Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   loaupdt.jpg (https://www.trojaner-board.de/115629-loaupdt-jpg.html)

ruufl 23.05.2012 09:54
loaupdt.jpg
 
Hallo ich habe windows vista benutze antivir.

Seit einiger Zeit ist mein pc langsamer, gibt piepstöne von sich (wie das warnsignal wen der virenscanner einen virus findet) und er zeigt eine Fehlermeldung an: "loaupdt.jpg funktioniert nicht mehr"
Hab schon über das problem gelesen und hoffe das ich das evtl noch mit einer rescue cd beheben kann. Oder ist das bei diesem Problem nicht mehr möglich ?

bitte um hilfe
lg ruufl

cosinus 23.05.2012 12:56
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

ruufl 24.05.2012 11:20
hallo cosinus danke für deine schnelle antwort

hab bevor ich deine antwort gelesen habe schon mal die avira rescue cd drüber laufen lassen hoffe das war jetzt nicht zu voreillig:

Code:
Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set:        8.2.10.68
VDF Version:        7.11.30.222
Scan start time: Thu May 24 10:26:02 2012
configuration file: /etc/avira/scancl.conf
WARNING: [Archive is invalid or corrupt] /media/Devices/hdb1/Program Files/WinRAR/rarnew.dat


WARNING: [The files in archive are multiple volume] /media/Devices/hdb1/Program Files/Nokia/Nokia Ovi Suite/Help/OviSuiteHelp_ger.exe --> webhelp.jar


WARNING: [The files in archive are multiple volume] /media/Devices/hdb1/Program Files/Nokia/Nokia Ovi Suite/Help/webhelp.jar


WARNING: [File is encrypted] /media/Devices/hdb1/Program Files/ICQ6.5/ConfigFiles/TopSearches.7z


WARNING: [File is encrypted] /media/Devices/hdb1/Program Files/ICQ6.5/ConfigFiles/TopSearchesDe.7z


WARNING: [Bad archive header] /media/Devices/hdb1/ProgramData/Nokia/Nokia Service Layer/A/nsl_service_module_00001/vpls/www.dsut.online.nokia.com.oti.caresuite/Products/rm-348/RM348_11.049_001_003_U236.uda.fpsx


WARNING: [Bad archive header] /media/Devices/hdb1/ProgramData/Nokia/Nokia Service Layer/A/nsl_service_module_00001/vpls/www.dsut.online.nokia.com.oti.caresuite/Products/rm-348/RM348_20.175_001_003_U236.uda.fpsx


ALERT: [JS/Expack.LU] /media/Devices/hdb1/Users/Raphael/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/6QFR252S/main[1].htm <<< Contains signature of the Java script virus JS/Expack.LU [renamed]


ALERT: [JS/Expack.LU] /media/Devices/hdb1/Users/Raphael/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/76FALT5P/index[2].htm <<< Contains signature of the Java script virus JS/Expack.LU [renamed]


ALERT: [JS/Expack.LU] /media/Devices/hdb1/Users/Raphael/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/N2MRSAIX/main[1].htm <<< Contains signature of the Java script virus JS/Expack.LU [renamed]


ALERT: [JS/Expack.LU] /media/Devices/hdb1/Users/Raphael/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/N2MRSAIX/memberphp[1].htm <<< Contains signature of the Java script virus JS/Expack.LU [renamed]


ALERT: [EXP/11-3544.CI.2] /media/Devices/hdb1/Users/Raphael/AppData/Local/Temp/M.class <<< Contains signature of the exploits EXP/11-3544.CI.2 [renamed]


ALERT: [EXP/JAVA.Ternub.Gen] /media/Devices/hdb1/Users/Raphael/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/2b958215-75edec74 --> a/a.class <<< Contains signature of the exploits EXP/JAVA.Ternub.Gen [archive scan abort]


ALERT: [EXP/11-3544.CH.2] /media/Devices/hdb1/Users/Raphael/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/25/7e337399-5cb611eb --> a/b.class <<< Contains signature of the exploits EXP/11-3544.CH.2 [archive scan abort]


ALERT: [EXP/11-3544.CH.2] /media/Devices/hdb1/Users/Raphael/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/4/1fff0c84-7475ab05 --> a/b.class <<< Contains signature of the exploits EXP/11-3544.CH.2 [archive scan abort]


ALERT: [EXP/11-3544.CH.2] /media/Devices/hdb1/Users/Raphael/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/1620d7bf-310f4062 --> a/b.class <<< Contains signature of the exploits EXP/11-3544.CH.2 [archive scan abort]


ALERT: [TR/Spy.Banker.Age.16] /media/Devices/hdb1/Users/Raphael/AppData/Roaming/AcroIEHelpe122.dll <<< Is the Trojan horse TR/Spy.Banker.Age.16 [renamed]


ALERT: [TR/Obfuscate.xinma] /media/Devices/hdb1/Users/Raphael/AppData/Roaming/Cey/woneux.exe <<< Is the Trojan horse TR/Obfuscate.xinma [renamed]


WARNING: [File is encrypted] /media/Devices/hdb1/Users/Raphael/Downloads/avira_free_antivirus_en.exe --> AVSDKList.zip


WARNING: [File is encrypted] /media/Devices/hdb1/Users/Raphael/Downloads/avira_free_antivirus_en.exe --> ManualUninstallConfig.zip


WARNING: [File is encrypted] /media/Devices/hdb1/Users/Raphael/Downloads/avira_free_antivirus_en.exe --> ProductReleaseNotes.zip


WARNING: [File is encrypted] /media/Devices/hdb1/Users/Raphael/Downloads/avira_free_antivirus_en.exe --> QATestedProducts.zip


WARNING: [Error opening file. (Input/output error)] /media/Devices/hdb5/IO.SYS


WARNING: [Unsupported archive version] /media/Devices/sda1/downloads/HSS-2.04-install-anchorfree.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/downloads/OOo_2.4.1_Win32Intel_install_de.exe


WARNING: [Bad archive format] /media/Devices/sda1/Flashythings/Emule/ebooks/45 psychologische Fachbücher dt.zip --> 45 pschologische Fachb?cher/01._Lehrbuch_fr_klinische_Psychologie_-_Psychotherapie.ace


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/burrrn_package.exe


WARNING: [Bad compressed data] /media/Devices/sda1/PC Backup/downloads/cdex_150ger.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/Cover.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/GDiVX1.9.9.exe


WARNING: [Unexpected end of file] /media/Devices/sda1/PC Backup/downloads/isobuster_10_all_lang.rar --> IsoBuster 1.0 (All languages) Setup.exe


WARNING: [Unexpected end of file] /media/Devices/sda1/PC Backup/downloads/Karaoke.wa3_CDG.exe


WARNING: [Bad compressed data] /media/Devices/sda1/PC Backup/downloads/SetupCloneCD.exe


WARNING: [Bad compressed data] /media/Devices/sda1/PC Backup/downloads/SetupCloneCD5022.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/srwa5-1.61.2.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/Streamripper wa3_153.exe


WARNING: [Unsupported archive version] /media/Devices/sda1/PC Backup/downloads/winamp3_0-full.exe


WARNING: [Bad archive format] /media/Devices/sda1/PC Backup/Flashythings/Emule/ebooks/45 psychologische Fachbücher dt.zip --> 45 pschologische Fachb?cher/01._Lehrbuch_fr_klinische_Psychologie_-_Psychotherapie.ace


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/quickhelp/dfn


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/quickhelp/ihelp


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/sfimgcont


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/Versionsupdate/setup/databasedir/quickhelp/dfn


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/Versionsupdate/setup/databasedir/quickhelp/ihelp


WARNING: [File is encrypted] /media/Devices/sda1/Sfirm/Versionsupdate/setup/databasedir/sfimgcont


Statistics :
Directories............... : 34066
Archives.................. : 3962
Files..................... : 580706
Infected.............. : 11
Renamed........... : 11
Warnings.............. : 33
Suspicious............ : 0
Infections................ : 11
Malwarebytes sagt:

Code:
  Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.24.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Raphael :: RAPHAEL-PC [Administrator]

24.05.2012 10:32:41
mbam-log-2012-05-24 (12-06-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387865
Laufzeit: 1 Stunde(n), 26 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\Raphael\AppData\Roaming\BAcroIEHelpe127.dll (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 3
HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Raphael\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{CBFFD663-F529-4B19-BCF7-70986EF027B8} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Raphael\AppData\Roaming\Cey\woneux.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Raphael\AppData\Roaming\BAcroIEHelpe127.dll (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Raphael\AppData\Roaming\AcroIEHelpe127.dll (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Raphael\AppData\Roaming\08038\components\AcroFF038.dll (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Raphael\AppData\Roaming\Cey\woneux.exe.vir (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Raphael\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.

(Ende)
soweit erstmal
lasse jetzt noch den ESET online scanner laufen.
achja ich hab nicht für jede externe festplatte ein eigenes kabel und kann deswegen nicht alle gleichzeitig hinhängen hoffe das ist kein problem.

Hier noch das ergebnis vom ESET online scanner

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8e69162c2ea3204ea5eb577921ec078c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-24 01:33:04
# local_time=2012-05-24 03:33:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 358440 112752098 1140 0
# compatibility_mode=5892 16776573 100 100 1441 175388262 0 0
# compatibility_mode=8192 67108863 100 0 280 280 0 0
# scanned=321786
# found=12
# cleaned=0
# scan_time=10849
C:\Users\Raphael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DIHA9E41\3f387ee66fdcbe0e1de66f0c2c216776[1].htm        HTML/Iframe.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
C:\Users\Raphael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2MRSAIX\memberphp[1].htm.vir        JS/Kryptik.MB trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Raphael\AppData\Local\Temp\M.class.vir        a variant of Java/Exploit.CVE-2011-3544.BK trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\2b958215-75edec74.vir        a variant of Java/Exploit.CVE-2012-0507.U trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e337399-5cb611eb.vir        Java/Exploit.Agent.NBC trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\1fff0c84-7475ab05.vir        Java/Exploit.Agent.NBC trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1620d7bf-310f4062.vir        Java/Exploit.Agent.NBC trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Raphael\AppData\Roaming\AcroIEHelpe122.dll.vir        a variant of Win32/Spy.Banker.XSL trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Raphael\Downloads\YouTubeDownloaderSetup35.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
G:\Musik\mixes\Padre\Eighties classic.wma        WMA/TrojanDownloader.Wimad.D trojan (unable to clean)        00000000000000000000000000000000        I
L:\Musik\mixes\Padre\Eighties classic.wma        WMA/TrojanDownloader.Wimad.D trojan (unable to clean)        00000000000000000000000000000000        I
M:\Musik\mixes\Padre\Eighties classic.wma        WMA/TrojanDownloader.Wimad.D trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 24.05.2012 21:40
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

ruufl 26.05.2012 06:48
funde waren in der quarantäne hab dort alle gelöscht.
Was muss jetzt getan werden ?

cosinus 26.05.2012 14:44
Aus der Q solltest du nichts löschen! Du solltest nur mit Malwarebytes die Funde entfernen, so dass die in die Q von MBAM landen!

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

ruufl 29.05.2012 07:42
normaler Modus von windows geht soweit ich das beurteilen kann uneingeschränkt. Piepstöne und auch die Fehlermeldung kommen nicht mehr.

Ob ich irgendwas im Startmenü vermisse kann ich leider nicht sagen das ist soviel zeug drinn was ich teilweiße gar nicht verwende. Aber das was ich benutze ist noch da.
Ein leerer Ordner namens Autostart ist dabei.

cosinus 29.05.2012 09:17
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

ruufl 29.05.2012 19:05
Muss ich virenscan auch ausschalten?
hier der Log

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 29.05.2012 19:34:49 - Run 1
OTL by OldTimer - Version 3.2.44.0    Folder = C:\Users\Raphael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 54,95% Memory free
4,12 Gb Paging File | 3,32 Gb Available in Paging File | 80,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 32,48 Gb Free Space | 40,61% Space Free | Partition Type: NTFS
Drive D: | 278,09 Gb Total Space | 25,14 Gb Free Space | 9,04% Space Free | Partition Type: NTFS
Drive E: | 69,04 Gb Total Space | 0,39 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
Drive F: | 19,99 Gb Total Space | 12,06 Gb Free Space | 60,35% Space Free | Partition Type: FAT32
 
Computer Name: RAPHAEL-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C607C84-E661-401E-B66D-2448527A4647}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24D51B02-E9DB-480B-B17E-E27F34C6760D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{30B01FBF-BB0E-4C2A-A7E6-4474391446FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{545C2F35-23AC-4CC6-8D01-B8D6A72F30F4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{77384C50-F095-437F-AACD-A1C55A5320D1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{932A725E-A10D-4DEA-B22E-232A1BC69EF2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE1E8CBA-EF46-4AF8-8E80-7DB0ADB1E93F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F08C7009-304F-4B97-BE13-B831954550A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F0DDEC8C-A1FD-4619-BCE8-386F6D81AB8C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F37E1E6C-94A1-4F12-871B-A089F8FC6FAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09260D7B-0CA0-406B-9A79-2D163767343A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5A68BF0B-B96D-4A49-9C7E-79D3328ADF79}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{62B66B24-11D1-42E5-A5FE-BF22FA352D4F}" = dir=in | app=c:\program files\home cinema\powerdvd\powerdvd.exe |
"{69E40F8B-D1F8-48D5-973E-32F6EFD84C29}" = dir=in | app=c:\program files\home cinema\powerdirector\pdr.exe |
"{CECCDD47-6BA4-44C0-A33F-0D5B16A1A7E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E66A58CF-34F9-491F-944D-D843EB8B1A9A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{014D7D9D-87A5-4566-BC75-80476E61FD04}C:\users\raphael\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\raphael\desktop\age of empires ii\empires2.exe |
"TCP Query User{11155918-6DC0-4EDB-AE05-AA7A6CAB10FA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{11444A55-D26B-4F1F-9049-870CA0876967}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{4FF28E5C-C0EB-4E56-8DA2-942AD888169C}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{532E19C4-1F4C-4DF1-8495-21C62583B810}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{63955AC2-7577-4BD2-AA95-0590D7EAA7B6}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{78AEC7DF-0729-4EB4-AE30-84242BA6C1E9}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{88A485FB-A120-472E-8425-CFC2AA3705DE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8CE217FA-E599-408D-88C5-AFEE332675DD}D:\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\trillian\trillian.exe |
"TCP Query User{90B7727E-6D51-4A33-A80C-5EEB3DE414DA}C:\program files\fox\no one lives forever 2\lithtech.exe" = protocol=6 | dir=in | app=c:\program files\fox\no one lives forever 2\lithtech.exe |
"TCP Query User{98E7E857-9B36-40C6-B06E-0CF0D73E818B}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{9F821C09-9D0C-4879-B697-F66BB7AF8E81}C:\users\raphael\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\raphael\desktop\age of empires ii\empires2.exe |
"TCP Query User{BF0105E6-AB4E-4A74-8F77-AC239153477F}D:\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\trillian\trillian.exe |
"UDP Query User{0828DDC7-2A4A-448A-BA53-6D854D020F9F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{16E95B2D-0205-43E7-87C0-44926569A9FD}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{20AB01EA-C7E7-4FCD-8830-2D909DCF6C7B}D:\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\trillian\trillian.exe |
"UDP Query User{73D1D218-C047-4903-B44D-2000A56682CA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{7FA3BFC1-A814-4901-BB16-A0FB606ADB8D}C:\program files\fox\no one lives forever 2\lithtech.exe" = protocol=17 | dir=in | app=c:\program files\fox\no one lives forever 2\lithtech.exe |
"UDP Query User{8950F297-CD16-426B-A746-D7D78B1A87DE}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{930D7B92-3EAD-4E51-82C5-910C154EA11D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9D7AA1C2-458E-4B5F-9E52-74193EEA0C9A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CA598B07-4A59-438B-B707-A576D1B59AB8}D:\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\trillian\trillian.exe |
"UDP Query User{D0E0FC9E-44B5-4AA0-921C-D3DFCE53708C}C:\users\raphael\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\raphael\desktop\age of empires ii\empires2.exe |
"UDP Query User{D1191AE7-A1A8-4254-857D-1447646E1146}C:\users\raphael\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\raphael\desktop\age of empires ii\empires2.exe |
"UDP Query User{F8C559E5-3776-4169-801C-3201378C40E2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{FAE9913C-F53D-4654-AE12-40BA3685972D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{41E340F0-0BD6-4A87-AF29-E9E584471756}" = VideoMate T , M , P Series  Driver
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81AB1374-098A-43CB-BE57-31CEB5EB1031}" = Nero 7 Essentials
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A600A500-6AAC-48AB-B29C-145483B3A127}" = SFirm
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D353C323-5E95-4873-9825-9FEC1C8A3794}" = Nokia Download!
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Chrome9HC" = VIA Chrome9 HC IGP Family Display
"Defraggler" = Defraggler
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Fury3" = Microsoft Fury3
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IncrediBubble" = IncrediBubble
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Streamripper" = Streamripper (Remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2012 06:23:18 | Computer Name = Raphael-PC | Source = Application Hang | ID = 1002
Description = Programm YouTubeDownloader.exe, Version 3.5.0.5 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 13ac  Anfangszeit: 01cd3416f9315c24  Zeitpunkt
 der Beendigung: 22
 
Error - 17.05.2012 06:23:49 | Computer Name = Raphael-PC | Source = Application Hang | ID = 1002
Description = Programm YouTubeDownloader.exe, Version 3.5.0.5 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 15b0  Anfangszeit: 01cd341716e852f4  Zeitpunkt
 der Beendigung: 0
 
Error - 22.05.2012 05:04:17 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0xe50, Anwendungsstartzeit 01cd37f9dce1b304.
 
Error - 22.05.2012 05:20:34 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0x410, Anwendungsstartzeit 01cd37fc23a19921.
 
Error - 22.05.2012 05:21:28 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0xd50, Anwendungsstartzeit 01cd37fc43051711.
 
Error - 22.05.2012 05:22:00 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0xa10, Anwendungsstartzeit 01cd37fc579d9cb1.
 
Error - 22.05.2012 05:24:24 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0x10c4, Anwendungsstartzeit 01cd37fcacf24ee1.
 
Error - 22.05.2012 05:26:32 | Computer Name = Raphael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66,
 fehlerhaftes Modul loaupdt.jpg, Version 0.0.0.0, Zeitstempel 0x4fbb3f66, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bb04,  Prozess-ID 0x14b8, Anwendungsstartzeit 01cd37fcf9e3e101.
 
Error - 22.05.2012 05:27:57 | Computer Name = Raphael-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 174c  Anfangszeit: 01cd37fca8be6161  Zeitpunkt
 der Beendigung: 0
 
Error - 29.05.2012 13:33:33 | Computer Name = Raphael-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.44.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: a88  Anfangszeit: 01cd3dc08a918c30  Zeitpunkt der Beendigung:
 31
 
[ System Events ]
Error - 12.05.2012 07:15:25 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12.05.2012 07:15:25 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 12.05.2012 07:15:25 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12.05.2012 07:15:55 | Computer Name = Raphael-PC | Source = DCOM | ID = 10010
Description =
 
Error - 16.05.2012 01:35:31 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 17.05.2012 02:08:24 | Computer Name = Raphael-PC | Source = DCOM | ID = 10005
Description =
 
Error - 17.05.2012 02:08:24 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 17.05.2012 02:08:24 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 17.05.2012 02:08:41 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 17.05.2012 02:08:41 | Computer Name = Raphael-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

cosinus 30.05.2012 09:41
Das andere Log (OTL.txt) fehlt

ruufl 30.05.2012 17:14
hier ists:
OTL Logfile:
Code:
OTL logfile created on: 29.05.2012 19:34:49 - Run 1
OTL by OldTimer - Version 3.2.44.0    Folder = C:\Users\Raphael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 54,95% Memory free
4,12 Gb Paging File | 3,32 Gb Available in Paging File | 80,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 32,48 Gb Free Space | 40,61% Space Free | Partition Type: NTFS
Drive D: | 278,09 Gb Total Space | 25,14 Gb Free Space | 9,04% Space Free | Partition Type: NTFS
Drive E: | 69,04 Gb Total Space | 0,39 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
Drive F: | 19,99 Gb Total Space | 12,06 Gb Free Space | 60,35% Space Free | Partition Type: FAT32
 
Computer Name: RAPHAEL-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.29 19:25:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
PRC - [2012.05.24 10:17:05 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012.05.24 10:17:03 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.07.01 17:58:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 08:04:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2003.05.15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.24 10:17:03 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.01 17:58:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 08:04:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008.01.19 09:34:44 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008.01.19 09:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.12.19 22:23:38 | 000,272,024 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.12.23 08:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011.12.23 08:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.01 17:58:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 17:58:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.25 01:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.06.23 10:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.11 12:59:48 | 000,023,192 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\xfilt.sys -- (xfilt)
DRV - [2010.02.11 12:59:18 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\videX32.sys -- (videX32)
DRV - [2009.06.10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.04.11 06:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.19 07:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2007.04.17 10:30:38 | 000,025,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2007.04.17 10:30:38 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2007.04.17 10:30:38 | 000,018,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2007.04.17 10:30:38 | 000,017,592 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2007.04.17 10:30:38 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2007.01.08 18:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006.11.02 11:49:32 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006.11.02 10:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006.11.02 10:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ergoverbund.de/
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes,DefaultScope = {8B456654-113A-43F6-B02A-A0C9DDAE8465}
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes\{6582B034-8798-4670-B8D5-46503BE6E955}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes\{8B456654-113A-43F6-B02A-A0C9DDAE8465}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.hotspotshield.com/g/?c=h"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.04.09 22:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.06 17:32:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.30 16:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.16 19:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.04.09 22:42:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Raphael\AppData\Roaming\08038 [2012.05.22 11:21:29 | 000,000,000 | ---D | M]
 
[2010.03.18 17:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions
[2012.02.19 13:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions
[2010.10.17 19:44:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.19 13:24:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.06 20:36:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.21 23:43:37 | 000,000,873 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\scgjfruf.default\searchplugins\conduit.xml
[2011.09.09 20:45:01 | 000,001,030 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\scgjfruf.default\searchplugins\wikipedia-de.xml
[2011.12.03 15:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.31 22:12:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.05.22 11:21:29 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\RAPHAEL\APPDATA\ROAMING\08038
[2012.01.23 13:35:03 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RAPHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCGJFRUF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.30 16:50:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.29 12:36:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.30 16:50:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [S3Funkey] C:\Windows\System32\S3Funkey.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SfWinStartInfo] C:\Program Files\SFirm32\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003..\Run: []  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{655FB688-C9F8-4CFC-9312-1447CDF9CCB9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7BDAAAA-E3F3-4916-A59D-B98AC7F79D5D}: DhcpNameServer = 10.87.56.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.01.30 16:37:40 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= -  File not found
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= -  File not found
MsConfig - StartUpReg: SfWinStartInfo - hkey= - key= - C:\Program Files\SFirm32\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skytel - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 1
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.29 19:25:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2012.05.29 08:32:52 | 006,236,280 | ---- | C] (Lavasoft Limited) -- C:\Users\Raphael\Desktop\Adaware_Installer.exe
[2012.05.24 12:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.24 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Desktop\01. Lehrbuch für klinische Psychologie - Psychotherapie
[2012.05.24 10:30:51 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Malwarebytes
[2012.05.24 10:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.24 10:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.24 10:30:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.24 10:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.24 10:29:19 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Raphael\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.22 11:21:29 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\08038
[2012.05.16 07:39:26 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\08036
[2012.05.12 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\08035
[2012.05.06 09:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.05.06 09:45:44 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\08033
[2012.05.05 17:50:11 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Desktop\max
[2012.04.30 09:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SFirm LOGS
[2 C:\Users\Raphael\Documents\*.tmp files -> C:\Users\Raphael\Documents\*.tmp -> ]
[1 C:\Users\Raphael\AppData\Roaming\*.tmp files -> C:\Users\Raphael\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.29 19:25:37 | 000,637,762 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.29 19:25:37 | 000,603,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.29 19:25:37 | 000,130,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.29 19:25:37 | 000,107,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.29 19:25:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2012.05.29 19:21:28 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.05.29 19:21:28 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.05.29 19:21:04 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 19:21:03 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 19:21:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.29 19:20:59 | 000,000,680 | ---- | M] () -- C:\Users\Raphael\AppData\Local\d3d9caps.dat
[2012.05.29 19:20:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.29 19:20:49 | 2078,793,728 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 08:32:54 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Users\Raphael\Desktop\Adaware_Installer.exe
[2012.05.26 13:45:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.26 12:17:01 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.05.26 08:56:14 | 020,307,352 | ---- | M] () -- C:\Users\Raphael\Documents\Iwer George_ COME TO MEH [2011 Trinidad Carnival Soca][Angel Duo Riddim, Produced By Hitz].mp4
[2012.05.26 08:02:33 | 140,473,648 | ---- | M] () -- C:\Users\Raphael\Documents\Movement Lifestyle - #11105 I Lego I Jon Mcxro.mp4
[2012.05.26 08:02:32 | 025,344,391 | ---- | M] () -- C:\Users\Raphael\Documents\Aidonia - Anyway At All, Dancehall Routine by JIFF.mp4
[2012.05.26 07:55:35 | 012,129,449 | ---- | M] () -- C:\Users\Raphael\Documents\Mavado - What's Love - May 2012.flv
[2012.05.26 07:52:06 | 012,204,417 | ---- | M] () -- C:\Users\Raphael\Documents\Konshens - Mad Mi [Bong Diggy Bang Riddim] MAY 2012.mp4
[2012.05.24 10:30:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.24 10:29:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Raphael\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.24 10:23:22 | 000,000,160 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\blckdom.res
[2012.05.24 10:10:55 | 000,370,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.23 08:44:20 | 000,057,856 | ---- | M] () -- C:\Users\Raphael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.17 08:07:08 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012.05.16 09:02:43 | 050,354,855 | ---- | M] () -- C:\Users\Raphael\Documents\Juicy Riddim Mix [April 2012] UPT - 007 Records.flv
[2012.05.16 07:40:04 | 000,230,880 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\AcroIEHelpe122.dll.vir
[2012.04.30 09:35:02 | 000,000,029 | ---- | M] () -- C:\Windows\hbcikrnl.ini.lock
[2012.04.30 09:31:36 | 000,000,061 | ---- | M] () -- C:\Windows\Setup_tmp.ini
[2 C:\Users\Raphael\Documents\*.tmp files -> C:\Users\Raphael\Documents\*.tmp -> ]
[1 C:\Users\Raphael\AppData\Roaming\*.tmp files -> C:\Users\Raphael\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.26 08:55:41 | 020,307,352 | ---- | C] () -- C:\Users\Raphael\Documents\Iwer George_ COME TO MEH [2011 Trinidad Carnival Soca][Angel Duo Riddim, Produced By Hitz].mp4
[2012.05.26 08:01:03 | 025,344,391 | ---- | C] () -- C:\Users\Raphael\Documents\Aidonia - Anyway At All, Dancehall Routine by JIFF.mp4
[2012.05.26 07:57:48 | 140,473,648 | ---- | C] () -- C:\Users\Raphael\Documents\Movement Lifestyle - #11105 I Lego I Jon Mcxro.mp4
[2012.05.26 07:53:09 | 012,129,449 | ---- | C] () -- C:\Users\Raphael\Documents\Mavado - What's Love - May 2012.flv
[2012.05.26 07:51:40 | 012,204,417 | ---- | C] () -- C:\Users\Raphael\Documents\Konshens - Mad Mi [Bong Diggy Bang Riddim] MAY 2012.mp4
[2012.05.24 11:37:35 | 004,950,135 | ---- | C] () -- C:\Users\Raphael\Desktop\01._Lehrbuch_fr_klinische_Psychologie_-_Psychotherapie.ace
[2012.05.24 10:30:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.17 08:07:08 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.05.16 08:40:30 | 050,354,855 | ---- | C] () -- C:\Users\Raphael\Documents\Juicy Riddim Mix [April 2012] UPT - 007 Records.flv
[2012.05.16 07:40:04 | 000,230,880 | ---- | C] () -- C:\Users\Raphael\AppData\Roaming\AcroIEHelpe122.dll.vir
[2012.05.07 12:07:03 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2012.04.30 09:35:02 | 000,000,029 | ---- | C] () -- C:\Windows\hbcikrnl.ini.lock
[2012.04.30 09:31:36 | 000,000,061 | ---- | C] () -- C:\Windows\Setup_tmp.ini
[2012.04.23 08:38:46 | 000,000,160 | ---- | C] () -- C:\Users\Raphael\AppData\Roaming\blckdom.res
[2012.02.10 23:01:30 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.06.15 21:50:21 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.06.15 21:50:21 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.01.09 14:56:06 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2011.01.09 14:26:52 | 000,000,354 | ---- | C] () -- C:\Windows\WININIT.INI
 
========== LOP Check ==========
 
[2012.04.23 08:38:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08032
[2012.05.06 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08033
[2012.05.12 12:54:43 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08035
[2012.05.16 07:39:26 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08036
[2012.05.22 11:21:29 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08038
[2012.05.24 12:07:15 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Cey
[2010.09.02 19:12:12 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.10 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\HTC
[2011.04.09 23:09:46 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009.08.31 18:57:48 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\ICQ
[2012.04.23 08:38:39 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\kock
[2012.05.22 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Lut
[2010.03.31 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Neverball
[2010.03.19 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Nokia
[2009.09.03 14:46:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Nseries
[2010.01.18 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\OpenOffice.org
[2009.09.03 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\PC Suite
[2009.08.29 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\streamripper
[2011.08.08 10:59:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\TVcentral-Core
[2012.05.03 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\UAs
[2009.08.28 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Ulead Systems
[2012.05.03 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\xmldm
[2012.05.29 08:42:49 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.23 08:38:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08032
[2012.05.06 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08033
[2012.05.12 12:54:43 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08035
[2012.05.16 07:39:26 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08036
[2012.05.22 11:21:29 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\08038
[2011.04.09 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Adobe
[2009.09.03 12:39:22 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Ahead
[2009.11.08 12:54:02 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Apple Computer
[2011.03.13 10:27:42 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Avira
[2012.05.24 12:07:15 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Cey
[2009.12.13 19:28:10 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\CyberLink
[2010.11.21 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\DivX
[2012.05.17 10:53:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\dvdcss
[2010.09.02 19:12:12 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.28 16:43:14 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Google
[2011.04.10 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\HTC
[2011.04.09 23:09:46 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009.08.31 18:57:48 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\ICQ
[2009.08.28 16:29:04 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Identities
[2012.04.23 08:38:39 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\kock
[2012.05.22 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Lut
[2009.08.28 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Macromedia
[2012.05.24 10:30:51 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Media Center Programs
[2009.10.13 21:11:56 | 000,000,000 | --SD | M] -- C:\Users\Raphael\AppData\Roaming\Microsoft
[2010.03.18 17:27:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Mozilla
[2010.03.31 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Neverball
[2010.03.19 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Nokia
[2009.09.03 14:46:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Nseries
[2010.01.18 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\OpenOffice.org
[2010.01.18 14:30:06 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\OpenOffice.org2
[2009.09.03 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\PC Suite
[2010.03.28 14:23:40 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Real
[2009.08.29 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\streamripper
[2011.08.08 10:59:13 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\TVcentral-Core
[2012.05.03 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\UAs
[2009.08.28 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Ulead Systems
[2012.05.23 09:00:56 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\vlc
[2012.05.03 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2011.05.14 21:04:47 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Raphael\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.09.03 12:36:31 | 068,725,024 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2009.08.28 20:39:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.08.28 20:39:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.08.28 20:39:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2009.08.28 20:39:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.05.08 16:29:51 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.05.08 16:29:51 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2008.07.09 21:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\2K\viamraid.sys
[2008.07.09 21:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2008.07.09 21:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\SRV2003\x86\viamraid.sys
[2008.07.09 21:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\XP\x86\viamraid.sys
[2008.09.26 17:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2008.09.26 17:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\VISTA\x86\viamraid.sys
[2010.03.05 10:34:38 | 000,138,464 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=573793CAC25054F4189196150DE0E51E -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2010.03.05 10:34:38 | 000,138,464 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=573793CAC25054F4189196150DE0E51E -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\VISTA\x86\viamraid.sys
[2010.02.22 17:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\2K\viamraid.sys
[2010.02.22 17:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2010.02.22 17:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\SRV2003\x86\viamraid.sys
[2010.02.22 17:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\XP\x86\viamraid.sys
[2007.12.19 20:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007.12.19 20:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\NT4\viamraid.sys
[2007.12.19 20:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007.12.19 20:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Users\Raphael\Documents\DriverGenius\Temp\via_vraid_590a\via_vraid_590a\VRAIDDrv\NT4\viamraid.sys
 
< MD5 for: VIPRT.SYS  >
[2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\System32\drivers\ViPrt.sys
[2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_86543378\ViPrt.sys
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          Schliesse bitte nun alle Programme >

< End of report >
--- --- ---

cosinus 30.05.2012 20:46
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.hotspotshield.com/g/?c=h"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
[2010.10.17 19:44:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.19 13:24:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.06 20:36:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.21 23:43:37 | 000,000,873 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\scgjfruf.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKU\S-1-5-21-3525520835-1839049092-1064679259-1003..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.01.30 16:37:40 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
:Files
C:\Users\Raphael\AppData\Roaming\0803?
C:\Users\Raphael\AppData\Roaming\blckdom.res
C:\Users\Raphael\AppData\Roaming\kock
C:\Users\Raphael\AppData\Roaming\Lut
C:\Users\Raphael\AppData\Roaming\UAs
C:\Users\Raphael\AppData\Roaming\xmldm
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ruufl 31.05.2012 18:07
Logfile:

Code:
  All processes killed
========== OTL ==========
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.hotspotshield.com/g/?c=h" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\scgjfruf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\scgjfruf.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-3525520835-1839049092-1064679259-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-3525520835-1839049092-1064679259-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autoexec.bat moved successfully.
E:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccb2b942-76ca-11df-bc79-0019dba44eba}\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccb2b942-76ca-11df-bc79-0019dba44eba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccb2b942-76ca-11df-bc79-0019dba44eba}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe not found.
========== FILES ==========
C:\Users\Raphael\AppData\Roaming\08032\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08032 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08033\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08033 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08035\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08035 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08036\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08036 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08038\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\08038 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\blckdom.res moved successfully.
C:\Users\Raphael\AppData\Roaming\kock folder moved successfully.
C:\Users\Raphael\AppData\Roaming\Lut folder moved successfully.
C:\Users\Raphael\AppData\Roaming\UAs folder moved successfully.
C:\Users\Raphael\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Raphael
->Temp folder emptied: 63944526 bytes
->Temporary Internet Files folder emptied: 523868801 bytes
->Java cache emptied: 311961691 bytes
->FireFox cache emptied: 47176885 bytes
->Flash cache emptied: 59316 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55932761 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 957,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Raphael
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 05312012_190011

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 31.05.2012 19:16
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

ruufl 01.06.2012 18:41
TDSS Log:

Code:
  19:35:53.0559 3856        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:35:53.0777 3856        ============================================================
19:35:53.0777 3856        Current date / time: 2012/06/01 19:35:53.0777
19:35:53.0777 3856        SystemInfo:
19:35:53.0777 3856       
19:35:53.0777 3856        OS Version: 6.0.6002 ServicePack: 2.0
19:35:53.0777 3856        Product type: Workstation
19:35:53.0777 3856        ComputerName: RAPHAEL-PC
19:35:53.0777 3856        UserName: Raphael
19:35:53.0777 3856        Windows directory: C:\Windows
19:35:53.0777 3856        System windows directory: C:\Windows
19:35:53.0777 3856        Processor architecture: Intel x86
19:35:53.0777 3856        Number of processors: 2
19:35:53.0777 3856        Page size: 0x1000
19:35:53.0777 3856        Boot type: Normal boot
19:35:53.0777 3856        ============================================================
19:35:55.0306 3856        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:55.0306 3856        Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:55.0337 3856        ============================================================
19:35:55.0337 3856        \Device\Harddisk0\DR0:
19:35:55.0337 3856        MBR partitions:
19:35:55.0337 3856        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22C2D000
19:35:55.0369 3856        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x22C2D83F, BlocksNum 0x27FFE82
19:35:55.0369 3856        \Device\Harddisk1\DR1:
19:35:55.0369 3856        MBR partitions:
19:35:55.0369 3856        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9FFEACC
19:35:55.0400 3856        \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x9FFEB4A, BlocksNum 0x8A160B6
19:35:55.0400 3856        ============================================================
19:35:55.0431 3856        C: <-> \Device\Harddisk1\DR1\Partition0
19:35:55.0478 3856        D: <-> \Device\Harddisk0\DR0\Partition0
19:35:55.0493 3856        E: <-> \Device\Harddisk1\DR1\Partition1
19:35:55.0509 3856        F: <-> \Device\Harddisk0\DR0\Partition1
19:35:55.0540 3856        ============================================================
19:35:55.0540 3856        Initialize success
19:35:55.0540 3856        ============================================================
19:37:28.0454 3580        ============================================================
19:37:28.0454 3580        Scan started
19:37:28.0454 3580        Mode: Manual; SigCheck; TDLFS;
19:37:28.0454 3580        ============================================================
19:37:29.0515 3580        3xHybrid        (5abd10518dec48b4fa5ffc03b73402e5) C:\Windows\system32\DRIVERS\3xHybrid.sys
19:37:29.0764 3580        3xHybrid - ok
19:37:29.0795 3580        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:37:29.0827 3580        ACPI - ok
19:37:29.0873 3580        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:37:29.0905 3580        adp94xx - ok
19:37:29.0951 3580        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:37:29.0983 3580        adpahci - ok
19:37:30.0014 3580        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:37:30.0029 3580        adpu160m - ok
19:37:30.0045 3580        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:37:30.0076 3580        adpu320 - ok
19:37:30.0092 3580        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:37:30.0201 3580        AeLookupSvc - ok
19:37:30.0248 3580        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:37:30.0326 3580        AFD - ok
19:37:30.0357 3580        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:37:30.0388 3580        aic78xx - ok
19:37:30.0451 3580        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:37:30.0513 3580        ALG - ok
19:37:30.0591 3580        aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
19:37:30.0622 3580        aliide - ok
19:37:30.0638 3580        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:37:30.0669 3580        amdagp - ok
19:37:30.0700 3580        amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
19:37:30.0716 3580        amdide - ok
19:37:30.0763 3580        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:37:30.0965 3580        AmdK7 - ok
19:37:30.0997 3580        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:37:31.0075 3580        AmdK8 - ok
19:37:31.0246 3580        AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:37:31.0246 3580        AntiVirSchedulerService - ok
19:37:31.0293 3580        AntiVirService  (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:37:31.0309 3580        AntiVirService - ok
19:37:31.0402 3580        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:37:31.0433 3580        Appinfo - ok
19:37:31.0449 3580        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:37:31.0465 3580        arc - ok
19:37:31.0496 3580        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:37:31.0511 3580        arcsas - ok
19:37:31.0527 3580        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:31.0589 3580        AsyncMac - ok
19:37:31.0636 3580        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:37:31.0652 3580        atapi - ok
19:37:31.0683 3580        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:37:31.0730 3580        AudioEndpointBuilder - ok
19:37:31.0730 3580        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:37:31.0761 3580        Audiosrv - ok
19:37:31.0823 3580        avgio          (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
19:37:31.0839 3580        avgio - ok
19:37:31.0870 3580        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:37:31.0886 3580        avgntflt - ok
19:37:31.0933 3580        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:37:31.0948 3580        avipbb - ok
19:37:31.0964 3580        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:37:31.0995 3580        Beep - ok
19:37:32.0120 3580        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:37:32.0167 3580        BFE - ok
19:37:32.0385 3580        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:37:32.0463 3580        BITS - ok
19:37:32.0479 3580        blbdrive - ok
19:37:32.0510 3580        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:37:32.0541 3580        bowser - ok
19:37:32.0572 3580        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:37:32.0603 3580        BrFiltLo - ok
19:37:32.0619 3580        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:37:32.0650 3580        BrFiltUp - ok
19:37:32.0666 3580        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:37:32.0713 3580        Browser - ok
19:37:32.0775 3580        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:37:32.0837 3580        Brserid - ok
19:37:32.0900 3580        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:37:32.0978 3580        BrSerWdm - ok
19:37:33.0009 3580        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:37:33.0071 3580        BrUsbMdm - ok
19:37:33.0134 3580        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:37:33.0196 3580        BrUsbSer - ok
19:37:33.0274 3580        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:37:33.0337 3580        BTHMODEM - ok
19:37:33.0430 3580        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:37:33.0461 3580        cdfs - ok
19:37:33.0555 3580        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:37:33.0617 3580        cdrom - ok
19:37:33.0649 3580        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:37:33.0711 3580        CertPropSvc - ok
19:37:33.0727 3580        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:37:33.0789 3580        circlass - ok
19:37:33.0836 3580        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:37:33.0867 3580        CLFS - ok
19:37:33.0961 3580        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:37:33.0992 3580        clr_optimization_v2.0.50727_32 - ok
19:37:34.0023 3580        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:34.0039 3580        clr_optimization_v4.0.30319_32 - ok
19:37:34.0101 3580        cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
19:37:34.0117 3580        cmdide - ok
19:37:34.0148 3580        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:37:34.0163 3580        Compbatt - ok
19:37:34.0163 3580        COMSysApp - ok
19:37:34.0195 3580        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:37:34.0195 3580        crcdisk - ok
19:37:34.0226 3580        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:37:34.0288 3580        Crusoe - ok
19:37:34.0366 3580        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:37:34.0429 3580        CryptSvc - ok
19:37:34.0507 3580        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:37:34.0569 3580        DcomLaunch - ok
19:37:34.0663 3580        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:37:34.0725 3580        DfsC - ok
19:37:34.0975 3580        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:37:35.0131 3580        DFSR - ok
19:37:35.0411 3580        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:37:35.0443 3580        Dhcp - ok
19:37:35.0552 3580        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:37:35.0567 3580        disk - ok
19:37:35.0599 3580        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:37:35.0645 3580        Dnscache - ok
19:37:35.0677 3580        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:37:35.0708 3580        dot3svc - ok
19:37:35.0786 3580        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:37:35.0817 3580        DPS - ok
19:37:35.0833 3580        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:37:35.0879 3580        drmkaud - ok
19:37:35.0957 3580        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:37:36.0020 3580        DXGKrnl - ok
19:37:36.0145 3580        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:37:36.0238 3580        E1G60 - ok
19:37:36.0269 3580        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:37:36.0301 3580        EapHost - ok
19:37:36.0332 3580        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:37:36.0363 3580        Ecache - ok
19:37:36.0425 3580        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:37:36.0457 3580        ehRecvr - ok
19:37:36.0488 3580        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:37:36.0535 3580        ehSched - ok
19:37:36.0535 3580        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:37:36.0566 3580        ehstart - ok
19:37:36.0597 3580        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:37:36.0644 3580        elxstor - ok
19:37:36.0815 3580        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:37:36.0925 3580        EMDMgmt - ok
19:37:36.0987 3580        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:37:37.0049 3580        EventSystem - ok
19:37:37.0096 3580        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:37:37.0159 3580        exfat - ok
19:37:37.0190 3580        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:37:37.0237 3580        fastfat - ok
19:37:37.0268 3580        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:37:37.0346 3580        fdc - ok
19:37:37.0424 3580        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:37:37.0455 3580        fdPHost - ok
19:37:37.0502 3580        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:37:37.0564 3580        FDResPub - ok
19:37:37.0658 3580        FET5X86V        (8787449f8ef116db0e8e06c3555746a7) C:\Windows\system32\DRIVERS\fetnd5bv.sys
19:37:37.0689 3580        FET5X86V - ok
19:37:37.0720 3580        FETNDIS        (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
19:37:37.0767 3580        FETNDIS - ok
19:37:37.0814 3580        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:37:37.0829 3580        FileInfo - ok
19:37:37.0861 3580        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:37:37.0907 3580        Filetrace - ok
19:37:38.0157 3580        FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
19:37:38.0282 3580        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0282 3580        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:37:38.0563 3580        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:37:38.0656 3580        flpydisk - ok
19:37:38.0719 3580        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:37:38.0750 3580        FltMgr - ok
19:37:38.0921 3580        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:37:38.0984 3580        FontCache - ok
19:37:39.0124 3580        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:37:39.0140 3580        FontCache3.0.0.0 - ok
19:37:39.0233 3580        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:37:39.0265 3580        Fs_Rec - ok
19:37:39.0311 3580        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:37:39.0327 3580        gagp30kx - ok
19:37:39.0405 3580        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:37:39.0483 3580        gpsvc - ok
19:37:39.0623 3580        gupdate1ca2952144769d0 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:37:39.0639 3580        gupdate1ca2952144769d0 - ok
19:37:39.0639 3580        gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:37:39.0655 3580        gupdatem - ok
19:37:39.0779 3580        gusvc          (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:37:39.0795 3580        gusvc - ok
19:37:39.0889 3580        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:37:39.0920 3580        HdAudAddService - ok
19:37:40.0029 3580        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:37:40.0123 3580        HDAudBus - ok
19:37:40.0201 3580        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:37:40.0263 3580        HidBth - ok
19:37:40.0279 3580        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:37:40.0341 3580        HidIr - ok
19:37:40.0388 3580        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:37:40.0403 3580        hidserv - ok
19:37:40.0435 3580        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:37:40.0466 3580        HidUsb - ok
19:37:40.0544 3580        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:37:40.0575 3580        hkmsvc - ok
19:37:40.0606 3580        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:37:40.0622 3580        HpCISSs - ok
19:37:40.0700 3580        HTCAND32        (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:37:40.0747 3580        HTCAND32 - ok
19:37:40.0825 3580        htcnprot        (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
19:37:40.0856 3580        htcnprot - ok
19:37:40.0918 3580        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:37:40.0981 3580        HTTP - ok
19:37:41.0043 3580        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:37:41.0074 3580        i2omp - ok
19:37:41.0090 3580        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:37:41.0152 3580        i8042prt - ok
19:37:41.0230 3580        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:37:41.0277 3580        iaStorV - ok
19:37:41.0495 3580        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:37:41.0651 3580        idsvc - ok
19:37:41.0683 3580        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:37:41.0714 3580        iirsp - ok
19:37:41.0823 3580        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:37:41.0885 3580        IKEEXT - ok
19:37:42.0525 3580        IntcAzAudAddService (0dbef9cd5a2cd71240dd5afcee56d073) C:\Windows\system32\drivers\RTKVHDA.sys
19:37:42.0759 3580        IntcAzAudAddService - ok
19:37:42.0962 3580        intelide        (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
19:37:43.0009 3580        intelide - ok
19:37:43.0040 3580        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:37:43.0087 3580        intelppm - ok
19:37:43.0133 3580        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:37:43.0180 3580        IPBusEnum - ok
19:37:43.0211 3580        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:43.0258 3580        IpFilterDriver - ok
19:37:43.0336 3580        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:37:43.0383 3580        iphlpsvc - ok
19:37:43.0383 3580        IpInIp - ok
19:37:43.0414 3580        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:37:43.0492 3580        IPMIDRV - ok
19:37:43.0570 3580        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:37:43.0617 3580        IPNAT - ok
19:37:43.0664 3580        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:37:43.0711 3580        IRENUM - ok
19:37:43.0742 3580        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:37:43.0757 3580        isapnp - ok
19:37:43.0804 3580        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:37:43.0835 3580        iScsiPrt - ok
19:37:43.0851 3580        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:37:43.0882 3580        iteatapi - ok
19:37:43.0929 3580        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:37:43.0960 3580        iteraid - ok
19:37:43.0991 3580        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:37:44.0023 3580        kbdclass - ok
19:37:44.0038 3580        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:37:44.0085 3580        kbdhid - ok
19:37:44.0116 3580        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:37:44.0163 3580        KeyIso - ok
19:37:44.0194 3580        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:37:44.0272 3580        KSecDD - ok
19:37:44.0366 3580        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:37:44.0428 3580        KtmRm - ok
19:37:44.0475 3580        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:37:44.0522 3580        LanmanServer - ok
19:37:44.0615 3580        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:37:44.0647 3580        LanmanWorkstation - ok
19:37:44.0912 3580        Lavasoft Ad-Aware Service (55afd4a9d5ed4ad40d5215ccdf4d65f3) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
19:37:45.0005 3580        Lavasoft Ad-Aware Service - ok
19:37:45.0099 3580        Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:37:45.0115 3580        Lavasoft Kernexplorer - ok
19:37:45.0302 3580        Lbd            (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
19:37:45.0333 3580        Lbd - ok
19:37:45.0395 3580        LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:37:45.0411 3580        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0411 3580        LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:37:45.0427 3580        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:37:45.0489 3580        lltdio - ok
19:37:45.0520 3580        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:37:45.0583 3580        lltdsvc - ok
19:37:45.0598 3580        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:37:45.0676 3580        lmhosts - ok
19:37:45.0707 3580        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:37:45.0723 3580        LSI_FC - ok
19:37:45.0754 3580        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:37:45.0770 3580        LSI_SAS - ok
19:37:45.0801 3580        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:37:45.0817 3580        LSI_SCSI - ok
19:37:45.0863 3580        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:37:45.0910 3580        luafv - ok
19:37:45.0941 3580        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:37:45.0973 3580        Mcx2Svc - ok
19:37:45.0988 3580        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:37:46.0004 3580        megasas - ok
19:37:46.0019 3580        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:37:46.0051 3580        MMCSS - ok
19:37:46.0082 3580        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:37:46.0113 3580        Modem - ok
19:37:46.0144 3580        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:37:46.0175 3580        monitor - ok
19:37:46.0222 3580        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:37:46.0238 3580        mouclass - ok
19:37:46.0253 3580        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:37:46.0285 3580        mouhid - ok
19:37:46.0316 3580        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:37:46.0316 3580        MountMgr - ok
19:37:46.0347 3580        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:37:46.0363 3580        mpio - ok
19:37:46.0394 3580        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:37:46.0425 3580        mpsdrv - ok
19:37:46.0503 3580        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:37:46.0534 3580        MpsSvc - ok
19:37:46.0550 3580        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:37:46.0565 3580        Mraid35x - ok
19:37:46.0597 3580        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:37:46.0628 3580        MRxDAV - ok
19:37:46.0643 3580        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:46.0690 3580        mrxsmb - ok
19:37:46.0721 3580        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:46.0768 3580        mrxsmb10 - ok
19:37:46.0768 3580        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:46.0815 3580        mrxsmb20 - ok
19:37:46.0846 3580        msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
19:37:46.0862 3580        msahci - ok
19:37:46.0893 3580        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:37:46.0924 3580        msdsm - ok
19:37:46.0955 3580        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:37:47.0033 3580        MSDTC - ok
19:37:47.0065 3580        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:37:47.0111 3580        Msfs - ok
19:37:47.0127 3580        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:37:47.0143 3580        msisadrv - ok
19:37:47.0189 3580        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:37:47.0236 3580        MSiSCSI - ok
19:37:47.0236 3580        msiserver - ok
19:37:47.0267 3580        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:37:47.0299 3580        MSKSSRV - ok
19:37:47.0314 3580        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:47.0361 3580        MSPCLOCK - ok
19:37:47.0377 3580        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:37:47.0408 3580        MSPQM - ok
19:37:47.0439 3580        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:37:47.0470 3580        MsRPC - ok
19:37:47.0501 3580        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:37:47.0517 3580        mssmbios - ok
19:37:47.0533 3580        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:37:47.0564 3580        MSTEE - ok
19:37:47.0595 3580        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:37:47.0611 3580        Mup - ok
19:37:47.0642 3580        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:37:47.0689 3580        napagent - ok
19:37:47.0720 3580        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:37:47.0767 3580        NativeWifiP - ok
19:37:47.0891 3580        NBService      (9576cc8e84f7ceda9189cdda1cfd4bc1) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:37:47.0954 3580        NBService ( UnsignedFile.Multi.Generic ) - warning
19:37:47.0954 3580        NBService - detected UnsignedFile.Multi.Generic (1)
19:37:48.0016 3580        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:37:48.0094 3580        NDIS - ok
19:37:48.0188 3580        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:48.0219 3580        NdisTapi - ok
19:37:48.0250 3580        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:48.0297 3580        Ndisuio - ok
19:37:48.0344 3580        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:48.0375 3580        NdisWan - ok
19:37:48.0437 3580        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:37:48.0469 3580        NDProxy - ok
19:37:48.0484 3580        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:37:48.0531 3580        NetBIOS - ok
19:37:48.0562 3580        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:37:48.0609 3580        netbt - ok
19:37:48.0640 3580        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:37:48.0656 3580        Netlogon - ok
19:37:48.0687 3580        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:37:48.0734 3580        Netman - ok
19:37:48.0796 3580        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:37:48.0827 3580        netprofm - ok
19:37:48.0921 3580        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:48.0952 3580        NetTcpPortSharing - ok
19:37:48.0983 3580        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:37:48.0999 3580        nfrd960 - ok
19:37:49.0030 3580        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:37:49.0077 3580        NlaSvc - ok
19:37:49.0186 3580        NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:37:49.0217 3580        NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0217 3580        NMIndexingService - detected UnsignedFile.Multi.Generic (1)
19:37:49.0233 3580        nmwcd          (48fb907b069524f2dc7ba62a0762850c) C:\Windows\system32\drivers\ccdcmb.sys
19:37:49.0295 3580        nmwcd - ok
19:37:49.0311 3580        nmwcdc          (2914ceb789964141ac6e22c6bc980c42) C:\Windows\system32\drivers\ccdcmbo.sys
19:37:49.0358 3580        nmwcdc - ok
19:37:49.0405 3580        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:37:49.0420 3580        Npfs - ok
19:37:49.0451 3580        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:37:49.0498 3580        nsi - ok
19:37:49.0529 3580        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:37:49.0576 3580        nsiproxy - ok
19:37:49.0670 3580        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:37:49.0763 3580        Ntfs - ok
19:37:49.0795 3580        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:37:49.0857 3580        ntrigdigi - ok
19:37:49.0873 3580        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:37:49.0904 3580        Null - ok
19:37:50.0824 3580        nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:37:52.0571 3580        nvlddmkm - ok
19:37:52.0759 3580        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:37:52.0774 3580        nvraid - ok
19:37:52.0837 3580        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:37:52.0852 3580        nvstor - ok
19:37:52.0883 3580        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:37:52.0915 3580        nv_agp - ok
19:37:52.0930 3580        NwlnkFlt - ok
19:37:52.0930 3580        NwlnkFwd - ok
19:37:53.0039 3580        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:37:53.0071 3580        odserv - ok
19:37:53.0102 3580        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
19:37:53.0164 3580        ohci1394 - ok
19:37:53.0211 3580        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:37:53.0227 3580        ose - ok
19:37:53.0305 3580        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:37:53.0383 3580        p2pimsvc - ok
19:37:53.0398 3580        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:37:53.0492 3580        p2psvc - ok
19:37:53.0539 3580        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:37:53.0601 3580        Parport - ok
19:37:53.0617 3580        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:37:53.0648 3580        partmgr - ok
19:37:53.0663 3580        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:37:53.0710 3580        Parvdm - ok
19:37:53.0773 3580        PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
19:37:53.0804 3580        PassThru Service ( UnsignedFile.Multi.Generic ) - warning
19:37:53.0804 3580        PassThru Service - detected UnsignedFile.Multi.Generic (1)
19:37:53.0835 3580        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:37:53.0897 3580        PcaSvc - ok
19:37:53.0929 3580        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:37:53.0960 3580        pccsmcfd - ok
19:37:53.0991 3580        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:37:54.0022 3580        pci - ok
19:37:54.0053 3580        pciide          (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
19:37:54.0069 3580        pciide - ok
19:37:54.0100 3580        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:37:54.0131 3580        pcmcia - ok
19:37:54.0225 3580        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:37:54.0365 3580        PEAUTH - ok
19:37:54.0490 3580        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:37:54.0631 3580        pla - ok
19:37:54.0771 3580        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:37:54.0833 3580        PlugPlay - ok
19:37:54.0896 3580        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:37:54.0927 3580        PNRPAutoReg - ok
19:37:54.0943 3580        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:37:54.0989 3580        PNRPsvc - ok
19:37:55.0021 3580        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:37:55.0067 3580        PolicyAgent - ok
19:37:55.0114 3580        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:37:55.0161 3580        PptpMiniport - ok
19:37:55.0177 3580        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:37:55.0239 3580        Processor - ok
19:37:55.0286 3580        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:37:55.0333 3580        ProfSvc - ok
19:37:55.0348 3580        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:37:55.0364 3580        ProtectedStorage - ok
19:37:55.0395 3580        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:37:55.0426 3580        PSched - ok
19:37:55.0442 3580        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\DRIVERS\PxHelp20.sys
19:37:55.0457 3580        PxHelp20 - ok
19:37:55.0520 3580        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:37:55.0582 3580        ql2300 - ok
19:37:55.0613 3580        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:37:55.0660 3580        ql40xx - ok
19:37:55.0691 3580        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:37:55.0723 3580        QWAVE - ok
19:37:55.0754 3580        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:37:55.0769 3580        QWAVEdrv - ok
19:37:55.0925 3580        R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
19:37:56.0128 3580        R300 - ok
19:37:56.0269 3580        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:37:56.0331 3580        RasAcd - ok
19:37:56.0378 3580        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:37:56.0440 3580        RasAuto - ok
19:37:56.0471 3580        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:56.0534 3580        Rasl2tp - ok
19:37:56.0581 3580        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:37:56.0627 3580        RasMan - ok
19:37:56.0674 3580        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:56.0705 3580        RasPppoe - ok
19:37:56.0737 3580        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:37:56.0768 3580        RasSstp - ok
19:37:56.0815 3580        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:37:56.0846 3580        rdbss - ok
19:37:56.0877 3580        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:56.0924 3580        RDPCDD - ok
19:37:56.0971 3580        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:37:57.0049 3580        rdpdr - ok
19:37:57.0064 3580        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:37:57.0095 3580        RDPENCDD - ok
19:37:57.0127 3580        RDPWD          (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:37:57.0173 3580        RDPWD - ok
19:37:57.0205 3580        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:37:57.0236 3580        RemoteAccess - ok
19:37:57.0267 3580        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:37:57.0314 3580        RemoteRegistry - ok
19:37:57.0407 3580        RichVideo      (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:37:57.0439 3580        RichVideo - ok
19:37:57.0470 3580        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:37:57.0501 3580        RpcLocator - ok
19:37:57.0563 3580        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:37:57.0610 3580        RpcSs - ok
19:37:57.0673 3580        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:37:57.0735 3580        rspndr - ok
19:37:57.0766 3580        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:37:57.0797 3580        SamSs - ok
19:37:57.0844 3580        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:37:57.0860 3580        sbp2port - ok
19:37:57.0907 3580        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:37:57.0938 3580        SCardSvr - ok
19:37:58.0000 3580        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:37:58.0094 3580        Schedule - ok
19:37:58.0125 3580        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:37:58.0141 3580        SCPolicySvc - ok
19:37:58.0172 3580        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:37:58.0203 3580        SDRSVC - ok
19:37:58.0234 3580        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:37:58.0281 3580        secdrv - ok
19:37:58.0297 3580        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:37:58.0343 3580        seclogon - ok
19:37:58.0359 3580        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:37:58.0406 3580        SENS - ok
19:37:58.0437 3580        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:37:58.0484 3580        Serenum - ok
19:37:58.0499 3580        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:37:58.0562 3580        Serial - ok
19:37:58.0593 3580        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:37:58.0640 3580        sermouse - ok
19:37:58.0749 3580        ServiceLayer    (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:37:58.0827 3580        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:37:58.0827 3580        ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:37:58.0921 3580        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:37:58.0967 3580        SessionEnv - ok
19:37:58.0999 3580        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:37:59.0061 3580        sffdisk - ok
19:37:59.0061 3580        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:37:59.0123 3580        sffp_mmc - ok
19:37:59.0139 3580        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:37:59.0186 3580        sffp_sd - ok
19:37:59.0201 3580        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:37:59.0264 3580        sfloppy - ok
19:37:59.0311 3580        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:37:59.0357 3580        SharedAccess - ok
19:37:59.0435 3580        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:37:59.0513 3580        ShellHWDetection - ok
19:37:59.0529 3580        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:37:59.0545 3580        SiSRaid2 - ok
19:37:59.0576 3580        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:37:59.0591 3580        SiSRaid4 - ok
19:37:59.0841 3580        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:38:00.0044 3580        slsvc - ok
19:38:00.0231 3580        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:38:00.0309 3580        SLUINotify - ok
19:38:00.0356 3580        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:38:00.0387 3580        Smb - ok
19:38:00.0418 3580        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:38:00.0449 3580        SNMPTRAP - ok
19:38:00.0481 3580        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:38:00.0496 3580        spldr - ok
19:38:00.0543 3580        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:38:00.0574 3580        Spooler - ok
19:38:00.0621 3580        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:38:00.0668 3580        srv - ok
19:38:00.0683 3580        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:38:00.0746 3580        srv2 - ok
19:38:00.0761 3580        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:38:00.0793 3580        srvnet - ok
19:38:00.0824 3580        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:38:00.0871 3580        SSDPSRV - ok
19:38:00.0902 3580        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:38:00.0902 3580        ssmdrv - ok
19:38:00.0917 3580        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:38:00.0949 3580        SstpSvc - ok
19:38:01.0011 3580        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:38:01.0058 3580        stisvc - ok
19:38:01.0089 3580        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:38:01.0105 3580        swenum - ok
19:38:01.0167 3580        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:38:01.0214 3580        swprv - ok
19:38:01.0245 3580        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:38:01.0245 3580        Symc8xx - ok
19:38:01.0261 3580        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:38:01.0276 3580        Sym_hi - ok
19:38:01.0307 3580        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:38:01.0307 3580        Sym_u3 - ok
19:38:01.0385 3580        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:38:01.0432 3580        SysMain - ok
19:38:01.0463 3580        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:38:01.0495 3580        TabletInputService - ok
19:38:01.0526 3580        taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
19:38:01.0541 3580        taphss - ok
19:38:01.0573 3580        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:38:01.0635 3580        TapiSrv - ok
19:38:01.0666 3580        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:38:01.0697 3580        TBS - ok
19:38:01.0775 3580        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:38:01.0822 3580        Tcpip - ok
19:38:01.0838 3580        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:38:01.0885 3580        Tcpip6 - ok
19:38:01.0916 3580        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:38:01.0931 3580        tcpipreg - ok
19:38:01.0947 3580        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:38:01.0978 3580        TDPIPE - ok
19:38:02.0009 3580        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:38:02.0041 3580        TDTCP - ok
19:38:02.0072 3580        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:38:02.0119 3580        tdx - ok
19:38:02.0150 3580        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:38:02.0181 3580        TermDD - ok
19:38:02.0243 3580        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:38:02.0321 3580        TermService - ok
19:38:02.0353 3580        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:38:02.0384 3580        Themes - ok
19:38:02.0415 3580        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:38:02.0446 3580        THREADORDER - ok
19:38:02.0477 3580        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:38:02.0524 3580        TrkWks - ok
19:38:02.0571 3580        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:38:02.0587 3580        TrustedInstaller - ok
19:38:02.0618 3580        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:38:02.0665 3580        tssecsrv - ok
19:38:02.0680 3580        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:38:02.0696 3580        tunmp - ok
19:38:02.0711 3580        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:38:02.0743 3580        tunnel - ok
19:38:02.0774 3580        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
19:38:02.0789 3580        uagp35 - ok
19:38:02.0852 3580        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:38:02.0899 3580        udfs - ok
19:38:02.0930 3580        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:38:02.0977 3580        UI0Detect - ok
19:38:03.0008 3580        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:38:03.0023 3580        uliagpkx - ok
19:38:03.0055 3580        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:38:03.0086 3580        uliahci - ok
19:38:03.0117 3580        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:38:03.0148 3580        UlSata - ok
19:38:03.0164 3580        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:38:03.0195 3580        ulsata2 - ok
19:38:03.0226 3580        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:38:03.0257 3580        umbus - ok
19:38:03.0289 3580        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:38:03.0335 3580        upnphost - ok
19:38:03.0367 3580        upperdev        (e526a166e6acafd0a9b3841d3941669e) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:38:03.0413 3580        upperdev - ok
19:38:03.0445 3580        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:38:03.0491 3580        usbccgp - ok
19:38:03.0523 3580        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:38:03.0616 3580        usbcir - ok
19:38:03.0647 3580        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:38:03.0679 3580        usbehci - ok
19:38:03.0725 3580        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:38:03.0757 3580        usbhub - ok
19:38:03.0788 3580        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:38:03.0866 3580        usbohci - ok
19:38:03.0897 3580        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:38:03.0959 3580        usbprint - ok
19:38:03.0991 3580        usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
19:38:04.0037 3580        usbser - ok
19:38:04.0069 3580        UsbserFilt      (6f3e3c6811b930d2414552a2e4a40f36) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:38:04.0131 3580        UsbserFilt - ok
19:38:04.0162 3580        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:04.0193 3580        USBSTOR - ok
19:38:04.0225 3580        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:38:04.0271 3580        usbuhci - ok
19:38:04.0318 3580        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:38:04.0365 3580        UxSms - ok
19:38:04.0427 3580        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:38:04.0474 3580        vds - ok
19:38:04.0537 3580        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:04.0568 3580        vga - ok
19:38:04.0599 3580        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:38:04.0630 3580        VgaSave - ok
19:38:04.0661 3580        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:38:04.0693 3580        viaagp - ok
19:38:04.0708 3580        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:38:04.0786 3580        ViaC7 - ok
19:38:04.0817 3580        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\DRIVERS\viaide.sys
19:38:04.0833 3580        viaide - ok
19:38:04.0849 3580        videX32        (c147afa614b9925479d47cd173329789) C:\Windows\system32\DRIVERS\videX32.sys
19:38:04.0880 3580        videX32 - ok
19:38:04.0911 3580        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:38:04.0942 3580        volmgr - ok
19:38:04.0973 3580        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:38:05.0005 3580        volmgrx - ok
19:38:05.0036 3580        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:38:05.0067 3580        volsnap - ok
19:38:05.0083 3580        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:38:05.0114 3580        vsmraid - ok
19:38:05.0207 3580        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:38:05.0254 3580        VSS - ok
19:38:05.0317 3580        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:38:05.0348 3580        W32Time - ok
19:38:05.0395 3580        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:38:05.0457 3580        WacomPen - ok
19:38:05.0473 3580        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:05.0519 3580        Wanarp - ok
19:38:05.0519 3580        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:05.0551 3580        Wanarpv6 - ok
19:38:05.0597 3580        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:38:05.0644 3580        wcncsvc - ok
19:38:05.0691 3580        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:38:05.0722 3580        WcsPlugInService - ok
19:38:05.0753 3580        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:38:05.0769 3580        Wd - ok
19:38:05.0816 3580        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:38:05.0878 3580        Wdf01000 - ok
19:38:05.0925 3580        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:38:05.0987 3580        WdiServiceHost - ok
19:38:05.0987 3580        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:38:06.0034 3580        WdiSystemHost - ok
19:38:06.0097 3580        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:38:06.0128 3580        WebClient - ok
19:38:06.0175 3580        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:38:06.0221 3580        Wecsvc - ok
19:38:06.0253 3580        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:38:06.0299 3580        wercplsupport - ok
19:38:06.0346 3580        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:38:06.0377 3580        WerSvc - ok
19:38:06.0455 3580        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:38:06.0487 3580        WinDefend - ok
19:38:06.0487 3580        WinHttpAutoProxySvc - ok
19:38:06.0533 3580        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:38:06.0580 3580        Winmgmt - ok
19:38:06.0674 3580        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:38:06.0767 3580        WinRM - ok
19:38:06.0892 3580        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:38:06.0955 3580        Wlansvc - ok
19:38:07.0017 3580        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:38:07.0064 3580        WmiAcpi - ok
19:38:07.0111 3580        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:38:07.0142 3580        wmiApSrv - ok
19:38:07.0282 3580        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:38:07.0345 3580        WMPNetworkSvc - ok
19:38:07.0376 3580        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:38:07.0407 3580        WPCSvc - ok
19:38:07.0438 3580        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:38:07.0469 3580        WPDBusEnum - ok
19:38:07.0516 3580        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:38:07.0547 3580        WpdUsb - ok
19:38:07.0657 3580        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:38:07.0703 3580        WPFFontCache_v0400 - ok
19:38:07.0735 3580        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:38:07.0766 3580        ws2ifsl - ok
19:38:07.0813 3580        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:38:07.0844 3580        wscsvc - ok
19:38:07.0844 3580        WSearch - ok
19:38:08.0015 3580        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:38:08.0078 3580        wuauserv - ok
19:38:08.0265 3580        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:38:08.0281 3580        WUDFRd - ok
19:38:08.0312 3580        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:38:08.0359 3580        wudfsvc - ok
19:38:08.0390 3580        X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
19:38:08.0405 3580        X10Hid - ok
19:38:08.0452 3580        x10nets        (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
19:38:08.0468 3580        x10nets ( UnsignedFile.Multi.Generic ) - warning
19:38:08.0468 3580        x10nets - detected UnsignedFile.Multi.Generic (1)
19:38:08.0499 3580        xfilt          (c7f0d7aa3a3c2df333afdd593106f39f) C:\Windows\system32\DRIVERS\xfilt.sys
19:38:08.0515 3580        xfilt - ok
19:38:08.0546 3580        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:38:08.0795 3580        \Device\Harddisk0\DR0 - ok
19:38:08.0827 3580        MBR (0x1B8)    (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
19:38:09.0154 3580        \Device\Harddisk1\DR1 - ok
19:38:09.0185 3580        Boot (0x1200)  (a6c447b485102dcb13f0402e1589268c) \Device\Harddisk0\DR0\Partition0
19:38:09.0185 3580        \Device\Harddisk0\DR0\Partition0 - ok
19:38:09.0201 3580        Boot (0x1200)  (c5d0a42d20060be8802848b2f361ae6a) \Device\Harddisk0\DR0\Partition1
19:38:09.0201 3580        \Device\Harddisk0\DR0\Partition1 - ok
19:38:09.0232 3580        Boot (0x1200)  (8a5d37717f69bdc584e785f32f40b2b4) \Device\Harddisk1\DR1\Partition0
19:38:09.0232 3580        \Device\Harddisk1\DR1\Partition0 - ok
19:38:09.0263 3580        Boot (0x1200)  (69490adb609454493ee109e8e0aa0e16) \Device\Harddisk1\DR1\Partition1
19:38:09.0263 3580        \Device\Harddisk1\DR1\Partition1 - ok
19:38:09.0263 3580        ============================================================
19:38:09.0263 3580        Scan finished
19:38:09.0263 3580        ============================================================
19:38:09.0279 2016        Detected object count: 7
19:38:09.0279 2016        Actual detected object count: 7
19:38:28.0919 2016        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0919 2016        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:28.0919 2016        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0919 2016        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:28.0919 2016        NBService ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0919 2016        NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:28.0935 2016        NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0935 2016        NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:28.0935 2016        PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0935 2016        PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:28.0935 2016        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0935 2016        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:28.0935 2016        x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:28.0935 2016        x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:22 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19