Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan Agent in svchost.exe und Hijack.Shell

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.01.2012, 15:59   #1
bismosa
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Hallo!

Mein Vater hat sich über den Internet Explorer beschwert. Es können einige Seiten wie Amazon.de und Conrad nicht mehr aufgerufen werden.
Da selbst eine Reparatur des IE nichts gebracht hatte, habe ich auf Verdacht mal einen Scan Malwarebytes Anti-Malware gemacht und prompt etwas gefunden.
Damit ich wieder ein saberes System bekomme hoffe ich auf eure Hilfe:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
VS :: VS-W5PSQJN8G3O0 [Administrator]

Schutz: Aktiviert

07.01.2012 14:58:43
mbam-log-2012-01-07 (14-58-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232831
Laufzeit: 23 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71} (Trojan.WebMoner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\hilfe.eProtocol (Trojan.WebMoner) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Trojan.Agent) -> Bösartig: (C:\DOKUME~1\VS\LOKALE~1\Temp\svchost.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Bösartig: (Explorer.exe C:\DOKUME~1\VS\LOKALE~1\Temp\svchost.exe) Gut: (explorer.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Temp\svchost.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Welche Schritte als nächstes?

Vielen Dank!

Bismosa

Alt 07.01.2012, 17:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 08.01.2012, 13:30   #3
bismosa
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Hallo!
Danke für die schnelle Hilfe! Hier die Logs:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
VS :: VS-W5PSQJN8G3O0 [Administrator]

Schutz: Aktiviert

07.01.2012 17:27:49
mbam-log-2012-01-07 (17-27-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426803
Laufzeit: 3 Stunde(n), 46 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b0c6e96e783658468a1604e595900ea1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-08 12:16:47
# local_time=2012-01-08 01:16:47 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 114285405 114285405 0 0
# compatibility_mode=1797 16775145 100 100 429609 100901728 469360 0
# compatibility_mode=8192 67108863 100 0 3940 3940 0 0
# compatibility_mode=9217 16777214 0 4 103222769 103222769 0 0
# scanned=362091
# found=7
# cleaned=0
# scan_time=16246
C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Temp\D8268526-BAB0-7891-BFB7-36AE2E3011FC\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\WINDOWS\CameraFixer.exe	probably a variant of Win32/KillProc.A application (unable to clean)	00000000000000000000000000000000	I
S:\Laufwerk_E (E)\Sicherung_Internet\Lokale Einstellungen\Anwendungsdaten\Microsoft\IM\Identities\{F1339C91-32E9-40D1-B1FD-8928347BD92C}\Message Store\Attachments\eDonkey0.48.1.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
S:\Outlok_sich7Febr08\Outlook Express\Sicherg\{F1339C91-32E9-40D1-B1FD-8928347BD92C}\Message Store\Attachments\eDonkey0.48.1.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
         
Vielen Dank für die Hilfen!!

Gruß
Bismosa
__________________

Alt 08.01.2012, 20:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.01.2012, 21:49   #5
bismosa
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Hallo!

Keine weiteren Scans...nur der Quick-Scan und der Vollständige.

Dafür Protection Logs:
Code:
ATTFilter
2012/01/07 14:58:34 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Starting protection
2012/01/07 14:58:41 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Protection started successfully
2012/01/07 14:58:45 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Starting IP protection
2012/01/07 14:59:03 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	IP Protection started successfully
2012/01/07 15:55:43 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Starting protection
2012/01/07 15:56:02 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Protection started successfully
2012/01/07 15:56:05 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Starting IP protection
2012/01/07 15:56:24 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	IP Protection started successfully
2012/01/07 17:26:52 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Starting database refresh
2012/01/07 17:26:52 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Stopping IP protection
2012/01/07 17:26:52 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	IP Protection stopped
2012/01/07 17:27:22 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Database refreshed successfully
2012/01/07 17:27:22 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Starting IP protection
2012/01/07 17:27:39 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	IP Protection started successfully
2012/01/07 18:44:46 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Executing scheduled update:  Daily
2012/01/07 18:44:48 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Database already up-to-date
         
Code:
ATTFilter
2012/01/08 08:03:06 +0100	VS-W5PSQJN8G3O0		MESSAGE	Starting protection
2012/01/08 08:03:31 +0100	VS-W5PSQJN8G3O0		MESSAGE	Protection started successfully
2012/01/08 08:03:34 +0100	VS-W5PSQJN8G3O0		MESSAGE	Starting IP protection
2012/01/08 08:05:18 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	IP Protection started successfully
2012/01/08 18:21:33 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:21:36 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:21:38 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:21:41 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:21:58 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:22:01 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:22:03 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:22:06 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:26:07 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:26:10 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:26:16 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:27:12 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:27:15 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:27:21 +0100	VS-W5PSQJN8G3O0	VS	IP-BLOCK	92.243.79.42 (Type: outgoing)
2012/01/08 18:56:50 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Executing scheduled update:  Daily
2012/01/08 18:57:03 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.01.07.03 to version v2012.01.08.03
2012/01/08 18:57:03 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Starting database refresh
2012/01/08 18:57:03 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Stopping IP protection
2012/01/08 18:57:03 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	IP Protection stopped
2012/01/08 18:57:13 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Database refreshed successfully
2012/01/08 18:57:13 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	Starting IP protection
2012/01/08 18:57:27 +0100	VS-W5PSQJN8G3O0	VS	MESSAGE	IP Protection started successfully
         
Gruß
Bismosa


Alt 08.01.2012, 22:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Trojan Agent in svchost.exe und Hijack.Shell

Alt 09.01.2012, 20:35   #7
bismosa
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Hallo

Code:
ATTFilter
OTL logfile created on: 09.01.2012 19:47:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\VS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,53 Mb Total Physical Memory | 303,47 Mb Available Physical Memory | 29,65% Memory free
2,41 Gb Paging File | 1,73 Gb Available in Paging File | 72,02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 2,71 Gb Free Space | 5,56% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 3,20 Gb Free Space | 6,55% Space Free | Partition Type: NTFS
Drive E: | 51,39 Gb Total Space | 5,19 Gb Free Space | 10,10% Space Free | Partition Type: NTFS
 
Computer Name: VS-W5PSQJN8G3O0 | User Name: VS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.09 19:45:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\VS\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.14 12:59:20 | 002,684,288 | ---- | M] (TeamViewer GmbH) -- c:\Programme\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2011.12.14 12:59:18 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe
PRC - [2011.12.14 12:41:54 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.07.26 20:51:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.06.08 08:15:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 11:45:25 | 001,404,000 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1_svc.exe
PRC - [2010.12.12 16:25:13 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010.12.12 16:20:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.18 21:16:34 | 000,523,408 | ---- | M] (Corel, Inc.) -- C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.26 14:48:10 | 000,515,816 | ---- | M] () -- C:\WINDOWS\system32\ATWTUSB.EXE
PRC - [2009.10.07 13:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.02.06 14:09:16 | 001,263,872 | ---- | M] (Matrox Graphics Inc.) -- c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
PRC - [2009.02.06 14:08:28 | 000,344,832 | ---- | M] (Matrox Graphics Inc) -- c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.04 08:48:42 | 000,087,560 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\mgabg.exe
PRC - [2007.01.17 14:11:56 | 000,360,448 | ---- | M] (Ricoh Company, Ltd.) -- C:\Programme\Caplio Software\RGateLXP.exe
PRC - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2004.09.27 13:54:32 | 000,040,960 | ---- | M] () -- C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
PRC - [2003.11.10 14:21:16 | 000,983,040 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe
PRC - [2003.02.21 14:16:16 | 000,061,440 | ---- | M] (Tracker Software Products) -- C:\Programme\PDF-XChange 2.5\pdfSaver.exe
PRC - [2002.09.04 14:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Programme\Iomega\System32\AppServices.exe
PRC - [2002.08.20 10:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2000.03.27 01:55:00 | 000,164,864 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\ShareDLL\Mediadet.exe
PRC - [1999.11.18 06:01:00 | 000,020,480 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Audio\Program\Ctmix32.exe
PRC - [1999.08.30 01:55:00 | 000,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\ShareDLL\CTNotify.exe
PRC - [1999.05.25 02:23:00 | 000,203,776 | ---- | M] (Lotus Development Corporation.) -- C:\lotus\smartctr\smartctr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.28 11:45:25 | 001,404,000 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1_svc.exe
MOD - [2010.03.18 21:17:20 | 000,102,032 | ---- | M] () -- C:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.11.26 14:48:10 | 000,515,816 | ---- | M] () -- C:\WINDOWS\system32\ATWTUSB.EXE
MOD - [2009.10.06 14:36:56 | 000,205,312 | ---- | M] () -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\patchw32.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004.11.02 20:16:40 | 000,121,856 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2004.09.27 13:54:32 | 000,040,960 | ---- | M] () -- C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
MOD - [2004.05.11 11:38:20 | 000,061,952 | ---- | M] () -- C:\Programme\Caplio Software\zlib.dll
MOD - [2003.11.10 14:20:48 | 000,229,376 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll
MOD - [2003.09.19 08:21:50 | 000,057,344 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_A.dll
MOD - [2003.02.05 16:22:04 | 000,017,920 | ---- | M] () -- C:\Programme\PDF-XChange 2.5\xc_local.dll
MOD - [2003.01.23 14:55:16 | 000,011,264 | ---- | M] () -- C:\Programme\PDF-XChange 2.5\fmt_xmf.dll
MOD - [2003.01.22 18:29:32 | 000,024,576 | ---- | M] () -- C:\Programme\PDF-XChange 2.5\fmt_jb2.dll
MOD - [1999.12.01 01:55:00 | 000,058,880 | ---- | M] () -- C:\WINDOWS\system32\CtDetres.dll
MOD - [1999.07.30 01:02:00 | 000,008,704 | ---- | M] () -- C:\Programme\Creative\Audio\Program\Ctmres32.dll
MOD - [1999.06.03 07:46:24 | 000,032,768 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy.dll
MOD - [1999.04.23 02:23:00 | 000,012,288 | ---- | M] () -- c:\lotus\smartctr\ldauto.dll
MOD - [1998.02.05 20:16:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jDocPrc.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Disabled | Stopped] --  -- (Iomega Activity Disk2)
SRV - File not found [On_Demand | Stopped] --  -- (getPlus(R) Helper) getPlus(R)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] --  -- (ACDaemon)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.07.26 20:51:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.08 08:15:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 11:45:25 | 001,404,000 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.11.26 14:48:10 | 000,515,816 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\atwtusb.exe -- (WTService)
SRV - [2009.10.07 13:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.02.06 14:09:16 | 001,263,872 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service)
SRV - [2009.02.06 14:08:28 | 000,344,832 | ---- | M] (Matrox Graphics Inc) [Auto | Running] -- c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.04.04 08:48:42 | 000,087,560 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- C:\WINDOWS\system32\mgabg.exe -- (MGABGEXE)
SRV - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.11.21 10:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.09.27 13:54:32 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe -- (SiSWLSvc)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.04 14:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Programme\Iomega\System32\AppServices.exe -- (Iomega App Services)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.26 20:51:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.26 20:51:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.20 19:38:24 | 000,006,144 | R--- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.08 20:15:14 | 000,006,144 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.06 13:19:52 | 000,350,592 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g400dhm.sys -- (G400DH)
DRV - [2008.10.15 15:19:52 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 19:41:00 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ppa3.sys -- (ppa3)
DRV - [2008.03.22 10:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007.09.04 21:31:53 | 000,017,408 | ---- | M] (MARX Datentechnik GmbH ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CBN.SYS -- (CBN)
DRV - [2007.08.30 17:18:05 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06)
DRV - [2007.07.13 09:56:08 | 000,230,784 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U6000ALL.sys -- (U6000ALL) U6000 TV Box(ALL)
DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006.09.22 13:19:10 | 000,100,352 | ---- | M] (10moons) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TridVid.sys -- (TridVid)
DRV - [2006.05.03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.03.15 12:00:00 | 000,277,504 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2005.02.22 14:33:28 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2004.10.01 03:14:34 | 000,162,304 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2004.06.26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004.06.26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004.06.21 15:03:22 | 000,078,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2003.12.22 17:51:35 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV57.sys -- (SSHDRV57)
DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003.06.18 01:00:00 | 000,051,200 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2003.02.24 09:27:26 | 000,297,984 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETFRITZ.SYS -- (NETFRITZ)
DRV - [2002.09.27 06:53:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.09.04 14:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)
DRV - [2002.07.11 10:51:18 | 000,667,136 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbpci.sys -- (sbpci) SB PCI Family Audio Driver (WDM)
DRV - [2002.06.03 10:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2002.05.13 19:07:06 | 000,423,712 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) TV-Station (SAA7134Capture with MK3-Tuner)
DRV - [2002.05.13 18:16:44 | 000,019,520 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2002.04.17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (AsapiW2K)
DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001.09.26 21:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001.08.22 23:33:12 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001.08.18 04:19:50 | 000,075,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)
DRV - [2001.08.17 13:57:46 | 000,065,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3legacy.sys -- (s3legacy)
DRV - [2001.08.17 11:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)
DRV - [2001.08.17 11:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [1999.12.17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
DRV - [1999.03.03 23:00:00 | 000,061,216 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [1997.12.22 22:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.BAK -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.12 16:25:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.07.27 15:42:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.08 14:09:53 | 000,000,000 | ---D | M]
 
[2009.10.17 16:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Extensions
[2011.11.19 21:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions
[2010.12.30 18:07:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.19 21:28:36 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com
[2011.11.15 19:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.01 21:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.21 18:28:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 16:12:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 08:54:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 09:58:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 21:02:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.22 08:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.15 19:14:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2008.04.17 18:10:45 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2011.07.27 15:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.07.27 15:42:28 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
File not found (No name found) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.12 12:16:03 | 000,002,291 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 15:11:25 | 000,003,803 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\MyHeritage.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\13.0.782.215\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Programme\Google\Chrome\Application\13.0.782.215\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\13.0.782.215\pdf.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Programme\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2010.12.29 18:30:36 | 000,000,822 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {23CC3468-36E5-442E-A01C-E98C9A6B89DF} - C:\WINDOWS\system32\usrdpa32.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [CreativeMixer] C:\Programme\Creative\Audio\PROGRAM\CTMIX32.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk SE] c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TblMouse] TblMouse.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [Corel Photo Downloader] C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hardcopy (2).LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PDF-XChange Capture.lnk = C:\Programme\PDF-XChange 2.5\pdfSaver.exe (Tracker Software Products)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RICOH Gate La (2).lnk = C:\Programme\Caplio Software\RGateLXP.exe (Ricoh Company, Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\VS\Startmenü\Programme\Autostart\Lotus Organizer (2).lnk = C:\lotus\organize\org5.exe (Lotus Development Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT75\PRMTIE\prmtie5.htm File not found
O9 - Extra 'Tools' menuitem : Übersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT75\PRMTIE\options.htm File not found
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///F:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///F:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///F:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37922.2547106482 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: IEPrint hxxp://www.visiontech.ltd.uk/software/download/IEPrint.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30FD6B84-00B4-47AC-BD95-ED290D9F8AA5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FF7906B-741C-47ED-A537-9D34EB81CBCB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71E9C8F2-03BE-4AE4-A5E1-60358D7F2A4D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{954C0699-44D1-4975-9BEB-42BFEFFD212D}: NameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///C:/DOKUME~1/VS/LOKALE~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.22 21:09:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk - C:\Programme\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk - C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lotus SuiteStart.lnk - C:\lotus\smartctr\suitest.exe - (Lotus Development Corporation.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^RICOH Gate La.lnk - C:\Programme\Caplio Software\RGateLXP.exe - (Ricoh Company, Ltd.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc. and H.C. Top Systems B.V.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^VS^Startmenü^Programme^Autostart^Hardcopy.LNK - C:\Programme\Hardcopy\hardcopy.exe - (sw4you, Siegfried Weckmann)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^VS^Startmenü^Programme^Autostart^reminder-ScanSoft Produkt Registrierung.lnk - C:\Programme\Caere\OmniPagePro90\EREG\REMIND32.EXE - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Agent - hkey= - key= - C:\Programme\CyberLink\PowerVCRII\agent.exe (CyberLink)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= -  File not found
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - StartUpReg: AtiPTA - hkey= - key= -  File not found
MsConfig - StartUpReg: CameraFixer - hkey= - key= - C:\WINDOWS\CameraFixer.exe ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
MsConfig - StartUpReg: ezShieldProtector for Px - hkey= - key= -  File not found
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= -  File not found
MsConfig - StartUpReg: Microsoft Works Portfolio - hkey= - key= -  File not found
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Programme\Ahead\Nero\Nero BackItUp\NBJ.exe (Ahead Software AG)
MsConfig - StartUpReg: Nero PhotoShow Media Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: Net-It Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: NWEReboot - hkey= - key= -  File not found
MsConfig - StartUpReg: OmniPage - hkey= - key= - C:\Programme\Caere\OmniPagePro90\OPware32.exe (Caere Corporation)
MsConfig - StartUpReg: PinnacleDriverCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Remote_Agent - hkey= - key= - C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: snpstd3 - hkey= - key= - C:\WINDOWS\vsnpstd3.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= -  File not found
MsConfig - StartUpReg: UVS10 Preload - hkey= - key= - C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe ()
MsConfig - StartUpReg: WinDVR SchSvr - hkey= - key= - C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {09D80335-9BBF-48EB-9576-8B6928C251A2} - GMX Update
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {222FB945-258A-4734-84EA-99E5B4EF4E00} - WEB.DE Browser Add-on
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {412EF925-3539-44AE-B9EC-F79D4E8DBE54} - GMX Browser Add-on
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {A477E148-6951-4E85-BB46-32845F242F0F} - WEB.DE Update
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - 
ActiveX: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{E7426E47-0CB3-4510-9B89-27D83C84E4F5} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.LHACM - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.MPEGacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\Mpeg\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\Mpeg\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVF - C:\WINDOWS\System32\DivX412.dll (DivXNetworks, Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.TR20 - C:\WINDOWS\System32\tr2032.dll (The Duck Corporation)
Drivers32: VIDC.VDOM - C:\WINDOWS\System32\vdowave.drv (VDOnet LTD..)
Drivers32: vidc.vivo - C:\WINDOWS\System32\ivvideo.dll (Vivo Software)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.09 19:45:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\VS\Desktop\OTL.exe
[2012.01.08 14:04:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.08 08:40:24 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.07 16:08:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2012.01.07 15:55:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TeamViewer
[2012.01.07 14:45:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Malwarebytes
[2012.01.07 14:45:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.07 14:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.07 14:44:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.07 14:44:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.07 14:44:35 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\VS\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.05 22:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\VS\Desktop\Neuer Ordner (3)
[2011.12.18 19:32:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2011.12.18 19:16:07 | 000,000,000 | ---D | C] -- C:\Programme\Sun
[2011.12.18 19:08:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\VS\Desktop\Sun ODF Plugin for Microsoft Office 3.2 (en-US) Installation Files
[2011.12.12 22:21:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\VS\Eigene Dateien\Neuer Ordner
[2006.05.26 13:54:42 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2006.05.26 13:54:42 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2006.05.26 13:54:42 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[23 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.09 19:45:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\VS\Desktop\OTL.exe
[2012.01.09 19:44:02 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.09 18:56:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.09 18:54:58 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-926492609-725345543-1004.job
[2012.01.09 18:54:56 | 000,001,078 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.09 18:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.09 15:27:16 | 000,002,874 | ---- | M] () -- C:\WINDOWS\acroread.ini
[2012.01.09 15:26:59 | 000,327,039 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Desktop\B400_TLC2_5A.pdf
[2012.01.09 14:50:11 | 000,005,188 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Desktop\Ana_Auf einWort_Juli04.pdf
[2012.01.09 12:15:03 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BD860CC7-CB18-4439-A3A8-473FDB35BF42}.job
[2012.01.08 22:20:54 | 000,036,992 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Desktop\Fung.lwp
[2012.01.08 17:25:19 | 000,150,808 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Desktop\Speicher.pdf
[2012.01.07 16:43:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-926492609-725345543-1004.job
[2012.01.07 16:08:00 | 000,000,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk
[2012.01.07 14:45:00 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.07 14:44:38 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\VS\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.06 19:45:29 | 000,002,497 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2012.01.04 21:43:28 | 000,160,782 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.01.04 21:42:55 | 000,235,874 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.01.04 21:16:28 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.01.03 18:11:23 | 000,081,321 | ---- | M] () -- C:\WINDOWS\SGTBox.INI
[2012.01.03 12:02:13 | 000,660,930 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Desktop\JibJab Sendables - Rockin' Around the Christmas Tree.mht
[2011.12.21 17:57:30 | 000,083,968 | ---- | M] () -- C:\6940_heute.mdb
[2011.12.21 10:03:19 | 000,010,571 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Desktop\Freunde für Weihnachten 2011.rtf
[2011.12.20 23:10:51 | 000,165,413 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Desktop\Hildburg.pdf
[2011.12.19 18:55:29 | 000,001,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.12.17 23:13:04 | 000,007,411 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Desktop\Weihnachts_Lindenberg.pdf
[2011.12.17 17:31:04 | 000,471,853 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Desktop\http___www.myheimat.pdf
[2011.12.14 12:13:09 | 001,005,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.14 10:17:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.12 21:56:42 | 000,000,675 | ---- | M] () -- C:\WINDOWS\Clean! presets.set
[23 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.09 15:26:55 | 000,327,039 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Desktop\B400_TLC2_5A.pdf
[2012.01.09 14:50:11 | 000,005,188 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Desktop\Ana_Auf einWort_Juli04.pdf
[2012.01.08 18:20:19 | 000,036,992 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Desktop\Fung.lwp
[2012.01.08 17:23:29 | 000,150,808 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Desktop\Speicher.pdf
[2012.01.07 16:07:59 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk
[2012.01.07 14:45:00 | 000,000,766 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.04 21:43:28 | 000,160,782 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.01.04 21:42:55 | 000,235,874 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.01.04 21:16:28 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.01.03 12:02:10 | 000,660,930 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Desktop\JibJab Sendables - Rockin' Around the Christmas Tree.mht
[2011.12.21 10:03:19 | 000,010,571 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Desktop\Freunde für Weihnachten 2011.rtf
[2011.12.20 23:10:51 | 000,165,413 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Desktop\Hildburg.pdf
[2011.12.17 23:13:04 | 000,007,411 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Desktop\Weihnachts_Lindenberg.pdf
[2011.12.17 17:31:03 | 000,471,853 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Desktop\http___www.myheimat.pdf
[2011.10.25 19:45:27 | 000,000,105 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ppster.ini
[2011.10.24 22:11:27 | 000,515,816 | ---- | C] () -- C:\WINDOWS\System32\ATWTUSB.EXE
[2011.10.24 22:11:27 | 000,151,272 | ---- | C] () -- C:\WINDOWS\System32\Calibration.exe
[2011.10.24 22:11:27 | 000,106,216 | ---- | C] () -- C:\WINDOWS\RmTablet.exe
[2011.10.24 22:11:27 | 000,052,896 | ---- | C] () -- C:\WINDOWS\System32\InstallService.exe
[2011.10.24 22:11:25 | 000,007,686 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2011.10.06 07:33:49 | 000,003,350 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2011.10.06 07:33:49 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA46488975.sys
[2011.09.30 08:59:53 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2011.09.12 20:30:42 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2011.04.06 21:50:38 | 000,605,258 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\mdbu.bin
[2011.03.28 11:45:25 | 003,406,336 | ---- | C] () -- C:\WINDOWS\System32\GMX-DLLUpdate1.exe
[2011.03.28 11:45:25 | 001,404,000 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe
[2011.03.27 09:26:09 | 000,000,182 | -H-- | C] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\eSReg.ini
[2011.01.11 17:46:04 | 000,000,078 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI
[2010.11.03 19:29:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\downloads.m3u
[2010.11.03 18:42:34 | 000,000,570 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\default.rss
[2010.10.27 14:26:04 | 001,431,120 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1.dll
[2010.08.02 09:12:24 | 001,925,072 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.25 19:49:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010.06.24 21:26:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.06.24 21:26:51 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.06.24 21:26:51 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.06.24 21:26:51 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.06.24 21:26:51 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.06.24 21:26:51 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.06.24 21:26:51 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.06.24 21:26:51 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.06.24 21:26:51 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.06.24 21:26:51 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.06.24 21:26:51 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.06.24 21:26:51 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.06.24 21:26:51 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.06.24 21:26:51 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.06.24 21:26:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.06.24 21:26:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.06.24 21:26:51 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.06.24 21:26:51 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.06.24 21:26:51 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.05.02 18:49:38 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2010.03.16 15:21:12 | 000,000,515 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2009.12.04 00:02:42 | 001,738,128 | ---- | C] () -- C:\WINDOWS\System32\BCGPStyle2007Luna.dll
[2009.09.12 21:48:07 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\GTTunerCard.dll
[2009.09.12 21:48:07 | 000,237,646 | ---- | C] () -- C:\WINDOWS\System32\Snap_device.dll
[2009.09.12 21:48:07 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.09.12 21:48:07 | 000,069,707 | ---- | C] () -- C:\WINDOWS\System32\DISP_OPT1.dll
[2009.09.12 21:46:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2009.09.12 21:44:29 | 000,230,784 | R--- | C] () -- C:\WINDOWS\System32\drivers\U6000ALL.sys
[2009.05.20 20:31:12 | 000,001,708 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.05.20 20:31:11 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.05.17 18:28:04 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\$_hpcst$.hpc
[2009.02.23 15:19:06 | 000,000,133 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2008.10.18 17:41:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.10.18 17:41:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.10.18 17:41:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.10.18 17:41:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.10.18 17:41:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.10.18 17:41:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.09.30 15:44:31 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008.06.18 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.03.29 18:21:04 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini
[2008.03.19 10:47:47 | 000,000,158 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.02.23 19:50:57 | 000,000,930 | ---- | C] () -- C:\WINDOWS\System32\IS_WVIEW.INI
[2008.01.31 16:26:16 | 000,007,921 | ---- | C] () -- C:\WINDOWS\extend.dat
[2007.12.23 21:53:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007.11.18 21:55:26 | 000,000,187 | ---- | C] () -- C:\WINDOWS\STWStammIntro.ini
[2007.11.18 21:55:26 | 000,000,186 | ---- | C] () -- C:\WINDOWS\STWStammbaum.ini
[2007.11.17 18:42:05 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\SUPPORT.INI
[2007.11.08 20:22:35 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\instmdm.dll
[2007.10.18 16:07:00 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaConverter.dll
[2007.10.17 15:42:00 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaReveal.dll
[2007.09.04 21:31:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdsuinst.exe
[2007.09.04 21:31:55 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2007.09.04 21:31:54 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2007.09.04 21:31:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CBNDLL.DLL
[2007.09.04 21:31:53 | 000,001,662 | ---- | C] () -- C:\WINDOWS\mobjects.ini
[2007.09.01 18:52:28 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007.08.30 17:19:04 | 000,000,302 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos5_5_dlx.INI
[2007.08.27 15:57:21 | 000,046,128 | ---- | C] () -- C:\WINDOWS\System32\DLLPRF32.DAT
[2007.08.25 09:09:28 | 000,000,736 | ---- | C] () -- C:\WINDOWS\Irodio.INI
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2007.08.04 17:30:00 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2007.08.04 17:30:00 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2007.08.04 17:30:00 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2007.07.08 18:43:24 | 000,000,016 | -H-- | C] () -- C:\Programme\mxfilerelatedcache.mxc2
[2007.07.05 13:14:00 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2007.04.13 20:33:27 | 000,003,092 | ---- | C] () -- C:\WINDOWS\tm.ini
[2007.04.09 18:57:29 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.12.25 18:12:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.12.25 18:12:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.12.20 21:30:13 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\VendorCmdRW.dll
[2006.12.20 21:29:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VendorCmdRW.dll
[2006.09.18 21:55:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.09.18 21:48:11 | 000,003,978 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006.08.22 23:00:00 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006.08.22 23:00:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006.08.22 23:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006.08.22 23:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006.08.09 20:47:54 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006.07.27 18:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.07.12 00:40:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006.07.11 23:33:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006.07.05 20:51:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5_dlx.INI
[2006.07.05 20:45:39 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2006.07.01 21:12:23 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2006.05.26 13:54:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\CameraFixer.exe
[2006.05.26 13:54:46 | 000,827,392 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2006.05.26 13:54:46 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2006.05.26 13:54:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe
[2006.04.28 21:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006.03.03 22:41:14 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.02.28 19:56:27 | 000,000,186 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2006.02.03 23:14:41 | 000,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005.09.18 16:23:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini
[2005.06.17 10:41:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2005.05.30 16:10:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MX_SHARE.DAT
[2005.02.08 19:16:56 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SOFTNOW.INI
[2005.02.08 19:16:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\presntr.ini
[2004.12.04 22:53:16 | 000,000,645 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004.12.04 22:53:15 | 000,001,149 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2004.11.15 21:26:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Pp70.INI
[2004.10.29 20:57:37 | 000,000,322 | ---- | C] () -- C:\WINDOWS\HD.INI
[2004.10.29 20:52:43 | 000,000,045 | ---- | C] () -- C:\WINDOWS\PAWSETUP.INI
[2004.10.21 20:04:52 | 000,000,343 | ---- | C] () -- C:\WINDOWS\orakel.ini
[2004.09.27 10:54:40 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2004.09.27 10:54:40 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2004.09.27 10:54:40 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2004.09.27 10:54:40 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2004.09.27 10:54:40 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2004.09.27 10:54:40 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2004.09.27 10:54:40 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2004.09.27 10:54:40 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2004.08.19 21:04:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Animator.INI
[2004.08.19 20:48:58 | 000,000,981 | ---- | C] () -- C:\WINDOWS\MEDIAPAQ.INI
[2004.08.19 20:43:26 | 000,033,792 | ---- | C] () -- C:\WINDOWS\vsclean.exe
[2004.08.04 01:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.08.04 01:12:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.07.29 21:17:21 | 000,000,250 | ---- | C] () -- C:\WINDOWS\steuerschroeder.INI
[2004.06.06 19:33:38 | 000,001,498 | ---- | C] () -- C:\WINDOWS\VISITEN.INI
[2004.05.25 08:54:17 | 000,000,315 | ---- | C] () -- C:\WINDOWS\WINLABEL.INI
[2004.05.24 12:41:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004.05.16 21:30:21 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3g.DLL
[2004.04.17 22:06:58 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2004.04.03 09:23:51 | 000,001,762 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004.03.21 22:28:05 | 000,016,386 | ---- | C] () -- C:\WINDOWS\System32\sibcs202.dll
[2004.03.18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004.02.25 08:34:53 | 000,000,026 | ---- | C] () -- C:\WINDOWS\PP60.INI
[2004.02.23 20:59:24 | 000,000,095 | ---- | C] () -- C:\WINDOWS\WISO.INI
[2004.02.18 20:24:24 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004.02.18 19:50:20 | 000,172,544 | ---- | C] () -- C:\WINDOWS\Mgxclean.exe
[2004.02.02 11:35:35 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2004.01.31 17:02:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini
[2004.01.24 11:35:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\plug_BurnIt! Assistent (Bilder auf CD brennen).INI
[2004.01.24 11:31:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SNYA.ini
[2004.01.24 11:31:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SEEYB.ini
[2004.01.24 11:31:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\CONVB.ini
[2004.01.24 11:31:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\APHIB.ini
[2004.01.24 11:31:38 | 000,001,174 | ---- | C] () -- C:\WINDOWS\Illuminator Settings.ini
[2004.01.24 11:31:38 | 000,000,053 | ---- | C] () -- C:\WINDOWS\SnapYa! Settings.ini
[2004.01.24 11:31:38 | 000,000,047 | ---- | C] () -- C:\WINDOWS\SeeYa! Settings.ini
[2004.01.12 19:02:46 | 000,000,215 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos2.INI
[2004.01.12 18:59:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004.01.12 18:58:03 | 000,000,063 | ---- | C] () -- C:\WINDOWS\magix.ini
[2004.01.12 18:58:02 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2004.01.06 10:03:17 | 000,253,952 | ---- | C] () -- C:\WINDOWS\UN160407.EXE
[2004.01.05 22:38:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003.12.26 19:10:14 | 000,000,115 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2003.12.26 19:07:01 | 000,000,140 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003.12.26 19:06:26 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\CtDetres.dll
[2003.12.22 17:51:35 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV57.sys
[2003.12.20 19:23:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2003.12.20 17:15:47 | 000,000,114 | ---- | C] () -- C:\WINDOWS\hardcopy.INI
[2003.12.15 20:07:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ocuser32.bin
[2003.12.09 09:10:01 | 000,149,504 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2003.12.09 09:10:01 | 000,006,067 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2003.12.09 09:06:37 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
[2003.12.09 09:01:56 | 000,000,265 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2003.12.02 16:29:18 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003.12.01 22:44:59 | 000,000,023 | ---- | C] () -- C:\WINDOWS\escher.ini
[2003.11.30 21:10:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2003.11.27 11:10:03 | 000,000,102 | ---- | C] () -- C:\WINDOWS\cddabase.ini
[2003.11.07 20:01:15 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe
[2003.11.07 20:00:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003.11.03 10:06:29 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003.11.03 10:06:24 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003.11.02 22:39:41 | 000,075,264 | ---- | C] () -- C:\Dokumente und Einstellungen\VS\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003.10.31 22:26:59 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.VS.ini
[2003.10.31 20:46:22 | 000,000,087 | ---- | C] () -- C:\WINDOWS\ARTGALRY.INI
[2003.10.31 20:46:21 | 000,001,472 | ---- | C] () -- C:\WINDOWS\MSPUB.INI
[2003.10.28 18:47:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2t.DLL
[2003.10.28 14:59:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003.10.27 22:12:46 | 000,008,575 | ---- | C] () -- C:\WINDOWS\System32\D125UFW.INI
[2003.10.26 14:40:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CNMS800.EXE
[2003.10.25 18:39:26 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2003.10.25 18:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2003.10.25 18:30:34 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003.10.25 18:25:14 | 000,000,102 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003.10.25 14:03:36 | 000,000,535 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.10.24 12:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2003.10.24 12:01:04 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\NIUninstall.exe
[2003.10.24 12:01:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NILaunch.exe
[2003.10.24 12:00:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2003.10.24 11:53:07 | 000,000,146 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2003.10.24 11:52:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2003.10.22 22:04:05 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003.10.22 22:03:10 | 001,005,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003.10.22 21:11:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003.10.22 21:07:02 | 000,023,488 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002.12.10 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002.08.29 13:00:00 | 001,712,606 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002.08.29 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002.08.29 13:00:00 | 000,560,504 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002.08.29 13:00:00 | 000,412,012 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002.08.29 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002.08.29 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002.08.29 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002.08.29 13:00:00 | 000,061,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002.08.29 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002.08.29 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002.08.29 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002.08.29 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.06.28 10:43:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2001.09.04 10:05:32 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 10:04:04 | 000,004,678 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[2000.04.12 15:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2000.03.20 00:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[1999.03.10 02:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998.09.11 08:14:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\IEMenBl.dll
[1998.03.18 02:23:00 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\nsqlc32.dll
[1998.01.13 02:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997.11.14 02:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997.09.30 14:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1996.12.14 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\VADE232.DLL
[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996.04.25 02:23:00 | 000,002,874 | ---- | C] () -- C:\WINDOWS\acroread.ini
[1995.09.25 05:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994.04.07 05:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini
[1994.04.07 02:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
         
Teil 2 folgt...

Alt 09.01.2012, 20:38   #8
bismosa
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Teil 2
Code:
ATTFilter
========== LOP Check ==========
 
[2011.10.25 20:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Artweaver
[2011.09.12 12:16:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2007.04.29 21:22:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2006.08.09 20:47:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2005.05.08 18:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DCI
[2011.08.15 18:27:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2010.05.10 21:27:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Engelmann Media
[2008.11.19 12:45:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 5
[2009.11.23 09:34:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 6
[2007.04.29 21:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2011.03.28 11:45:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2003.11.24 16:52:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2004.05.24 14:43:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2007.04.29 21:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2008.06.19 10:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LogMeIn
[2010.11.12 21:42:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.12.28 21:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox
[2010.12.28 21:55:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox Graphics Inc
[2011.07.03 21:37:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MyHeritage
[2010.05.10 21:41:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2005.06.28 19:35:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.08.30 21:48:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PROMT
[2008.11.02 17:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2004.07.25 10:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Retrospect
[2010.02.03 20:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 7.0
[2011.11.11 22:50:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tablet
[2008.11.07 09:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.02.22 11:18:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2006.02.04 11:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.12.09 22:30:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2008.03.25 14:06:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEBDE
[2009.08.22 19:59:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.02.23 15:18:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\.contentlauncher
[2003.12.22 13:27:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Active Disk
[2005.09.30 19:17:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Advanced Browser
[2011.12.06 22:12:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Ahnenblatt
[2011.10.25 20:26:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Artweaver
[2011.09.12 12:16:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Babylon
[2011.09.12 12:16:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\BabylonToolbar
[2009.10.08 08:44:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Bolepu
[2012.01.06 19:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Canon
[2006.08.13 15:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\CD-LabelPrint
[2004.01.09 13:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\CDZilla
[2009.02.23 15:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\contentlauncher
[2009.06.03 14:11:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Domiug
[2008.11.28 08:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Engelmann Media
[2011.03.05 09:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\EurekaLog
[2008.12.05 10:02:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\eXPert PDF 5
[2009.11.23 09:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\eXPert PDF 6
[2008.11.26 17:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\eXPert PDF Editor
[2007.02.12 23:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\FRITZ!
[2008.02.22 17:08:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\gnupg
[2009.05.17 18:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant
[2011.10.01 21:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\gtk-2.0
[2008.06.17 13:55:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Haufe
[2003.11.03 09:58:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Hemera
[2007.09.01 18:43:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Idruna
[2003.11.24 16:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\InterVideo
[2003.10.27 17:56:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Jasc
[2011.09.11 21:09:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\JoJoThumb
[2005.12.31 15:41:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Leadertech
[2010.11.12 21:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\MAGIX
[2011.07.03 21:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\MyHeritage
[2005.10.01 01:24:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Myuqyw
[2011.03.27 09:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\NAVI
[2010.05.12 17:50:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\NCH Swift Sound
[2010.06.25 22:08:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Panasonic
[2010.11.12 22:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\PanoramaStudio
[2010.06.13 21:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\PROMT
[2010.05.04 21:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Recordpad
[2010.06.22 08:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Serif
[2004.03.21 22:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Sigel
[2007.07.09 19:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Simple Star
[2008.03.25 14:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\SmartSurfer
[2003.11.07 22:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Steinberg
[2008.05.22 06:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Sywoz
[2009.10.14 19:21:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\TeamViewer
[2006.02.04 11:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\TuneUp Software
[2011.10.09 21:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Ulead Systems
[2008.01.23 13:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\winpt
[2012.01.09 12:15:03 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BD860CC7-CB18-4439-A3A8-473FDB35BF42}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.02.23 15:18:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\.contentlauncher
[2003.12.22 13:27:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Active Disk
[2011.06.18 17:33:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Adobe
[2005.12.25 18:51:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\AdobeUM
[2005.09.30 19:17:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Advanced Browser
[2007.10.30 08:35:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Ahead
[2011.12.06 22:12:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Ahnenblatt
[2008.11.03 22:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Apple Computer
[2010.04.20 17:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\ArcSoft
[2011.10.25 20:26:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Artweaver
[2007.11.10 18:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\ATI
[2011.01.09 19:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Avira
[2011.09.12 12:16:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Babylon
[2011.09.12 12:16:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\BabylonToolbar
[2009.10.08 08:44:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Bolepu
[2012.01.06 19:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Canon
[2006.08.13 15:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\CD-LabelPrint
[2004.01.09 13:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\CDZilla
[2009.02.23 15:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\contentlauncher
[2011.10.09 17:21:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Corel
[2006.12.20 21:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\CyberLink
[2006.11.12 18:27:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\DivX
[2009.06.03 14:11:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Domiug
[2008.02.01 10:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\DVD Flick
[2007.01.23 10:25:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\DVD Shrink
[2008.11.28 08:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Engelmann Media
[2011.03.05 09:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\EurekaLog
[2008.12.05 10:02:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\eXPert PDF 5
[2009.11.23 09:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\eXPert PDF 6
[2008.11.26 17:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\eXPert PDF Editor
[2007.02.12 23:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\FRITZ!
[2008.02.22 17:08:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\gnupg
[2006.02.17 17:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Google
[2009.05.17 18:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant
[2011.10.01 21:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\gtk-2.0
[2008.06.17 13:55:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Haufe
[2005.02.17 08:22:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Help
[2003.11.03 09:58:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Hemera
[2009.10.20 18:45:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Identities
[2007.09.01 18:43:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Idruna
[2003.11.24 16:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\InterVideo
[2003.10.27 17:56:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Jasc
[2004.01.06 11:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Jasc Software Inc
[2011.09.11 21:09:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\JoJoThumb
[2009.10.17 14:37:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Lavasoft
[2005.12.31 15:41:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Leadertech
[2004.02.21 08:47:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Macromedia
[2010.11.12 21:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\MAGIX
[2012.01.07 14:45:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Malwarebytes
[2010.03.26 19:56:36 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Microsoft
[2003.12.15 20:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Microsoft Web Folders
[2009.10.17 16:06:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla
[2004.01.04 14:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\MSN6
[2011.07.03 21:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\MyHeritage
[2005.10.01 01:24:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Myuqyw
[2011.03.27 09:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\NAVI
[2010.05.12 17:50:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\NCH Swift Sound
[2010.11.05 21:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Nero
[2010.06.25 22:08:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Panasonic
[2010.11.12 22:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\PanoramaStudio
[2010.06.13 21:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\PROMT
[2010.12.12 16:26:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Real
[2010.05.04 21:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Recordpad
[2006.07.06 07:40:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Roxio
[2010.06.22 08:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Serif
[2004.03.21 22:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Sigel
[2007.07.09 19:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Simple Star
[2009.03.19 22:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Skype
[2008.03.25 14:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\SmartSurfer
[2003.11.07 22:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Steinberg
[2007.03.23 09:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Sun
[2011.12.18 19:32:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2008.05.22 06:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Sywoz
[2008.04.17 18:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Talkback
[2009.10.14 19:21:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\TeamViewer
[2006.02.04 11:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\TuneUp Software
[2011.10.09 21:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Ulead Systems
[2010.07.03 16:13:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Winamp
[2008.01.23 13:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\winpt
 
< %APPDATA%\*.exe /s >
[2010.01.31 18:47:08 | 000,706,630 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Ahnenblatt\unins000.exe
[2009.10.23 20:52:02 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\16C9855E-D2F9-4C8C-A864-562E6A4EDD92\AutoRunCE.exe
[2009.10.23 20:53:04 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\16C9855E-D2F9-4C8C-A864-562E6A4EDD92\1\module.exe
[2009.10.23 20:53:12 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\3943B68C-914D-462F-BE35-FDACAD3EA076\AutoRunCE.exe
[2009.10.23 20:53:22 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\3943B68C-914D-462F-BE35-FDACAD3EA076\1\module.exe
[2009.10.23 20:55:40 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\3C669935-6191-4AF2-9737-B90C5C539348\AutoRunCE.exe
[2009.10.23 20:55:43 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\3C669935-6191-4AF2-9737-B90C5C539348\1\module.exe
[2009.10.23 20:53:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\513E420E-FD39-493F-B294-E3D65F4F622F\AutoRunCE.exe
[2009.10.23 20:53:10 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\513E420E-FD39-493F-B294-E3D65F4F622F\1\module.exe
[2009.10.23 20:54:00 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\531F84CE-A8D0-4CD5-829D-1A80C6BF60CC\AutoRunCE.exe
[2009.10.23 20:54:15 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\531F84CE-A8D0-4CD5-829D-1A80C6BF60CC\1\module.exe
[2009.10.23 20:55:14 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\5A0D24FD-178C-4548-985A-4F41E2331FDF\AutoRunCE.exe
[2009.10.23 20:55:16 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\5A0D24FD-178C-4548-985A-4F41E2331FDF\1\module.exe
[2009.10.23 20:54:21 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\67F1C1FD-0F19-4BF3-8601-FB2E2058EE6B\AutoRunCE.exe
[2009.10.23 20:54:23 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\67F1C1FD-0F19-4BF3-8601-FB2E2058EE6B\1\module.exe
[2009.10.23 20:55:20 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\6B1E79BE-9B88-4477-9D54-C9FC60277F74\AutoRunCE.exe
[2009.10.23 20:55:23 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\6B1E79BE-9B88-4477-9D54-C9FC60277F74\1\module.exe
[2009.10.23 20:55:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\8C5DDD8F-9FC4-42FD-A614-ABCE52B5ECD7\AutoRunCE.exe
[2009.10.23 20:55:09 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\8C5DDD8F-9FC4-42FD-A614-ABCE52B5ECD7\1\module.exe
[2009.10.23 20:53:40 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\AF9DF0C6-10F1-4A8E-AC19-7A9566E00044\AutoRunCE.exe
[2009.10.23 20:53:42 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\AF9DF0C6-10F1-4A8E-AC19-7A9566E00044\1\module.exe
[2009.10.23 20:53:46 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\BD8DCED4-4171-4CBE-AB8C-D33CBBD938D9\AutoRunCE.exe
[2009.10.23 20:53:57 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\BD8DCED4-4171-4CBE-AB8C-D33CBBD938D9\1\module.exe
[2009.10.23 20:55:48 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\C08ACDDE-2DE7-49D9-8971-1A2C92DDBBF9\AutoRunCE.exe
[2009.10.23 20:55:50 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\C08ACDDE-2DE7-49D9-8971-1A2C92DDBBF9\1\module.exe
[2009.10.23 20:54:16 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\C7BA5997-474A-4B74-B75F-1F8BB1F442B3\AutoRunCE.exe
[2009.10.23 20:54:17 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\C7BA5997-474A-4B74-B75F-1F8BB1F442B3\1\module.exe
[2009.10.23 20:54:47 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\D10C2D3B-F4E8-4311-B80A-546980B9D99A\AutoRunCE.exe
[2009.10.23 20:54:59 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\D10C2D3B-F4E8-4311-B80A-546980B9D99A\1\module.exe
[2009.10.23 20:55:26 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\E8933936-9959-4210-BE6A-8A107C5EF3C0\AutoRunCE.exe
[2009.10.23 20:55:34 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\E8933936-9959-4210-BE6A-8A107C5EF3C0\1\module.exe
[2009.10.23 20:54:30 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\EFAD4A36-6C13-47F4-A3E5-DB843E835ECF\AutoRunCE.exe
[2009.10.23 20:54:40 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\EFAD4A36-6C13-47F4-A3E5-DB843E835ECF\1\module.exe
[2009.10.23 20:53:26 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\F5298FF1-C555-431D-B73B-2A201821FAA1\AutoRunCE.exe
[2009.10.23 20:53:29 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\F5298FF1-C555-431D-B73B-2A201821FAA1\1\module.exe
[2009.10.23 20:53:33 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\FD5ADF41-2451-469F-84CF-1DF5C8E0027B\AutoRunCE.exe
[2009.10.23 20:53:37 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\GoPal Assistant\Library\FD5ADF41-2451-469F-84CF-1DF5C8E0027B\1\module.exe
[2011.06.18 17:32:28 | 012,991,872 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe
[2010.12.28 20:50:09 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
[2010.12.28 20:50:09 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
[2010.12.28 20:50:09 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
[2010.12.28 20:50:09 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
[2003.10.24 13:11:54 | 000,032,768 | R--- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Microsoft\Installer\{35343FF7-939B-401A-87B3-FF90A5123D88}\icon.exe
[2003.11.03 13:10:48 | 000,032,768 | R--- | M] () -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.10.24 20:40:19 | 000,496,888 | ---- | M] (Microsoft Corporation) -- C:\ie6setup.exe
[2008.10.18 17:40:38 | 015,531,662 | ---- | M] (InterVideo Inc.                                              ) -- C:\WinDVR3.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.12.29 21:39:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010.12.29 21:39:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 13:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.12.29 21:39:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010.12.29 21:39:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\SoftwareDistribution_old\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2gdr\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\SoftwareDistribution_old\Download\e3b9e8cd6239a53ea3486ac0e70fdfac\sp2gdr\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2002.08.29 13:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2002.08.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.11.10 18:41:51 | 000,524,288 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007.11.10 17:27:34 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2007.11.10 18:41:51 | 033,554,432 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007.11.10 18:41:51 | 007,864,320 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A9364E30

< End of report >
         
Vielen Dank für die Mühe!!

Gruß
Bismosa

[edit]
Hier auch der Inhalt der Extras.txt. Den hatte ich übersehen.

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.01.2012 19:47:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\VS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,53 Mb Total Physical Memory | 303,47 Mb Available Physical Memory | 29,65% Memory free
2,41 Gb Paging File | 1,73 Gb Available in Paging File | 72,02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 2,71 Gb Free Space | 5,56% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 3,20 Gb Free Space | 6,55% Space Free | Partition Type: NTFS
Drive E: | 51,39 Gb Total Space | 5,19 Gb Free Space | 10,10% Space Free | Partition Type: NTFS
 
Computer Name: VS-W5PSQJN8G3O0 | User Name: VS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "C:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirstRunDisabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) 
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player
"C:\Programme\Caplio Software\RGateLXP.exe" = C:\Programme\Caplio Software\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC -- (Ricoh Company, Ltd.)
"C:\Dokumente und Einstellungen\VS\Desktop\incredimail_install.exe" = C:\Dokumente und Einstellungen\VS\Desktop\incredimail_install.exe:*:Enabled:IncrediMail Installer
"C:\Programme\IncrediMail\bin\IMApp.exe" = C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"F:\fsetup.exe" = F:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\DOKUME~1\VS\LOKALE~1\Temp\RarSFX0\StsInstall.exe" = C:\DOKUME~1\VS\LOKALE~1\Temp\RarSFX0\StsInstall.exe:*:Enabled:StsInstall
"C:\Programme\DSTEUERFORMULAR\DSTEUERFORMULAR\DSTEUERFORMULAR.exe" = C:\Programme\DSTEUERFORMULAR\DSTEUERFORMULAR\DSTEUERFORMULAR.exe:*:Enabled:DSTEUERFORMULAR
"C:\Dokumente und Einstellungen\VS\Desktop\Nicht verwendete Desktopverknüpfungen\iexplore.exe" = C:\Dokumente und Einstellungen\VS\Desktop\Nicht verwendete Desktopverknüpfungen\iexplore.exe:*:Enabled:Internet Explorer
"C:\Programme\m.objects\mobjects.exe" = C:\Programme\m.objects\mobjects.exe:*:Disabled:m.objects Application
"C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe" = C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe:*:Enabled:Internet Explorer
"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Programme\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090525-1200\win32\x86\symphony.exe" = C:\Programme\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090525-1200\win32\x86\symphony.exe:*:Enabled:Lotus Symphony
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{090B5A39-32DD-431D-A978-3163C950AF6E}" = PROMT Professional 9.0 German Giant Special Edition
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E1EF887-ED45-4AA6-891E-379CA7876306}" = MAGIX Fotos auf CD & DVD 9 deluxe
"{0F21B682-E46F-4F91-B629-71DD337DCB9D}" = Caplio Software
"{0F7F8182-7FA3-4C49-86FD-7B3324806C16}" = MAGIX 3D Maker (embedded MSI)
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2207ea27-0dec-4613-a50d-5d55b8e71aca}" = Nero 9 Essentials
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DD30F74-520A-4513-ACE8-FFF5117EACC6}" = StarMoney
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3DA41E54-9526-40C0-8456-66B09379DFCC}" = PaintShop Photo Pro X3 Registration Incentive
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser und SDK
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3F1E70BA-436A-4CF8-B612-96F3C9D703CB}" = StarMoney 7.0 S-Edition
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59C95D15-5F24-435E-898D-3806961FC79D}" = Steuer 2006
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B29B686-E9E1-49C0-97EB-02D44FF92FF5}" = TMPGEnc DVD Author 1.5
"{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}" = InterVideo WinDVR 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}" = Ulead DVD MovieFactory 2 SE
"{89C4D838-5093-4335-A64A-3A2474A7630C}" = MAGIX Screenshare
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{912F3A17-3C40-4A8C-0001-E631B6A03798}" = Formatwandler 360
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA7D28F-7C66-45BD-95C0-BEC00CEFD34A}" = Matrox PowerDesk-SE
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3A6202F-8F3E-424C-83B8-189F92A1AB43}" = One Touch Video Capture
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C5DB5FBF-F037-4BEE-A110-257E89EDD8BB}" = Microsoft Word in Works Suite-Add-In
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack
"{CA1BC3BD-F1B9-4A7F-96CD-F3111DAB7BF3}" = MAGIX Online Druck Service
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCE950A-61C3-4597-AB6F-CB5AFE74E16F}" = Eumex 800 V1.10
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}" = Keyboard Driver
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EF9A22AC-9FD0-42B5-B0F3-3221AEC48978}" = MAGIX Speed 2 (MSI)
"{F00270EB-90E7-4C58-9665-741BB1017382}" = MAGIX Xtreme Foto Designer 6
"{F0BA5720-E189-11D4-9EA1-0050BAE317E1}" = PowerVCR II
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ahnenblatt_is1" = Ahnenblatt 2.62
"All ATI Software" = ATI - Software Uninstall Utility
"ASAPI Update" = ASAPI Update
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"AVMFBox" = AVM FRITZ!Box Dokumentation
"BabylonToolbar" = Babylon toolbar on IE
"BibelCarD" = BibelCarD
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"Clean 4.01" = Clean 4.01
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ESET Online Scanner" = ESET Online Scanner v3
"FRITZ! 2.0" = AVM FRITZ!
"FRITZ!DSL" = AVM FRITZ!DSL
"Hardcopy" = Hardcopy
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IEAK6" = Microsoft IEAK 6
"Indeo® software" = Indeo® software
"InstallShield_{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}" = Keyboard Driver
"klickTel Januar 2002" = klickTel Januar 2002
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx" = MAGIX Fotos auf CD & DVD 9 deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Medion GoPal Assistant" = Medion GoPal Assistant 4.02.007
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Tools 2.0" = Windows Media Tools 4.0
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multimedia Stammbaum 1.1" = Multimedia Stammbaum 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"Paint Shop Pro 5.03" = Paint Shop Pro 5.03 CD
"PanoramaStudio" = PanoramaStudio 1.5 (deinstallieren)
"PDF-XChange Registered Release" = PDF-XChange Registered Release
"Product_Name" = Font Lister
"RealPlayer 12.0" = RealPlayer
"RemoteCapture" = Canon Utilities RemoteCapture 2.1
"Rmtablet" = HyperPen Mini Driver
"Shockwave" = Shockwave
"SmartSuite V97.0" = Lotus SmartSuite 97
"SmartSuite V99.0" = Lotus SmartSuite Version 9.5
"Sound Blaster PCI" = Sound Blaster PCI
"TeamViewer 4" = TeamViewer 4
"TeamViewer 7" = TeamViewer 7
"Visitenkarten-Druckerei 2" = Data Becker Visitenkarten-Druckerei
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WaveLab Lite" = WaveLab Lite
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMPG Video Convert 5.6" = WinMPG Video Convert 5.6
"WinRAR archiver" = WinRAR Archivierer
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{AC06B7A8-CEB7-4F7F-B527-15AB6D5E8527}" = DCI TradeManager 8.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.01.2012 10:54:36 | Computer Name = VS-W5PSQJN8G3O0 | Source = MSSQLSERVER | ID = 17052
Description = Error: 9003, Severity: 20, State: 1  The LSN (29:429:1) passed to log
 scan in database 'model' is invalid.
 
Error - 08.01.2012 03:03:23 | Computer Name = VS-W5PSQJN8G3O0 | Source = MSSQLSERVER | ID = 17052
Description = Error: 9003, Severity: 20, State: 1  Die LSN (29:429:1), die an den 
Protokollscan in der model-Datenbank übergeben wurde, ist ungültig.
 
Error - 08.01.2012 03:03:23 | Computer Name = VS-W5PSQJN8G3O0 | Source = MSSQLSERVER | ID = 17052
Description = Error: 9003, Severity: 20, State: 1  The LSN (29:429:1) passed to log
 scan in database 'model' is invalid.
 
Error - 08.01.2012 09:14:44 | Computer Name = VS-W5PSQJN8G3O0 | Source = Microsoft Office 11 | ID = 1000
Description = 
 
Error - 09.01.2012 03:04:47 | Computer Name = VS-W5PSQJN8G3O0 | Source = MSSQLSERVER | ID = 17052
Description = Error: 9003, Severity: 20, State: 1  Die LSN (29:429:1), die an den 
Protokollscan in der model-Datenbank übergeben wurde, ist ungültig.
 
Error - 09.01.2012 03:04:47 | Computer Name = VS-W5PSQJN8G3O0 | Source = MSSQLSERVER | ID = 17052
Description = Error: 9003, Severity: 20, State: 1  The LSN (29:429:1) passed to log
 scan in database 'model' is invalid.
 
Error - 09.01.2012 07:06:05 | Computer Name = VS-W5PSQJN8G3O0 | Source = MSSQLSERVER | ID = 17052
Description = Error: 9003, Severity: 20, State: 1  Die LSN (29:429:1), die an den 
Protokollscan in der model-Datenbank übergeben wurde, ist ungültig.
 
Error - 09.01.2012 07:06:05 | Computer Name = VS-W5PSQJN8G3O0 | Source = MSSQLSERVER | ID = 17052
Description = Error: 9003, Severity: 20, State: 1  The LSN (29:429:1) passed to log
 scan in database 'model' is invalid.
 
Error - 09.01.2012 13:55:33 | Computer Name = VS-W5PSQJN8G3O0 | Source = MSSQLSERVER | ID = 17052
Description = Error: 9003, Severity: 20, State: 1  Die LSN (29:429:1), die an den 
Protokollscan in der model-Datenbank übergeben wurde, ist ungültig.
 
Error - 09.01.2012 13:55:33 | Computer Name = VS-W5PSQJN8G3O0 | Source = MSSQLSERVER | ID = 17052
Description = Error: 9003, Severity: 20, State: 1  The LSN (29:429:1) passed to log
 scan in database 'model' is invalid.
 
[ System Events ]
Error - 09.01.2012 03:03:51 | Computer Name = VS-W5PSQJN8G3O0 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.2 für die Netzwerkkarte mit der Netzwerkadresse
 000C6EA004EE wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 09.01.2012 03:05:39 | Computer Name = VS-W5PSQJN8G3O0 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 09.01.2012 03:05:39 | Computer Name = VS-W5PSQJN8G3O0 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
Error - 09.01.2012 03:05:45 | Computer Name = VS-W5PSQJN8G3O0 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
Error - 09.01.2012 07:07:05 | Computer Name = VS-W5PSQJN8G3O0 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 09.01.2012 07:07:05 | Computer Name = VS-W5PSQJN8G3O0 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
Error - 09.01.2012 07:07:15 | Computer Name = VS-W5PSQJN8G3O0 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
Error - 09.01.2012 13:56:32 | Computer Name = VS-W5PSQJN8G3O0 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 09.01.2012 13:56:32 | Computer Name = VS-W5PSQJN8G3O0 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
Error - 09.01.2012 13:56:39 | Computer Name = VS-W5PSQJN8G3O0 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
 
< End of report >
         
--- --- ---

[/edit]

Geändert von bismosa (09.01.2012 um 20:44 Uhr) Grund: Extras.txt

Alt 09.01.2012, 22:07   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2011.11.19 21:28:36 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com
[2011.09.12 12:16:03 | 000,002,291 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Reg Error: Value error.) - {23CC3468-36E5-442E-A01C-E98C9A6B89DF} - C:\WINDOWS\system32\usrdpa32.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [TblMouse] TblMouse.exe File not found
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT75\PRMTIE\prmtie5.htm File not found
O9 - Extra 'Tools' menuitem : Übersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT75\PRMTIE\options.htm File not found
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.22 21:09:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2005.10.01 01:24:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Myuqyw
[2008.05.22 06:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Sywoz
@Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A9364E30
:Files
C:\Programme\Babylon*
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.01.2012, 17:42   #10
bismosa
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Hallo!

Leider gibt es hier irgendwelche Probleme. Ich beende alle Programme, die ich beenden kann. Ich mache das per Fernwartung (Teamviewer) ich hoffe, das nicht das das Problem ist.
OTL zeigt seit 5h "Killing processes. DO NOT INTERRUPT". Mehr ist aber nicht passiert. Aussder das oben im OTL Fenster noch steht "Keine Rückmeldung".
Ich habe jetzt schon 1x Reset drücken lassen...und habe es nochmal probiert. Aber seit 1h passiert auch wieder nichts.

Was kann ich tun?

Gruß
Bismosa

Alt 10.01.2012, 19:51   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Probier es im abgesicherten Modus


Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.01.2012, 20:01   #12
bismosa
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Hallo!

Das hat geklappt.
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Mozilla\Firefox\Profiles\7um7bynq.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23CC3468-36E5-442E-A01C-E98C9A6B89DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23CC3468-36E5-442E-A01C-E98C9A6B89DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}\ deleted successfully.
C:\WINDOWS\system32\ieconfig_1und1.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ deleted successfully.
File WebPrint\Toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FF284F5C-7CF9-4682-8701-D467C1DBB99F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF284F5C-7CF9-4682-8701-D467C1DBB99F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TblMouse deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3C34EBD2-038D-4d4f-B081-16D99D8BE2B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C34EBD2-038D-4d4f-B081-16D99D8BE2B4}\ not found.
C:\WINDOWS\Downloaded Program Files\IEPrint.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Myuqyw folder moved successfully.
C:\Dokumente und Einstellungen\VS\Anwendungsdaten\Sywoz folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A9364E30 deleted successfully.
========== FILES ==========
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\bh folder moved successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0 folder moved successfully.
C:\Programme\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Programme\BabylonToolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 114688 bytes
->Temporary Internet Files folder emptied: 5481500 bytes
->Flash cache emptied: 456 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 133903470 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 45565671 bytes
 
User: VS
->Temp folder emptied: 1181813716 bytes
->Temporary Internet Files folder emptied: 182009951 bytes
->Java cache emptied: 9652751 bytes
->FireFox cache emptied: 47342407 bytes
->Google Chrome cache emptied: 7996244 bytes
->Flash cache emptied: 12997062 bytes
 
%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 5173201 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 223194014 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.769,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01112012_175006

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Im Internetexplorer lassen sich immer noch nicht die folgenden Seiten aufrufen:
conrad.de -> Access Denied
Amazon.de -> Leere Seite -> Erst nach Umstellen der Codepage wird eine Seite aufgerufen
Bei Conrad scheint es im Moment generelle Probleme zu geben. Aber bei Amazon konnte ich keine Info finden...

Ich denke aber soweit sollte der Rechner wieder sauber sein?

Gruß
Bismosa

Alt 11.01.2012, 20:17   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Zitat:
Im Internetexplorer lassen sich immer noch nicht die folgenden Seiten aufrufen:
conrad.de -> Access Denied
Amazon.de -> Leere Seite -> Erst nach Umstellen der Codepage wird eine Seite aufgerufe
Nur im IE oder generell nicht? Hatte das erst im Bekanntenkreis gehabt. Tritt auf, wenn man bei der Telekom ist aber als DNS die Server von OpenDNS (208.67.222.222 und 208.67.220.220) benutzt. Seit ein paar Wochen hat die Telekom einen Routing-Bug da drin wenn man OpenDNS nimmt. Seiten wie ebay, amazon oder welt.de lassen sich dann nicht öffnen. Musste wieder auf Telekom-DNS stellen dann gings wieder normal. Wann und ob die Telekom das behebt weiß man so nicht.


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.01.2012, 20:45   #14
bismosa
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Hallo!

Das tritt nur mit dem InternetExplorer auf. Mit Firefox gehen die Seiten alle.

Code:
ATTFilter
20:32:04.0515 0892	TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
20:32:05.0031 0892	============================================================
20:32:05.0031 0892	Current date / time: 2012/01/11 20:32:05.0031
20:32:05.0031 0892	SystemInfo:
20:32:05.0031 0892	
20:32:05.0031 0892	OS Version: 5.1.2600 ServicePack: 3.0
20:32:05.0031 0892	Product type: Workstation
20:32:05.0031 0892	ComputerName: VS-W5PSQJN8G3O0
20:32:05.0031 0892	UserName: VS
20:32:05.0031 0892	Windows directory: C:\WINDOWS
20:32:05.0031 0892	System windows directory: C:\WINDOWS
20:32:05.0031 0892	Processor architecture: Intel x86
20:32:05.0031 0892	Number of processors: 1
20:32:05.0031 0892	Page size: 0x1000
20:32:05.0031 0892	Boot type: Normal boot
20:32:05.0031 0892	============================================================
20:32:07.0421 0892	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
20:32:07.0984 0892	Initialize success
20:32:35.0843 3576	============================================================
20:32:35.0843 3576	Scan started
20:32:35.0843 3576	Mode: Manual; SigCheck; TDLFS; 
20:32:35.0843 3576	============================================================
20:32:36.0156 3576	61883           (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
20:32:36.0421 3576	61883 ( UnsignedFile.Multi.Generic ) - warning
20:32:36.0421 3576	61883 - detected UnsignedFile.Multi.Generic (1)
20:32:36.0546 3576	713xTVCard      (e9de5148c0a9829e9e3bcf8a93d035c1) C:\WINDOWS\system32\DRIVERS\SAA713x.sys
20:32:36.0656 3576	713xTVCard ( UnsignedFile.Multi.Generic ) - warning
20:32:36.0656 3576	713xTVCard - detected UnsignedFile.Multi.Generic (1)
20:32:36.0718 3576	Abiosdsk - ok
20:32:36.0796 3576	abp480n5 - ok
20:32:36.0890 3576	ACEDRV06        (44010948bde6ade50dd1386657c73e83) C:\WINDOWS\system32\drivers\ACEDRV06.sys
20:32:37.0140 3576	ACEDRV06 ( UnsignedFile.Multi.Generic ) - warning
20:32:37.0140 3576	ACEDRV06 - detected UnsignedFile.Multi.Generic (1)
20:32:37.0250 3576	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:32:37.0312 3576	ACPI ( UnsignedFile.Multi.Generic ) - warning
20:32:37.0312 3576	ACPI - detected UnsignedFile.Multi.Generic (1)
20:32:37.0437 3576	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:32:37.0515 3576	ACPIEC ( UnsignedFile.Multi.Generic ) - warning
20:32:37.0515 3576	ACPIEC - detected UnsignedFile.Multi.Generic (1)
20:32:37.0578 3576	adpu160m - ok
20:32:37.0671 3576	aeaudio         (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:32:37.0765 3576	aeaudio ( UnsignedFile.Multi.Generic ) - warning
20:32:37.0765 3576	aeaudio - detected UnsignedFile.Multi.Generic (1)
20:32:37.0906 3576	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:32:38.0000 3576	aec ( UnsignedFile.Multi.Generic ) - warning
20:32:38.0000 3576	aec - detected UnsignedFile.Multi.Generic (1)
20:32:38.0109 3576	Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
20:32:38.0265 3576	Afc - ok
20:32:38.0359 3576	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:32:38.0453 3576	AFD ( UnsignedFile.Multi.Generic ) - warning
20:32:38.0453 3576	AFD - detected UnsignedFile.Multi.Generic (1)
20:32:38.0531 3576	Aha154x - ok
20:32:38.0578 3576	aic78u2 - ok
20:32:38.0656 3576	aic78xx - ok
20:32:38.0734 3576	AliIde - ok
20:32:38.0843 3576	AmdK7           (3a0dafac778236559c14c7203fb550eb) C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:32:38.0906 3576	AmdK7 ( UnsignedFile.Multi.Generic ) - warning
20:32:38.0906 3576	AmdK7 - detected UnsignedFile.Multi.Generic (1)
20:32:39.0000 3576	amsint - ok
20:32:39.0093 3576	APL531 - ok
20:32:39.0218 3576	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:32:39.0281 3576	Arp1394 ( UnsignedFile.Multi.Generic ) - warning
20:32:39.0281 3576	Arp1394 - detected UnsignedFile.Multi.Generic (1)
20:32:39.0390 3576	AsapiW2K        (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapiw2k.sys
20:32:39.0500 3576	AsapiW2K ( UnsignedFile.Multi.Generic ) - warning
20:32:39.0500 3576	AsapiW2K - detected UnsignedFile.Multi.Generic (1)
20:32:39.0578 3576	asc - ok
20:32:39.0656 3576	asc3350p - ok
20:32:39.0734 3576	asc3550 - ok
20:32:39.0875 3576	Aspi32          (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
20:32:39.0937 3576	Aspi32 ( UnsignedFile.Multi.Generic ) - warning
20:32:39.0937 3576	Aspi32 - detected UnsignedFile.Multi.Generic (1)
20:32:40.0046 3576	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:32:40.0109 3576	AsyncMac ( UnsignedFile.Multi.Generic ) - warning
20:32:40.0109 3576	AsyncMac - detected UnsignedFile.Multi.Generic (1)
20:32:40.0218 3576	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:32:40.0250 3576	atapi ( UnsignedFile.Multi.Generic ) - warning
20:32:40.0250 3576	atapi - detected UnsignedFile.Multi.Generic (1)
20:32:40.0343 3576	Atdisk - ok
20:32:40.0453 3576	ati2mtaa        (27bab72eae141d0ce39ec65c0fdeb2d6) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
20:32:40.0531 3576	ati2mtaa ( UnsignedFile.Multi.Generic ) - warning
20:32:40.0531 3576	ati2mtaa - detected UnsignedFile.Multi.Generic (1)
20:32:40.0671 3576	ati2mtag        (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:32:40.0875 3576	ati2mtag ( UnsignedFile.Multi.Generic ) - warning
20:32:40.0875 3576	ati2mtag - detected UnsignedFile.Multi.Generic (1)
20:32:40.0984 3576	atirage3        (ae5333a1a1b9788db5d9d62cb430b441) C:\WINDOWS\system32\DRIVERS\atimpae.sys
20:32:41.0062 3576	atirage3 ( UnsignedFile.Multi.Generic ) - warning
20:32:41.0062 3576	atirage3 - detected UnsignedFile.Multi.Generic (1)
20:32:41.0171 3576	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:32:41.0250 3576	Atmarpc ( UnsignedFile.Multi.Generic ) - warning
20:32:41.0250 3576	Atmarpc - detected UnsignedFile.Multi.Generic (1)
20:32:41.0343 3576	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:32:41.0406 3576	audstub ( UnsignedFile.Multi.Generic ) - warning
20:32:41.0406 3576	audstub - detected UnsignedFile.Multi.Generic (1)
20:32:41.0515 3576	Avc             (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
20:32:41.0578 3576	Avc ( UnsignedFile.Multi.Generic ) - warning
20:32:41.0578 3576	Avc - detected UnsignedFile.Multi.Generic (1)
20:32:41.0656 3576	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
20:32:41.0718 3576	avgio - ok
20:32:41.0828 3576	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:32:41.0875 3576	avgntflt - ok
20:32:41.0984 3576	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:32:42.0046 3576	avipbb - ok
20:32:42.0156 3576	AVMCOWAN        (8f5b0e73e2f79568e66c1c1eb82926f0) C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
20:32:42.0218 3576	AVMCOWAN ( UnsignedFile.Multi.Generic ) - warning
20:32:42.0218 3576	AVMCOWAN - detected UnsignedFile.Multi.Generic (1)
20:32:42.0328 3576	AVMPORT         (342595c7c5b0a32c63dc6912e8b7fcb6) C:\WINDOWS\System32\drivers\avmport.sys
20:32:42.0421 3576	AVMPORT ( UnsignedFile.Multi.Generic ) - warning
20:32:42.0421 3576	AVMPORT - detected UnsignedFile.Multi.Generic (1)
20:32:42.0546 3576	AVMUNET         (077b3692f4376d1539755761feef659a) C:\WINDOWS\system32\DRIVERS\avmunet.sys
20:32:42.0609 3576	AVMUNET ( UnsignedFile.Multi.Generic ) - warning
20:32:42.0609 3576	AVMUNET - detected UnsignedFile.Multi.Generic (1)
20:32:42.0703 3576	AVMWAN          (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
20:32:42.0781 3576	AVMWAN ( UnsignedFile.Multi.Generic ) - warning
20:32:42.0781 3576	AVMWAN - detected UnsignedFile.Multi.Generic (1)
20:32:42.0875 3576	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:32:42.0937 3576	Beep ( UnsignedFile.Multi.Generic ) - warning
20:32:42.0937 3576	Beep - detected UnsignedFile.Multi.Generic (1)
20:32:43.0062 3576	Cap7134         (fc766cfbd052e41ff71921b8fc9ffc30) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
20:32:43.0203 3576	Cap7134 ( UnsignedFile.Multi.Generic ) - warning
20:32:43.0203 3576	Cap7134 - detected UnsignedFile.Multi.Generic (1)
20:32:43.0312 3576	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:32:43.0375 3576	cbidf2k ( UnsignedFile.Multi.Generic ) - warning
20:32:43.0375 3576	cbidf2k - detected UnsignedFile.Multi.Generic (1)
20:32:43.0484 3576	CBN             (946595da193c5b49062fdf23bde5c764) C:\WINDOWS\System32\Drivers\CBN.SYS
20:32:43.0546 3576	CBN ( UnsignedFile.Multi.Generic ) - warning
20:32:43.0546 3576	CBN - detected UnsignedFile.Multi.Generic (1)
20:32:43.0656 3576	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:32:43.0671 3576	CCDECODE ( UnsignedFile.Multi.Generic ) - warning
20:32:43.0671 3576	CCDECODE - detected UnsignedFile.Multi.Generic (1)
20:32:43.0765 3576	cd20xrnt - ok
20:32:43.0859 3576	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:32:43.0937 3576	Cdaudio ( UnsignedFile.Multi.Generic ) - warning
20:32:43.0937 3576	Cdaudio - detected UnsignedFile.Multi.Generic (1)
20:32:44.0046 3576	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:32:44.0171 3576	Cdfs ( UnsignedFile.Multi.Generic ) - warning
20:32:44.0171 3576	Cdfs - detected UnsignedFile.Multi.Generic (1)
20:32:44.0281 3576	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:32:44.0343 3576	Cdrom ( UnsignedFile.Multi.Generic ) - warning
20:32:44.0343 3576	Cdrom - detected UnsignedFile.Multi.Generic (1)
20:32:44.0437 3576	Changer - ok
20:32:44.0515 3576	CmdIde - ok
20:32:44.0609 3576	Cpqarray - ok
20:32:44.0687 3576	dac2w2k - ok
20:32:44.0765 3576	dac960nt - ok
20:32:44.0843 3576	DGrabTerratec - ok
20:32:44.0937 3576	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:32:45.0000 3576	Disk ( UnsignedFile.Multi.Generic ) - warning
20:32:45.0000 3576	Disk - detected UnsignedFile.Multi.Generic (1)
20:32:45.0218 3576	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:32:45.0437 3576	dmboot ( UnsignedFile.Multi.Generic ) - warning
20:32:45.0437 3576	dmboot - detected UnsignedFile.Multi.Generic (1)
20:32:45.0578 3576	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:32:45.0750 3576	dmio ( UnsignedFile.Multi.Generic ) - warning
20:32:45.0750 3576	dmio - detected UnsignedFile.Multi.Generic (1)
20:32:45.0843 3576	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:32:45.0906 3576	dmload ( UnsignedFile.Multi.Generic ) - warning
20:32:45.0906 3576	dmload - detected UnsignedFile.Multi.Generic (1)
20:32:46.0031 3576	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:32:46.0078 3576	DMusic ( UnsignedFile.Multi.Generic ) - warning
20:32:46.0078 3576	DMusic - detected UnsignedFile.Multi.Generic (1)
20:32:46.0187 3576	dpti2o - ok
20:32:46.0281 3576	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:32:46.0343 3576	drmkaud ( UnsignedFile.Multi.Generic ) - warning
20:32:46.0343 3576	drmkaud - detected UnsignedFile.Multi.Generic (1)
20:32:46.0484 3576	es1371          (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys
20:32:46.0546 3576	es1371 ( UnsignedFile.Multi.Generic ) - warning
20:32:46.0546 3576	es1371 - detected UnsignedFile.Multi.Generic (1)
20:32:46.0703 3576	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:32:46.0796 3576	Fastfat ( UnsignedFile.Multi.Generic ) - warning
20:32:46.0796 3576	Fastfat - detected UnsignedFile.Multi.Generic (1)
20:32:46.0906 3576	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:32:46.0968 3576	Fdc ( UnsignedFile.Multi.Generic ) - warning
20:32:46.0968 3576	Fdc - detected UnsignedFile.Multi.Generic (1)
20:32:47.0078 3576	FET5X86V        (e7072827d0b5f9bd99d6961571a38973) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
20:32:47.0156 3576	FET5X86V ( UnsignedFile.Multi.Generic ) - warning
20:32:47.0156 3576	FET5X86V - detected UnsignedFile.Multi.Generic (1)
20:32:47.0187 3576	FETND5BV        (e7072827d0b5f9bd99d6961571a38973) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
20:32:47.0281 3576	FETND5BV ( UnsignedFile.Multi.Generic ) - warning
20:32:47.0281 3576	FETND5BV - detected UnsignedFile.Multi.Generic (1)
20:32:47.0359 3576	FETNDIS - ok
20:32:47.0468 3576	FETNDISB        (a177146aa976ac4b502d20bedd348000) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
20:32:47.0531 3576	FETNDISB ( UnsignedFile.Multi.Generic ) - warning
20:32:47.0531 3576	FETNDISB - detected UnsignedFile.Multi.Generic (1)
20:32:47.0640 3576	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:32:47.0734 3576	Fips ( UnsignedFile.Multi.Generic ) - warning
20:32:47.0734 3576	Fips - detected UnsignedFile.Multi.Generic (1)
20:32:47.0859 3576	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:32:47.0906 3576	Flpydisk ( UnsignedFile.Multi.Generic ) - warning
20:32:47.0906 3576	Flpydisk - detected UnsignedFile.Multi.Generic (1)
20:32:48.0031 3576	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:32:48.0093 3576	FltMgr ( UnsignedFile.Multi.Generic ) - warning
20:32:48.0093 3576	FltMgr - detected UnsignedFile.Multi.Generic (1)
20:32:48.0218 3576	fpcibase        (45b5129aeae91ea096a9bbebff99e098) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
20:32:48.0328 3576	fpcibase ( UnsignedFile.Multi.Generic ) - warning
20:32:48.0328 3576	fpcibase - detected UnsignedFile.Multi.Generic (1)
20:32:48.0421 3576	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:32:48.0468 3576	Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
20:32:48.0468 3576	Fs_Rec - detected UnsignedFile.Multi.Generic (1)
20:32:48.0562 3576	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:32:48.0640 3576	Ftdisk ( UnsignedFile.Multi.Generic ) - warning
20:32:48.0640 3576	Ftdisk - detected UnsignedFile.Multi.Generic (1)
20:32:48.0796 3576	G400DH          (2dd3d27e36ebf6804c40b843ff10872f) C:\WINDOWS\system32\DRIVERS\g400dhm.sys
20:32:48.0953 3576	G400DH ( UnsignedFile.Multi.Generic ) - warning
20:32:48.0953 3576	G400DH - detected UnsignedFile.Multi.Generic (1)
20:32:49.0062 3576	gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:32:49.0125 3576	gameenum ( UnsignedFile.Multi.Generic ) - warning
20:32:49.0125 3576	gameenum - detected UnsignedFile.Multi.Generic (1)
20:32:49.0218 3576	GEARAspiWDM     (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:32:49.0281 3576	GEARAspiWDM - ok
20:32:49.0421 3576	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:32:49.0500 3576	Gpc ( UnsignedFile.Multi.Generic ) - warning
20:32:49.0500 3576	Gpc - detected UnsignedFile.Multi.Generic (1)
20:32:49.0671 3576	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:32:49.0703 3576	HidUsb ( UnsignedFile.Multi.Generic ) - warning
20:32:49.0703 3576	HidUsb - detected UnsignedFile.Multi.Generic (1)
20:32:49.0812 3576	hpn - ok
20:32:49.0906 3576	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:32:49.0984 3576	HTTP ( UnsignedFile.Multi.Generic ) - warning
20:32:49.0984 3576	HTTP - detected UnsignedFile.Multi.Generic (1)
20:32:50.0078 3576	i2omgmt - ok
20:32:50.0156 3576	i2omp - ok
20:32:50.0250 3576	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:32:50.0375 3576	i8042prt ( UnsignedFile.Multi.Generic ) - warning
20:32:50.0375 3576	i8042prt - detected UnsignedFile.Multi.Generic (1)
20:32:50.0500 3576	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:32:50.0562 3576	Imapi ( UnsignedFile.Multi.Generic ) - warning
20:32:50.0562 3576	Imapi - detected UnsignedFile.Multi.Generic (1)
20:32:50.0656 3576	ini910u - ok
20:32:50.0734 3576	IntelIde - ok
20:32:50.0812 3576	iomdisk         (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
20:32:50.0875 3576	iomdisk ( UnsignedFile.Multi.Generic ) - warning
20:32:50.0875 3576	iomdisk - detected UnsignedFile.Multi.Generic (1)
20:32:51.0015 3576	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:32:51.0093 3576	Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
20:32:51.0093 3576	Ip6Fw - detected UnsignedFile.Multi.Generic (1)
20:32:51.0187 3576	IPFilter        (d0b3dee109af605885c46a59bfc24cd2) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
20:32:51.0234 3576	IPFilter ( UnsignedFile.Multi.Generic ) - warning
20:32:51.0234 3576	IPFilter - detected UnsignedFile.Multi.Generic (1)
20:32:51.0343 3576	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:32:51.0390 3576	IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
20:32:51.0390 3576	IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
20:32:51.0500 3576	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:32:51.0562 3576	IpInIp ( UnsignedFile.Multi.Generic ) - warning
20:32:51.0562 3576	IpInIp - detected UnsignedFile.Multi.Generic (1)
20:32:51.0687 3576	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:32:51.0734 3576	IpNat ( UnsignedFile.Multi.Generic ) - warning
20:32:51.0734 3576	IpNat - detected UnsignedFile.Multi.Generic (1)
20:32:51.0828 3576	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:32:51.0953 3576	IPSec ( UnsignedFile.Multi.Generic ) - warning
20:32:51.0953 3576	IPSec - detected UnsignedFile.Multi.Generic (1)
20:32:52.0062 3576	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:32:52.0125 3576	IRENUM ( UnsignedFile.Multi.Generic ) - warning
20:32:52.0125 3576	IRENUM - detected UnsignedFile.Multi.Generic (1)
20:32:52.0250 3576	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:32:52.0312 3576	isapnp ( UnsignedFile.Multi.Generic ) - warning
20:32:52.0312 3576	isapnp - detected UnsignedFile.Multi.Generic (1)
20:32:52.0437 3576	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:32:52.0500 3576	Kbdclass ( UnsignedFile.Multi.Generic ) - warning
20:32:52.0500 3576	Kbdclass - detected UnsignedFile.Multi.Generic (1)
20:32:52.0609 3576	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:32:52.0687 3576	kbdhid ( UnsignedFile.Multi.Generic ) - warning
20:32:52.0687 3576	kbdhid - detected UnsignedFile.Multi.Generic (1)
20:32:52.0796 3576	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:32:52.0843 3576	kmixer ( UnsignedFile.Multi.Generic ) - warning
20:32:52.0843 3576	kmixer - detected UnsignedFile.Multi.Generic (1)
20:32:52.0937 3576	KMWDFilter      (72c55c745d804d62162144ebfd6390b8) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
20:32:53.0000 3576	KMWDFilter ( UnsignedFile.Multi.Generic ) - warning
20:32:53.0000 3576	KMWDFilter - detected UnsignedFile.Multi.Generic (1)
20:32:53.0109 3576	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:32:53.0187 3576	KSecDD ( UnsignedFile.Multi.Generic ) - warning
20:32:53.0187 3576	KSecDD - detected UnsignedFile.Multi.Generic (1)
20:32:53.0281 3576	lbrtfdc - ok
20:32:53.0375 3576	lmimirr - ok
20:32:53.0468 3576	MarvinBus       (d51e16339213898bc20c58670274ec3e) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
20:32:53.0578 3576	MarvinBus ( UnsignedFile.Multi.Generic ) - warning
20:32:53.0578 3576	MarvinBus - detected UnsignedFile.Multi.Generic (1)
20:32:53.0703 3576	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:32:53.0765 3576	MBAMProtector - ok
20:32:53.0890 3576	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:32:53.0937 3576	mnmdd ( UnsignedFile.Multi.Generic ) - warning
20:32:53.0937 3576	mnmdd - detected UnsignedFile.Multi.Generic (1)
20:32:54.0046 3576	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:32:54.0093 3576	Modem ( UnsignedFile.Multi.Generic ) - warning
20:32:54.0093 3576	Modem - detected UnsignedFile.Multi.Generic (1)
20:32:54.0187 3576	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:32:54.0265 3576	Mouclass ( UnsignedFile.Multi.Generic ) - warning
20:32:54.0265 3576	Mouclass - detected UnsignedFile.Multi.Generic (1)
20:32:54.0468 3576	moufiltr        (9b5d39ed7659ba9b38b64df2a83f1768) C:\WINDOWS\system32\DRIVERS\moufiltr.sys
20:32:54.0531 3576	moufiltr ( UnsignedFile.Multi.Generic ) - warning
20:32:54.0531 3576	moufiltr - detected UnsignedFile.Multi.Generic (1)
20:32:54.0640 3576	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:32:54.0687 3576	mouhid ( UnsignedFile.Multi.Generic ) - warning
20:32:54.0687 3576	mouhid - detected UnsignedFile.Multi.Generic (1)
20:32:54.0812 3576	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:32:54.0875 3576	MountMgr ( UnsignedFile.Multi.Generic ) - warning
20:32:54.0875 3576	MountMgr - detected UnsignedFile.Multi.Generic (1)
20:32:54.0984 3576	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:32:55.0031 3576	MPE ( UnsignedFile.Multi.Generic ) - warning
20:32:55.0031 3576	MPE - detected UnsignedFile.Multi.Generic (1)
20:32:55.0109 3576	mraid35x - ok
20:32:55.0203 3576	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:32:55.0312 3576	MRxDAV ( UnsignedFile.Multi.Generic ) - warning
20:32:55.0312 3576	MRxDAV - detected UnsignedFile.Multi.Generic (1)
20:32:55.0468 3576	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:32:55.0609 3576	MRxSmb ( UnsignedFile.Multi.Generic ) - warning
20:32:55.0609 3576	MRxSmb - detected UnsignedFile.Multi.Generic (1)
20:32:55.0796 3576	MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
20:32:55.0859 3576	MSDV ( UnsignedFile.Multi.Generic ) - warning
20:32:55.0859 3576	MSDV - detected UnsignedFile.Multi.Generic (1)
20:32:55.0953 3576	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:32:56.0015 3576	Msfs ( UnsignedFile.Multi.Generic ) - warning
20:32:56.0015 3576	Msfs - detected UnsignedFile.Multi.Generic (1)
20:32:56.0140 3576	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:32:56.0187 3576	MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
20:32:56.0187 3576	MSKSSRV - detected UnsignedFile.Multi.Generic (1)
20:32:56.0312 3576	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:32:56.0375 3576	MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
20:32:56.0375 3576	MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
20:32:56.0484 3576	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:32:56.0562 3576	MSPQM ( UnsignedFile.Multi.Generic ) - warning
20:32:56.0562 3576	MSPQM - detected UnsignedFile.Multi.Generic (1)
20:32:56.0671 3576	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:32:56.0765 3576	mssmbios ( UnsignedFile.Multi.Generic ) - warning
20:32:56.0765 3576	mssmbios - detected UnsignedFile.Multi.Generic (1)
20:32:56.0875 3576	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:32:56.0937 3576	MSTEE ( UnsignedFile.Multi.Generic ) - warning
20:32:56.0937 3576	MSTEE - detected UnsignedFile.Multi.Generic (1)
20:32:57.0046 3576	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:32:57.0125 3576	Mup ( UnsignedFile.Multi.Generic ) - warning
20:32:57.0125 3576	Mup - detected UnsignedFile.Multi.Generic (1)
20:32:57.0234 3576	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:32:57.0328 3576	NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
20:32:57.0328 3576	NABTSFEC - detected UnsignedFile.Multi.Generic (1)
20:32:57.0468 3576	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:32:57.0593 3576	NDIS ( UnsignedFile.Multi.Generic ) - warning
20:32:57.0593 3576	NDIS - detected UnsignedFile.Multi.Generic (1)
20:32:57.0687 3576	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:32:57.0781 3576	NdisIP ( UnsignedFile.Multi.Generic ) - warning
20:32:57.0781 3576	NdisIP - detected UnsignedFile.Multi.Generic (1)
20:32:57.0906 3576	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:32:57.0968 3576	NdisTapi ( UnsignedFile.Multi.Generic ) - warning
20:32:57.0968 3576	NdisTapi - detected UnsignedFile.Multi.Generic (1)
20:32:58.0078 3576	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:32:58.0125 3576	Ndisuio ( UnsignedFile.Multi.Generic ) - warning
20:32:58.0125 3576	Ndisuio - detected UnsignedFile.Multi.Generic (1)
20:32:58.0265 3576	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:32:58.0359 3576	NdisWan ( UnsignedFile.Multi.Generic ) - warning
20:32:58.0359 3576	NdisWan - detected UnsignedFile.Multi.Generic (1)
20:32:58.0468 3576	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:32:58.0562 3576	NDProxy ( UnsignedFile.Multi.Generic ) - warning
20:32:58.0562 3576	NDProxy - detected UnsignedFile.Multi.Generic (1)
20:32:58.0671 3576	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:32:58.0750 3576	NetBIOS ( UnsignedFile.Multi.Generic ) - warning
20:32:58.0750 3576	NetBIOS - detected UnsignedFile.Multi.Generic (1)
20:32:58.0859 3576	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:32:58.0937 3576	NetBT ( UnsignedFile.Multi.Generic ) - warning
20:32:58.0937 3576	NetBT - detected UnsignedFile.Multi.Generic (1)
20:32:59.0078 3576	NETFRITZ        (0f3150fd005ec87421b68484011f3f85) C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS
20:32:59.0171 3576	NETFRITZ ( UnsignedFile.Multi.Generic ) - warning
20:32:59.0171 3576	NETFRITZ - detected UnsignedFile.Multi.Generic (1)
20:32:59.0312 3576	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:32:59.0359 3576	NIC1394 ( UnsignedFile.Multi.Generic ) - warning
20:32:59.0359 3576	NIC1394 - detected UnsignedFile.Multi.Generic (1)
20:32:59.0468 3576	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:32:59.0546 3576	Npfs ( UnsignedFile.Multi.Generic ) - warning
20:32:59.0546 3576	Npfs - detected UnsignedFile.Multi.Generic (1)
20:32:59.0671 3576	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:32:59.0796 3576	Ntfs ( UnsignedFile.Multi.Generic ) - warning
20:32:59.0796 3576	Ntfs - detected UnsignedFile.Multi.Generic (1)
20:32:59.0953 3576	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:33:00.0000 3576	Null ( UnsignedFile.Multi.Generic ) - warning
20:33:00.0000 3576	Null - detected UnsignedFile.Multi.Generic (1)
20:33:00.0125 3576	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:33:00.0187 3576	NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
20:33:00.0187 3576	NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
20:33:00.0312 3576	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:33:00.0359 3576	NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
20:33:00.0359 3576	NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
20:33:00.0484 3576	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:33:00.0515 3576	ohci1394 ( UnsignedFile.Multi.Generic ) - warning
20:33:00.0515 3576	ohci1394 - detected UnsignedFile.Multi.Generic (1)
20:33:00.0640 3576	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
20:33:00.0718 3576	Parport ( UnsignedFile.Multi.Generic ) - warning
20:33:00.0718 3576	Parport - detected UnsignedFile.Multi.Generic (1)
20:33:00.0828 3576	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:33:00.0875 3576	PartMgr ( UnsignedFile.Multi.Generic ) - warning
20:33:00.0875 3576	PartMgr - detected UnsignedFile.Multi.Generic (1)
20:33:00.0968 3576	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:33:01.0046 3576	ParVdm ( UnsignedFile.Multi.Generic ) - warning
20:33:01.0046 3576	ParVdm - detected UnsignedFile.Multi.Generic (1)
20:33:01.0171 3576	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:33:01.0234 3576	PCI ( UnsignedFile.Multi.Generic ) - warning
20:33:01.0234 3576	PCI - detected UnsignedFile.Multi.Generic (1)
20:33:01.0328 3576	PCIDump - ok
20:33:01.0453 3576	PCIIde - ok
20:33:01.0562 3576	PCLEPCI         (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
20:33:01.0640 3576	PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
20:33:01.0640 3576	PCLEPCI - detected UnsignedFile.Multi.Generic (1)
20:33:01.0750 3576	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:33:01.0828 3576	Pcmcia ( UnsignedFile.Multi.Generic ) - warning
20:33:01.0828 3576	Pcmcia - detected UnsignedFile.Multi.Generic (1)
20:33:01.0906 3576	PDCOMP - ok
20:33:01.0984 3576	PDFRAME - ok
20:33:02.0046 3576	PDRELI - ok
20:33:02.0140 3576	PDRFRAME - ok
20:33:02.0203 3576	perc2 - ok
20:33:02.0265 3576	perc2hib - ok
20:33:02.0437 3576	pfc             (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
20:33:02.0484 3576	pfc ( UnsignedFile.Multi.Generic ) - warning
20:33:02.0484 3576	pfc - detected UnsignedFile.Multi.Generic (1)
20:33:02.0609 3576	PfModNT         (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
20:33:03.0062 3576	PfModNT ( UnsignedFile.Multi.Generic ) - warning
20:33:03.0062 3576	PfModNT - detected UnsignedFile.Multi.Generic (1)
20:33:03.0171 3576	PhTVTune        (e5e6dec6764d74e045033e957b191968) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
20:33:03.0250 3576	PhTVTune ( UnsignedFile.Multi.Generic ) - warning
20:33:03.0250 3576	PhTVTune - detected UnsignedFile.Multi.Generic (1)
20:33:03.0359 3576	Point32         (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
20:33:03.0437 3576	Point32 ( UnsignedFile.Multi.Generic ) - warning
20:33:03.0437 3576	Point32 - detected UnsignedFile.Multi.Generic (1)
20:33:03.0546 3576	ppa3            (c740d0cb238670629af1b740414a8f3c) C:\WINDOWS\system32\DRIVERS\ppa3.sys
20:33:03.0593 3576	ppa3 ( UnsignedFile.Multi.Generic ) - warning
20:33:03.0593 3576	ppa3 - detected UnsignedFile.Multi.Generic (1)
20:33:03.0703 3576	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:33:03.0765 3576	PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
20:33:03.0765 3576	PptpMiniport - detected UnsignedFile.Multi.Generic (1)
20:33:03.0875 3576	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:33:03.0953 3576	PSched ( UnsignedFile.Multi.Generic ) - warning
20:33:03.0953 3576	PSched - detected UnsignedFile.Multi.Generic (1)
20:33:04.0046 3576	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:33:04.0093 3576	Ptilink ( UnsignedFile.Multi.Generic ) - warning
20:33:04.0093 3576	Ptilink - detected UnsignedFile.Multi.Generic (1)
20:33:04.0203 3576	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:33:04.0265 3576	PxHelp20 - ok
20:33:04.0375 3576	ql1080 - ok
20:33:04.0468 3576	Ql10wnt - ok
20:33:04.0562 3576	ql12160 - ok
20:33:04.0640 3576	ql1240 - ok
20:33:04.0703 3576	ql1280 - ok
20:33:04.0796 3576	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:33:04.0859 3576	RasAcd ( UnsignedFile.Multi.Generic ) - warning
20:33:04.0859 3576	RasAcd - detected UnsignedFile.Multi.Generic (1)
20:33:04.0984 3576	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:33:05.0031 3576	Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
20:33:05.0031 3576	Rasl2tp - detected UnsignedFile.Multi.Generic (1)
20:33:05.0156 3576	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:33:05.0218 3576	RasPppoe ( UnsignedFile.Multi.Generic ) - warning
20:33:05.0218 3576	RasPppoe - detected UnsignedFile.Multi.Generic (1)
20:33:05.0312 3576	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:33:05.0375 3576	Raspti ( UnsignedFile.Multi.Generic ) - warning
20:33:05.0375 3576	Raspti - detected UnsignedFile.Multi.Generic (1)
20:33:05.0484 3576	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:33:05.0562 3576	Rdbss ( UnsignedFile.Multi.Generic ) - warning
20:33:05.0562 3576	Rdbss - detected UnsignedFile.Multi.Generic (1)
20:33:05.0671 3576	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:33:05.0734 3576	RDPCDD ( UnsignedFile.Multi.Generic ) - warning
20:33:05.0734 3576	RDPCDD - detected UnsignedFile.Multi.Generic (1)
20:33:05.0843 3576	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:33:05.0921 3576	RDPWD ( UnsignedFile.Multi.Generic ) - warning
20:33:05.0921 3576	RDPWD - detected UnsignedFile.Multi.Generic (1)
20:33:06.0046 3576	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:33:06.0140 3576	redbook ( UnsignedFile.Multi.Generic ) - warning
20:33:06.0140 3576	redbook - detected UnsignedFile.Multi.Generic (1)
20:33:06.0312 3576	s3legacy        (4294fdf954125ce9e39e68f826415c29) C:\WINDOWS\system32\DRIVERS\s3legacy.sys
20:33:06.0359 3576	s3legacy ( UnsignedFile.Multi.Generic ) - warning
20:33:06.0359 3576	s3legacy - detected UnsignedFile.Multi.Generic (1)
20:33:06.0500 3576	sbpci           (51e16b053ee28fd309beac5722bcc735) C:\WINDOWS\system32\drivers\sbpci.sys
20:33:06.0671 3576	sbpci ( UnsignedFile.Multi.Generic ) - warning
20:33:06.0671 3576	sbpci - detected UnsignedFile.Multi.Generic (1)
20:33:06.0828 3576	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:33:06.0906 3576	Secdrv ( UnsignedFile.Multi.Generic ) - warning
20:33:06.0906 3576	Secdrv - detected UnsignedFile.Multi.Generic (1)
20:33:07.0031 3576	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:33:07.0093 3576	serenum ( UnsignedFile.Multi.Generic ) - warning
20:33:07.0093 3576	serenum - detected UnsignedFile.Multi.Generic (1)
20:33:07.0203 3576	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
20:33:07.0234 3576	Serial ( UnsignedFile.Multi.Generic ) - warning
20:33:07.0250 3576	Serial - detected UnsignedFile.Multi.Generic (1)
20:33:07.0406 3576	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:33:07.0468 3576	Sfloppy ( UnsignedFile.Multi.Generic ) - warning
20:33:07.0468 3576	Sfloppy - detected UnsignedFile.Multi.Generic (1)
20:33:07.0609 3576	Simbad - ok
20:33:07.0703 3576	SIS163u         (cf2244417cd8c629184adc8e0550cefc) C:\WINDOWS\system32\DRIVERS\sis163u.sys
20:33:07.0859 3576	SIS163u ( UnsignedFile.Multi.Generic ) - warning
20:33:07.0859 3576	SIS163u - detected UnsignedFile.Multi.Generic (1)
20:33:07.0968 3576	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:33:08.0015 3576	SLIP ( UnsignedFile.Multi.Generic ) - warning
20:33:08.0015 3576	SLIP - detected UnsignedFile.Multi.Generic (1)
20:33:08.0140 3576	smwdm           (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
20:33:08.0343 3576	smwdm ( UnsignedFile.Multi.Generic ) - warning
20:33:08.0343 3576	smwdm - detected UnsignedFile.Multi.Generic (1)
20:33:08.0812 3576	SNPSTD3         (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
20:33:09.0703 3576	SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning
20:33:09.0703 3576	SNPSTD3 - detected UnsignedFile.Multi.Generic (1)
20:33:09.0781 3576	Sparrow - ok
20:33:09.0890 3576	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:33:09.0953 3576	splitter ( UnsignedFile.Multi.Generic ) - warning
20:33:09.0953 3576	splitter - detected UnsignedFile.Multi.Generic (1)
20:33:10.0078 3576	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:33:10.0156 3576	sr ( UnsignedFile.Multi.Generic ) - warning
20:33:10.0156 3576	sr - detected UnsignedFile.Multi.Generic (1)
20:33:10.0281 3576	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:33:10.0421 3576	Srv ( UnsignedFile.Multi.Generic ) - warning
20:33:10.0421 3576	Srv - detected UnsignedFile.Multi.Generic (1)
20:33:10.0531 3576	SSHDRV57        (c4c4a51757c03c524953c7054f97160b) C:\WINDOWS\System32\drivers\SSHDRV57.sys
20:33:10.0609 3576	SSHDRV57 ( UnsignedFile.Multi.Generic ) - warning
20:33:10.0609 3576	SSHDRV57 - detected UnsignedFile.Multi.Generic (1)
20:33:10.0718 3576	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:33:10.0750 3576	ssmdrv - ok
20:33:10.0906 3576	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:33:10.0984 3576	streamip ( UnsignedFile.Multi.Generic ) - warning
20:33:10.0984 3576	streamip - detected UnsignedFile.Multi.Generic (1)
20:33:11.0078 3576	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:33:11.0140 3576	swenum ( UnsignedFile.Multi.Generic ) - warning
20:33:11.0140 3576	swenum - detected UnsignedFile.Multi.Generic (1)
20:33:11.0250 3576	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:33:11.0328 3576	swmidi ( UnsignedFile.Multi.Generic ) - warning
20:33:11.0328 3576	swmidi - detected UnsignedFile.Multi.Generic (1)
20:33:11.0437 3576	symc810 - ok
20:33:11.0515 3576	symc8xx - ok
20:33:11.0609 3576	sym_hi - ok
20:33:11.0703 3576	sym_u3 - ok
20:33:11.0812 3576	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:33:11.0875 3576	sysaudio ( UnsignedFile.Multi.Generic ) - warning
20:33:11.0875 3576	sysaudio - detected UnsignedFile.Multi.Generic (1)
20:33:12.0000 3576	tbhsd           (f03ed3bf512be849daa1f6131eb50fb4) C:\WINDOWS\system32\drivers\tbhsd.sys
20:33:12.0031 3576	tbhsd - ok
20:33:12.0156 3576	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:33:12.0265 3576	Tcpip ( UnsignedFile.Multi.Generic ) - warning
20:33:12.0265 3576	Tcpip - detected UnsignedFile.Multi.Generic (1)
20:33:12.0406 3576	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:33:12.0531 3576	TDPIPE ( UnsignedFile.Multi.Generic ) - warning
20:33:12.0531 3576	TDPIPE - detected UnsignedFile.Multi.Generic (1)
20:33:12.0640 3576	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:33:12.0687 3576	TDTCP ( UnsignedFile.Multi.Generic ) - warning
20:33:12.0687 3576	TDTCP - detected UnsignedFile.Multi.Generic (1)
20:33:12.0812 3576	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:33:12.0890 3576	TermDD ( UnsignedFile.Multi.Generic ) - warning
20:33:12.0890 3576	TermDD - detected UnsignedFile.Multi.Generic (1)
20:33:12.0984 3576	TerratecScan - ok
20:33:13.0046 3576	TosIde - ok
20:33:13.0171 3576	TridVid         (ea5034667e0f046bfb550ca5c67fa902) C:\WINDOWS\system32\DRIVERS\TridVid.sys
20:33:13.0218 3576	TridVid ( UnsignedFile.Multi.Generic ) - warning
20:33:13.0218 3576	TridVid - detected UnsignedFile.Multi.Generic (1)
20:33:13.0375 3576	U6000ALL        (8d05125fe197ce6e2440e82e433da4cc) C:\WINDOWS\system32\DRIVERS\U6000ALL.sys
20:33:13.0453 3576	U6000ALL ( UnsignedFile.Multi.Generic ) - warning
20:33:13.0453 3576	U6000ALL - detected UnsignedFile.Multi.Generic (1)
20:33:13.0562 3576	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:33:13.0640 3576	Udfs ( UnsignedFile.Multi.Generic ) - warning
20:33:13.0640 3576	Udfs - detected UnsignedFile.Multi.Generic (1)
20:33:13.0750 3576	ultra - ok
20:33:13.0875 3576	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:33:14.0000 3576	Update ( UnsignedFile.Multi.Generic ) - warning
20:33:14.0000 3576	Update - detected UnsignedFile.Multi.Generic (1)
20:33:14.0125 3576	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:33:14.0171 3576	usbaudio ( UnsignedFile.Multi.Generic ) - warning
20:33:14.0171 3576	usbaudio - detected UnsignedFile.Multi.Generic (1)
20:33:14.0281 3576	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:33:14.0359 3576	usbccgp ( UnsignedFile.Multi.Generic ) - warning
20:33:14.0359 3576	usbccgp - detected UnsignedFile.Multi.Generic (1)
20:33:14.0468 3576	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:33:14.0531 3576	usbehci ( UnsignedFile.Multi.Generic ) - warning
20:33:14.0531 3576	usbehci - detected UnsignedFile.Multi.Generic (1)
20:33:14.0625 3576	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:33:14.0703 3576	usbhub ( UnsignedFile.Multi.Generic ) - warning
20:33:14.0703 3576	usbhub - detected UnsignedFile.Multi.Generic (1)
20:33:14.0796 3576	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:33:14.0843 3576	usbprint ( UnsignedFile.Multi.Generic ) - warning
20:33:14.0843 3576	usbprint - detected UnsignedFile.Multi.Generic (1)
20:33:14.0968 3576	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:33:15.0046 3576	usbscan ( UnsignedFile.Multi.Generic ) - warning
20:33:15.0046 3576	usbscan - detected UnsignedFile.Multi.Generic (1)
20:33:15.0171 3576	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:33:15.0203 3576	USBSTOR ( UnsignedFile.Multi.Generic ) - warning
20:33:15.0203 3576	USBSTOR - detected UnsignedFile.Multi.Generic (1)
20:33:15.0296 3576	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:33:15.0375 3576	usbuhci ( UnsignedFile.Multi.Generic ) - warning
20:33:15.0375 3576	usbuhci - detected UnsignedFile.Multi.Generic (1)
20:33:15.0500 3576	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:33:15.0578 3576	usbvideo ( UnsignedFile.Multi.Generic ) - warning
20:33:15.0578 3576	usbvideo - detected UnsignedFile.Multi.Generic (1)
20:33:15.0687 3576	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:33:15.0765 3576	VgaSave ( UnsignedFile.Multi.Generic ) - warning
20:33:15.0765 3576	VgaSave - detected UnsignedFile.Multi.Generic (1)
20:33:15.0875 3576	vhidmini        (2ab44be1479fdb6d99d3ad0e765ac233) C:\WINDOWS\system32\DRIVERS\walvhid.sys
20:33:15.0953 3576	vhidmini ( UnsignedFile.Multi.Generic ) - warning
20:33:15.0953 3576	vhidmini - detected UnsignedFile.Multi.Generic (1)
20:33:16.0046 3576	viaagp1         (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:33:16.0140 3576	viaagp1 ( UnsignedFile.Multi.Generic ) - warning
20:33:16.0140 3576	viaagp1 - detected UnsignedFile.Multi.Generic (1)
20:33:16.0265 3576	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:33:16.0281 3576	ViaIde ( UnsignedFile.Multi.Generic ) - warning
20:33:16.0281 3576	ViaIde - detected UnsignedFile.Multi.Generic (1)
20:33:16.0406 3576	vnccom          (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
20:33:16.0468 3576	vnccom ( UnsignedFile.Multi.Generic ) - warning
20:33:16.0468 3576	vnccom - detected UnsignedFile.Multi.Generic (1)
20:33:16.0578 3576	vncdrv          (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
20:33:16.0625 3576	vncdrv ( UnsignedFile.Multi.Generic ) - warning
20:33:16.0625 3576	vncdrv - detected UnsignedFile.Multi.Generic (1)
20:33:16.0734 3576	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:33:16.0812 3576	VolSnap ( UnsignedFile.Multi.Generic ) - warning
20:33:16.0812 3576	VolSnap - detected UnsignedFile.Multi.Generic (1)
20:33:16.0875 3576	vsdatant - ok
20:33:17.0000 3576	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:33:17.0031 3576	Wanarp ( UnsignedFile.Multi.Generic ) - warning
20:33:17.0031 3576	Wanarp - detected UnsignedFile.Multi.Generic (1)
20:33:17.0140 3576	wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:33:17.0281 3576	wceusbsh ( UnsignedFile.Multi.Generic ) - warning
20:33:17.0281 3576	wceusbsh - detected UnsignedFile.Multi.Generic (1)
20:33:17.0359 3576	WDICA - ok
20:33:17.0453 3576	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:33:17.0531 3576	wdmaud ( UnsignedFile.Multi.Generic ) - warning
20:33:17.0531 3576	wdmaud - detected UnsignedFile.Multi.Generic (1)
20:33:17.0765 3576	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:33:17.0828 3576	WS2IFSL ( UnsignedFile.Multi.Generic ) - warning
20:33:17.0828 3576	WS2IFSL - detected UnsignedFile.Multi.Generic (1)
20:33:17.0921 3576	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:33:17.0984 3576	WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
20:33:17.0984 3576	WSTCODEC - detected UnsignedFile.Multi.Generic (1)
20:33:18.0109 3576	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:33:18.0203 3576	WudfPf ( UnsignedFile.Multi.Generic ) - warning
20:33:18.0203 3576	WudfPf - detected UnsignedFile.Multi.Generic (1)
20:33:18.0328 3576	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:33:18.0390 3576	WudfRd ( UnsignedFile.Multi.Generic ) - warning
20:33:18.0390 3576	WudfRd - detected UnsignedFile.Multi.Generic (1)
20:33:18.0515 3576	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:33:18.0890 3576	\Device\Harddisk0\DR0 - ok
20:33:18.0921 3576	Boot (0x1200)   (38187ea8b2c2f6a0fd01c2b2b398acc7) \Device\Harddisk0\DR0\Partition0
20:33:18.0921 3576	\Device\Harddisk0\DR0\Partition0 - ok
20:33:18.0953 3576	Boot (0x1200)   (d09031e21f55a01de2cad439e0a0f6a8) \Device\Harddisk0\DR0\Partition1
20:33:18.0953 3576	\Device\Harddisk0\DR0\Partition1 - ok
20:33:18.0984 3576	Boot (0x1200)   (94b3ff64826d759487826efa61f02f21) \Device\Harddisk0\DR0\Partition2
20:33:18.0984 3576	\Device\Harddisk0\DR0\Partition2 - ok
20:33:18.0984 3576	============================================================
20:33:18.0984 3576	Scan finished
20:33:18.0984 3576	============================================================
20:33:19.0109 0620	Detected object count: 177
20:33:19.0109 0620	Actual detected object count: 177
20:33:31.0656 0620	61883 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0656 0620	61883 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0656 0620	713xTVCard ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0656 0620	713xTVCard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0656 0620	ACEDRV06 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0656 0620	ACEDRV06 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0656 0620	ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0656 0620	ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0656 0620	ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0656 0620	ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0671 0620	aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0671 0620	aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0703 0620	aec ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0703 0620	aec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0703 0620	AFD ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0703 0620	AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0718 0620	AmdK7 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0718 0620	AmdK7 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0718 0620	Arp1394 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0718 0620	Arp1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0718 0620	AsapiW2K ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0718 0620	AsapiW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0718 0620	Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0718 0620	Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0718 0620	AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0718 0620	AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0734 0620	atapi ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0734 0620	atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0734 0620	ati2mtaa ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0734 0620	ati2mtaa ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0734 0620	ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0734 0620	ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0734 0620	atirage3 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0734 0620	atirage3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0734 0620	Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0734 0620	Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0750 0620	audstub ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0750 0620	audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0750 0620	Avc ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0750 0620	Avc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0781 0620	AVMCOWAN ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0781 0620	AVMCOWAN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0781 0620	AVMPORT ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0781 0620	AVMPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0781 0620	AVMUNET ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0781 0620	AVMUNET ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0781 0620	AVMWAN ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0781 0620	AVMWAN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0796 0620	Beep ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0796 0620	Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0796 0620	Cap7134 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0796 0620	Cap7134 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0796 0620	cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0796 0620	cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0796 0620	CBN ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0796 0620	CBN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0812 0620	CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0812 0620	CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0812 0620	Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0812 0620	Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0812 0620	Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0812 0620	Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0812 0620	Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0812 0620	Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0828 0620	Disk ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0828 0620	Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0828 0620	dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0828 0620	dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0828 0620	dmio ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0828 0620	dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0828 0620	dmload ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0828 0620	dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0828 0620	DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0828 0620	DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0859 0620	drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0859 0620	drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0859 0620	es1371 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0859 0620	es1371 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0859 0620	Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0859 0620	Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0875 0620	Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0875 0620	Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0875 0620	FET5X86V ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0875 0620	FET5X86V ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0875 0620	FETND5BV ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0875 0620	FETND5BV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0875 0620	FETNDISB ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0875 0620	FETNDISB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0890 0620	Fips ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0890 0620	Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0890 0620	Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0890 0620	Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0890 0620	FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0890 0620	FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0890 0620	fpcibase ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0890 0620	fpcibase ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0890 0620	Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0890 0620	Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0906 0620	Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0906 0620	Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0906 0620	G400DH ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0906 0620	G400DH ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0921 0620	gameenum ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0921 0620	gameenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0937 0620	Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0937 0620	Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0937 0620	HidUsb ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0937 0620	HidUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0953 0620	HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0953 0620	HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0953 0620	i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0953 0620	i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0953 0620	Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0953 0620	Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0953 0620	iomdisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0953 0620	iomdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0953 0620	Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0953 0620	Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0953 0620	IPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0953 0620	IPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0968 0620	IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0968 0620	IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0968 0620	IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0968 0620	IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0968 0620	IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0968 0620	IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0968 0620	IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0968 0620	IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0984 0620	IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0984 0620	IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0984 0620	isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0984 0620	isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0984 0620	Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0984 0620	Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0984 0620	kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0984 0620	kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0984 0620	kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0984 0620	kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:31.0984 0620	KMWDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:31.0984 0620	KMWDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0015 0620	KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0015 0620	KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0015 0620	MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0015 0620	MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0015 0620	mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0031 0620	mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0031 0620	Modem ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0031 0620	Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0031 0620	Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0031 0620	Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0031 0620	moufiltr ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0031 0620	moufiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0031 0620	mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0031 0620	mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0031 0620	MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0031 0620	MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0046 0620	MPE ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0046 0620	MPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0046 0620	MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0046 0620	MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0046 0620	MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0046 0620	MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0046 0620	MSDV ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0046 0620	MSDV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0062 0620	Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0062 0620	Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0062 0620	MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0062 0620	MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0062 0620	MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0062 0620	MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0078 0620	MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0078 0620	MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0078 0620	mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0078 0620	mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0093 0620	MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0093 0620	MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0093 0620	Mup ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0093 0620	Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0093 0620	NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0093 0620	NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0109 0620	NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0109 0620	NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0109 0620	NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0109 0620	NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0109 0620	NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0109 0620	NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0109 0620	Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0109 0620	Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0125 0620	NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0125 0620	NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0125 0620	NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0125 0620	NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0125 0620	NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0125 0620	NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0125 0620	NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0125 0620	NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0140 0620	NETFRITZ ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0140 0620	NETFRITZ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0140 0620	NIC1394 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0140 0620	NIC1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0140 0620	Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0140 0620	Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0140 0620	Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0140 0620	Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0171 0620	Null ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0171 0620	Null ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0171 0620	NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0171 0620	NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0171 0620	NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0171 0620	NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0187 0620	ohci1394 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0187 0620	ohci1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0187 0620	Parport ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0187 0620	Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0187 0620	PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0187 0620	PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0187 0620	ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0187 0620	ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0203 0620	PCI ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0203 0620	PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0203 0620	PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0203 0620	PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0203 0620	Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0203 0620	Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0203 0620	pfc ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0203 0620	pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0203 0620	PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0203 0620	PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0203 0620	PhTVTune ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0203 0620	PhTVTune ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0203 0620	Point32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0203 0620	Point32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0203 0620	ppa3 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0203 0620	ppa3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0218 0620	PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0218 0620	PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0218 0620	PSched ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0218 0620	PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0218 0620	Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0218 0620	Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0234 0620	RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0234 0620	RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0234 0620	Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0234 0620	Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0250 0620	RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0250 0620	RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0250 0620	Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0250 0620	Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0265 0620	Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0265 0620	Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0265 0620	RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0265 0620	RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0265 0620	RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0265 0620	RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0281 0620	redbook ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0281 0620	redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0281 0620	s3legacy ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0281 0620	s3legacy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0281 0620	sbpci ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0281 0620	sbpci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0281 0620	Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0281 0620	Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0281 0620	serenum ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0281 0620	serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0296 0620	Serial ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0296 0620	Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0296 0620	Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0296 0620	Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0296 0620	SIS163u ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0296 0620	SIS163u ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0296 0620	SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0296 0620	SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0312 0620	smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0312 0620	smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0312 0620	SNPSTD3 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0312 0620	SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0312 0620	splitter ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0312 0620	splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0343 0620	sr ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0343 0620	sr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0343 0620	Srv ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0343 0620	Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0343 0620	SSHDRV57 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0343 0620	SSHDRV57 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0343 0620	streamip ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0343 0620	streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0359 0620	swenum ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0359 0620	swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0359 0620	swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0359 0620	swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0359 0620	sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0359 0620	sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0359 0620	Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0359 0620	Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0359 0620	TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0359 0620	TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0359 0620	TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0359 0620	TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0375 0620	TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0375 0620	TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0375 0620	TridVid ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0375 0620	TridVid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0390 0620	U6000ALL ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0390 0620	U6000ALL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0390 0620	Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0390 0620	Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0390 0620	Update ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0390 0620	Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0406 0620	usbaudio ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0406 0620	usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0406 0620	usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0406 0620	usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0421 0620	usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0421 0620	usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0421 0620	usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0421 0620	usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0421 0620	usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0421 0620	usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0421 0620	usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0421 0620	usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0437 0620	USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0437 0620	USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0437 0620	usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0437 0620	usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0437 0620	usbvideo ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0437 0620	usbvideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0437 0620	VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0437 0620	VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0437 0620	vhidmini ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0437 0620	vhidmini ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0437 0620	viaagp1 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0437 0620	viaagp1 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0453 0620	ViaIde ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0453 0620	ViaIde ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0453 0620	vnccom ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0453 0620	vnccom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0453 0620	vncdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0453 0620	vncdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0453 0620	VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0453 0620	VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0468 0620	Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0468 0620	Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0468 0620	wceusbsh ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0468 0620	wceusbsh ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0484 0620	wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0484 0620	wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0484 0620	WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0484 0620	WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0500 0620	WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0500 0620	WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0500 0620	WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0500 0620	WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:33:32.0515 0620	WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:32.0515 0620	WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Unhide brauche ich nicht. Es werden alle Dateien angezeigt.

Gruß
Bismosa

Alt 11.01.2012, 20:56   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan Agent in svchost.exe und Hijack.Shell - Standard

Trojan Agent in svchost.exe und Hijack.Shell



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojan Agent in svchost.exe und Hijack.Shell
administrator, agent, anti-malware, autostart, code, dateien, dateisystem, explorer, explorer.exe, gelöscht, heuristiks/extra, heuristiks/shuriken, hijack.shell, internet, internet explorer, malwarebytes, microsoft, nicht mehr, scan, seite, seiten, service pack 3, software, svchost.exe, system, temp, trojan, trojan agent, trojan.agent, trojan.webmoner



Ähnliche Themen: Trojan Agent in svchost.exe und Hijack.Shell


  1. [TR/CoinMiner bzw. Trojan.Agent.Gen] svchost.exe und lsass.exe in Windows\Temp
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (17)
  2. Trojan.Agent svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 04.11.2013 (11)
  3. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  4. svchost.exe wird als Backdoor.shell.AC bei meinem anti virus (F-Secure) angezeigt
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (4)
  5. Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (8)
  6. Trojan.Fakesmoke, Trojan.Agent-128337, Trojan.Agent-128287 bei Desinfect 2012 (Clam AV)
    Log-Analyse und Auswertung - 06.02.2013 (17)
  7. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
    Log-Analyse und Auswertung - 13.01.2013 (10)
  8. Trojan.Agent.H, PUM.Hijack.CMDPrompt/Regedit/Run
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (11)
  9. Malewarebytes Fund Trojan.Ransom.Gen c:\..\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\ctfmon.Ink und Hijack.Shell.Gen
    Log-Analyse und Auswertung - 01.11.2012 (8)
  10. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  11. Trojan.Agent.Gen /PUM.Hijack / USB-Probleme
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (1)
  12. Verschlüsselungstrojaner Trojan.FakeVLC, PUM.Hijack.Task, Hijack.Regedit, Trojan.Agent
    Log-Analyse und Auswertung - 24.06.2012 (1)
  13. Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell
    Plagegeister aller Art und deren Bekämpfung - 28.01.2012 (13)
  14. pum.bad.proxy-hijack.shell-pum.hijack.dis....
    Plagegeister aller Art und deren Bekämpfung - 19.01.2012 (1)
  15. Malwarebytes kann Winlogon\Shell (Backdoor.Agent) nicht löschen
    Log-Analyse und Auswertung - 30.10.2011 (22)
  16. Trojaner TR/Crypt.XPACK.Gen3 und TR/Agent.aym.2 in svchost.exe und shell.exe
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  17. Meldung trojan-spy.win32.agent.bepe alle 5 Min in c:\windows\temp\xxx.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 02.04.2010 (1)

Zum Thema Trojan Agent in svchost.exe und Hijack.Shell - Hallo! Mein Vater hat sich über den Internet Explorer beschwert. Es können einige Seiten wie Amazon.de und Conrad nicht mehr aufgerufen werden. Da selbst eine Reparatur des IE nichts gebracht - Trojan Agent in svchost.exe und Hijack.Shell...
Archiv
Du betrachtest: Trojan Agent in svchost.exe und Hijack.Shell auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.