Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google verlinkt auf englische Werbeseiten (Firefox, Opera) (https://www.trojaner-board.de/117087-google-verlinkt-englische-werbeseiten-firefox-opera.html)

El_Kimmo 11.06.2012 20:56
Google verlinkt auf englische Werbeseiten (Firefox, Opera)
 
Hallo seit 1-2 Wochen werde ich immer auf englische Seiten verlinkt, es sind immer irgendwelche Werbeseiten. Wer kann mir helfen ?

cosinus 13.06.2012 15:20
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

El_Kimmo 14.06.2012 11:04
So also hier schonmal Malwarebytes

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.11.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: PC [Administrator]

14.06.2012 00:14:10
mbam-log-2012-06-14 (00-14-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 424146
Laufzeit: 3 Stunde(n), 2 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
also nachdem ESET ziemlich lange bei 99 % stehen geblieben ist hab ichs beendet. Hier die Log Datei

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=da33923d165039479aaac809878257d9
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-14 12:01:00
# local_time=2012-06-14 02:01:00 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 111954277 111954277 0 0
# compatibility_mode=768 16777215 100 0 111881303 111881303 0 0
# compatibility_mode=1792 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 146 146 0 0
# scanned=120003
# found=10
# cleaned=0
# scan_time=6747
C:\Dokumente und Einstellungen\All Users\Dokumente\Server\hlp.dat        Win32/Bamital.EK trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\Detlef\Eigene Dateien\Downloads\registrybooster.exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\Detlef\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KPEDWN8V\index-functions[1].js        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\jar_cache4901620794375253278.tmp        Java/Exploit.CVE-2012-0507.D trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\SweetIMReinstall\SweetImSetup.exe        a variant of Win32/SweetIM.B application (unable to clean)        00000000000000000000000000000000        I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eswdpqxo.ini.vir        Win32/Adware.Virtumonde.NEO application (unable to clean)        00000000000000000000000000000000        I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xbJSYJlm.ini.vir        Win32/Adware.Virtumonde.NEO application (unable to clean)        00000000000000000000000000000000        I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xbJSYJlm.ini2.vir        Win32/Adware.Virtumonde.NEO application (unable to clean)        00000000000000000000000000000000        I
D:\Exe dateien\free-wma-mp3-converter.exe        probably a variant of Win32/PSW.Agent.BUPXGWL trojan (unable to clean)        00000000000000000000000000000000        I
D:\Musik\NichtVerwendeteDateien\MsgPlusLive-423.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

cosinus 14.06.2012 13:23
Zitat:
C:\Dokumente und Einstellungen\Detlef\Eigene Dateien\Downloads\registrybooster.exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.


Zitat:
Datenbank Version: v2012.06.11.08
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

El_Kimmo 14.06.2012 23:10
So hier nochmal nach der aktualisierung

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: PC [Administrator]

14.06.2012 21:03:11
mbam-log-2012-06-14 (21-03-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 422819
Laufzeit: 3 Stunde(n), 4 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 15.06.2012 14:51
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

El_Kimmo 15.06.2012 20:28
also:
der normale Modus geht, der ging vorher aber auch. Die Suchergebnisse werden aber immernoch falsch angezeigt/weitergeleitet. Außerdem ist im Browser rechts unten ein Pop Up Fenster. Und auf dem Desktop sind einige Icon`s nicht richtig angezeigt.

Sollte ich die Suchergebnisse von ESET löschen ? Habe dies nicht getan.

Und ich habe noch einige Einträge in der Quarantäne von Malwarebytes gesehen.

cosinus 15.06.2012 20:41
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

El_Kimmo 15.06.2012 21:06
was mir grade noch einfällt, vor einem Monat ca. hat mein E-Mail Account Spammails versendet, hatte sich aber auch nach 1-2 Tagen gelegt.

Hier der die Lod Datei

OTL Logfile:
Code:
OTL logfile created on: 15.06.2012 21:55:34 - Run 3
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,01% Memory free
4,85 Gb Paging File | 4,33 Gb Available in Paging File | 89,12% Paging File free
Paging file location(s): D:\pagefile.sys 3072 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,13 Gb Total Space | 1,65 Gb Free Space | 2,11% Space Free | Partition Type: NTFS
Drive D: | 154,75 Gb Total Space | 15,63 Gb Free Space | 10,10% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\User\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Spiele\steam\steam.exe (Valve Corporation)
PRC - D:\Exe dateien\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Exe dateien\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Exe dateien\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Exe dateien\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Telefonauskunft und Rückwärtssuche\Telefonauskunft + Rückwärtssuche auf CD-ROM\KSTART32.EXE (klickTel AG)
PRC - C:\WINDOWS\vsnpstd.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Spiele\steam\bin\libcef.dll ()
MOD - D:\Spiele\steam\bin\avcodec-53.dll ()
MOD - D:\Spiele\steam\bin\chromehtml.dll ()
MOD - D:\Spiele\steam\bin\avformat-53.dll ()
MOD - D:\Spiele\steam\bin\avutil-51.dll ()
MOD - D:\Exe dateien\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
MOD - C:\Programme\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Programme\Unlocker\UnlockerCOM.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\vsnpstd.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- D:\Exe dateien\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Exe dateien\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Detlef\LOKALE~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Motousbnet) -- C:\WINDOWS\system32\drivers\Motousbnet.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\WINDOWS\system32\drivers\motfilt.sys (Motorola Inc)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (VtcDrv) -- C:\WINDOWS\system32\drivers\vtcdrv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (snpstd) -- C:\WINDOWS\system32\drivers\snpstd.sys ()
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB8&ctid=CT2736476&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.05 19:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.12 23:59:52 | 000,000,000 | ---D | M]
 
[2008.11.29 20:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2012.05.09 18:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\extensions
[2011.08.18 11:50:25 | 000,000,000 | ---D | M] (Personas) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\extensions\personas@christopher.beard
[2012.05.09 18:00:03 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\conduit.xml
[2012.06.11 20:58:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-1.xml
[2009.08.07 11:42:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-2.xml
[2010.06.24 13:04:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-3.xml
[2010.07.05 18:36:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-4.xml
[2010.07.25 18:12:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-5.xml
[2010.05.12 18:40:48 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin.xml
[2012.06.05 19:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.29 18:44:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.06.05 19:42:39 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.29 18:44:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.17 16:49:28 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.01.02 19:03:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.02 19:03:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.02 19:03:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 19:03:31 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 19:03:31 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 19:03:31 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.12 14:42:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] D:\Exe dateien\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-220523388-1383384898-725345543-1004..\Run: [Steam] D:\Spiele\steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-220523388-1383384898-725345543-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\Telefonauskunft und Rückwärtssuche auf CD-ROM - Schnellstarter.lnk = C:\Programme\Telefonauskunft und Rückwärtssuche\Telefonauskunft + Rückwärtssuche auf CD-ROM\KSTART32.EXE (klickTel AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177158109359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE5CBC49-51DB-4824-868C-3520A69F7C1B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.21 12:49:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ -  %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "wscsvc"
MsConfig - Services: "CiSvc"
MsConfig - Services: "ImapiService"
MsConfig - Services: "NVSvc"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk -  - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk -  - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NkbMonitor.exe.lnk - C:\Programme\Nikon\PictureProject\NkbMonitor.exe - (Nikon Corporation)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Winexit.lnk - C:\Programme\Winexit\Winexit.exe - (mysoft hxxp://www.mysoft.de)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^User^Startmenü^Programme^Autostart^OpenOffice.org 2.1.lnk - C:\Programme\OpenOffice.org 2.1\program\quickstart.exe - ()
MsConfig - StartUpReg: AdobeUpdater - hkey= - key= -  File not found
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: nwiz - hkey= - key= -  File not found
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: PowerBar - hkey= - key= - C:\Programme\CyberLink\PowerStarter\PowerBar.exe (Cyberlink, Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Programme\Unlocker\UnlockerAssistant.exe ()
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - StartUpReg: {1290A33C-85F5-4164-A1BE-7DD299D4986A} - hkey= - key= - C:\Programme\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03A0C05D-8066-738D-D09E-F6845197E729} - Vektorgrafik-Rendering (VML)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {B3682745-2B88-45BB-44DB-5213F390E066} - Microsoft Windows Media Player
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
 
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.15 21:54:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2012.06.14 12:06:08 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.14 12:05:29 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\User\Desktop\esetsmartinstaller_enu.exe
[2012.06.11 21:41:03 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.15 21:54:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2012.06.15 21:32:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 21:32:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.15 21:16:36 | 000,248,739 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.06.15 21:16:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.15 21:16:07 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1383384898-725345543-1004.job
[2012.06.15 21:16:03 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1383384898-725345543-1006.job
[2012.06.15 21:15:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.15 00:50:03 | 000,196,406 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\DSCN4250.JPG
[2012.06.14 12:05:31 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\User\Desktop\esetsmartinstaller_enu.exe
[2012.06.14 11:30:34 | 000,759,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.14 03:28:16 | 000,459,254 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.14 03:28:16 | 000,441,444 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.14 03:28:16 | 000,085,112 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.14 03:28:16 | 000,071,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.14 03:26:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.12 01:39:32 | 000,216,576 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.12 00:06:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1383384898-725345543-1006.job
[2012.06.11 02:03:37 | 000,154,136 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\thumbs_EMOK-Picdump-244_045.jpg
[2012.06.08 16:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1383384898-725345543-1004.job
[2012.06.01 15:13:24 | 000,000,704 | ---- | M] () -- D:\Eigene Dateien\PDVD_MediaDisc.PlayList
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.15 00:50:03 | 000,196,406 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\DSCN4250.JPG
[2012.06.14 03:19:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.06.11 02:03:36 | 000,154,136 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\thumbs_EMOK-Picdump-244_045.jpg
[2012.02.16 18:28:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.21 00:15:59 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011.09.13 23:04:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.12.06 17:08:49 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.12.06 17:08:48 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.12.02 12:13:50 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.10.21 13:51:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.21 13:51:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.09.26 17:47:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
 
========== LOP Check ==========
 
[2008.11.30 20:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Spyware Terminator
[2007.04.26 13:55:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.10.10 17:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2007.04.30 11:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2011.03.19 20:17:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2007.11.02 17:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2010.03.08 23:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\motorola
[2007.05.02 20:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2007.04.30 11:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2007.04.26 14:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2012.05.09 18:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2008.11.26 17:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.11.07 22:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007.04.30 11:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2009.11.01 16:41:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.10.12 16:49:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\ICQ
[2008.10.31 17:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.10.21 14:27:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\Opera
[2007.07.27 18:54:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\PC Suite
[2010.10.20 22:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\Uniblue
[2009.11.01 17:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2010.10.17 19:26:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\.purple
[2009.11.24 22:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\.Tribler
[2007.09.17 16:15:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Artweaver
[2007.07.12 04:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BonkEnc
[2009.10.14 14:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Canon
[2007.07.27 18:16:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Datalayer
[2010.10.17 17:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\enchant
[2010.10.17 16:49:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Foxit
[2007.10.01 14:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Glory of the Roman Empire
[2012.04.16 18:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\gtk-2.0
[2010.06.16 18:31:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\iatsky
[2012.05.30 00:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ICQ
[2007.04.25 21:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ICQLite
[2008.05.30 16:01:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\klickTel
[2007.09.18 20:05:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LimeWire
[2007.05.21 16:56:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Lingo4u
[2010.10.14 22:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LolClient
[2010.10.17 17:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Miranda
[2010.03.08 23:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\motorola
[2011.12.06 03:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mount&Blade
[2010.04.12 21:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mp3tag
[2007.05.10 17:35:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\MusicIP
[2007.09.13 00:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\NCH Swift Sound
[2007.05.05 22:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nikon
[2007.07.27 18:16:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia
[2007.10.17 22:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia Multimedia Player
[2010.10.17 17:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Opera
[2007.07.27 18:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\PC Suite
[2010.11.10 00:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\QIP
[2010.10.10 17:30:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Samsung
[2012.05.09 18:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sony
[2009.11.01 16:42:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software
[2011.10.18 02:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\wargaming.net
[2007.10.21 20:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Winff
[2007.07.12 01:36:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.17 19:26:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\.purple
[2009.11.24 22:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\.Tribler
[2010.07.05 14:33:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe
[2009.11.24 22:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Ahead
[2009.11.24 22:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Apple Computer
[2010.11.24 22:02:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ArcSoft
[2007.09.17 16:15:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Artweaver
[2011.12.13 22:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Avira
[2010.01.11 00:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\AVS4YOU
[2007.07.12 04:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BonkEnc
[2009.10.14 14:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Canon
[2007.04.21 14:04:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\CyberLink
[2007.07.27 18:16:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Datalayer
[2010.11.26 01:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DivX
[2012.03.16 15:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\dvdcss
[2010.10.17 17:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\enchant
[2010.10.17 16:49:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Foxit
[2007.10.01 14:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Glory of the Roman Empire
[2007.04.21 14:05:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Google
[2012.04.16 18:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\gtk-2.0
[2007.07.12 02:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Help
[2010.06.16 18:31:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\iatsky
[2012.05.30 00:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ICQ
[2007.04.25 21:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ICQLite
[2007.04.21 12:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Identities
[2008.02.10 21:05:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\InstallShield
[2008.05.30 16:01:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\klickTel
[2007.09.18 20:05:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LimeWire
[2007.05.21 16:56:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Lingo4u
[2010.10.14 22:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LolClient
[2007.04.21 14:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Macromedia
[2008.09.02 20:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2010.07.05 20:45:37 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft
[2010.10.17 17:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Miranda
[2010.03.08 23:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\motorola
[2011.12.06 03:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mount&Blade
[2010.06.21 20:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks
[2012.04.04 13:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla
[2010.04.12 21:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mp3tag
[2007.05.10 17:35:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\MusicIP
[2007.09.13 00:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\NCH Swift Sound
[2007.05.05 22:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nikon
[2007.07.27 18:16:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia
[2007.10.17 22:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia Multimedia Player
[2012.06.13 13:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\OpenOffice.org2
[2010.10.17 17:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Opera
[2007.07.27 18:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\PC Suite
[2010.11.10 00:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\QIP
[2010.03.09 21:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Real
[2010.10.10 17:30:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Samsung
[2010.05.31 18:15:02 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\SecuROM
[2012.02.03 19:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Skype
[2012.02.03 18:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\skypePM
[2012.05.09 18:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sony
[2007.05.14 00:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun
[2008.11.27 16:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sunbelt Software
[2009.11.01 16:42:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software
[2007.07.21 04:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\vlc
[2011.10.18 02:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\wargaming.net
[2012.04.29 18:47:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Winamp
[2007.10.21 20:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Winff
[2008.06.29 16:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\WinRAR
[2007.07.12 01:36:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\XnView
[2008.10.29 23:09:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Yahoo!
 
< %APPDATA%\*.exe /s >
[2007.09.10 00:43:53 | 003,378,248 | ---- | M] (Lime Wire LLC) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LimeWire\.NetworkShare\LimeWireWin4.14.8.exe
[2012.05.09 18:00:47 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{861C203D-5163-4BE3-BB5A-2561C61888DB}\NewShortcut1_861C203D51634BE3BB5A2561C61888DB_1.exe
[2012.05.09 18:00:47 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{861C203D-5163-4BE3-BB5A-2561C61888DB}\NewShortcut2_861C203D51634BE3BB5A2561C61888DB_1.exe
[2010.06.16 18:31:21 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{DD133F7D-E484-45B7-BBB9-828FCA45BBDB}\_6FEFF9B68218417F98F549.exe
[2010.06.16 18:31:21 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{DD133F7D-E484-45B7-BBB9-828FCA45BBDB}\_71EB04B578FEBCBEC875C5.exe
[2010.06.16 18:31:21 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{DD133F7D-E484-45B7-BBB9-828FCA45BBDB}\_AEDF77519664FA20889601.exe
[2010.06.21 20:09:52 | 001,811,472 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\MoveMediaPlayerWin_071802000001.exe
[2010.06.21 20:09:55 | 000,144,053 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\uninstall.exe
[2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2011.01.25 18:19:56 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Real\Update\setup3.13\setup.exe
[2012.06.14 21:03:05 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
[2004.07.09 05:08:36 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\dxsetup.exe
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.11.29 18:44:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.11.29 18:44:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.11.29 18:44:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.11.29 18:44:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.04.21 14:38:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007.04.21 14:38:15 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007.04.21 14:38:15 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
--- --- ---

cosinus 15.06.2012 22:47
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFSB8&ctid=CT2736476&SearchSource=2&q="
[2012.05.09 18:00:03 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\conduit.xml
[2012.06.11 20:58:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-1.xml
[2009.08.07 11:42:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-2.xml
[2010.06.24 13:04:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-3.xml
[2010.07.05 18:36:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-4.xml
[2010.07.25 18:12:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-5.xml
[2010.05.12 18:40:48 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin.xml
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk -  - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk -  - File not found
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

El_Kimmo 15.06.2012 23:09
So hier:

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
C:\Programme\Freeware.de\prxtbFree.dll moved successfully.
HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: true removed from CT2736476.browser.search.defaultthis.engineName
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB8&ctid=CT2736476&SearchSource=2&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\conduit.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Programme\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ deleted successfully.
File WebPrint\Toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk\ deleted successfully.
C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Detlef
->Temp folder emptied: 1173292 bytes
->Temporary Internet Files folder emptied: 790537 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41308346 bytes
->Opera cache emptied: 19039784 bytes
->Flash cache emptied: 2897 bytes
 
User: Lea
 
User: LocalService
->Temp folder emptied: 70788 bytes
->Temporary Internet Files folder emptied: 73949 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: User
->Temp folder emptied: 1992480693 bytes
->Temporary Internet Files folder emptied: 679102 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 332812142 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 14230 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2953299 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.281,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Detlef
->Flash cache emptied: 0 bytes
 
User: Lea
 
User: LocalService
 
User: NetworkService
 
User: User
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06162012_000018

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 15.06.2012 23:18
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

El_Kimmo 15.06.2012 23:27
also ich hab nur gescannt und noch nichts gelöscht hab die Funde mit "Skip" behandelt

Code:
00:24:25.0015 1152        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
00:24:25.0093 1152        ============================================================
00:24:25.0093 1152        Current date / time: 2012/06/16 00:24:25.0093
00:24:25.0093 1152        SystemInfo:
00:24:25.0093 1152       
00:24:25.0093 1152        OS Version: 5.1.2600 ServicePack: 3.0
00:24:25.0093 1152        Product type: Workstation
00:24:25.0093 1152        ComputerName: PC
00:24:25.0093 1152        UserName: User
00:24:25.0093 1152        Windows directory: C:\WINDOWS
00:24:25.0093 1152        System windows directory: C:\WINDOWS
00:24:25.0093 1152        Processor architecture: Intel x86
00:24:25.0093 1152        Number of processors: 2
00:24:25.0093 1152        Page size: 0x1000
00:24:25.0093 1152        Boot type: Normal boot
00:24:25.0093 1152        ============================================================
00:24:25.0968 1152        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:24:25.0984 1152        ============================================================
00:24:25.0984 1152        \Device\Harddisk0\DR0:
00:24:25.0984 1152        MBR partitions:
00:24:25.0984 1152        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
00:24:25.0984 1152        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x1357EB6A
00:24:25.0984 1152        ============================================================
00:24:26.0062 1152        C: <-> \Device\Harddisk0\DR0\Partition0
00:24:26.0093 1152        D: <-> \Device\Harddisk0\DR0\Partition1
00:24:26.0093 1152        ============================================================
00:24:26.0093 1152        Initialize success
00:24:26.0093 1152        ============================================================
00:24:34.0281 3348        ============================================================
00:24:34.0281 3348        Scan started
00:24:34.0281 3348        Mode: Manual; SigCheck; TDLFS;
00:24:34.0281 3348        ============================================================
00:24:34.0500 3348        Abiosdsk - ok
00:24:34.0515 3348        abp480n5 - ok
00:24:34.0546 3348        ACPI            (deac07203d92bf9385573fa5d790ff3c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:24:34.0546 3348        Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: deac07203d92bf9385573fa5d790ff3c, Fake md5: ac407f1a62c3a300b4f2b5a9f1d55b2c
00:24:34.0546 3348        ACPI ( Virus.Win32.Rloader.a ) - infected
00:24:34.0546 3348        ACPI - detected Virus.Win32.Rloader.a (0)
00:24:34.0562 3348        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:24:35.0406 3348        ACPIEC - ok
00:24:35.0453 3348        Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
00:24:35.0484 3348        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
00:24:35.0484 3348        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
00:24:35.0484 3348        adpu160m - ok
00:24:35.0515 3348        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:24:35.0609 3348        aec - ok
00:24:35.0640 3348        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:24:35.0687 3348        AFD - ok
00:24:35.0687 3348        Aha154x - ok
00:24:35.0687 3348        aic78u2 - ok
00:24:35.0703 3348        aic78xx - ok
00:24:35.0718 3348        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
00:24:35.0828 3348        Alerter - ok
00:24:35.0843 3348        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
00:24:35.0921 3348        ALG - ok
00:24:35.0937 3348        AliIde - ok
00:24:35.0937 3348        amsint - ok
00:24:36.0125 3348        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) D:\Exe dateien\Avira\AntiVir Desktop\sched.exe
00:24:36.0140 3348        AntiVirSchedulerService - ok
00:24:36.0171 3348        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) D:\Exe dateien\Avira\AntiVir Desktop\avguard.exe
00:24:36.0187 3348        AntiVirService - ok
00:24:36.0281 3348        Apple Mobile Device (f293992f9ceef6ea00ce52c3094e59e9) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
00:24:36.0281 3348        Apple Mobile Device - ok
00:24:36.0296 3348        AppMgmt - ok
00:24:36.0328 3348        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:24:36.0421 3348        Arp1394 - ok
00:24:36.0421 3348        asc - ok
00:24:36.0421 3348        asc3350p - ok
00:24:36.0437 3348        asc3550 - ok
00:24:36.0500 3348        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:24:36.0546 3348        aspnet_state - ok
00:24:36.0562 3348        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:24:36.0640 3348        AsyncMac - ok
00:24:36.0656 3348        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:24:36.0750 3348        atapi - ok
00:24:36.0765 3348        Atdisk - ok
00:24:36.0796 3348        atksgt          (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
00:24:36.0843 3348        atksgt - ok
00:24:36.0875 3348        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:24:36.0953 3348        Atmarpc - ok
00:24:36.0984 3348        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
00:24:37.0078 3348        AudioSrv - ok
00:24:37.0109 3348        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:24:37.0234 3348        audstub - ok
00:24:37.0250 3348        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
00:24:37.0265 3348        avgntflt - ok
00:24:37.0296 3348        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
00:24:37.0312 3348        avipbb - ok
00:24:37.0343 3348        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
00:24:37.0343 3348        avkmgr - ok
00:24:37.0375 3348        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:24:37.0468 3348        Beep - ok
00:24:37.0515 3348        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
00:24:37.0734 3348        BITS - ok
00:24:37.0765 3348        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
00:24:37.0859 3348        Browser - ok
00:24:37.0890 3348        BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
00:24:38.0062 3348        BTCFilterService - ok
00:24:38.0140 3348        catchme - ok
00:24:38.0171 3348        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:24:38.0250 3348        cbidf2k - ok
00:24:38.0281 3348        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:24:38.0375 3348        CCDECODE - ok
00:24:38.0375 3348        cd20xrnt - ok
00:24:38.0406 3348        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:24:38.0500 3348        Cdaudio - ok
00:24:38.0515 3348        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:24:38.0593 3348        Cdfs - ok
00:24:38.0625 3348        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:24:38.0718 3348        Cdrom - ok
00:24:38.0718 3348        Changer - ok
00:24:38.0750 3348        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
00:24:38.0828 3348        CiSvc - ok
00:24:38.0843 3348        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
00:24:38.0921 3348        ClipSrv - ok
00:24:39.0000 3348        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:24:39.0078 3348        clr_optimization_v2.0.50727_32 - ok
00:24:39.0078 3348        CmdIde - ok
00:24:39.0078 3348        COMSysApp - ok
00:24:39.0093 3348        Cpqarray - ok
00:24:39.0125 3348        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
00:24:39.0203 3348        CryptSvc - ok
00:24:39.0218 3348        dac2w2k - ok
00:24:39.0218 3348        dac960nt - ok
00:24:39.0265 3348        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
00:24:39.0328 3348        DcomLaunch - ok
00:24:39.0359 3348        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
00:24:39.0453 3348        Dhcp - ok
00:24:39.0484 3348        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:24:39.0578 3348        Disk - ok
00:24:39.0578 3348        dmadmin - ok
00:24:39.0625 3348        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
00:24:39.0734 3348        dmboot - ok
00:24:39.0765 3348        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
00:24:39.0875 3348        dmio - ok
00:24:39.0906 3348        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:24:39.0984 3348        dmload - ok
00:24:40.0000 3348        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
00:24:40.0093 3348        dmserver - ok
00:24:40.0125 3348        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:24:40.0218 3348        DMusic - ok
00:24:40.0250 3348        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
00:24:40.0343 3348        Dnscache - ok
00:24:40.0375 3348        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
00:24:40.0468 3348        Dot3svc - ok
00:24:40.0468 3348        dpti2o - ok
00:24:40.0484 3348        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:24:40.0562 3348        drmkaud - ok
00:24:40.0578 3348        EagleXNt - ok
00:24:40.0609 3348        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
00:24:40.0687 3348        EapHost - ok
00:24:40.0718 3348        ENTECH          (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
00:24:40.0734 3348        ENTECH ( UnsignedFile.Multi.Generic ) - warning
00:24:40.0734 3348        ENTECH - detected UnsignedFile.Multi.Generic (1)
00:24:40.0750 3348        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
00:24:40.0828 3348        ERSvc - ok
00:24:40.0859 3348        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
00:24:40.0890 3348        Eventlog - ok
00:24:40.0921 3348        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
00:24:40.0968 3348        EventSystem - ok
00:24:41.0015 3348        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:24:41.0109 3348        Fastfat - ok
00:24:41.0140 3348        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
00:24:41.0171 3348        FastUserSwitchingCompatibility - ok
00:24:41.0187 3348        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:24:41.0265 3348        Fdc - ok
00:24:41.0281 3348        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
00:24:41.0375 3348        Fips - ok
00:24:41.0390 3348        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:24:41.0484 3348        Flpydisk - ok
00:24:41.0515 3348        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:24:41.0609 3348        FltMgr - ok
00:24:41.0687 3348        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:24:41.0687 3348        FontCache3.0.0.0 - ok
00:24:41.0718 3348        fssfltr        (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
00:24:41.0734 3348        fssfltr - ok
00:24:41.0859 3348        fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Programme\Windows Live\Family Safety\fsssvc.exe
00:24:41.0890 3348        fsssvc - ok
00:24:41.0937 3348        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:24:42.0031 3348        Fs_Rec - ok
00:24:42.0046 3348        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:24:42.0140 3348        Ftdisk - ok
00:24:42.0156 3348        gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:24:42.0250 3348        gameenum - ok
00:24:42.0281 3348        GEARAspiWDM    (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:24:42.0281 3348        GEARAspiWDM - ok
00:24:42.0312 3348        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:24:42.0406 3348        Gpc - ok
00:24:42.0468 3348        gupdate1c9b3abc89374fa (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
00:24:42.0484 3348        gupdate1c9b3abc89374fa - ok
00:24:42.0484 3348        gupdatem        (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
00:24:42.0484 3348        gupdatem - ok
00:24:42.0531 3348        gusvc          (408ddd80eede47175f6844817b90213e) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
00:24:42.0562 3348        gusvc - ok
00:24:42.0593 3348        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:24:42.0671 3348        HDAudBus - ok
00:24:42.0734 3348        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:24:42.0828 3348        helpsvc - ok
00:24:42.0828 3348        HidServ - ok
00:24:42.0859 3348        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:24:42.0953 3348        HidUsb - ok
00:24:42.0968 3348        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
00:24:43.0046 3348        hkmsvc - ok
00:24:43.0046 3348        hpn - ok
00:24:43.0078 3348        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:24:43.0125 3348        HTTP - ok
00:24:43.0156 3348        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
00:24:43.0265 3348        HTTPFilter - ok
00:24:43.0281 3348        i2omgmt - ok
00:24:43.0281 3348        i2omp - ok
00:24:43.0312 3348        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:24:43.0390 3348        i8042prt - ok
00:24:43.0468 3348        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:24:43.0484 3348        IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:24:43.0484 3348        IDriverT - detected UnsignedFile.Multi.Generic (1)
00:24:43.0625 3348        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:24:43.0671 3348        idsvc - ok
00:24:43.0703 3348        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:24:43.0796 3348        Imapi - ok
00:24:43.0812 3348        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
00:24:43.0906 3348        ImapiService - ok
00:24:43.0906 3348        ini910u - ok
00:24:44.0109 3348        IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:24:44.0250 3348        IntcAzAudAddService - ok
00:24:44.0328 3348        IntelIde - ok
00:24:44.0359 3348        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:24:44.0453 3348        intelppm - ok
00:24:44.0484 3348        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:24:44.0578 3348        Ip6Fw - ok
00:24:44.0609 3348        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:24:44.0687 3348        IpFilterDriver - ok
00:24:44.0703 3348        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:24:44.0796 3348        IpInIp - ok
00:24:44.0828 3348        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:24:44.0921 3348        IpNat - ok
00:24:44.0953 3348        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:24:45.0031 3348        IPSec - ok
00:24:45.0062 3348        irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
00:24:45.0156 3348        irda - ok
00:24:45.0187 3348        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:24:45.0250 3348        IRENUM - ok
00:24:45.0281 3348        Irmon          (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
00:24:45.0375 3348        Irmon - ok
00:24:45.0390 3348        irsir          (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
00:24:45.0437 3348        irsir - ok
00:24:45.0468 3348        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:24:45.0546 3348        isapnp - ok
00:24:45.0640 3348        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
00:24:45.0656 3348        JavaQuickStarterService - ok
00:24:45.0656 3348        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:24:45.0734 3348        Kbdclass - ok
00:24:45.0765 3348        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:24:45.0859 3348        kmixer - ok
00:24:45.0890 3348        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:24:45.0968 3348        KSecDD - ok
00:24:46.0000 3348        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
00:24:46.0015 3348        lanmanserver - ok
00:24:46.0046 3348        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
00:24:46.0093 3348        lanmanworkstation - ok
00:24:46.0093 3348        lbrtfdc - ok
00:24:46.0125 3348        lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
00:24:46.0140 3348        lirsgt - ok
00:24:46.0156 3348        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
00:24:46.0250 3348        LmHosts - ok
00:24:46.0265 3348        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
00:24:46.0359 3348        Messenger - ok
00:24:46.0390 3348        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:24:46.0468 3348        mnmdd - ok
00:24:46.0500 3348        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
00:24:46.0578 3348        mnmsrvc - ok
00:24:46.0578 3348        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
00:24:46.0671 3348        Modem - ok
00:24:46.0703 3348        motccgp        (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
00:24:46.0750 3348        motccgp - ok
00:24:46.0765 3348        motccgpfl      (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
00:24:46.0812 3348        motccgpfl - ok
00:24:46.0828 3348        motmodem        (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
00:24:46.0875 3348        motmodem - ok
00:24:46.0937 3348        MotoConnect Service (bb9de58ac6513da62c005d92e2db4981) C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
00:24:46.0937 3348        MotoConnect Service - ok
00:24:46.0953 3348        MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
00:24:46.0968 3348        MotoSwitchService - ok
00:24:46.0984 3348        Motousbnet      (c3661b817e51b16153b332da1312b74d) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
00:24:47.0031 3348        Motousbnet - ok
00:24:47.0046 3348        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:24:47.0125 3348        Mouclass - ok
00:24:47.0140 3348        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:24:47.0234 3348        MountMgr - ok
00:24:47.0265 3348        MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
00:24:47.0281 3348        MozillaMaintenance - ok
00:24:47.0281 3348        mraid35x - ok
00:24:47.0328 3348        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:24:47.0421 3348        MRxDAV - ok
00:24:47.0468 3348        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:24:47.0546 3348        MRxSmb - ok
00:24:47.0578 3348        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
00:24:47.0656 3348        MSDTC - ok
00:24:47.0687 3348        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:24:47.0781 3348        Msfs - ok
00:24:47.0781 3348        MSIServer - ok
00:24:47.0796 3348        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:24:47.0875 3348        MSKSSRV - ok
00:24:47.0890 3348        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:24:47.0984 3348        MSPCLOCK - ok
00:24:47.0984 3348        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:24:48.0078 3348        MSPQM - ok
00:24:48.0093 3348        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:24:48.0171 3348        mssmbios - ok
00:24:48.0187 3348        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:24:48.0265 3348        MSTEE - ok
00:24:48.0281 3348        ms_mpu401      (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
00:24:48.0375 3348        ms_mpu401 - ok
00:24:48.0406 3348        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:24:48.0437 3348        Mup - ok
00:24:48.0468 3348        MxlW2k          (31509f505fea9b37f9e59a10adcfe8f5) C:\WINDOWS\system32\drivers\MxlW2k.sys
00:24:48.0484 3348        MxlW2k ( UnsignedFile.Multi.Generic ) - warning
00:24:48.0484 3348        MxlW2k - detected UnsignedFile.Multi.Generic (1)
00:24:48.0515 3348        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:24:48.0593 3348        NABTSFEC - ok
00:24:48.0640 3348        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
00:24:48.0750 3348        napagent - ok
00:24:48.0765 3348        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:24:48.0875 3348        NDIS - ok
00:24:48.0906 3348        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:24:48.0984 3348        NdisIP - ok
00:24:49.0015 3348        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:24:49.0078 3348        NdisTapi - ok
00:24:49.0093 3348        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:24:49.0187 3348        Ndisuio - ok
00:24:49.0187 3348        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:24:49.0281 3348        NdisWan - ok
00:24:49.0312 3348        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:24:49.0359 3348        NDProxy - ok
00:24:49.0375 3348        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:24:49.0437 3348        NetBIOS - ok
00:24:49.0468 3348        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:24:49.0562 3348        NetBT - ok
00:24:49.0578 3348        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
00:24:49.0656 3348        NetDDE - ok
00:24:49.0656 3348        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
00:24:49.0734 3348        NetDDEdsdm - ok
00:24:49.0765 3348        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:49.0828 3348        Netlogon - ok
00:24:49.0859 3348        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
00:24:49.0937 3348        Netman - ok
00:24:50.0031 3348        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:24:50.0046 3348        NetTcpPortSharing - ok
00:24:50.0062 3348        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:24:50.0156 3348        NIC1394 - ok
00:24:50.0187 3348        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
00:24:50.0203 3348        Nla - ok
00:24:50.0234 3348        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:24:50.0296 3348        Npfs - ok
00:24:50.0359 3348        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:24:50.0468 3348        Ntfs - ok
00:24:50.0500 3348        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:50.0562 3348        NtLmSsp - ok
00:24:50.0609 3348        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
00:24:50.0718 3348        NtmsSvc - ok
00:24:50.0750 3348        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:24:50.0828 3348        Null - ok
00:24:51.0156 3348        nv              (cf49346faeffbd046b4dcaf29673e02a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:24:51.0484 3348        nv - ok
00:24:51.0593 3348        NVHDA          (2e661d73b21619818787fd5059294751) C:\WINDOWS\system32\drivers\nvhda32.sys
00:24:51.0609 3348        NVHDA - ok
00:24:51.0640 3348        nvsvc          (896b929603fe45993853df9a3e5e19b1) C:\WINDOWS\system32\nvsvc32.exe
00:24:51.0656 3348        nvsvc ( UnsignedFile.Multi.Generic ) - warning
00:24:51.0656 3348        nvsvc - detected UnsignedFile.Multi.Generic (1)
00:24:51.0687 3348        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:24:51.0765 3348        NwlnkFlt - ok
00:24:51.0796 3348        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:24:51.0890 3348        NwlnkFwd - ok
00:24:51.0921 3348        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:24:52.0000 3348        ohci1394 - ok
00:24:52.0078 3348        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
00:24:52.0093 3348        ose - ok
00:24:52.0109 3348        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
00:24:52.0203 3348        Parport - ok
00:24:52.0234 3348        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:24:52.0312 3348        PartMgr - ok
00:24:52.0328 3348        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
00:24:52.0421 3348        ParVdm - ok
00:24:52.0437 3348        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
00:24:52.0531 3348        PCI - ok
00:24:52.0531 3348        PCIDump - ok
00:24:52.0562 3348        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:24:52.0656 3348        PCIIde - ok
00:24:52.0671 3348        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:24:52.0750 3348        Pcmcia - ok
00:24:52.0765 3348        PDCOMP - ok
00:24:52.0765 3348        PDFRAME - ok
00:24:52.0765 3348        PDRELI - ok
00:24:52.0781 3348        PDRFRAME - ok
00:24:52.0781 3348        perc2 - ok
00:24:52.0796 3348        perc2hib - ok
00:24:52.0843 3348        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
00:24:52.0843 3348        PlugPlay - ok
00:24:52.0875 3348        PnkBstrA        (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
00:24:52.0890 3348        PnkBstrA - ok
00:24:52.0921 3348        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:52.0984 3348        PolicyAgent - ok
00:24:53.0000 3348        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:24:53.0093 3348        PptpMiniport - ok
00:24:53.0093 3348        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:53.0171 3348        ProtectedStorage - ok
00:24:53.0187 3348        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:24:53.0281 3348        PSched - ok
00:24:53.0312 3348        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:24:53.0390 3348        Ptilink - ok
00:24:53.0421 3348        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:24:53.0421 3348        PxHelp20 - ok
00:24:53.0421 3348        ql1080 - ok
00:24:53.0437 3348        Ql10wnt - ok
00:24:53.0437 3348        ql12160 - ok
00:24:53.0437 3348        ql1240 - ok
00:24:53.0453 3348        ql1280 - ok
00:24:53.0453 3348        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:24:53.0546 3348        RasAcd - ok
00:24:53.0562 3348        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
00:24:53.0656 3348        RasAuto - ok
00:24:53.0671 3348        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
00:24:53.0703 3348        Rasirda - ok
00:24:53.0734 3348        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:24:53.0812 3348        Rasl2tp - ok
00:24:53.0843 3348        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
00:24:53.0921 3348        RasMan - ok
00:24:53.0953 3348        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:24:54.0031 3348        RasPppoe - ok
00:24:54.0062 3348        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:24:54.0156 3348        Raspti - ok
00:24:54.0187 3348        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:24:54.0265 3348        Rdbss - ok
00:24:54.0296 3348        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:24:54.0375 3348        RDPCDD - ok
00:24:54.0421 3348        RDPWD          (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:24:54.0468 3348        RDPWD - ok
00:24:54.0500 3348        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
00:24:54.0593 3348        RDSessMgr - ok
00:24:54.0625 3348        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:24:54.0718 3348        redbook - ok
00:24:54.0734 3348        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
00:24:54.0828 3348        RemoteAccess - ok
00:24:54.0859 3348        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
00:24:54.0953 3348        ROOTMODEM - ok
00:24:55.0000 3348        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
00:24:55.0078 3348        RpcLocator - ok
00:24:55.0125 3348        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
00:24:55.0140 3348        RpcSs - ok
00:24:55.0156 3348        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
00:24:55.0234 3348        RSVP - ok
00:24:55.0265 3348        RTL8023xp      (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:24:55.0312 3348        RTL8023xp - ok
00:24:55.0343 3348        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:55.0421 3348        SamSs - ok
00:24:55.0421 3348        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
00:24:55.0531 3348        SCardSvr - ok
00:24:55.0562 3348        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
00:24:55.0656 3348        Schedule - ok
00:24:55.0750 3348        SeaPort        (4a5809a1d796e2675ac0332bf7b0cb11) C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:24:55.0765 3348        SeaPort - ok
00:24:55.0796 3348        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:24:55.0859 3348        Secdrv - ok
00:24:55.0890 3348        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
00:24:55.0968 3348        seclogon - ok
00:24:55.0984 3348        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
00:24:56.0078 3348        SENS - ok
00:24:56.0109 3348        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:24:56.0171 3348        serenum - ok
00:24:56.0187 3348        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
00:24:56.0265 3348        Serial - ok
00:24:56.0281 3348        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:24:56.0359 3348        Sfloppy - ok
00:24:56.0406 3348        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
00:24:56.0500 3348        SharedAccess - ok
00:24:56.0531 3348        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
00:24:56.0546 3348        ShellHWDetection - ok
00:24:56.0546 3348        Simbad - ok
00:24:56.0593 3348        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:24:56.0671 3348        SLIP - ok
00:24:56.0718 3348        snpstd          (eaee05416ae891d3a9f61c923033cea9) C:\WINDOWS\system32\DRIVERS\snpstd.sys
00:24:56.0812 3348        snpstd - ok
00:24:56.0812 3348        Sparrow - ok
00:24:56.0843 3348        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:24:56.0937 3348        splitter - ok
00:24:56.0953 3348        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:24:57.0000 3348        Spooler - ok
00:24:57.0015 3348        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
00:24:57.0093 3348        sr - ok
00:24:57.0140 3348        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
00:24:57.0218 3348        srservice - ok
00:24:57.0265 3348        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:24:57.0312 3348        Srv - ok
00:24:57.0343 3348        sscdbus        (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
00:24:57.0390 3348        sscdbus - ok
00:24:57.0421 3348        sscdmdfl        (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
00:24:57.0468 3348        sscdmdfl - ok
00:24:57.0500 3348        sscdmdm        (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
00:24:57.0515 3348        sscdmdm - ok
00:24:57.0546 3348        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
00:24:57.0640 3348        SSDPSRV - ok
00:24:57.0671 3348        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
00:24:57.0671 3348        ssmdrv - ok
00:24:57.0703 3348        StarOpen        (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
00:24:57.0703 3348        StarOpen ( UnsignedFile.Multi.Generic ) - warning
00:24:57.0703 3348        StarOpen - detected UnsignedFile.Multi.Generic (1)
00:24:57.0750 3348        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
00:24:57.0828 3348        stisvc - ok
00:24:57.0859 3348        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:24:57.0937 3348        streamip - ok
00:24:57.0968 3348        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:24:58.0046 3348        swenum - ok
00:24:58.0078 3348        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:24:58.0156 3348        swmidi - ok
00:24:58.0156 3348        SwPrv - ok
00:24:58.0171 3348        symc810 - ok
00:24:58.0171 3348        symc8xx - ok
00:24:58.0187 3348        sym_hi - ok
00:24:58.0187 3348        sym_u3 - ok
00:24:58.0203 3348        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:24:58.0296 3348        sysaudio - ok
00:24:58.0328 3348        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
00:24:58.0421 3348        SysmonLog - ok
00:24:58.0437 3348        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
00:24:58.0531 3348        TapiSrv - ok
00:24:58.0593 3348        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:24:58.0625 3348        Tcpip - ok
00:24:58.0640 3348        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:24:58.0734 3348        TDPIPE - ok
00:24:58.0765 3348        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:24:58.0843 3348        TDTCP - ok
00:24:58.0875 3348        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:24:58.0953 3348        TermDD - ok
00:24:59.0000 3348        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
00:24:59.0093 3348        TermService - ok
00:24:59.0125 3348        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
00:24:59.0140 3348        Themes - ok
00:24:59.0140 3348        TosIde - ok
00:24:59.0171 3348        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
00:24:59.0250 3348        TrkWks - ok
00:24:59.0265 3348        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:24:59.0359 3348        Udfs - ok
00:24:59.0359 3348        ultra - ok
00:24:59.0406 3348        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:24:59.0515 3348        Update - ok
00:24:59.0546 3348        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
00:24:59.0625 3348        upnphost - ok
00:24:59.0687 3348        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
00:24:59.0765 3348        UPS - ok
00:24:59.0781 3348        USBAAPL        (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:24:59.0796 3348        USBAAPL - ok
00:24:59.0828 3348        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:24:59.0906 3348        usbaudio - ok
00:24:59.0937 3348        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:25:00.0015 3348        usbccgp - ok
00:25:00.0046 3348        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:25:00.0125 3348        usbehci - ok
00:25:00.0125 3348        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:25:00.0203 3348        usbhub - ok
00:25:00.0218 3348        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:25:00.0296 3348        usbprint - ok
00:25:00.0312 3348        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:25:00.0406 3348        usbscan - ok
00:25:00.0421 3348        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:25:00.0500 3348        USBSTOR - ok
00:25:00.0531 3348        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:25:00.0609 3348        usbuhci - ok
00:25:00.0625 3348        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:25:00.0703 3348        VgaSave - ok
00:25:00.0703 3348        ViaIde - ok
00:25:00.0750 3348        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
00:25:00.0843 3348        VolSnap - ok
00:25:00.0875 3348        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
00:25:00.0968 3348        VSS - ok
00:25:00.0984 3348        VtcDrv          (0c91d65b29edd38f5e14a4dfe9cdf846) C:\WINDOWS\system32\Drivers\vtcdrv.sys
00:25:01.0000 3348        VtcDrv ( UnsignedFile.Multi.Generic ) - warning
00:25:01.0000 3348        VtcDrv - detected UnsignedFile.Multi.Generic (1)
00:25:01.0031 3348        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
00:25:01.0109 3348        W32Time - ok
00:25:01.0140 3348        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:25:01.0234 3348        Wanarp - ok
00:25:01.0250 3348        wceusbsh        (2e8ba025d65dd49d15ea66973e2a15df) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
00:25:01.0312 3348        wceusbsh - ok
00:25:01.0375 3348        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:25:01.0406 3348        Wdf01000 - ok
00:25:01.0406 3348        WDICA - ok
00:25:01.0421 3348        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:25:01.0515 3348        wdmaud - ok
00:25:01.0546 3348        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
00:25:01.0640 3348        WebClient - ok
00:25:01.0687 3348        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:25:01.0781 3348        winmgmt - ok
00:25:01.0812 3348        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:25:01.0875 3348        WmdmPmSN - ok
00:25:01.0921 3348        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:25:02.0000 3348        WmiApSrv - ok
00:25:02.0093 3348        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
00:25:02.0156 3348        WMPNetworkSvc - ok
00:25:02.0187 3348        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:25:02.0203 3348        WpdUsb - ok
00:25:02.0234 3348        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
00:25:02.0312 3348        wscsvc - ok
00:25:02.0343 3348        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:25:02.0421 3348        WSTCODEC - ok
00:25:02.0453 3348        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
00:25:02.0578 3348        wuauserv - ok
00:25:02.0593 3348        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:25:02.0609 3348        WudfPf - ok
00:25:02.0640 3348        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:25:02.0656 3348        WudfRd - ok
00:25:02.0671 3348        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:25:02.0671 3348        WudfSvc - ok
00:25:02.0718 3348        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
00:25:02.0812 3348        WZCSVC - ok
00:25:02.0843 3348        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
00:25:03.0015 3348        xmlprov - ok
00:25:03.0031 3348        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
00:25:03.0359 3348        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:25:03.0359 3348        \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:25:03.0359 3348        Boot (0x1200)  (961152f0820c2cf0c5582902cb6815af) \Device\Harddisk0\DR0\Partition0
00:25:03.0359 3348        \Device\Harddisk0\DR0\Partition0 - ok
00:25:03.0375 3348        Boot (0x1200)  (9215fbd57ea098c46f3654e5036f4a68) \Device\Harddisk0\DR0\Partition1
00:25:03.0390 3348        \Device\Harddisk0\DR0\Partition1 - ok
00:25:03.0390 3348        ============================================================
00:25:03.0390 3348        Scan finished
00:25:03.0390 3348        ============================================================
00:25:03.0515 3332        Detected object count: 9
00:25:03.0515 3332        Actual detected object count: 9
00:25:22.0609 3332        ACPI ( Virus.Win32.Rloader.a ) - skipped by user
00:25:22.0609 3332        ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip
00:25:22.0609 3332        Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0609 3332        Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0609 3332        ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0609 3332        ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0609 3332        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0609 3332        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0609 3332        MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0609 3332        MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0625 3332        nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0625 3332        nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0625 3332        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0625 3332        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0625 3332        VtcDrv ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0625 3332        VtcDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0625 3332        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:25:22.0625 3332        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:27:23.0906 1576        Deinitialize success

cosinus 17.06.2012 19:59
Zitat:
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

El_Kimmo 18.06.2012 20:14
So hier der Log nach dem Entfernen der TDSS Dateil

Code:
21:10:37.0984 1900        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:10:38.0125 1900        ============================================================
21:10:38.0125 1900        Current date / time: 2012/06/18 21:10:38.0125
21:10:38.0125 1900        SystemInfo:
21:10:38.0125 1900       
21:10:38.0125 1900        OS Version: 5.1.2600 ServicePack: 3.0
21:10:38.0125 1900        Product type: Workstation
21:10:38.0125 1900        ComputerName: PC
21:10:38.0125 1900        UserName: User
21:10:38.0125 1900        Windows directory: C:\WINDOWS
21:10:38.0125 1900        System windows directory: C:\WINDOWS
21:10:38.0125 1900        Processor architecture: Intel x86
21:10:38.0125 1900        Number of processors: 2
21:10:38.0125 1900        Page size: 0x1000
21:10:38.0125 1900        Boot type: Normal boot
21:10:38.0125 1900        ============================================================
21:10:42.0265 1900        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:10:42.0296 1900        ============================================================
21:10:42.0296 1900        \Device\Harddisk0\DR0:
21:10:42.0296 1900        MBR partitions:
21:10:42.0296 1900        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
21:10:42.0312 1900        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x1357EB6A
21:10:42.0312 1900        ============================================================
21:10:42.0921 1900        C: <-> \Device\Harddisk0\DR0\Partition0
21:10:43.0421 1900        D: <-> \Device\Harddisk0\DR0\Partition1
21:10:43.0421 1900        ============================================================
21:10:43.0421 1900        Initialize success
21:10:43.0421 1900        ============================================================
21:10:51.0640 2924        ============================================================
21:10:51.0640 2924        Scan started
21:10:51.0640 2924        Mode: Manual; SigCheck; TDLFS;
21:10:51.0640 2924        ============================================================
21:10:51.0843 2924        Abiosdsk - ok
21:10:51.0843 2924        abp480n5 - ok
21:10:51.0875 2924        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:10:52.0750 2924        ACPI - ok
21:10:52.0750 2924        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:10:52.0843 2924        ACPIEC - ok
21:10:52.0921 2924        Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
21:10:52.0937 2924        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:10:52.0937 2924        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:10:52.0937 2924        adpu160m - ok
21:10:52.0953 2924        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:10:53.0046 2924        aec - ok
21:10:53.0078 2924        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:10:53.0125 2924        AFD - ok
21:10:53.0125 2924        Aha154x - ok
21:10:53.0140 2924        aic78u2 - ok
21:10:53.0140 2924        aic78xx - ok
21:10:53.0187 2924        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
21:10:53.0281 2924        Alerter - ok
21:10:53.0296 2924        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
21:10:53.0390 2924        ALG - ok
21:10:53.0390 2924        AliIde - ok
21:10:53.0390 2924        amsint - ok
21:10:53.0609 2924        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) D:\Exe dateien\Avira\AntiVir Desktop\sched.exe
21:10:53.0625 2924        AntiVirSchedulerService - ok
21:10:53.0671 2924        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) D:\Exe dateien\Avira\AntiVir Desktop\avguard.exe
21:10:53.0671 2924        AntiVirService - ok
21:10:53.0765 2924        Apple Mobile Device (f293992f9ceef6ea00ce52c3094e59e9) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
21:10:53.0765 2924        Apple Mobile Device - ok
21:10:53.0765 2924        AppMgmt - ok
21:10:53.0812 2924        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:10:53.0890 2924        Arp1394 - ok
21:10:53.0890 2924        asc - ok
21:10:53.0906 2924        asc3350p - ok
21:10:53.0906 2924        asc3550 - ok
21:10:53.0984 2924        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:10:54.0015 2924        aspnet_state - ok
21:10:54.0031 2924        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:10:54.0109 2924        AsyncMac - ok
21:10:54.0156 2924        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:10:54.0250 2924        atapi - ok
21:10:54.0250 2924        Atdisk - ok
21:10:54.0281 2924        atksgt          (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
21:10:54.0343 2924        atksgt - ok
21:10:54.0359 2924        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:10:54.0453 2924        Atmarpc - ok
21:10:54.0468 2924        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
21:10:54.0562 2924        AudioSrv - ok
21:10:54.0593 2924        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:10:54.0671 2924        audstub - ok
21:10:54.0703 2924        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:10:54.0718 2924        avgntflt - ok
21:10:54.0750 2924        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:10:54.0765 2924        avipbb - ok
21:10:54.0781 2924        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:10:54.0796 2924        avkmgr - ok
21:10:54.0828 2924        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:10:54.0921 2924        Beep - ok
21:10:54.0953 2924        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
21:10:55.0187 2924        BITS - ok
21:10:55.0203 2924        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
21:10:55.0296 2924        Browser - ok
21:10:55.0328 2924        BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
21:10:55.0500 2924        BTCFilterService - ok
21:10:55.0578 2924        catchme - ok
21:10:55.0609 2924        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:10:55.0703 2924        cbidf2k - ok
21:10:55.0734 2924        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:10:55.0812 2924        CCDECODE - ok
21:10:55.0812 2924        cd20xrnt - ok
21:10:55.0843 2924        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:10:55.0937 2924        Cdaudio - ok
21:10:55.0953 2924        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:10:56.0031 2924        Cdfs - ok
21:10:56.0046 2924        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:10:56.0125 2924        Cdrom - ok
21:10:56.0125 2924        Changer - ok
21:10:56.0140 2924        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
21:10:56.0234 2924        CiSvc - ok
21:10:56.0250 2924        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
21:10:56.0328 2924        ClipSrv - ok
21:10:56.0390 2924        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:56.0468 2924        clr_optimization_v2.0.50727_32 - ok
21:10:56.0468 2924        CmdIde - ok
21:10:56.0468 2924        COMSysApp - ok
21:10:56.0484 2924        Cpqarray - ok
21:10:56.0515 2924        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
21:10:56.0593 2924        CryptSvc - ok
21:10:56.0609 2924        dac2w2k - ok
21:10:56.0609 2924        dac960nt - ok
21:10:56.0656 2924        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
21:10:56.0718 2924        DcomLaunch - ok
21:10:56.0750 2924        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
21:10:56.0843 2924        Dhcp - ok
21:10:56.0859 2924        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:10:56.0953 2924        Disk - ok
21:10:56.0953 2924        dmadmin - ok
21:10:57.0000 2924        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:10:57.0109 2924        dmboot - ok
21:10:57.0140 2924        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:10:57.0234 2924        dmio - ok
21:10:57.0265 2924        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:10:57.0328 2924        dmload - ok
21:10:57.0359 2924        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
21:10:57.0437 2924        dmserver - ok
21:10:57.0468 2924        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:10:57.0546 2924        DMusic - ok
21:10:57.0578 2924        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
21:10:57.0656 2924        Dnscache - ok
21:10:57.0687 2924        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
21:10:57.0765 2924        Dot3svc - ok
21:10:57.0765 2924        dpti2o - ok
21:10:57.0796 2924        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:10:57.0875 2924        drmkaud - ok
21:10:57.0875 2924        EagleXNt - ok
21:10:57.0921 2924        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
21:10:58.0015 2924        EapHost - ok
21:10:58.0046 2924        ENTECH          (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
21:10:58.0062 2924        ENTECH ( UnsignedFile.Multi.Generic ) - warning
21:10:58.0062 2924        ENTECH - detected UnsignedFile.Multi.Generic (1)
21:10:58.0093 2924        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
21:10:58.0171 2924        ERSvc - ok
21:10:58.0203 2924        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:10:58.0218 2924        Eventlog - ok
21:10:58.0265 2924        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
21:10:58.0312 2924        EventSystem - ok
21:10:58.0343 2924        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:10:58.0437 2924        Fastfat - ok
21:10:58.0468 2924        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:10:58.0500 2924        FastUserSwitchingCompatibility - ok
21:10:58.0531 2924        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:10:58.0609 2924        Fdc - ok
21:10:58.0625 2924        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:10:58.0703 2924        Fips - ok
21:10:58.0734 2924        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:10:58.0812 2924        Flpydisk - ok
21:10:58.0843 2924        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:10:58.0937 2924        FltMgr - ok
21:10:59.0000 2924        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:10:59.0015 2924        FontCache3.0.0.0 - ok
21:10:59.0046 2924        fssfltr        (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:10:59.0046 2924        fssfltr - ok
21:10:59.0171 2924        fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Programme\Windows Live\Family Safety\fsssvc.exe
21:10:59.0218 2924        fsssvc - ok
21:10:59.0265 2924        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:10:59.0343 2924        Fs_Rec - ok
21:10:59.0375 2924        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:10:59.0468 2924        Ftdisk - ok
21:10:59.0484 2924        gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:10:59.0578 2924        gameenum - ok
21:10:59.0625 2924        GEARAspiWDM    (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:10:59.0625 2924        GEARAspiWDM - ok
21:10:59.0656 2924        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:10:59.0734 2924        Gpc - ok
21:10:59.0875 2924        gupdate1c9b3abc89374fa (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
21:10:59.0875 2924        gupdate1c9b3abc89374fa - ok
21:10:59.0890 2924        gupdatem        (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
21:10:59.0890 2924        gupdatem - ok
21:10:59.0937 2924        gusvc          (408ddd80eede47175f6844817b90213e) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
21:10:59.0968 2924        gusvc - ok
21:11:00.0000 2924        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:11:00.0078 2924        HDAudBus - ok
21:11:00.0156 2924        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:11:00.0234 2924        helpsvc - ok
21:11:00.0234 2924        HidServ - ok
21:11:00.0281 2924        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:11:00.0359 2924        HidUsb - ok
21:11:00.0390 2924        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
21:11:00.0468 2924        hkmsvc - ok
21:11:00.0468 2924        hpn - ok
21:11:00.0500 2924        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:11:00.0531 2924        HTTP - ok
21:11:00.0562 2924        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
21:11:00.0671 2924        HTTPFilter - ok
21:11:00.0671 2924        i2omgmt - ok
21:11:00.0687 2924        i2omp - ok
21:11:00.0718 2924        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:11:00.0812 2924        i8042prt - ok
21:11:00.0890 2924        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:11:00.0906 2924        IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:11:00.0906 2924        IDriverT - detected UnsignedFile.Multi.Generic (1)
21:11:01.0031 2924        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:11:01.0078 2924        idsvc - ok
21:11:01.0109 2924        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:11:01.0187 2924        Imapi - ok
21:11:01.0203 2924        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
21:11:01.0296 2924        ImapiService - ok
21:11:01.0296 2924        ini910u - ok
21:11:01.0500 2924        IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:11:01.0640 2924        IntcAzAudAddService - ok
21:11:01.0718 2924        IntelIde - ok
21:11:01.0734 2924        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:11:01.0828 2924        intelppm - ok
21:11:01.0843 2924        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:11:01.0937 2924        Ip6Fw - ok
21:11:01.0953 2924        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:11:02.0046 2924        IpFilterDriver - ok
21:11:02.0078 2924        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:11:02.0171 2924        IpInIp - ok
21:11:02.0203 2924        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:11:02.0281 2924        IpNat - ok
21:11:02.0312 2924        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:11:02.0406 2924        IPSec - ok
21:11:02.0421 2924        irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:11:02.0515 2924        irda - ok
21:11:02.0531 2924        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:11:02.0609 2924        IRENUM - ok
21:11:02.0640 2924        Irmon          (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
21:11:02.0734 2924        Irmon - ok
21:11:02.0734 2924        irsir          (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
21:11:02.0781 2924        irsir - ok
21:11:02.0812 2924        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:11:02.0890 2924        isapnp - ok
21:11:03.0015 2924        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
21:11:03.0015 2924        JavaQuickStarterService - ok
21:11:03.0031 2924        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:11:03.0109 2924        Kbdclass - ok
21:11:03.0125 2924        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:11:03.0218 2924        kmixer - ok
21:11:03.0250 2924        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:11:03.0328 2924        KSecDD - ok
21:11:03.0359 2924        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
21:11:03.0390 2924        lanmanserver - ok
21:11:03.0421 2924        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
21:11:03.0453 2924        lanmanworkstation - ok
21:11:03.0453 2924        lbrtfdc - ok
21:11:03.0484 2924        lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
21:11:03.0500 2924        lirsgt - ok
21:11:03.0531 2924        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
21:11:03.0609 2924        LmHosts - ok
21:11:03.0625 2924        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
21:11:03.0718 2924        Messenger - ok
21:11:03.0734 2924        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:11:03.0828 2924        mnmdd - ok
21:11:03.0859 2924        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
21:11:03.0921 2924        mnmsrvc - ok
21:11:03.0937 2924        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:11:04.0031 2924        Modem - ok
21:11:04.0046 2924        motccgp        (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
21:11:04.0078 2924        motccgp - ok
21:11:04.0109 2924        motccgpfl      (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
21:11:04.0140 2924        motccgpfl - ok
21:11:04.0156 2924        motmodem        (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
21:11:04.0203 2924        motmodem - ok
21:11:04.0265 2924        MotoConnect Service (bb9de58ac6513da62c005d92e2db4981) C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
21:11:04.0281 2924        MotoConnect Service - ok
21:11:04.0281 2924        MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
21:11:04.0312 2924        MotoSwitchService - ok
21:11:04.0328 2924        Motousbnet      (c3661b817e51b16153b332da1312b74d) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
21:11:04.0359 2924        Motousbnet - ok
21:11:04.0390 2924        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:11:04.0453 2924        Mouclass - ok
21:11:04.0468 2924        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:11:04.0562 2924        MountMgr - ok
21:11:04.0593 2924        MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:11:04.0625 2924        MozillaMaintenance - ok
21:11:04.0625 2924        mraid35x - ok
21:11:04.0671 2924        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:11:04.0765 2924        MRxDAV - ok
21:11:04.0812 2924        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:11:04.0890 2924        MRxSmb - ok
21:11:04.0921 2924        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
21:11:05.0000 2924        MSDTC - ok
21:11:05.0031 2924        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:11:05.0109 2924        Msfs - ok
21:11:05.0109 2924        MSIServer - ok
21:11:05.0125 2924        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:11:05.0203 2924        MSKSSRV - ok
21:11:05.0218 2924        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:11:05.0296 2924        MSPCLOCK - ok
21:11:05.0312 2924        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:11:05.0390 2924        MSPQM - ok
21:11:05.0421 2924        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:11:05.0500 2924        mssmbios - ok
21:11:05.0515 2924        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:11:05.0593 2924        MSTEE - ok
21:11:05.0609 2924        ms_mpu401      (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
21:11:05.0703 2924        ms_mpu401 - ok
21:11:05.0734 2924        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:11:05.0781 2924        Mup - ok
21:11:05.0812 2924        MxlW2k          (31509f505fea9b37f9e59a10adcfe8f5) C:\WINDOWS\system32\drivers\MxlW2k.sys
21:11:05.0812 2924        MxlW2k ( UnsignedFile.Multi.Generic ) - warning
21:11:05.0812 2924        MxlW2k - detected UnsignedFile.Multi.Generic (1)
21:11:05.0843 2924        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:11:05.0937 2924        NABTSFEC - ok
21:11:05.0968 2924        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
21:11:06.0078 2924        napagent - ok
21:11:06.0109 2924        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:11:06.0218 2924        NDIS - ok
21:11:06.0234 2924        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:11:06.0328 2924        NdisIP - ok
21:11:06.0359 2924        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:11:06.0406 2924        NdisTapi - ok
21:11:06.0437 2924        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:11:06.0515 2924        Ndisuio - ok
21:11:06.0531 2924        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:11:06.0625 2924        NdisWan - ok
21:11:06.0640 2924        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:11:06.0703 2924        NDProxy - ok
21:11:06.0718 2924        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:11:06.0796 2924        NetBIOS - ok
21:11:06.0828 2924        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:11:06.0906 2924        NetBT - ok
21:11:06.0921 2924        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:11:07.0015 2924        NetDDE - ok
21:11:07.0015 2924        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:11:07.0093 2924        NetDDEdsdm - ok
21:11:07.0109 2924        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:07.0187 2924        Netlogon - ok
21:11:07.0218 2924        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
21:11:07.0296 2924        Netman - ok
21:11:07.0390 2924        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:07.0406 2924        NetTcpPortSharing - ok
21:11:07.0421 2924        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:11:07.0515 2924        NIC1394 - ok
21:11:07.0546 2924        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
21:11:07.0562 2924        Nla - ok
21:11:07.0578 2924        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:11:07.0656 2924        Npfs - ok
21:11:07.0718 2924        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:11:07.0828 2924        Ntfs - ok
21:11:07.0843 2924        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:07.0921 2924        NtLmSsp - ok
21:11:07.0968 2924        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
21:11:08.0062 2924        NtmsSvc - ok
21:11:08.0093 2924        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:11:08.0171 2924        Null - ok
21:11:08.0484 2924        nv              (cf49346faeffbd046b4dcaf29673e02a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:11:08.0828 2924        nv - ok
21:11:08.0953 2924        NVHDA          (2e661d73b21619818787fd5059294751) C:\WINDOWS\system32\drivers\nvhda32.sys
21:11:08.0953 2924        NVHDA - ok
21:11:09.0000 2924        nvsvc          (896b929603fe45993853df9a3e5e19b1) C:\WINDOWS\system32\nvsvc32.exe
21:11:09.0000 2924        nvsvc ( UnsignedFile.Multi.Generic ) - warning
21:11:09.0000 2924        nvsvc - detected UnsignedFile.Multi.Generic (1)
21:11:09.0046 2924        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:11:09.0125 2924        NwlnkFlt - ok
21:11:09.0140 2924        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:11:09.0234 2924        NwlnkFwd - ok
21:11:09.0265 2924        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:11:09.0343 2924        ohci1394 - ok
21:11:09.0406 2924        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:11:09.0421 2924        ose - ok
21:11:09.0453 2924        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
21:11:09.0546 2924        Parport - ok
21:11:09.0578 2924        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:11:09.0656 2924        PartMgr - ok
21:11:09.0687 2924        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:11:09.0781 2924        ParVdm - ok
21:11:09.0796 2924        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:11:09.0875 2924        PCI - ok
21:11:09.0875 2924        PCIDump - ok
21:11:09.0906 2924        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:11:10.0000 2924        PCIIde - ok
21:11:10.0015 2924        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:11:10.0093 2924        Pcmcia - ok
21:11:10.0093 2924        PDCOMP - ok
21:11:10.0109 2924        PDFRAME - ok
21:11:10.0109 2924        PDRELI - ok
21:11:10.0109 2924        PDRFRAME - ok
21:11:10.0125 2924        perc2 - ok
21:11:10.0125 2924        perc2hib - ok
21:11:10.0187 2924        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:11:10.0203 2924        PlugPlay - ok
21:11:10.0234 2924        PnkBstrA        (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
21:11:10.0234 2924        PnkBstrA - ok
21:11:10.0265 2924        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:10.0343 2924        PolicyAgent - ok
21:11:10.0359 2924        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:11:10.0437 2924        PptpMiniport - ok
21:11:10.0437 2924        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:10.0515 2924        ProtectedStorage - ok
21:11:10.0546 2924        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:11:10.0625 2924        PSched - ok
21:11:10.0656 2924        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:11:10.0734 2924        Ptilink - ok
21:11:10.0765 2924        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:11:10.0781 2924        PxHelp20 - ok
21:11:10.0781 2924        ql1080 - ok
21:11:10.0781 2924        Ql10wnt - ok
21:11:10.0781 2924        ql12160 - ok
21:11:10.0796 2924        ql1240 - ok
21:11:10.0796 2924        ql1280 - ok
21:11:10.0812 2924        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:11:10.0890 2924        RasAcd - ok
21:11:10.0906 2924        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
21:11:11.0000 2924        RasAuto - ok
21:11:11.0015 2924        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:11:11.0046 2924        Rasirda - ok
21:11:11.0062 2924        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:11:11.0140 2924        Rasl2tp - ok
21:11:11.0187 2924        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
21:11:11.0265 2924        RasMan - ok
21:11:11.0296 2924        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:11:11.0375 2924        RasPppoe - ok
21:11:11.0375 2924        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:11:11.0468 2924        Raspti - ok
21:11:11.0500 2924        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:11:11.0578 2924        Rdbss - ok
21:11:11.0625 2924        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:11:11.0703 2924        RDPCDD - ok
21:11:11.0750 2924        RDPWD          (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:11:11.0796 2924        RDPWD - ok
21:11:11.0828 2924        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
21:11:11.0921 2924        RDSessMgr - ok
21:11:11.0953 2924        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:11:12.0031 2924        redbook - ok
21:11:12.0062 2924        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
21:11:12.0140 2924        RemoteAccess - ok
21:11:12.0171 2924        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:11:12.0265 2924        ROOTMODEM - ok
21:11:12.0296 2924        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
21:11:12.0390 2924        RpcLocator - ok
21:11:12.0437 2924        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
21:11:12.0453 2924        RpcSs - ok
21:11:12.0468 2924        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
21:11:12.0546 2924        RSVP - ok
21:11:12.0593 2924        RTL8023xp      (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:11:12.0625 2924        RTL8023xp - ok
21:11:12.0656 2924        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:12.0734 2924        SamSs - ok
21:11:12.0750 2924        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
21:11:12.0843 2924        SCardSvr - ok
21:11:12.0890 2924        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
21:11:12.0984 2924        Schedule - ok
21:11:13.0062 2924        SeaPort        (4a5809a1d796e2675ac0332bf7b0cb11) C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:11:13.0078 2924        SeaPort - ok
21:11:13.0093 2924        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:11:13.0171 2924        Secdrv - ok
21:11:13.0187 2924        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
21:11:13.0281 2924        seclogon - ok
21:11:13.0296 2924        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
21:11:13.0390 2924        SENS - ok
21:11:13.0421 2924        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:11:13.0500 2924        serenum - ok
21:11:13.0515 2924        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
21:11:13.0593 2924        Serial - ok
21:11:13.0625 2924        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:11:13.0703 2924        Sfloppy - ok
21:11:13.0734 2924        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
21:11:13.0828 2924        SharedAccess - ok
21:11:13.0859 2924        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:11:13.0875 2924        ShellHWDetection - ok
21:11:13.0875 2924        Simbad - ok
21:11:13.0906 2924        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:11:14.0000 2924        SLIP - ok
21:11:14.0031 2924        snpstd          (eaee05416ae891d3a9f61c923033cea9) C:\WINDOWS\system32\DRIVERS\snpstd.sys
21:11:14.0125 2924        snpstd - ok
21:11:14.0125 2924        Sparrow - ok
21:11:14.0156 2924        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:11:14.0250 2924        splitter - ok
21:11:14.0265 2924        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:11:14.0296 2924        Spooler - ok
21:11:14.0312 2924        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:11:14.0406 2924        sr - ok
21:11:14.0437 2924        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
21:11:14.0515 2924        srservice - ok
21:11:14.0562 2924        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:11:14.0625 2924        Srv - ok
21:11:14.0656 2924        sscdbus        (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
21:11:14.0703 2924        sscdbus - ok
21:11:14.0734 2924        sscdmdfl        (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
21:11:14.0765 2924        sscdmdfl - ok
21:11:14.0812 2924        sscdmdm        (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
21:11:14.0828 2924        sscdmdm - ok
21:11:14.0843 2924        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
21:11:14.0937 2924        SSDPSRV - ok
21:11:14.0968 2924        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:11:14.0984 2924        ssmdrv - ok
21:11:15.0015 2924        StarOpen        (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
21:11:15.0015 2924        StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:11:15.0015 2924        StarOpen - detected UnsignedFile.Multi.Generic (1)
21:11:15.0062 2924        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
21:11:15.0140 2924        stisvc - ok
21:11:15.0171 2924        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:11:15.0250 2924        streamip - ok
21:11:15.0265 2924        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:11:15.0359 2924        swenum - ok
21:11:15.0375 2924        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:11:15.0468 2924        swmidi - ok
21:11:15.0468 2924        SwPrv - ok
21:11:15.0484 2924        symc810 - ok
21:11:15.0484 2924        symc8xx - ok
21:11:15.0484 2924        sym_hi - ok
21:11:15.0500 2924        sym_u3 - ok
21:11:15.0531 2924        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:11:15.0609 2924        sysaudio - ok
21:11:15.0640 2924        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
21:11:15.0734 2924        SysmonLog - ok
21:11:15.0750 2924        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
21:11:15.0843 2924        TapiSrv - ok
21:11:15.0890 2924        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:11:15.0937 2924        Tcpip - ok
21:11:15.0953 2924        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:11:16.0046 2924        TDPIPE - ok
21:11:16.0062 2924        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:11:16.0156 2924        TDTCP - ok
21:11:16.0187 2924        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:11:16.0265 2924        TermDD - ok
21:11:16.0296 2924        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
21:11:16.0390 2924        TermService - ok
21:11:16.0437 2924        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:11:16.0437 2924        Themes - ok
21:11:16.0437 2924        TosIde - ok
21:11:16.0468 2924        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
21:11:16.0562 2924        TrkWks - ok
21:11:16.0578 2924        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:11:16.0656 2924        Udfs - ok
21:11:16.0656 2924        ultra - ok
21:11:16.0718 2924        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:11:16.0812 2924        Update - ok
21:11:16.0843 2924        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
21:11:16.0937 2924        upnphost - ok
21:11:16.0953 2924        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
21:11:17.0031 2924        UPS - ok
21:11:17.0046 2924        USBAAPL        (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:11:17.0078 2924        USBAAPL - ok
21:11:17.0093 2924        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:11:17.0187 2924        usbaudio - ok
21:11:17.0218 2924        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:11:17.0296 2924        usbccgp - ok
21:11:17.0328 2924        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:11:17.0406 2924        usbehci - ok
21:11:17.0406 2924        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:11:17.0484 2924        usbhub - ok
21:11:17.0500 2924        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:11:17.0578 2924        usbprint - ok
21:11:17.0609 2924        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:11:17.0687 2924        usbscan - ok
21:11:17.0703 2924        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:11:17.0765 2924        USBSTOR - ok
21:11:17.0796 2924        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:11:17.0875 2924        usbuhci - ok
21:11:17.0906 2924        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:11:17.0984 2924        VgaSave - ok
21:11:17.0984 2924        ViaIde - ok
21:11:18.0015 2924        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:11:18.0093 2924        VolSnap - ok
21:11:18.0125 2924        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
21:11:18.0218 2924        VSS - ok
21:11:18.0234 2924        VtcDrv          (0c91d65b29edd38f5e14a4dfe9cdf846) C:\WINDOWS\system32\Drivers\vtcdrv.sys
21:11:18.0250 2924        VtcDrv ( UnsignedFile.Multi.Generic ) - warning
21:11:18.0250 2924        VtcDrv - detected UnsignedFile.Multi.Generic (1)
21:11:18.0281 2924        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
21:11:18.0359 2924        W32Time - ok
21:11:18.0390 2924        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:11:18.0468 2924        Wanarp - ok
21:11:18.0484 2924        wceusbsh        (2e8ba025d65dd49d15ea66973e2a15df) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:11:18.0578 2924        wceusbsh - ok
21:11:18.0640 2924        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:11:18.0671 2924        Wdf01000 - ok
21:11:18.0687 2924        WDICA - ok
21:11:18.0703 2924        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:11:18.0796 2924        wdmaud - ok
21:11:18.0812 2924        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
21:11:18.0890 2924        WebClient - ok
21:11:18.0968 2924        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:11:19.0046 2924        winmgmt - ok
21:11:19.0062 2924        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:11:19.0109 2924        WmdmPmSN - ok
21:11:19.0156 2924        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:11:19.0234 2924        WmiApSrv - ok
21:11:19.0343 2924        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
21:11:19.0390 2924        WMPNetworkSvc - ok
21:11:19.0437 2924        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:11:19.0437 2924        WpdUsb - ok
21:11:19.0468 2924        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
21:11:19.0562 2924        wscsvc - ok
21:11:19.0593 2924        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:11:19.0671 2924        WSTCODEC - ok
21:11:19.0703 2924        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
21:11:19.0828 2924        wuauserv - ok
21:11:19.0843 2924        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:11:19.0859 2924        WudfPf - ok
21:11:19.0890 2924        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:11:19.0906 2924        WudfRd - ok
21:11:19.0921 2924        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:11:19.0937 2924        WudfSvc - ok
21:11:19.0968 2924        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
21:11:20.0062 2924        WZCSVC - ok
21:11:20.0093 2924        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
21:11:20.0265 2924        xmlprov - ok
21:11:20.0281 2924        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:11:20.0671 2924        \Device\Harddisk0\DR0 - ok
21:11:20.0671 2924        Boot (0x1200)  (961152f0820c2cf0c5582902cb6815af) \Device\Harddisk0\DR0\Partition0
21:11:20.0687 2924        \Device\Harddisk0\DR0\Partition0 - ok
21:11:20.0703 2924        Boot (0x1200)  (9215fbd57ea098c46f3654e5036f4a68) \Device\Harddisk0\DR0\Partition1
21:11:20.0703 2924        \Device\Harddisk0\DR0\Partition1 - ok
21:11:20.0703 2924        ============================================================
21:11:20.0703 2924        Scan finished
21:11:20.0703 2924        ============================================================
21:11:20.0828 2900        Detected object count: 7
21:11:20.0828 2900        Actual detected object count: 7
21:11:29.0734 2900        Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0734 2900        Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0734 2900        ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0734 2900        ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0734 2900        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0734 2900        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0734 2900        MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0734 2900        MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0750 2900        nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0750 2900        nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0750 2900        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0750 2900        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0750 2900        VtcDrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0750 2900        VtcDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:37.0656 3452        Deinitialize success


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:36 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19