Trojaner-Board - MyStart Incredibar Toolbar

(code)OTL Logfile:

Code:

OTL logfile created on: 11.08.2012 20:08:42 - Run 1

OTL by OldTimer - Version 3.2.57.0     Folder = C:\Dokumente und Einstellungen\Pöschel\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

446,17 Mb Total Physical Memory | 278,35 Mb Available Physical Memory | 62,39% Memory free

1,03 Gb Paging File | 0,84 Gb Available in Paging File | 81,51% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 34,06 Gb Total Space | 11,78 Gb Free Space | 34,59% Space Free | Partition Type: NTFS

Drive E: | 29,30 Gb Total Space | 26,35 Gb Free Space | 89,91% Space Free | Partition Type: NTFS

Drive F: | 11,16 Gb Total Space | 0,89 Gb Free Space | 7,96% Space Free | Partition Type: FAT32

 

Computer Name: NAME-04467660DF | User Name: Pöschel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.08.11 20:07:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Pöschel\Desktop\OTL.exe

PRC - [2011.07.28 19:04:30 | 000,326,232 | ---- | M] (Alcor Micro, Corp.) -- C:\WINDOWS\Webcam\S6000\S6000Mnt.exe

PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010.03.18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.03.01 12:35:26 | 000,327,680 | ---- | M] (AVM Berlin GmbH) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe

PRC - [2005.08.19 09:11:56 | 000,163,840 | ---- | M] () -- C:\Programme\Power Manager\PM.exe

PRC - [2005.08.01 08:28:37 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe

PRC - [2005.08.01 08:28:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2003.06.03 16:52:22 | 001,200,128 | ---- | M] (PowerQuest Corporation) -- C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

PRC - [2002.11.25 09:12:32 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

MOD - [2005.08.19 09:11:56 | 000,163,840 | ---- | M] () -- C:\Programme\Power Manager\PM.exe

MOD - [2005.08.01 08:28:37 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56spn.dll

MOD - [2005.08.01 08:28:37 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56itl.dll

MOD - [2005.08.01 08:28:37 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56ger.dll

MOD - [2005.08.01 08:28:37 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56fra.dll

MOD - [2005.08.01 08:28:37 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56eng.dll

MOD - [2005.08.01 08:28:37 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56brz.dll

MOD - [2005.08.01 08:28:37 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll

MOD - [2005.08.01 08:28:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56cht.dll

MOD - [2005.08.01 08:28:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56chs.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.07.29 19:21:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.05.30 13:57:42 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

SRV - [2003.06.03 16:52:22 | 001,200,128 | ---- | M] (PowerQuest Corporation) [Auto | Running] -- C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -- (V2i Protector)

SRV - [2002.11.25 09:12:32 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\PSCHEL~1\LOKALE~1\Temp\naecd.sys -- (naecd)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.07.29 22:54:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011.07.29 23:43:28 | 000,027,760 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\clwvd.sys -- (clwvd)

DRV - [2011.07.28 19:04:16 | 003,328,472 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\S6000KNT.sys -- (S6000KNT)

DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2007.01.06 16:30:32 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06)

DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2006.08.14 18:36:00 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)

DRV - [2006.02.23 17:16:36 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)

DRV - [2005.08.01 08:29:29 | 000,005,504 | ---- | M] (EnE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EKBfltr.sys -- (EKBfltr)

DRV - [2005.08.01 08:29:08 | 001,198,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.08.01 08:28:38 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2005.08.01 08:28:34 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2005.08.01 08:28:32 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)

DRV - [2005.08.01 08:28:04 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)

DRV - [2005.05.05 02:08:38 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2003.10.24 23:27:32 | 000,095,970 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2003.06.03 16:52:24 | 000,123,957 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i)

DRV - [2003.06.03 16:52:20 | 000,046,900 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount)

DRV - [2002.03.01 23:21:00 | 000,004,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Power Manager\WinIo.sys -- (WINIO)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-165510636-482265576-3065052447-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-165510636-482265576-3065052447-1007\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

IE - HKU\S-1-5-21-165510636-482265576-3065052447-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-165510636-482265576-3065052447-1007\..\SearchScopes\{6BB71254-BFEE-41BC-A156-E0385E469050}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-165510636-482265576-3065052447-1007\..\SearchScopes\{9169866F-1FBE-4AB5-9174-C4DEFC106E8C}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}

IE - HKU\S-1-5-21-165510636-482265576-3065052447-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.29 19:39:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2012.02.07 19:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Extensions

[2012.07.29 19:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions

[2012.07.29 19:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions\extensions

[2012.08.03 12:22:18 | 000,000,000 | ---D | M] (Yontoo) -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com

[2012.08.03 12:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Firefox\Profiles\s4cu5icn.default\extensions

[2012.02.25 19:05:38 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Firefox\Profiles\s4cu5icn.default\extensions\ffxtlbr@funmoods.com

[2012.07.29 19:41:43 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Firefox\Profiles\s4cu5icn.default\extensions\plugin@videofiledownload.com

[2012.08.03 12:22:18 | 000,000,000 | ---D | M] (Yontoo) -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Firefox\Profiles\s4cu5icn.default\extensions\plugin@yontoo.com

[2012.02.25 19:04:54 | 000,001,798 | ---- | M] () -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Firefox\Profiles\s4cu5icn.default\searchplugins\funmoods.xml

[2012.07.29 17:05:35 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla\Firefox\Profiles\s4cu5icn.default\searchplugins\MyStart Search.xml

[2012.03.16 16:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.05.30 13:39:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\PÃ¶SCHEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\S4CU5ICN.DEFAULT\EXTENSIONS\PLUGIN@VIDEOFILEDOWNLOAD.COM

File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\PÃ¶SCHEL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\S4CU5ICN.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM

[2012.07.29 19:21:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.06.26 16:35:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.26 16:35:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.06.26 16:35:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.26 16:35:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.26 16:35:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.26 16:35:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: hxxp://www.google.com

CHR - Extension: No name found = C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: No name found = C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\

CHR - Extension: No name found = C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

CHR - Extension: No name found = C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKU\S-1-5-21-165510636-482265576-3065052447-1007\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin GmbH)

O4 - HKLM..\Run: [PowerManager] C:\Programme\Power Manager\PM.exe ()

O4 - HKLM..\Run: [S6000Mnt] C:\WINDOWS\System32\S6000Rmv.dll (Alcor)

O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-165510636-482265576-3065052447-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O12 - Plugin for: .mp3 - C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll (Apple Computer, Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1328466840608 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7EA79B7-4E9A-43BF-9C1D-A8ED020F87C1}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.10.22 16:50:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{452f4a68-d58e-11e1-9e63-0002e345e0e4}\Shell - "" = AutoRun

O33 - MountPoints2\{452f4a68-d58e-11e1-9e63-0002e345e0e4}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{452f4a68-d58e-11e1-9e63-0002e345e0e4}\Shell\AutoRun\command - "" = H:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)

MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: YouCam Mirage - hkey= - key= - C:\Programme\CyberLink\YouCam\YCMMirage.exe (CyberLink)

MsConfig - StartUpReg: YouCam Tray - hkey= - key= - C:\Programme\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 2

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.11 20:06:59 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Pöschel\Desktop\OTL.exe

[2012.08.05 13:33:43 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Pöschel\Recent

[2012.08.03 12:32:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\ObviousIdea

[2012.08.03 12:19:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ObviousIdea

[2012.08.03 12:19:45 | 000,000,000 | ---D | C] -- C:\Programme\ObviousIdea

[2012.08.01 15:50:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pöschel\Desktop\Für Forum

[2012.07.31 11:46:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ArcSoft MediaImpression

[2012.07.31 11:43:11 | 000,000,000 | ---D | C] -- C:\Programme\ArcSoft

[2012.07.31 10:27:33 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.07.29 22:54:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.07.29 20:01:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Malwarebytes

[2012.07.29 20:01:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.07.29 20:01:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.07.29 20:01:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.07.29 20:01:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.07.29 19:45:28 | 000,000,000 | ---D | C] -- C:\Programme\1ClickDownload

[2012.07.29 19:45:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Diesel and Death

[2012.07.29 17:09:41 | 000,000,000 | ---D | C] -- C:\Programme\Perion

[2012.07.29 17:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ADDICT-THING

[2012.07.29 15:38:35 | 000,000,000 | ---D | C] -- C:\Programme\OpenApp

[2012.07.29 15:38:17 | 000,000,000 | ---D | C] -- C:\Programme\smartdl

[2012.07.29 14:47:21 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Dokumente und Einstellungen\Pöschel\Desktop\MinecraftSP.exe

[2012.07.29 12:07:41 | 000,000,000 | ---D | C] -- C:\Programme\Diesel and Death

[2012.07.29 11:56:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pöschel\Eigene Dateien\Freemake

[2012.07.24 22:50:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\ArcSoft

[2012.07.24 16:41:48 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys

[2012.07.24 16:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ArcSoft

[2012.07.24 16:40:27 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ArcSoft

[2012.07.24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\ArcSoft

[2012.07.24 14:51:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FRITZ!WLAN

[2012.07.24 14:51:33 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick

[2012.07.24 14:51:31 | 000,264,704 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\drivers\fwlanusb.sys

[2012.07.24 14:51:31 | 000,055,808 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\avmadd32.dll

[2012.07.24 14:51:31 | 000,033,792 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\avmcowlan.dll

[2012.07.24 14:51:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\AVM_Driver

[2012.07.24 14:51:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pöschel\AVM_Driver

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.11 20:07:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Pöschel\Desktop\OTL.exe

[2012.08.11 19:44:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.08.09 19:45:50 | 000,614,903 | ---- | M] () -- C:\Dokumente und Einstellungen\Pöschel\Desktop\adwcleaner.exe

[2012.08.09 19:32:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.08.03 12:19:55 | 000,000,827 | ---- | M] () -- C:\Dokumente und Einstellungen\Pöschel\Desktop\Light Image Resizer 4.lnk

[2012.08.01 15:49:46 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.07.31 11:46:30 | 000,001,746 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Media Impression.lnk

[2012.07.29 22:54:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.07.29 17:07:51 | 000,000,692 | ---- | M] () -- C:\user.js

[2012.07.29 12:07:41 | 000,000,721 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Diesel and Death.lnk

[2012.07.24 14:52:55 | 000,504,834 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.07.24 14:52:55 | 000,483,330 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.07.24 14:52:55 | 000,080,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.07.24 14:52:54 | 000,096,470 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.08.09 19:45:46 | 000,614,903 | ---- | C] () -- C:\Dokumente und Einstellungen\Pöschel\Desktop\adwcleaner.exe

[2012.08.03 12:19:55 | 000,000,827 | ---- | C] () -- C:\Dokumente und Einstellungen\Pöschel\Desktop\Light Image Resizer 4.lnk

[2012.07.31 11:46:30 | 000,001,746 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Media Impression.lnk

[2012.07.29 12:07:41 | 000,000,721 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Diesel and Death.lnk

[2012.07.24 14:51:32 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin

[2012.06.08 18:47:21 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2012.06.08 18:30:49 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2012.04.15 14:34:32 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Pöschel\.recently-used.xbel

[2012.04.14 18:20:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RSSNewsWriter.INI

[2012.03.16 19:44:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.02.26 16:36:33 | 000,209,662 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2012.02.25 23:48:16 | 000,776,243 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-165510636-482265576-3065052447-1007-0.dat

[2012.02.15 20:44:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.02.07 20:13:27 | 000,076,376 | ---- | C] () -- C:\WINDOWS\System32\S6000DIF.dll

[2012.02.07 20:13:27 | 000,015,190 | ---- | C] () -- C:\WINDOWS\S6000Twn.ini

[2012.02.07 20:13:27 | 000,000,099 | ---- | C] () -- C:\WINDOWS\StillMnt.ini

[2006.12.22 18:28:38 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005.12.30 16:00:26 | 000,004,214 | ---- | C] () -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\wklnhst.dat

[2005.12.30 12:56:38 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Pöschel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

 
 ========== LOP Check ==========

 

[2012.07.29 19:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ADDICT-THING

[2012.02.28 18:51:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software

[2012.06.08 18:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited

[2012.06.26 15:32:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2012.03.24 20:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core

[2012.03.24 20:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts

[2012.07.29 19:45:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake

[2012.02.25 15:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle

[2012.02.06 09:12:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PowerQuest

[2012.02.07 20:11:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp

[2012.08.04 16:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\.minecraft

[2012.06.08 18:32:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Canneverbe Limited

[2012.07.29 18:41:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\DAEMON Tools Lite

[2012.03.14 18:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\DVDVideoSoft

[2012.02.20 20:23:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\GetRightToGo

[2012.04.15 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\gtk-2.0

[2006.11.19 12:41:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\ICQ Toolbar

[2006.12.17 20:35:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\InterVideo

[2012.02.06 09:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\IsolatedStorage

[2006.11.05 12:06:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\MAGIX

[2012.08.03 12:37:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\ObviousIdea

[2012.04.14 18:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Participatory Culture Foundation

[2012.08.06 14:03:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\PCF-VLC

[2012.03.07 15:41:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Rovio

[2005.12.30 17:23:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Template

[2012.07.26 12:05:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\TIPP10

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.08.04 16:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\.minecraft

[2012.02.19 11:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Adobe

[2005.12.30 13:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\AdobeUM

[2005.12.30 17:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Ahead

[2012.07.25 17:29:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\ArcSoft

[2012.06.08 18:32:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Canneverbe Limited

[2012.03.01 20:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\CyberLink

[2012.07.29 18:41:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\DAEMON Tools Lite

[2012.03.14 18:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\DVDVideoSoft

[2012.02.20 20:23:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\GetRightToGo

[2012.04.15 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\gtk-2.0

[2006.02.23 19:05:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Help

[2006.11.19 12:41:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\ICQ Toolbar

[2012.03.26 14:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Identities

[2012.02.07 20:12:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\InstallShield

[2006.12.17 20:35:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\InterVideo

[2012.02.06 09:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\IsolatedStorage

[2006.01.14 16:48:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Macromedia

[2006.11.05 12:06:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\MAGIX

[2012.07.29 20:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Malwarebytes

[2012.03.10 17:44:01 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Microsoft

[2012.02.07 19:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Mozilla

[2012.08.03 12:37:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\ObviousIdea

[2012.04.14 18:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Participatory Culture Foundation

[2012.08.06 14:03:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\PCF-VLC

[2012.03.07 15:41:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Rovio

[2012.08.11 20:07:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Skype

[2012.02.07 20:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Sun

[2005.12.30 17:23:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\Template

[2012.07.26 12:05:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pöschel\Anwendungsdaten\TIPP10

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2012.02.05 21:29:08 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

[2012.02.05 21:29:08 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2012.02.05 21:29:08 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys

[2012.02.05 21:29:08 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\I386\$oem$\textmode\iaStor.sys

[2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\OemDir\iaStor.sys

[2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\system32\drivers\iaStor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: VIAMRAID.SYS  >

[2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\I386\$oem$\textmode\viamraid.sys

[2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\OemDir\viamraid.sys

[2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\system32\drivers\viamraid.sys

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtUninstallKB883529$\winlogon.exe

[2004.08.25 18:59:56 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=325A82EBBD69248D75C5F831E8817D17 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2005.10.22 18:38:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2005.10.22 18:38:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2005.10.22 18:38:50 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

--- --- ---
(/code)

Code:

18:05:27.0359 2356        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

18:05:28.0093 2356        ============================================================

18:05:28.0093 2356        Current date / time: 2012/08/12 18:05:28.0093

18:05:28.0093 2356        SystemInfo:

18:05:28.0093 2356        

18:05:28.0093 2356        OS Version: 5.1.2600 ServicePack: 3.0

18:05:28.0093 2356        Product type: Workstation

18:05:28.0093 2356        ComputerName: NAME-04467660DF

18:05:28.0093 2356        UserName: Pöschel

18:05:28.0093 2356        Windows directory: C:\WINDOWS

18:05:28.0093 2356        System windows directory: C:\WINDOWS

18:05:28.0093 2356        Processor architecture: Intel x86

18:05:28.0093 2356        Number of processors: 1

18:05:28.0093 2356        Page size: 0x1000

18:05:28.0093 2356        Boot type: Normal boot

18:05:28.0093 2356        ============================================================

18:05:33.0375 2356        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:05:33.0468 2356        ============================================================

18:05:33.0468 2356        \Device\Harddisk0\DR0:

18:05:33.0468 2356        MBR partitions:

18:05:33.0468 2356        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x441DB9F

18:05:33.0531 2356        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x441DC1D, BlocksNum 0x3A9A172

18:05:33.0625 2356        \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x7EB7DCE, BlocksNum 0x16566F3

18:05:33.0625 2356        ============================================================

18:05:33.0796 2356        C: <-> \Device\Harddisk0\DR0\Partition0

18:05:33.0890 2356        E: <-> \Device\Harddisk0\DR0\Partition1

18:05:34.0015 2356        F: <-> \Device\Harddisk0\DR0\Partition2

18:05:34.0093 2356        ============================================================

18:05:34.0093 2356        Initialize success

18:05:34.0093 2356        ============================================================

18:05:46.0312 2200        ============================================================

18:05:46.0312 2200        Scan started

18:05:46.0312 2200        Mode: Manual; SigCheck; TDLFS; 

18:05:46.0312 2200        ============================================================

18:05:46.0828 2200        Abiosdsk - ok

18:05:46.0843 2200        abp480n5 - ok

18:05:47.0046 2200        ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe

18:05:47.0437 2200        ACDaemon - ok

18:05:47.0515 2200        ACEDRV05        (0a1e97197609f92d2425b67da0bb0a7f) C:\WINDOWS\system32\drivers\ACEDRV05.sys

18:05:49.0484 2200        ACEDRV05 ( UnsignedFile.Multi.Generic ) - warning

18:05:49.0484 2200        ACEDRV05 - detected UnsignedFile.Multi.Generic (1)

18:05:49.0578 2200        ACEDRV06        (44010948bde6ade50dd1386657c73e83) C:\WINDOWS\system32\drivers\ACEDRV06.sys

18:05:49.0625 2200        ACEDRV06 ( UnsignedFile.Multi.Generic ) - warning

18:05:49.0625 2200        ACEDRV06 - detected UnsignedFile.Multi.Generic (1)

18:05:49.0671 2200        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:05:50.0812 2200        ACPI - ok

18:05:50.0859 2200        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:05:51.0046 2200        ACPIEC - ok

18:05:51.0203 2200        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:05:51.0234 2200        AdobeFlashPlayerUpdateSvc - ok

18:05:51.0250 2200        adpu160m - ok

18:05:51.0281 2200        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:05:51.0453 2200        aec - ok

18:05:51.0500 2200        Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys

18:05:51.0515 2200        Afc - ok

18:05:51.0578 2200        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:05:51.0656 2200        AFD - ok

18:05:51.0671 2200        Aha154x - ok

18:05:51.0687 2200        aic78u2 - ok

18:05:51.0703 2200        aic78xx - ok

18:05:51.0875 2200        ALCXWDM         (9a6aa923f00d368c8ad3bd7485d5cdca) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

18:05:52.0140 2200        ALCXWDM - ok

18:05:52.0437 2200        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

18:05:52.0625 2200        Alerter - ok

18:05:52.0656 2200        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

18:05:52.0812 2200        ALG - ok

18:05:52.0843 2200        AliIde - ok

18:05:52.0859 2200        amsint - ok

18:05:52.0921 2200        ApfiltrService  (940976839b89995fcc30dfb3ee33410b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

18:05:53.0015 2200        ApfiltrService - ok

18:05:53.0015 2200        AppMgmt - ok

18:05:53.0140 2200        AR5211          (d4e7ed3ae224c851b08f3a3a85c37e88) C:\WINDOWS\system32\DRIVERS\ar5211.sys

18:05:53.0203 2200        AR5211 - ok

18:05:53.0281 2200        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:05:53.0484 2200        Arp1394 - ok

18:05:53.0484 2200        asc - ok

18:05:53.0500 2200        asc3350p - ok

18:05:53.0515 2200        asc3550 - ok

18:05:53.0687 2200        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:05:53.0734 2200        aspnet_state - ok

18:05:53.0765 2200        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:05:53.0921 2200        AsyncMac - ok

18:05:53.0968 2200        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:05:54.0125 2200        atapi - ok

18:05:54.0140 2200        Atdisk - ok

18:05:54.0203 2200        Ati HotKey Poller (8da2aaac0266530bcac4ead8dbf49495) C:\WINDOWS\system32\Ati2evxx.exe

18:05:54.0328 2200        Ati HotKey Poller - ok

18:05:54.0421 2200        ati2mtag        (08105d985adc5e1c8d0d4931d3afd3ca) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:05:54.0562 2200        ati2mtag - ok

18:05:54.0625 2200        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:05:54.0796 2200        Atmarpc - ok

18:05:54.0843 2200        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

18:05:55.0000 2200        AudioSrv - ok

18:05:55.0046 2200        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:05:55.0218 2200        audstub - ok

18:05:55.0281 2200        bcm4sbxp        (625df8f8f415b3153e7bae44a2c29359) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

18:05:55.0328 2200        bcm4sbxp - ok

18:05:55.0375 2200        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:05:55.0593 2200        Beep - ok

18:05:55.0671 2200        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

18:05:55.0968 2200        BITS - ok

18:05:56.0046 2200        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

18:05:56.0187 2200        Browser - ok

18:05:56.0250 2200        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:05:56.0468 2200        cbidf2k - ok

18:05:56.0531 2200        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:05:56.0671 2200        CCDECODE - ok

18:05:56.0687 2200        cd20xrnt - ok

18:05:56.0750 2200        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:05:56.0953 2200        Cdaudio - ok

18:05:57.0000 2200        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:05:57.0140 2200        Cdfs - ok

18:05:57.0203 2200        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:05:57.0359 2200        Cdrom - ok

18:05:57.0390 2200        Changer - ok

18:05:57.0437 2200        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

18:05:57.0593 2200        CiSvc - ok

18:05:57.0625 2200        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

18:05:57.0765 2200        ClipSrv - ok

18:05:57.0906 2200        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:05:58.0078 2200        clr_optimization_v2.0.50727_32 - ok

18:05:58.0234 2200        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:05:58.0265 2200        clr_optimization_v4.0.30319_32 - ok

18:05:58.0312 2200        clwvd           (287783e44bcf4fc5ba4860ba537a4c64) C:\WINDOWS\system32\DRIVERS\clwvd.sys

18:05:58.0328 2200        clwvd - ok

18:05:58.0343 2200        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:05:58.0515 2200        CmBatt - ok

18:05:58.0546 2200        CmdIde - ok

18:05:58.0578 2200        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:05:58.0718 2200        Compbatt - ok

18:05:58.0734 2200        COMSysApp - ok

18:05:58.0765 2200        Cpqarray - ok

18:05:58.0828 2200        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

18:05:59.0000 2200        CryptSvc - ok

18:05:59.0000 2200        dac2w2k - ok

18:05:59.0031 2200        dac960nt - ok

18:05:59.0093 2200        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

18:05:59.0218 2200        DcomLaunch - ok

18:05:59.0328 2200        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

18:05:59.0484 2200        Dhcp - ok

18:05:59.0515 2200        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:05:59.0671 2200        Disk - ok

18:05:59.0687 2200        dmadmin - ok

18:05:59.0750 2200        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

18:05:59.0968 2200        dmboot - ok

18:06:00.0000 2200        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

18:06:00.0171 2200        dmio - ok

18:06:00.0250 2200        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:06:00.0468 2200        dmload - ok

18:06:00.0515 2200        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

18:06:00.0671 2200        dmserver - ok

18:06:00.0718 2200        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:06:00.0859 2200        DMusic - ok

18:06:00.0890 2200        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

18:06:00.0968 2200        Dnscache - ok

18:06:01.0046 2200        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

18:06:01.0203 2200        Dot3svc - ok

18:06:01.0281 2200        dpti2o - ok

18:06:01.0296 2200        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:06:01.0437 2200        drmkaud - ok

18:06:01.0484 2200        EagleNT - ok

18:06:01.0515 2200        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

18:06:01.0656 2200        EapHost - ok

18:06:01.0718 2200        EKBfltr         (74f17da54cec320e3eab105b73234534) C:\WINDOWS\system32\DRIVERS\EKBfltr.sys

18:06:01.0765 2200        EKBfltr - ok

18:06:01.0796 2200        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

18:06:01.0937 2200        ERSvc - ok

18:06:01.0984 2200        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

18:06:02.0031 2200        Eventlog - ok

18:06:02.0093 2200        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

18:06:02.0140 2200        EventSystem - ok

18:06:02.0234 2200        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:06:02.0406 2200        Fastfat - ok

18:06:02.0437 2200        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

18:06:02.0531 2200        FastUserSwitchingCompatibility - ok

18:06:02.0578 2200        Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe

18:06:02.0781 2200        Fax - ok

18:06:02.0796 2200        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

18:06:02.0921 2200        Fdc - ok

18:06:02.0953 2200        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

18:06:03.0140 2200        Fips - ok

18:06:03.0187 2200        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

18:06:03.0343 2200        Flpydisk - ok

18:06:03.0390 2200        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:06:03.0531 2200        FltMgr - ok

18:06:03.0687 2200        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:06:03.0703 2200        FontCache3.0.0.0 - ok

18:06:03.0750 2200        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:06:03.0968 2200        Fs_Rec - ok

18:06:04.0000 2200        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:06:04.0250 2200        Ftdisk - ok

18:06:04.0296 2200        FWLANUSB        (ecb814c5d07839843aa5c3a1ee3ba8f3) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys

18:06:04.0343 2200        FWLANUSB - ok

18:06:04.0390 2200        GearAspiWDM     (c33f253f50dec8c8119f67bcde831f13) C:\WINDOWS\system32\drivers\GearAspiWDM.sys

18:06:04.0406 2200        GearAspiWDM ( UnsignedFile.Multi.Generic ) - warning

18:06:04.0406 2200        GearAspiWDM - detected UnsignedFile.Multi.Generic (1)

18:06:04.0437 2200        GEARSecurity    (17b77d83c53ae007c11ed811d992e727) C:\WINDOWS\System32\GEARSec.exe

18:06:04.0468 2200        GEARSecurity ( UnsignedFile.Multi.Generic ) - warning

18:06:04.0468 2200        GEARSecurity - detected UnsignedFile.Multi.Generic (1)

18:06:04.0515 2200        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:06:04.0687 2200        Gpc - ok

18:06:04.0796 2200        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:06:04.0921 2200        helpsvc - ok

18:06:04.0937 2200        HidServ - ok

18:06:04.0984 2200        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:06:05.0140 2200        HidUsb - ok

18:06:05.0234 2200        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

18:06:05.0453 2200        hkmsvc - ok

18:06:05.0468 2200        hpn - ok

18:06:05.0515 2200        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:06:05.0578 2200        HTTP - ok

18:06:05.0609 2200        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

18:06:05.0812 2200        HTTPFilter - ok

18:06:05.0812 2200        i2omgmt - ok

18:06:05.0828 2200        i2omp - ok

18:06:05.0906 2200        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:06:06.0046 2200        i8042prt - ok

18:06:06.0093 2200        iaStor          (bdce6b54e1d7d8399175a83a02274b7a) C:\WINDOWS\system32\drivers\iaStor.sys

18:06:06.0187 2200        iaStor - ok

18:06:06.0484 2200        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:06:06.0546 2200        idsvc - ok

18:06:06.0609 2200        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:06:06.0765 2200        Imapi - ok

18:06:06.0812 2200        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

18:06:06.0968 2200        ImapiService - ok

18:06:07.0000 2200        ini910u - ok

18:06:07.0031 2200        IntelIde - ok

18:06:07.0078 2200        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:06:07.0218 2200        intelppm - ok

18:06:07.0296 2200        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:06:07.0484 2200        Ip6Fw - ok

18:06:07.0531 2200        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:06:07.0765 2200        IpFilterDriver - ok

18:06:07.0796 2200        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:06:07.0937 2200        IpInIp - ok

18:06:07.0968 2200        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:06:08.0109 2200        IpNat - ok

18:06:08.0140 2200        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:06:08.0281 2200        IPSec - ok

18:06:08.0328 2200        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:06:08.0453 2200        IRENUM - ok

18:06:08.0484 2200        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:06:08.0625 2200        isapnp - ok

18:06:08.0765 2200        JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Programme\Java\jre6\bin\jqs.exe

18:06:08.0796 2200        JavaQuickStarterService - ok

18:06:08.0828 2200        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:06:08.0968 2200        Kbdclass - ok

18:06:09.0015 2200        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:06:09.0156 2200        kmixer - ok

18:06:09.0218 2200        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:06:09.0265 2200        KSecDD - ok

18:06:09.0390 2200        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

18:06:09.0453 2200        lanmanserver - ok

18:06:09.0484 2200        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

18:06:09.0593 2200        lanmanworkstation - ok

18:06:09.0609 2200        lbrtfdc - ok

18:06:09.0687 2200        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

18:06:09.0812 2200        LmHosts - ok

18:06:09.0859 2200        MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

18:06:09.0875 2200        MBAMSwissArmy - ok

18:06:10.0015 2200        MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

18:06:10.0062 2200        MDM - ok

18:06:10.0093 2200        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

18:06:10.0265 2200        Messenger - ok

18:06:10.0312 2200        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:06:10.0531 2200        mnmdd - ok

18:06:10.0578 2200        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

18:06:10.0718 2200        mnmsrvc - ok

18:06:10.0765 2200        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

18:06:10.0921 2200        Modem - ok

18:06:10.0937 2200        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:06:11.0078 2200        Mouclass - ok

18:06:11.0140 2200        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:06:11.0359 2200        mouhid - ok

18:06:11.0484 2200        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:06:11.0625 2200        MountMgr - ok

18:06:11.0703 2200        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

18:06:11.0734 2200        MozillaMaintenance - ok

18:06:11.0765 2200        mraid35x - ok

18:06:11.0796 2200        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:06:11.0937 2200        MRxDAV - ok

18:06:12.0015 2200        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:06:12.0109 2200        MRxSmb - ok

18:06:12.0156 2200        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

18:06:12.0312 2200        MSDTC - ok

18:06:12.0406 2200        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:06:12.0546 2200        Msfs - ok

18:06:12.0562 2200        MSIServer - ok

18:06:12.0609 2200        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:06:12.0734 2200        MSKSSRV - ok

18:06:12.0750 2200        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:06:12.0906 2200        MSPCLOCK - ok

18:06:12.0921 2200        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:06:13.0062 2200        MSPQM - ok

18:06:13.0093 2200        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:06:13.0234 2200        mssmbios - ok

18:06:13.0312 2200        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:06:13.0453 2200        MSTEE - ok

18:06:13.0484 2200        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:06:13.0531 2200        Mup - ok

18:06:13.0562 2200        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:06:13.0703 2200        NABTSFEC - ok

18:06:13.0781 2200        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

18:06:13.0953 2200        napagent - ok

18:06:13.0984 2200        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:06:14.0125 2200        NDIS - ok

18:06:14.0171 2200        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:06:14.0296 2200        NdisIP - ok

18:06:14.0343 2200        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:06:14.0406 2200        NdisTapi - ok

18:06:14.0468 2200        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:06:14.0593 2200        Ndisuio - ok

18:06:14.0640 2200        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:06:14.0781 2200        NdisWan - ok

18:06:14.0828 2200        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:06:14.0875 2200        NDProxy - ok

18:06:14.0906 2200        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:06:15.0062 2200        NetBIOS - ok

18:06:15.0078 2200        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:06:15.0250 2200        NetBT - ok

18:06:15.0296 2200        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

18:06:15.0437 2200        NetDDE - ok

18:06:15.0468 2200        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

18:06:15.0593 2200        NetDDEdsdm - ok

18:06:15.0656 2200        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:06:15.0781 2200        Netlogon - ok

18:06:15.0828 2200        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

18:06:15.0968 2200        Netman - ok

18:06:16.0125 2200        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:06:16.0140 2200        NetTcpPortSharing - ok

18:06:16.0171 2200        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:06:16.0328 2200        NIC1394 - ok

18:06:16.0375 2200        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

18:06:16.0406 2200        Nla - ok

18:06:16.0578 2200        NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe

18:06:16.0593 2200        NMSAccess - ok

18:06:16.0656 2200        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:06:16.0796 2200        Npfs - ok

18:06:16.0859 2200        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:06:17.0046 2200        Ntfs - ok

18:06:17.0078 2200        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:06:17.0203 2200        NtLmSsp - ok

18:06:17.0328 2200        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

18:06:17.0515 2200        NtmsSvc - ok

18:06:17.0562 2200        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:06:17.0781 2200        Null - ok

18:06:17.0843 2200        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:06:18.0078 2200        NwlnkFlt - ok

18:06:18.0078 2200        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:06:18.0343 2200        NwlnkFwd - ok

18:06:18.0484 2200        odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

18:06:18.0515 2200        odserv - ok

18:06:18.0578 2200        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:06:18.0718 2200        ohci1394 - ok

18:06:18.0765 2200        ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

18:06:18.0781 2200        ose - ok

18:06:18.0812 2200        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

18:06:18.0937 2200        Parport - ok

18:06:18.0968 2200        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:06:19.0109 2200        PartMgr - ok

18:06:19.0140 2200        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

18:06:19.0390 2200        ParVdm - ok

18:06:19.0406 2200        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

18:06:19.0546 2200        PCI - ok

18:06:19.0562 2200        PCIDump - ok

18:06:19.0609 2200        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:06:19.0828 2200        PCIIde - ok

18:06:19.0890 2200        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

18:06:20.0015 2200        Pcmcia - ok

18:06:20.0046 2200        PDCOMP - ok

18:06:20.0062 2200        PDFRAME - ok

18:06:20.0078 2200        PDRELI - ok

18:06:20.0093 2200        PDRFRAME - ok

18:06:20.0109 2200        perc2 - ok

18:06:20.0125 2200        perc2hib - ok

18:06:20.0234 2200        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

18:06:20.0265 2200        PlugPlay - ok

18:06:20.0312 2200        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:06:20.0437 2200        PolicyAgent - ok

18:06:20.0453 2200        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:06:20.0609 2200        PptpMiniport - ok

18:06:20.0687 2200        PQIMount        (2c4c21f42a50bec51c50e1674e590a57) C:\WINDOWS\system32\drivers\PQIMount.sys

18:06:20.0687 2200        PQIMount ( UnsignedFile.Multi.Generic ) - warning

18:06:20.0687 2200        PQIMount - detected UnsignedFile.Multi.Generic (1)

18:06:20.0734 2200        PQV2i           (6a566d0f05a23bc9491b3440945c50a2) C:\WINDOWS\system32\drivers\PQV2i.sys

18:06:20.0765 2200        PQV2i ( UnsignedFile.Multi.Generic ) - warning

18:06:20.0765 2200        PQV2i - detected UnsignedFile.Multi.Generic (1)

18:06:20.0796 2200        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:06:20.0921 2200        ProtectedStorage - ok

18:06:20.0953 2200        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:06:21.0093 2200        PSched - ok

18:06:21.0156 2200        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:06:21.0390 2200        Ptilink - ok

18:06:21.0406 2200        ql1080 - ok

18:06:21.0421 2200        Ql10wnt - ok

18:06:21.0437 2200        ql12160 - ok

18:06:21.0453 2200        ql1240 - ok

18:06:21.0500 2200        ql1280 - ok

18:06:21.0546 2200        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:06:21.0750 2200        RasAcd - ok

18:06:21.0812 2200        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

18:06:21.0953 2200        RasAuto - ok

18:06:21.0984 2200        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:06:22.0125 2200        Rasl2tp - ok

18:06:22.0187 2200        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

18:06:22.0343 2200        RasMan - ok

18:06:22.0375 2200        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:06:22.0515 2200        RasPppoe - ok

18:06:22.0578 2200        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:06:22.0781 2200        Raspti - ok

18:06:22.0843 2200        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:06:23.0000 2200        Rdbss - ok

18:06:23.0046 2200        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:06:23.0265 2200        RDPCDD - ok

18:06:23.0296 2200        RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

18:06:23.0359 2200        RDPWD - ok

18:06:23.0406 2200        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

18:06:23.0562 2200        RDSessMgr - ok

18:06:23.0593 2200        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:06:23.0734 2200        redbook - ok

18:06:23.0812 2200        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

18:06:23.0953 2200        RemoteAccess - ok

18:06:23.0984 2200        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

18:06:24.0125 2200        RpcLocator - ok

18:06:24.0187 2200        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

18:06:24.0218 2200        RpcSs - ok

18:06:24.0312 2200        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

18:06:24.0515 2200        RSVP - ok

18:06:24.0718 2200        S6000KNT        (459927b1453d4e11d54ea4d089a01c6b) C:\WINDOWS\system32\Drivers\S6000KNT.sys

18:06:24.0906 2200        S6000KNT - ok

18:06:25.0171 2200        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:06:25.0312 2200        SamSs - ok

18:06:25.0343 2200        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

18:06:25.0500 2200        SCardSvr - ok

18:06:25.0531 2200        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

18:06:25.0671 2200        Schedule - ok

18:06:25.0718 2200        sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

18:06:25.0875 2200        sdbus - ok

18:06:25.0921 2200        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:06:26.0046 2200        Secdrv - ok

18:06:26.0078 2200        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

18:06:26.0218 2200        seclogon - ok

18:06:26.0328 2200        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

18:06:26.0468 2200        SENS - ok

18:06:26.0484 2200        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

18:06:26.0640 2200        Serial - ok

18:06:26.0718 2200        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

18:06:26.0859 2200        Sfloppy - ok

18:06:26.0921 2200        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

18:06:27.0109 2200        SharedAccess - ok

18:06:27.0156 2200        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

18:06:27.0187 2200        ShellHWDetection - ok

18:06:27.0187 2200        Simbad - ok

18:06:27.0296 2200        SiSRaid2        (b8a2f8dcdc75f19962d975727f393920) C:\WINDOWS\system32\drivers\SiSRaid2.sys

18:06:27.0390 2200        SiSRaid2 - ok

18:06:27.0531 2200        SkypeUpdate     (ddaa5f4a6b958fc313ebd02dd925752f) C:\Programme\Skype\Updater\Updater.exe

18:06:27.0562 2200        SkypeUpdate - ok

18:06:27.0593 2200        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:06:27.0734 2200        SLIP - ok

18:06:27.0843 2200        smserial        (fc512d9288cd4985a3f59a1184559051) C:\WINDOWS\system32\DRIVERS\smserial.sys

18:06:27.0968 2200        smserial - ok

18:06:28.0000 2200        Sparrow - ok

18:06:28.0046 2200        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:06:28.0187 2200        splitter - ok

18:06:28.0312 2200        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:06:28.0437 2200        Spooler - ok

18:06:28.0453 2200        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

18:06:28.0609 2200        sr - ok

18:06:28.0687 2200        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

18:06:28.0843 2200        srservice - ok

18:06:28.0890 2200        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:06:28.0968 2200        Srv - ok

18:06:29.0000 2200        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

18:06:29.0140 2200        SSDPSRV - ok

18:06:29.0234 2200        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys

18:06:29.0250 2200        StarOpen ( UnsignedFile.Multi.Generic ) - warning

18:06:29.0250 2200        StarOpen - detected UnsignedFile.Multi.Generic (1)

18:06:29.0406 2200        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

18:06:29.0593 2200        stisvc - ok

18:06:29.0671 2200        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:06:29.0828 2200        streamip - ok

18:06:29.0859 2200        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:06:30.0000 2200        swenum - ok

18:06:30.0046 2200        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:06:30.0187 2200        swmidi - ok

18:06:30.0203 2200        SwPrv - ok

18:06:30.0281 2200        symc810 - ok

18:06:30.0296 2200        symc8xx - ok

18:06:30.0328 2200        sym_hi - ok

18:06:30.0343 2200        sym_u3 - ok

18:06:30.0390 2200        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:06:30.0515 2200        sysaudio - ok

18:06:30.0562 2200        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

18:06:30.0703 2200        SysmonLog - ok

18:06:30.0765 2200        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

18:06:30.0906 2200        TapiSrv - ok

18:06:30.0968 2200        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:06:31.0015 2200        Tcpip - ok

18:06:31.0062 2200        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:06:31.0218 2200        TDPIPE - ok

18:06:31.0312 2200        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:06:31.0484 2200        TDTCP - ok

18:06:31.0546 2200        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:06:31.0781 2200        TermDD - ok

18:06:31.0859 2200        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

18:06:32.0000 2200        TermService - ok

18:06:32.0046 2200        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

18:06:32.0062 2200        Themes - ok

18:06:32.0109 2200        tifm21          (046ea1353dd599dac9abdcd13504b06c) C:\WINDOWS\system32\drivers\tifm21.sys

18:06:32.0140 2200        tifm21 - ok

18:06:32.0156 2200        TosIde - ok

18:06:32.0328 2200        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

18:06:32.0484 2200        TrkWks - ok

18:06:32.0515 2200        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:06:32.0671 2200        Udfs - ok

18:06:32.0687 2200        ultra - ok

18:06:32.0750 2200        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:06:32.0906 2200        Update - ok

18:06:32.0984 2200        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

18:06:33.0125 2200        upnphost - ok

18:06:33.0156 2200        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

18:06:33.0312 2200        UPS - ok

18:06:33.0375 2200        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:06:33.0531 2200        usbaudio - ok

18:06:33.0578 2200        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:06:33.0718 2200        usbccgp - ok

18:06:33.0734 2200        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:06:33.0875 2200        usbehci - ok

18:06:33.0921 2200        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:06:34.0062 2200        usbhub - ok

18:06:34.0078 2200        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:06:34.0203 2200        usbohci - ok

18:06:34.0281 2200        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:06:34.0406 2200        usbscan - ok

18:06:34.0468 2200        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:06:34.0625 2200        USBSTOR - ok

18:06:34.0671 2200        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

18:06:34.0828 2200        usbvideo - ok

18:06:35.0031 2200        V2i Protector   (d04b0e50847104007979a57fc3115899) C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

18:06:35.0140 2200        V2i Protector ( UnsignedFile.Multi.Generic ) - warning

18:06:35.0140 2200        V2i Protector - detected UnsignedFile.Multi.Generic (1)

18:06:35.0234 2200        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:06:35.0359 2200        VgaSave - ok

18:06:35.0375 2200        ViaIde - ok

18:06:35.0421 2200        viamraid        (6aaa39dd79a8341ce0ef9249f21d6b89) C:\WINDOWS\system32\drivers\viamraid.sys

18:06:35.0484 2200        viamraid - ok

18:06:35.0531 2200        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

18:06:35.0656 2200        VolSnap - ok

18:06:35.0718 2200        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

18:06:35.0875 2200        VSS - ok

18:06:35.0906 2200        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

18:06:36.0046 2200        W32Time - ok

18:06:36.0093 2200        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:06:36.0234 2200        Wanarp - ok

18:06:36.0265 2200        WDICA - ok

18:06:36.0296 2200        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:06:36.0437 2200        wdmaud - ok

18:06:36.0468 2200        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

18:06:36.0609 2200        WebClient - ok

18:06:36.0765 2200        WINIO           (7e5a7cf19504af7ddaf4fa36261940d1) C:\Programme\Power Manager\winio.sys

18:06:36.0765 2200        WINIO ( UnsignedFile.Multi.Generic ) - warning

18:06:36.0765 2200        WINIO - detected UnsignedFile.Multi.Generic (1)

18:06:36.0828 2200        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:06:36.0953 2200        winmgmt - ok

18:06:37.0031 2200        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

18:06:37.0078 2200        WmdmPmSN - ok

18:06:37.0125 2200        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:06:37.0265 2200        WmiApSrv - ok

18:06:37.0421 2200        WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe

18:06:37.0515 2200        WMPNetworkSvc - ok

18:06:37.0718 2200        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

18:06:37.0765 2200        WPFFontCache_v0400 - ok

18:06:37.0953 2200        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

18:06:38.0109 2200        wscsvc - ok

18:06:38.0171 2200        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:06:38.0328 2200        WSTCODEC - ok

18:06:38.0343 2200        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

18:06:38.0484 2200        wuauserv - ok

18:06:38.0546 2200        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:06:38.0593 2200        WudfPf - ok

18:06:38.0625 2200        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:06:38.0656 2200        WudfRd - ok

18:06:38.0703 2200        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

18:06:38.0843 2200        WudfSvc - ok

18:06:38.0921 2200        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

18:06:39.0078 2200        WZCSVC - ok

18:06:39.0109 2200        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

18:06:39.0296 2200        xmlprov - ok

18:06:39.0390 2200        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

18:06:39.0968 2200        \Device\Harddisk0\DR0 - ok

18:06:39.0984 2200        Boot (0x1200)   (bd662a70ebe819ff7d6ac34c1e86ebc1) \Device\Harddisk0\DR0\Partition0

18:06:39.0984 2200        \Device\Harddisk0\DR0\Partition0 - ok

18:06:40.0031 2200        Boot (0x1200)   (d2586045f601bc6356c97d779e4bcccc) \Device\Harddisk0\DR0\Partition1

18:06:40.0031 2200        \Device\Harddisk0\DR0\Partition1 - ok

18:06:40.0078 2200        Boot (0x1200)   (4aedc666025b6249a9dd079e67591529) \Device\Harddisk0\DR0\Partition2

18:06:40.0078 2200        \Device\Harddisk0\DR0\Partition2 - ok

18:06:40.0078 2200        ============================================================

18:06:40.0078 2200        Scan finished

18:06:40.0078 2200        ============================================================

18:06:40.0234 3380        Detected object count: 9

18:06:40.0234 3380        Actual detected object count: 9

18:07:41.0343 3380        ACEDRV05 ( UnsignedFile.Multi.Generic ) - skipped by user

18:07:41.0343 3380        ACEDRV05 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:07:41.0359 3380        ACEDRV06 ( UnsignedFile.Multi.Generic ) - skipped by user

18:07:41.0359 3380        ACEDRV06 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:07:41.0359 3380        GearAspiWDM ( UnsignedFile.Multi.Generic ) - skipped by user

18:07:41.0359 3380        GearAspiWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:07:41.0359 3380        GEARSecurity ( UnsignedFile.Multi.Generic ) - skipped by user

18:07:41.0359 3380        GEARSecurity ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:07:41.0375 3380        PQIMount ( UnsignedFile.Multi.Generic ) - skipped by user

18:07:41.0375 3380        PQIMount ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:07:41.0375 3380        PQV2i ( UnsignedFile.Multi.Generic ) - skipped by user

18:07:41.0375 3380        PQV2i ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:07:41.0390 3380        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

18:07:41.0390 3380        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:07:41.0390 3380        V2i Protector ( UnsignedFile.Multi.Generic ) - skipped by user

18:07:41.0390 3380        V2i Protector ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:07:41.0390 3380        WINIO ( UnsignedFile.Multi.Generic ) - skipped by user

18:07:41.0390 3380        WINIO ( UnsignedFile.Multi.Generic ) - User select action: Skip