        WebClient - ok

20:58:16.0843 0552        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

20:58:17.0000 0552        winmgmt - ok

20:58:17.0406 0552        WmdmPmSN        (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

20:58:17.0593 0552        WmdmPmSN - ok

20:58:18.0218 0552        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

20:58:18.0500 0552        Wmi - ok

20:58:18.0921 0552        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:58:19.0125 0552        WmiApSrv - ok

20:58:19.0734 0552        WMPNetworkSvc   (d3dbd6e76f4be9bee67eb631488b5f29) C:\Programme\Windows Media Player\WMPNetwk.exe

20:58:20.0703 0552        WMPNetworkSvc - ok

20:58:21.0187 0552        WpdUsb          (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

20:58:21.0265 0552        WpdUsb - ok

20:58:21.0656 0552        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

20:58:21.0828 0552        wscsvc - ok

20:58:22.0171 0552        WSearch - ok

20:58:22.0593 0552        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:58:22.0781 0552        WSTCODEC - ok

20:58:23.0140 0552        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

20:58:23.0359 0552        wuauserv - ok

20:58:23.0796 0552        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:58:23.0906 0552        WudfPf - ok

20:58:24.0375 0552        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:58:24.0453 0552        WudfRd - ok

20:58:24.0843 0552        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

20:58:24.0890 0552        WudfSvc - ok

20:58:25.0453 0552        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

20:58:25.0859 0552        WZCSVC - ok

20:58:26.0265 0552        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

20:58:26.0500 0552        xmlprov - ok

20:58:26.0890 0552        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

20:58:27.0421 0552        \Device\Harddisk0\DR0 - ok

20:58:27.0421 0552        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2

20:58:27.0593 0552        \Device\Harddisk1\DR2 - ok

20:58:27.0609 0552        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR3

20:58:27.0750 0552        \Device\Harddisk2\DR3 - ok

20:58:27.0859 0552        Boot (0x1200)   (c26e33a19b326a21b3bdfabf27f1031c) \Device\Harddisk0\DR0\Partition0

20:58:27.0859 0552        \Device\Harddisk0\DR0\Partition0 - ok

20:58:27.0859 0552        Boot (0x1200)   (afa5273584d158ddd2c8bc72c1aee70f) \Device\Harddisk1\DR2\Partition0

20:58:27.0859 0552        \Device\Harddisk1\DR2\Partition0 - ok

20:58:27.0875 0552        Boot (0x1200)   (cacc095ab2ebfa29e6482702ec7448d7) \Device\Harddisk2\DR3\Partition0

20:58:27.0875 0552        \Device\Harddisk2\DR3\Partition0 - ok

20:58:27.0875 0552        ============================================================

20:58:27.0875 0552        Scan finished

20:58:27.0875 0552        ============================================================

20:58:27.0984 2360        Detected object count: 5

20:58:27.0984 2360        Actual detected object count: 5

21:16:30.0265 2360        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:16:30.0265 2360        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:16:30.0265 2360        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:16:30.0265 2360        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:16:30.0265 2360        sptd ( LockedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

21:16:32.0859 2312        Deinitialize success

Grüße Simone

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-03-27.03 - Mone 27.03.2012  23:45:28.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2038.1448 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Mone\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

c:\dokumente und einstellungen\Mone\GoogleEarthPluginSetup.exe

c:\dokumente und einstellungen\Mone\lyricsplugin03.exe

c:\dokumente und einstellungen\Mone\Recent\Thumbs.db

c:\dokumente und einstellungen\Mone\WINDOWS

c:\dokumente und einstellungen\tayler\21f19e6a402e6c260cbe40caf8007e5f_e896fb6554.jpg

c:\dokumente und einstellungen\tayler\24041290986793.jpg

c:\dokumente und einstellungen\tayler\25261292087054.jpg

c:\dokumente und einstellungen\tayler\79071287072585.jpg

c:\dokumente und einstellungen\tayler\88131292087054.jpg

c:\dokumente und einstellungen\tayler\95121289948044.jpg

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))

.

.

2012-03-27 18:22 . 2012-03-27 18:22        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-03-23 10:28 . 2009-05-18 12:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys

2012-03-23 10:28 . 2008-04-17 11:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll

2012-03-23 10:26 . 2012-03-23 10:26        --------        d-----w-        c:\programme\iPod

2012-03-23 10:25 . 2012-03-23 10:28        --------        d-----w-        c:\programme\iTunes

2012-03-23 10:25 . 2012-03-23 10:28        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-03-23 10:23 . 2012-03-23 10:23        --------        d-----w-        c:\programme\Apple Software Update

2012-03-23 10:22 . 2012-03-23 10:22        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Apple Computer

2012-03-23 10:14 . 2012-03-23 10:14        --------        d-----w-        c:\programme\Bonjour

2012-03-23 09:56 . 2012-03-23 09:57        74967408        ----a-w-        C:\iTunesSetup.exe

2012-03-23 09:47 . 2012-03-23 09:47        --------        d-----w-        c:\programme\Ion Audio

2012-03-21 20:57 . 2012-03-21 20:57        --------        d-----w-        C:\_OTL

2012-03-19 17:35 . 2012-03-19 17:35        --------        d-----w-        c:\dokumente und einstellungen\Mone\Anwendungsdaten\Avira

2012-03-19 17:27 . 2012-01-31 07:56        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-03-19 17:27 . 2012-01-31 07:56        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-03-19 17:27 . 2011-09-16 15:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-03-19 17:26 . 2012-03-19 17:26        --------        d-----w-        c:\programme\Avira

2012-03-19 17:26 . 2012-03-19 17:26        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira

2012-03-18 22:07 . 2012-03-18 22:08        87227952        ----a-w-        C:\avira_free_antivirus_de1200898.exe

2012-03-18 22:05 . 2012-03-18 22:05        12038144        ----a-w-        C:\Ad-Aware_9.6_Install.exe

2012-03-18 09:27 . 2012-03-18 09:27        592824        ----a-w-        c:\programme\Mozilla Firefox\gkmedias.dll

2012-03-18 09:27 . 2012-03-18 09:27        44472        ----a-w-        c:\programme\Mozilla Firefox\mozglue.dll

2012-03-14 23:04 . 2012-03-14 23:04        --------        d-----w-        c:\dokumente und einstellungen\Mone\Anwendungsdaten\Malwarebytes

2012-03-14 23:04 . 2012-03-14 23:04        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2012-03-14 23:04 . 2012-03-14 23:31        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2012-03-14 23:04 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-08 01:19 . 2012-03-08 01:19        --------        d-----w-        c:\programme\Recuva

2012-02-29 15:42 . 2012-02-29 15:42        --------        d-----w-        c:\programme\PhotoZoom Pro 4

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-27 17:44 . 2012-03-27 17:44        2048299        ----a-w-        C:\tdsskiller.zip

2012-03-14 14:57 . 2011-06-10 12:41        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:57 . 2006-02-28 12:00        1860224        ----a-w-        c:\windows\system32\win32k.sys

2012-01-13 10:01 . 2012-01-13 10:00        66566416        ----a-w-        C:\FreeStudio.exe

2012-01-13 09:57 . 2012-01-13 09:57        19850888        ----a-w-        C:\FreeVideoToMP3Converter504.exe

2012-01-12 09:00 . 2012-01-12 09:00        883840        ----a-w-        C:\Avira-DE-Cleaner.exe

2012-01-11 19:06 . 2012-02-15 10:38        3072        ------w-        c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2010-04-21 09:58        139784        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-01-05 09:38 . 2012-01-05 09:38        4629040        ----a-w-        C:\MyPhoneExplorer_Setup_1.8.2-uni.exe

2012-01-04 00:48 . 2012-01-04 00:48        354176        ----a-w-        c:\windows\system32\DivXControlPanelApplet.cpl

2012-03-18 09:27 . 2012-01-15 14:11        97208        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]

"LWS"="c:\programme\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]

"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-03-06 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Programme\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.10.2010 00:09 691696]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [19.03.2012 19:27 36000]

R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.03.2012 19:27 86224]

R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [15.03.2012 01:04 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15.03.2012 01:04 20464]

S1 MpKsl1f947b4b;MpKsl1f947b4b;\??\c:\windows\system32\MpEngineStore\MpKsl1f947b4b.sys --> c:\windows\system32\MpEngineStore\MpKsl1f947b4b.sys [?]

S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.07.2011 00:21 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.04.2010 12:20 1691480]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [14.07.2010 12:52 13224]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.07.2011 00:21 136176]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [14.07.2010 12:17 86824]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [14.07.2010 12:17 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [14.07.2010 12:17 114728]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [14.07.2010 12:17 106208]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [14.07.2010 12:17 26024]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [14.07.2010 12:17 104744]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [14.07.2010 12:17 109864]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [24.12.2011 02:19 83208]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [24.12.2011 02:19 15112]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [24.12.2011 02:19 108680]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [24.12.2011 02:19 100488]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [24.12.2011 02:19 98568]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 31931476

*Deregistered* - 31931476

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 17:02        114688        ----a-w-        c:\programme\PixiePack Codec Pack\InstallerHelper.exe

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-17 22:20]

.

2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-17 22:20]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Free YouTube Download - c:\dokumente und einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\dokumente und einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.payback.de/pb/id/105532/?s_ixcid=11_300_102#

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe

AddRemove-Free Audio CD Burner_is1 - c:\programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe

AddRemove-Free Audio Converter_is1 - c:\programme\DVDVideoSoft\Free Audio Converter\unins000.exe

AddRemove-Free YouTube Download_is1 - c:\programme\DVDVideoSoft\Free YouTube Download\unins000.exe

AddRemove-Free YouTube to MP3 Converter_is1 - c:\programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe

AddRemove-Uninstall_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\unins001.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-03-27 23:58

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Zeit der Fertigstellung: 2012-03-28  00:02:28

ComboFix-quarantined-files.txt  2012-03-27 22:02

.

Vor Suchlauf: 14 Verzeichnis(se), 43.780.169.728 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 43.868.606.464 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - C06AD9B1DA0A3C1603388FA09DA17C9A

--- --- ---

Sind sie jetzt weg die bösen Trajaner?
grüße

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:56:12 on 01.04.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 11.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"a844jgqb" (a844jgqb) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a844jgqb.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Mone\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"MpKsl1f947b4b" (MpKsl1f947b4b) - ? - C:\WINDOWS\system32\MpEngineStore\MpKsl1f947b4b.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll

{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Mone\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe

"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"

"LWS" - "Logitech Inc." - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe -hide

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll

"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/code]

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-01 21:56:55

-----------------------------

21:56:55.328    OS Version: Windows 5.1.2600 Service Pack 3

21:56:55.328    Number of processors: 2 586 0x170A

21:56:55.328    ComputerName: PUPPSIE  UserName: Mone

21:56:57.125    Initialize success

21:59:07.734    AVAST engine defs: 12040101

21:59:35.078    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

21:59:35.078    Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3

21:59:35.078    Disk 0 MBR read successfully

21:59:35.078    Disk 0 MBR scan

21:59:35.171    Disk 0 Windows XP default MBR code

21:59:35.265    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63

21:59:35.656    Disk 0 scanning sectors +156280320

21:59:35.890    Disk 0 scanning C:\WINDOWS\system32\drivers

22:00:14.453    Service scanning

22:01:22.250    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

22:01:34.578    Modules scanning

22:02:45.203    Disk 0 trace - called modules:

22:02:45.203    ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spou.sys >>UNKNOWN [0x8a934938]<<

22:02:45.203    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8e8ab8]

22:02:45.203    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a8a2f18]

22:02:45.218    5 ACPI.sys[f74a2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a8ec940]

22:02:48.906    AVAST engine scan C:\WINDOWS

22:03:37.359    AVAST engine scan C:\WINDOWS\system32

22:13:19.484    AVAST engine scan C:\WINDOWS\system32\drivers

22:14:03.171    AVAST engine scan C:\Dokumente und Einstellungen\Mone

22:33:34.859    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Mone\Desktop\MBR.dat"

22:33:34.906    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Mone\Desktop\aswMBR.txt"

Grüße simone

GMER ging nicht? Wenn ja ein kurzer Hinweis warum du das Log nicht gepostet hast wäre schön gewesen

Hallo tut mir leid ist untergegeangen.GMER hat nicht funktioniert leider.Gruß

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

hi arne sorry das ich mich so lange nicht gemeldet habe.
mein computer ist leider totaler schrott musste mir nen neuen zulegen.ich danke dir ganz herzlich für die hilfestellung.schönen abend wünsch ich dir noch