Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Infizierte Registrierungsschlüssel

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.04.2012, 12:16   #1
Jagger192
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Hi

Habe hier schon ein thema mit dem laptop von meinen bruder.
Dachte mir ich kann mal über meinen gamer-pc Malwarebytes laufen lassen und habe auch 13 einträge bekommen unter anderem im Registrierungsschlüssel.

Hier mal der ganze bericht.

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.07.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jagger :: JAEGER [Administrator]

Schutz: Aktiviert

06.10.2007 22:59:14
mbam-log-2007-10-06 (22-59-14).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291712
Laufzeit: 47 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.Mongoose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 5
C:\Programme\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Programme\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\All Users\Application Data\SalesMon (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 7
O:\System Volume Information\_restore{76F88FA9-22F7-4C86-BEF8-3B814320775E}\RP192\A0428247.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Programme\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Programme\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
O:\Nicht verwendete Desktopverknüpfungen\setup.exe (Adware.Mongoose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Was ist zu tun?
Denke mal ist nicht ok so.

Danke schon mal Jagger

Alt 07.04.2012, 20:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 07.04.2012, 20:50   #3
Jagger192
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Hi

Ja hatte vor 3-4 Jahren schon mal probleme mit den ich hier war.
Leider habe ich keine log berichte mehr von den weil ich Malwarebytes neu insterlieren muste weil ich es nicht akualisieren konnte.

Hier der link vom alten post

http://www.trojaner-board.de/52981-v...ging-loss.html
.
__________________

Alt 07.04.2012, 20:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.04.2012, 21:33   #5
Jagger192
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Hi

Bekomme von der eset seite nicht runter.
Wenn ich auf starten klick beomme ich immer die meldung


Diese Webseite wurde geschlossen, um den Computer zu schützen.

avast ist aus.
fierwall auch

Jagger

Hi

Habe es doch noch geschaft. Die add-ons waren schuld.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1928483cf8d5144c945ab7d46ae31f44
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-08 07:48:34
# local_time=2012-04-08 09:48:34 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 50677208 50677208 0 0
# compatibility_mode=1280 16777195 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 185 185 0 0
# scanned=81842
# found=9
# cleaned=0
# scan_time=2026
C:\Dokumente und Einstellungen\Jagger\Eigene Dateien\ComboFix.exe probably a variant of Win32/Agent.NMHEITL trojan (unable to clean) 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\allcqwcb.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\hjfuwhym.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\kRCdNqru.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\kRCdNqru.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\rgvibvwn.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
O:\Everest_Poker.exe a variant of Win32/Casino application (unable to clean) 00000000000000000000000000000000 I
O:\SoftonicDownloader14297.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
O:\SoftonicDownloader85222.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I


Jagger


Alt 08.04.2012, 17:13   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Zitat:
C:\QooBox\Quarantine\C\WINDOWS\system32\rgvibvwn.ini.vir
Hattest du damals Combofix zuletzt ausgefürt? Wenn ja, stammt dieser Quarantäneordner noch von dem damligen Lauf mit Combofix

Zitat:
O:\SoftonicDownloader85222.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Infizierte Registrierungsschlüssel

Alt 09.04.2012, 12:59   #7
Jagger192
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Hi

Hier der erste log.

Code:
ATTFilter
OTL logfile created on: 09.04.2012 12:53:02 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Jagger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,72% Memory free
5,34 Gb Paging File | 5,02 Gb Available in Paging File | 94,14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 3,98 Gb Free Space | 8,15% Space Free | Partition Type: NTFS
Drive O: | 195,31 Gb Total Space | 2,16 Gb Free Space | 1,11% Space Free | Partition Type: NTFS
Drive W: | 221,62 Gb Total Space | 1,89 Gb Free Space | 0,85% Space Free | Partition Type: NTFS
 
Computer Name: JAEGER | User Name: Jagger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Jagger\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Alwil Software\Avast5\defs\12040900\algo.dll ()
MOD - C:\Programme\Alwil Software\Avast5\defs\12040800\algo.dll ()
MOD - C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe ()
MOD - C:\Programme\Delux\PS2 Keyboard English Edition\Deluxkbd.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (StarOpen) --  File not found
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.sys File not found
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS File not found
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (NETFRITZ) -- System32\DRIVERS\NETFRITZ.SYS File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (LXARScan) -- System32\Drivers\Lxarscan.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (DAdderFltr) -- C:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (usb2vcom) -- C:\WINDOWS\system32\drivers\usb2vcom.sys ()
DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron )
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (AVMPORT) -- C:\WINDOWS\system32\drivers\avmport.sys (AVM Berlin)
DRV - (DIGIRPS) -- C:\WINDOWS\system32\drivers\digirlpt.sys (Digi International, Inc.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.biut.de/
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVDX2&o=14642&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{45598712-1ED3-4F4E-9848-132393493C78}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Programme\RelevantKnowledge
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2008.05.25 15:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PS2 Keyboard English Edition.lnk = C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O15 - HKCU\..Trusted Domains: eset.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Lokales Intranet)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} hxxp://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8984FBF3-2C22-4454-A416-8F56993FD9BE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABB1E62E-D031-4642-985A-B2F80FC3E540}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jagger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jagger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.19 03:48:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24f57d01-f9f7-11de-a276-806d6172696f}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2100.02.08 17:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Programme\ACMonitor_X73.exe
[2012.04.09 12:45:17 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jagger\Desktop\OTL.exe
[2012.04.08 09:11:43 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.04.08 09:04:09 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012.04.08 09:03:38 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012.04.08 09:02:39 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.09 12:49:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.09 12:45:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jagger\Desktop\OTL.exe
[2012.04.09 12:42:10 | 000,004,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.09 12:42:08 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.09 12:42:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.09 12:36:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.08 10:25:29 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.04.08 10:23:17 | 000,451,126 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.08 10:23:17 | 000,434,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.08 10:23:17 | 000,081,656 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.08 10:23:17 | 000,068,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.08 10:19:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.21 10:32:18 | 000,638,784 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Jagger\Desktop\autoruns.exe
[2012.03.21 10:32:18 | 000,557,888 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Jagger\Desktop\autorunsc.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2100.02.23 15:35:34 | 000,000,768 | ---- | C] () -- C:\Programme\x73_lut.dat
[2100.02.08 16:53:34 | 000,001,437 | ---- | C] () -- C:\Programme\gtx73.ini
[2012.04.08 10:11:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.04.08 09:03:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.04.08 09:03:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2010.08.31 18:07:43 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wiso.ini
 
========== LOP Check ==========
 
[2009.10.03 10:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1Click DVD Copy Pro
[2010.08.30 15:25:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2008.12.11 19:39:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2010.08.31 18:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2009.01.01 15:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2009.01.04 18:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009.01.28 20:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GraphicRemedy
[2009.07.20 17:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009.06.18 11:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.10.05 18:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2007.10.07 01:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2007.10.07 07:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2009.07.05 10:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.02.15 21:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK
[2008.05.10 11:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2008.05.10 11:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\acccore
[2008.12.11 19:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Ashampoo
[2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Canneverbe Limited
[2008.11.29 13:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2011.03.15 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DC++
[2008.03.30 14:05:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DeepBurner
[2009.02.11 20:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FileZilla
[2008.11.14 10:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FRITZ!
[2009.01.28 20:43:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gDEBugger
[2009.10.03 09:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GetRightToGo
[2007.01.01 00:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GlarySoft
[2008.09.14 13:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gtk-2.0
[2007.03.20 05:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze
[2008.03.30 13:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InfraRecorder
[2008.11.08 09:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Kazaa Lite
[2009.06.18 12:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Nokia
[2011.03.09 14:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Paltalk
[2009.06.18 12:27:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PC Suite
[2008.07.20 20:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Pegasys Inc
[2009.08.13 18:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PingTesterDataBas
[2011.05.21 13:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong
[2008.05.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht
[2007.10.07 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Vso
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1

< End of report >
         

Und der zweite log nach dem einfügen.


Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
Und zu Softonic.
Habe es schon versucht zu löschen, leider bekomme ich es nicht hin.
Wenn ich es in der system löschen will reagiert es einfach nicht.

Jagger

Geändert von Jagger192 (09.04.2012 um 13:13 Uhr)

Alt 09.04.2012, 18:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Zitat:
Zitat von cosinus
Hattest du damals Combofix zuletzt ausgefürt? Wenn ja, stammt dieser Quarantäneordner noch von dem damligen Lauf mit Combofix
Zu Combofix häte ich gern auch eine Aussage
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2012, 17:38   #9
Jagger192
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Zitat:
Zitat von cosinus Beitrag anzeigen
Zu Combofix häte ich gern auch eine Aussage
Hi

Kann dir nicht genau sagen wo der ordner her kommt.
Er wurde aber am 22.5.2008 erstellt, und ich war hier zum erstem mal am 25.5.2008.
Also denke ich das er nicht vom combofix ist.
Hatte damals ADD2008 ausgeführt, kann es sein das der ordener davon stammt

Auf jeden fall ist er noch auf dem rechner.

Jagger

Geändert von Jagger192 (10.04.2012 um 18:20 Uhr)

Alt 10.04.2012, 19:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Dann ist der CF-Ordner also schon vier Jahre alt.

Zitat:
Scan Mode: Current user
Die Anleitung zu OTL musst du nicht mal überflogen haben
1.) Hast du den Haken bei alle Benutzer vergessen
2.) Das war kein CustomScan

Was soll es bringen haargenau meinen Text in meiner Code-Box nochmal zu zu posten, diesen Text habe ich schon selber
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2012, 20:29   #11
Jagger192
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



[QUOTE=cosinus;812179]Dann ist der CF-Ordner also schon vier Jahre alt.

[QUOTE]

Ja genau.

So hier noch mal den 2 log hoffe habe jetzt alles richtig gemacht.


Code:
ATTFilter
OTL logfile created on: 10.04.2012 20:02:08 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Jagger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,03 Gb Available Physical Memory | 86,71% Memory free
5,34 Gb Paging File | 5,06 Gb Available in Paging File | 94,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 3,90 Gb Free Space | 7,99% Space Free | Partition Type: NTFS
Drive E: | 963,46 Mb Total Space | 782,21 Mb Free Space | 81,19% Space Free | Partition Type: FAT32
Drive O: | 195,31 Gb Total Space | 2,16 Gb Free Space | 1,11% Space Free | Partition Type: NTFS
Drive W: | 221,62 Gb Total Space | 1,89 Gb Free Space | 0,85% Space Free | Partition Type: NTFS
 
Computer Name: JAEGER | User Name: Jagger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Jagger\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Alwil Software\Avast5\defs\12041001\algo.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe ()
MOD - C:\Programme\Delux\PS2 Keyboard English Edition\Deluxkbd.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (StarOpen) --  File not found
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.sys File not found
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS File not found
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (NETFRITZ) -- System32\DRIVERS\NETFRITZ.SYS File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (LXARScan) -- System32\Drivers\Lxarscan.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (DAdderFltr) -- C:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (usb2vcom) -- C:\WINDOWS\system32\drivers\usb2vcom.sys ()
DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron )
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (AVMPORT) -- C:\WINDOWS\system32\drivers\avmport.sys (AVM Berlin)
DRV - (DIGIRPS) -- C:\WINDOWS\system32\drivers\digirlpt.sys (Digi International, Inc.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.biut.de/
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVDX2&o=14642&src=crm&q={searchTerms}&locale=de_DE
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{45598712-1ED3-4F4E-9848-132393493C78}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Programme\RelevantKnowledge
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2008.05.25 15:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PS2 Keyboard English Edition.lnk = C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..Trusted Domains: eset.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..Trusted Domains: internet ([]about in Lokales Intranet)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} hxxp://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8984FBF3-2C22-4454-A416-8F56993FD9BE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABB1E62E-D031-4642-985A-B2F80FC3E540}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jagger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jagger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.19 03:48:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24f57d01-f9f7-11de-a276-806d6172696f}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= -  File not found
MsConfig - StartUpReg: AnyDVD - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroCheck - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - Reg Error: Value error.
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - Reg Error: Value error.
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2100.02.08 17:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Programme\ACMonitor_X73.exe
[2012.04.10 17:46:44 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Jagger\Desktop\ccsetup317.exe
[2012.04.09 12:45:17 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jagger\Desktop\OTL.exe
[2012.04.08 09:11:43 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.10 19:49:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.10 17:47:44 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.04.10 17:46:52 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Jagger\Desktop\ccsetup317.exe
[2012.04.10 17:27:15 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.10 17:27:14 | 000,004,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.10 17:27:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.10 17:27:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.09 12:45:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jagger\Desktop\OTL.exe
[2012.04.08 10:25:29 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.04.08 10:23:17 | 000,451,126 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.08 10:23:17 | 000,434,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.08 10:23:17 | 000,081,656 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.08 10:23:17 | 000,068,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.08 10:19:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.21 10:32:18 | 000,638,784 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Jagger\Desktop\autoruns.exe
[2012.03.21 10:32:18 | 000,557,888 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Jagger\Desktop\autorunsc.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2100.02.23 15:35:34 | 000,000,768 | ---- | C] () -- C:\Programme\x73_lut.dat
[2100.02.08 16:53:34 | 000,001,437 | ---- | C] () -- C:\Programme\gtx73.ini
[2012.04.10 17:47:44 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.04.08 10:11:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.04.08 09:03:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.04.08 09:03:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2010.08.31 18:07:43 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wiso.ini
 
========== LOP Check ==========
 
[2009.10.03 10:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1Click DVD Copy Pro
[2010.08.30 15:25:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2008.12.11 19:39:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2010.08.31 18:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2009.01.01 15:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2009.01.04 18:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009.01.28 20:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GraphicRemedy
[2009.07.20 17:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009.06.18 11:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.10.05 18:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2007.10.07 01:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2007.10.07 07:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2009.07.05 10:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.02.15 21:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK
[2008.05.10 11:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2008.05.10 11:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\acccore
[2008.12.11 19:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Ashampoo
[2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Canneverbe Limited
[2008.11.29 13:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2011.03.15 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DC++
[2008.03.30 14:05:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DeepBurner
[2009.02.11 20:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FileZilla
[2008.11.14 10:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FRITZ!
[2009.01.28 20:43:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gDEBugger
[2009.10.03 09:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GetRightToGo
[2007.01.01 00:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GlarySoft
[2008.09.14 13:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gtk-2.0
[2007.03.20 05:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze
[2008.03.30 13:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InfraRecorder
[2008.11.08 09:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Kazaa Lite
[2009.06.18 12:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Nokia
[2011.03.09 14:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Paltalk
[2009.06.18 12:27:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PC Suite
[2008.07.20 20:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Pegasys Inc
[2009.08.13 18:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PingTesterDataBas
[2011.05.21 13:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong
[2008.05.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht
[2007.10.07 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Vso
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.05.10 11:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\acccore
[2009.01.16 18:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Adobe
[2008.12.11 19:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Ashampoo
[2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Canneverbe Limited
[2008.11.29 13:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2011.03.15 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DC++
[2008.03.30 14:05:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DeepBurner
[2009.12.18 12:07:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\dvdcss
[2009.02.11 20:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FileZilla
[2008.11.14 10:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FRITZ!
[2009.01.28 20:43:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gDEBugger
[2009.10.03 09:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GetRightToGo
[2007.01.01 00:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GlarySoft
[2008.09.06 10:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Google
[2008.09.14 13:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gtk-2.0
[2007.03.20 05:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze
[2008.03.20 19:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Help
[2008.03.28 12:24:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Identities
[2008.03.30 13:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InfraRecorder
[2008.03.19 04:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InstallShield
[2008.09.14 18:41:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InstallShield Installation Information
[2008.11.08 09:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Kazaa Lite
[2010.04.01 17:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Macromedia
[2009.05.13 18:16:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Malwarebytes
[2008.08.31 10:32:27 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Microsoft
[2011.04.11 20:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\mIRC
[2008.10.23 19:03:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\MSN6
[2008.11.20 22:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\NCH Software
[2009.11.19 21:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Nero
[2009.11.19 21:39:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\NeroDigital(TM)
[2009.06.18 12:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Nokia
[2011.03.09 14:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Paltalk
[2009.06.18 12:27:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PC Suite
[2009.06.17 07:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PC Tools
[2008.07.20 20:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Pegasys Inc
[2009.08.13 18:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PingTesterDataBas
[2011.05.21 13:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong
[2008.04.12 17:13:25 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\SecuROM
[2008.10.23 20:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Sun
[2008.05.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht
[2011.04.08 16:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\vlc
[2007.10.07 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Vso
[2009.02.13 11:29:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\WinRAR
[2009.05.13 18:06:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Yahoo!
 
< %APPDATA%\*.exe /s >
[2007.10.07 07:23:22 | 000,087,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\inst.exe
[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze\uninstall.exe
[2008.09.14 18:26:19 | 000,331,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe
[2009.08.13 18:17:15 | 000,040,960 | ---- | M] (ss) -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PingTesterDataBas\PingIPscan2008112.exe
 
< %SYSTEMDRIVE%\*.exe >
[2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
< MD5 for: AGP440.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2002.08.29 03:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2002.08.29 03:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2002.08.29 03:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2002.08.29 03:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2002.08.29 03:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2008.03.19 04:35:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.03.19 04:35:39 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.03.19 04:35:39 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1

< End of report >
         

Alt 11.04.2012, 11:49   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.sys File not found
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS File not found
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File not found
DRV - (NETFRITZ) -- System32\DRIVERS\NETFRITZ.SYS File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (LXARScan) -- System32\Drivers\Lxarscan.sys File not found
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.biut.de/
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=DVDX2&o=14642&src=crm&q={searchTerms}&locale=de_DE
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{45598712-1ED3-4F4E-9848-132393493C78}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.19 03:48:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24f57d01-f9f7-11de-a276-806d6172696f}\Shell\AutoRun\command - "" = E:\setupSNK.exe
[2007.03.20 05:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze
[2011.05.21 13:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong
[2008.05.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht
@Alternate Data Stream - 111 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
:Files
C:\Programme\softonic-de3
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2012, 18:54   #13
Jagger192
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Hi

Ging alles ohne probleme.

Code:
ATTFilter
All processes killed
========== OTL ==========
Service SASKUTIL stopped successfully!
Service SASKUTIL deleted successfully!
File  C:\Programme\SUPERAntiSpyware\SASKUTIL.sys File not found not found.
Service SASENUM stopped successfully!
Service SASENUM deleted successfully!
File  C:\Programme\SUPERAntiSpyware\SASENUM.SYS File not found not found.
Service SASDIFSV stopped successfully!
Service SASDIFSV deleted successfully!
File  C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File not found not found.
Service NETFRITZ stopped successfully!
Service NETFRITZ deleted successfully!
File  System32\DRIVERS\NETFRITZ.SYS File not found not found.
Service motmodem stopped successfully!
Service motmodem deleted successfully!
File  system32\DRIVERS\motmodem.sys File not found not found.
Service LXARScan stopped successfully!
Service LXARScan deleted successfully!
File  System32\Drivers\Lxarscan.sys File not found not found.
HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\prxtbsof0.dll moved successfully.
HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{45598712-1ED3-4F4E-9848-132393493C78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45598712-1ED3-4F4E-9848-132393493C78}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\prxtbsof0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24f57d01-f9f7-11de-a276-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24f57d01-f9f7-11de-a276-806d6172696f}\ not found.
File E:\setupSNK.exe not found.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze folder moved successfully.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong folder moved successfully.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht\Logs folder moved successfully.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\Programme\softonic-de3 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 225820 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Jagger
->Temp folder emptied: 582083627 bytes
->Temporary Internet Files folder emptied: 15335139 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1563 bytes
 
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 8643206 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 14932652 bytes
%systemroot%\System32 .tmp files removed: 2676103 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 24192 bytes
Windows Temp folder emptied: 1176422 bytes
RecycleBin emptied: 2345340 bytes
 
Total Files Cleaned = 599,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Jagger
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04112012_184941

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Jagger

Alt 11.04.2012, 19:44   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2012, 12:16   #15
Jagger192
 
Infizierte Registrierungsschlüssel - Standard

Infizierte Registrierungsschlüssel



Hi

Wie kann ich den die fehler mit skip behanden?

Hier das log

Code:
ATTFilter
12:00:37.0633 1936	TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:00:38.0039 1936	============================================================
12:00:38.0039 1936	Current date / time: 2012/04/15 12:00:38.0039
12:00:38.0039 1936	SystemInfo:
12:00:38.0039 1936	
12:00:38.0039 1936	OS Version: 5.1.2600 ServicePack: 3.0
12:00:38.0039 1936	Product type: Workstation
12:00:38.0039 1936	ComputerName: JAEGER
12:00:38.0039 1936	UserName: Jagger
12:00:38.0039 1936	Windows directory: C:\WINDOWS
12:00:38.0039 1936	System windows directory: C:\WINDOWS
12:00:38.0039 1936	Processor architecture: Intel x86
12:00:38.0039 1936	Number of processors: 2
12:00:38.0039 1936	Page size: 0x1000
12:00:38.0039 1936	Boot type: Normal boot
12:00:38.0039 1936	============================================================
12:00:39.0321 1936	Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:00:39.0321 1936	Drive \Device\Harddisk1\DR4 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:00:39.0321 1936	\Device\Harddisk0\DR0:
12:00:39.0321 1936	MBR used
12:00:39.0321 1936	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
12:00:39.0336 1936	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x1869E559
12:00:39.0336 1936	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E845EFE, BlocksNum 0x1BB3ED43
12:00:39.0336 1936	\Device\Harddisk1\DR4:
12:00:39.0336 1936	MBR used
12:00:39.0336 1936	\Device\Harddisk1\DR4\Partition0: MBR, Type 0xB, StartLBA 0x58, BlocksNum 0x1E3BA8
12:00:39.0774 1936	Initialize success
12:00:39.0774 1936	============================================================
12:03:29.0586 3100	============================================================
12:03:29.0586 3100	Scan started
12:03:29.0586 3100	Mode: Manual; SigCheck; TDLFS; 
12:03:29.0586 3100	============================================================
12:03:29.0868 3100	Aavmker4        (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:03:29.0946 3100	Aavmker4 - ok
12:03:29.0961 3100	Abiosdsk - ok
12:03:29.0961 3100	abp480n5 - ok
12:03:29.0993 3100	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:03:30.0102 3100	ACPI - ok
12:03:30.0118 3100	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:03:30.0196 3100	ACPIEC - ok
12:03:30.0196 3100	adpu160m - ok
12:03:30.0211 3100	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:03:30.0274 3100	aec - ok
12:03:30.0305 3100	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:03:30.0321 3100	AFD - ok
12:03:30.0321 3100	Aha154x - ok
12:03:30.0336 3100	aic78u2 - ok
12:03:30.0336 3100	aic78xx - ok
12:03:30.0368 3100	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:03:30.0430 3100	Alerter - ok
12:03:30.0430 3100	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:03:30.0461 3100	ALG - ok
12:03:30.0477 3100	AliIde - ok
12:03:30.0477 3100	amsint - ok
12:03:30.0508 3100	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:03:30.0539 3100	AppMgmt - ok
12:03:30.0586 3100	AR9271          (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys
12:03:30.0649 3100	AR9271 - ok
12:03:30.0649 3100	asc - ok
12:03:30.0664 3100	asc3350p - ok
12:03:30.0664 3100	asc3550 - ok
12:03:30.0727 3100	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:03:30.0727 3100	aspnet_state - ok
12:03:30.0743 3100	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:03:30.0743 3100	aswFsBlk - ok
12:03:30.0774 3100	aswMon2         (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
12:03:30.0774 3100	aswMon2 - ok
12:03:30.0789 3100	aswRdr          (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
12:03:30.0805 3100	aswRdr - ok
12:03:30.0836 3100	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
12:03:30.0852 3100	aswSnx - ok
12:03:30.0883 3100	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
12:03:30.0883 3100	aswSP - ok
12:03:30.0899 3100	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
12:03:30.0899 3100	aswTdi - ok
12:03:30.0930 3100	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:03:30.0993 3100	AsyncMac - ok
12:03:30.0993 3100	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:03:31.0071 3100	atapi - ok
12:03:31.0071 3100	Atdisk - ok
12:03:31.0102 3100	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:03:31.0164 3100	Atmarpc - ok
12:03:31.0180 3100	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:03:31.0258 3100	AudioSrv - ok
12:03:31.0274 3100	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:03:31.0336 3100	audstub - ok
12:03:31.0399 3100	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
12:03:31.0414 3100	avast! Antivirus - ok
12:03:31.0430 3100	AVMPORT         (02568a764ef2c37cfa6f9c471e67d475) C:\WINDOWS\System32\drivers\avmport.sys
12:03:31.0430 3100	AVMPORT ( UnsignedFile.Multi.Generic ) - warning
12:03:31.0430 3100	AVMPORT - detected UnsignedFile.Multi.Generic (1)
12:03:31.0461 3100	AVMWAN          (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
12:03:31.0524 3100	AVMWAN - ok
12:03:31.0539 3100	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:03:31.0618 3100	Beep - ok
12:03:31.0649 3100	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:03:31.0727 3100	BITS - ok
12:03:31.0743 3100	Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:03:31.0774 3100	Bridge - ok
12:03:31.0774 3100	BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:03:31.0805 3100	BridgeMP - ok
12:03:31.0836 3100	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:03:31.0899 3100	Browser - ok
12:03:31.0930 3100	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
12:03:31.0961 3100	BTHPORT - ok
12:03:31.0977 3100	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
12:03:32.0039 3100	BthServ - ok
12:03:32.0055 3100	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:03:32.0118 3100	BTHUSB - ok
12:03:32.0133 3100	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:03:32.0196 3100	cbidf2k - ok
12:03:32.0211 3100	cd20xrnt - ok
12:03:32.0227 3100	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:03:32.0289 3100	Cdaudio - ok
12:03:32.0321 3100	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:03:32.0383 3100	Cdfs - ok
12:03:32.0414 3100	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:03:32.0477 3100	Cdrom - ok
12:03:32.0477 3100	Changer - ok
12:03:32.0508 3100	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:03:32.0571 3100	CiSvc - ok
12:03:32.0602 3100	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:03:32.0664 3100	ClipSrv - ok
12:03:32.0727 3100	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:03:32.0743 3100	clr_optimization_v2.0.50727_32 - ok
12:03:32.0743 3100	CmdIde - ok
12:03:32.0743 3100	COMSysApp - ok
12:03:32.0758 3100	Cpqarray - ok
12:03:32.0774 3100	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:03:32.0836 3100	CryptSvc - ok
12:03:32.0852 3100	dac2w2k - ok
12:03:32.0852 3100	dac960nt - ok
12:03:32.0883 3100	DAdderFltr      (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
12:03:32.0883 3100	DAdderFltr - ok
12:03:32.0914 3100	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:03:32.0930 3100	DcomLaunch - ok
12:03:32.0977 3100	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:03:33.0039 3100	Dhcp - ok
12:03:33.0071 3100	DIGIRPS         (ac831d7c56b5c30a7b0987c4d8dd7608) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
12:03:33.0133 3100	DIGIRPS - ok
12:03:33.0149 3100	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:03:33.0211 3100	Disk - ok
12:03:33.0227 3100	dmadmin - ok
12:03:33.0258 3100	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:03:33.0368 3100	dmboot - ok
12:03:33.0383 3100	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:03:33.0446 3100	dmio - ok
12:03:33.0461 3100	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:03:33.0539 3100	dmload - ok
12:03:33.0555 3100	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:03:33.0618 3100	dmserver - ok
12:03:33.0633 3100	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:03:33.0696 3100	DMusic - ok
12:03:33.0711 3100	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:03:33.0727 3100	Dnscache - ok
12:03:33.0758 3100	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:03:33.0821 3100	Dot3svc - ok
12:03:33.0821 3100	dpti2o - ok
12:03:33.0836 3100	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:03:33.0899 3100	drmkaud - ok
12:03:33.0930 3100	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:03:33.0993 3100	EapHost - ok
12:03:34.0024 3100	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:03:34.0086 3100	ERSvc - ok
12:03:34.0102 3100	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:03:34.0133 3100	Eventlog - ok
12:03:34.0149 3100	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
12:03:34.0180 3100	EventSystem - ok
12:03:34.0196 3100	ezplay          (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
12:03:34.0196 3100	ezplay ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0196 3100	ezplay - detected UnsignedFile.Multi.Generic (1)
12:03:34.0211 3100	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:03:34.0274 3100	Fastfat - ok
12:03:34.0305 3100	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:03:34.0336 3100	FastUserSwitchingCompatibility - ok
12:03:34.0336 3100	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:03:34.0399 3100	Fdc - ok
12:03:34.0430 3100	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:03:34.0493 3100	Fips - ok
12:03:34.0508 3100	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:03:34.0571 3100	Flpydisk - ok
12:03:34.0602 3100	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:03:34.0664 3100	FltMgr - ok
12:03:34.0711 3100	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:03:34.0727 3100	FontCache3.0.0.0 - ok
12:03:34.0743 3100	fpcibase        (03ddba31f856936baddd2d66e111faed) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
12:03:34.0789 3100	fpcibase - ok
12:03:34.0805 3100	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:03:34.0868 3100	Fs_Rec - ok
12:03:34.0883 3100	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:03:34.0946 3100	Ftdisk - ok
12:03:34.0961 3100	gdrv            (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
12:03:35.0493 3100	gdrv - ok
12:03:35.0524 3100	giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
12:03:35.0539 3100	giveio ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0539 3100	giveio - detected UnsignedFile.Multi.Generic (1)
12:03:35.0571 3100	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:03:35.0649 3100	Gpc - ok
12:03:35.0696 3100	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:03:35.0696 3100	gupdate - ok
12:03:35.0711 3100	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:03:35.0711 3100	gupdatem - ok
12:03:35.0727 3100	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:03:35.0805 3100	HDAudBus - ok
12:03:35.0836 3100	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:03:35.0899 3100	helpsvc - ok
12:03:35.0914 3100	HidServ - ok
12:03:35.0930 3100	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:03:36.0008 3100	hidusb - ok
12:03:36.0024 3100	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:03:36.0086 3100	hkmsvc - ok
12:03:36.0102 3100	hpn - ok
12:03:36.0118 3100	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:03:36.0133 3100	HTTP - ok
12:03:36.0164 3100	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:03:36.0227 3100	HTTPFilter - ok
12:03:36.0243 3100	i2omgmt - ok
12:03:36.0243 3100	i2omp - ok
12:03:36.0258 3100	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:03:36.0321 3100	i8042prt - ok
12:03:36.0383 3100	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:03:36.0383 3100	IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:03:36.0383 3100	IDriverT - detected UnsignedFile.Multi.Generic (1)
12:03:36.0461 3100	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:03:36.0493 3100	idsvc - ok
12:03:36.0508 3100	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:03:36.0586 3100	Imapi - ok
12:03:36.0618 3100	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:03:36.0696 3100	ImapiService - ok
12:03:36.0696 3100	ini910u - ok
12:03:36.0789 3100	IntcAzAudAddService (e37589414437a60797e94c0f57c546db) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:03:36.0899 3100	IntcAzAudAddService - ok
12:03:36.0914 3100	IntelIde - ok
12:03:36.0930 3100	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:03:36.0993 3100	intelppm - ok
12:03:37.0008 3100	ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:03:37.0071 3100	ip6fw - ok
12:03:37.0102 3100	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:03:37.0164 3100	IpFilterDriver - ok
12:03:37.0164 3100	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:03:37.0243 3100	IpInIp - ok
12:03:37.0258 3100	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:03:37.0336 3100	IpNat - ok
12:03:37.0352 3100	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:03:37.0414 3100	IPSec - ok
12:03:37.0430 3100	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:03:37.0461 3100	IRENUM - ok
12:03:37.0477 3100	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:03:37.0539 3100	isapnp - ok
12:03:37.0555 3100	JGOGO           (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
12:03:37.0555 3100	JGOGO - ok
12:03:37.0571 3100	JRAID           (f90a4e8657319a652e04c5362926cfea) C:\WINDOWS\system32\DRIVERS\jraid.sys
12:03:37.0586 3100	JRAID - ok
12:03:37.0602 3100	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:03:37.0664 3100	Kbdclass - ok
12:03:37.0664 3100	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:03:37.0743 3100	kmixer - ok
12:03:37.0758 3100	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:03:37.0758 3100	KSecDD - ok
12:03:37.0789 3100	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:03:37.0805 3100	lanmanserver - ok
12:03:37.0821 3100	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:03:37.0852 3100	lanmanworkstation - ok
12:03:37.0852 3100	lbrtfdc - ok
12:03:37.0852 3100	LexBceS - ok
12:03:37.0883 3100	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:03:37.0946 3100	LmHosts - ok
12:03:37.0977 3100	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:03:38.0039 3100	Messenger - ok
12:03:38.0055 3100	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:03:38.0133 3100	mnmdd - ok
12:03:38.0149 3100	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
12:03:38.0211 3100	mnmsrvc - ok
12:03:38.0227 3100	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:03:38.0289 3100	Modem - ok
12:03:38.0305 3100	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:03:38.0383 3100	Mouclass - ok
12:03:38.0399 3100	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:03:38.0461 3100	mouhid - ok
12:03:38.0477 3100	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:03:38.0539 3100	MountMgr - ok
12:03:38.0539 3100	mraid35x - ok
12:03:38.0555 3100	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:03:38.0618 3100	MRxDAV - ok
12:03:38.0649 3100	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:03:38.0664 3100	MRxSmb - ok
12:03:38.0680 3100	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
12:03:38.0758 3100	MSDTC - ok
12:03:38.0758 3100	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:03:38.0821 3100	Msfs - ok
12:03:38.0836 3100	MSIServer - ok
12:03:38.0852 3100	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:03:38.0914 3100	MSKSSRV - ok
12:03:38.0930 3100	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:03:38.0993 3100	MSPCLOCK - ok
12:03:39.0008 3100	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:03:39.0071 3100	MSPQM - ok
12:03:39.0086 3100	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:03:39.0149 3100	mssmbios - ok
12:03:39.0164 3100	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:03:39.0180 3100	Mup - ok
12:03:39.0196 3100	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:03:39.0289 3100	napagent - ok
12:03:39.0321 3100	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:03:39.0383 3100	NDIS - ok
12:03:39.0414 3100	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:03:39.0414 3100	NdisTapi - ok
12:03:39.0446 3100	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:03:39.0508 3100	Ndisuio - ok
12:03:39.0539 3100	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:03:39.0602 3100	NdisWan - ok
12:03:39.0633 3100	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:03:39.0649 3100	NDProxy - ok
12:03:39.0696 3100	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
12:03:39.0727 3100	Nero BackItUp Scheduler 4.0 - ok
12:03:39.0743 3100	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:03:39.0805 3100	NetBIOS - ok
12:03:39.0821 3100	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:03:39.0883 3100	NetBT - ok
12:03:39.0914 3100	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:03:39.0993 3100	NetDDE - ok
12:03:39.0993 3100	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:03:40.0071 3100	NetDDEdsdm - ok
12:03:40.0086 3100	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:03:40.0149 3100	Netlogon - ok
12:03:40.0180 3100	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:03:40.0258 3100	Netman - ok
12:03:40.0321 3100	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:03:40.0321 3100	NetTcpPortSharing - ok
12:03:40.0352 3100	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:03:40.0368 3100	Nla - ok
12:03:40.0383 3100	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:03:40.0446 3100	Npfs - ok
12:03:40.0477 3100	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:03:40.0555 3100	Ntfs - ok
12:03:40.0555 3100	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
12:03:40.0633 3100	NtLmSsp - ok
12:03:40.0649 3100	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:03:40.0743 3100	NtmsSvc - ok
12:03:40.0758 3100	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:03:40.0821 3100	Null - ok
12:03:40.0946 3100	nv              (b518ab25714821ae21677a8ada1fdf86) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:03:41.0164 3100	nv ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0164 3100	nv - detected UnsignedFile.Multi.Generic (1)
12:03:41.0180 3100	NVSvc           (77ecdf9e3d43d4e86e85b73886992625) C:\WINDOWS\system32\nvsvc32.exe
12:03:41.0196 3100	NVSvc ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0196 3100	NVSvc - detected UnsignedFile.Multi.Generic (1)
12:03:41.0211 3100	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:03:41.0274 3100	NwlnkFlt - ok
12:03:41.0289 3100	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:03:41.0352 3100	NwlnkFwd - ok
12:03:41.0383 3100	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
12:03:41.0446 3100	Parport - ok
12:03:41.0446 3100	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:03:41.0508 3100	PartMgr - ok
12:03:41.0539 3100	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:03:41.0602 3100	ParVdm - ok
12:03:41.0633 3100	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
12:03:41.0633 3100	pccsmcfd - ok
12:03:41.0649 3100	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:03:41.0727 3100	PCI - ok
12:03:41.0727 3100	PCIDump - ok
12:03:41.0743 3100	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:03:41.0805 3100	PCIIde - ok
12:03:41.0836 3100	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:03:41.0899 3100	Pcmcia - ok
12:03:41.0930 3100	pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
12:03:41.0930 3100	pcouffin ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0930 3100	pcouffin - detected UnsignedFile.Multi.Generic (1)
12:03:41.0961 3100	PCTCore         (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
12:03:41.0961 3100	PCTCore - ok
12:03:41.0977 3100	PDCOMP - ok
12:03:41.0977 3100	PDFRAME - ok
12:03:41.0977 3100	PDRELI - ok
12:03:41.0993 3100	PDRFRAME - ok
12:03:41.0993 3100	perc2 - ok
12:03:42.0008 3100	perc2hib - ok
12:03:42.0024 3100	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:03:42.0039 3100	PlugPlay - ok
12:03:42.0055 3100	PnkBstrA        (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
12:03:42.0071 3100	PnkBstrA - ok
12:03:42.0086 3100	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:03:42.0149 3100	PolicyAgent - ok
12:03:42.0164 3100	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:03:42.0227 3100	PptpMiniport - ok
12:03:42.0258 3100	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
12:03:42.0321 3100	Processor - ok
12:03:42.0321 3100	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:03:42.0399 3100	ProtectedStorage - ok
12:03:42.0414 3100	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:03:42.0477 3100	PSched - ok
12:03:42.0493 3100	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:03:42.0571 3100	Ptilink - ok
12:03:42.0586 3100	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:03:42.0602 3100	PxHelp20 - ok
12:03:42.0602 3100	ql1080 - ok
12:03:42.0602 3100	Ql10wnt - ok
12:03:42.0618 3100	ql12160 - ok
12:03:42.0618 3100	ql1240 - ok
12:03:42.0633 3100	ql1280 - ok
12:03:42.0649 3100	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:03:42.0696 3100	RasAcd - ok
12:03:42.0727 3100	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:03:42.0805 3100	RasAuto - ok
12:03:42.0805 3100	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:03:42.0868 3100	Rasl2tp - ok
12:03:42.0899 3100	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:03:42.0961 3100	RasMan - ok
12:03:42.0977 3100	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:03:43.0039 3100	RasPppoe - ok
12:03:43.0055 3100	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:03:43.0118 3100	Raspti - ok
12:03:43.0133 3100	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:03:43.0196 3100	Rdbss - ok
12:03:43.0196 3100	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:03:43.0274 3100	RDPCDD - ok
12:03:43.0274 3100	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:03:43.0336 3100	rdpdr - ok
12:03:43.0368 3100	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:03:43.0383 3100	RDPWD - ok
12:03:43.0399 3100	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:03:43.0477 3100	RDSessMgr - ok
12:03:43.0493 3100	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:03:43.0571 3100	redbook - ok
12:03:43.0586 3100	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:03:43.0664 3100	RemoteAccess - ok
12:03:43.0696 3100	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:03:43.0758 3100	RemoteRegistry - ok
12:03:43.0774 3100	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:03:43.0852 3100	ROOTMODEM - ok
12:03:43.0993 3100	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
12:03:44.0289 3100	RpcLocator - ok
12:03:44.0305 3100	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
12:03:44.0321 3100	RpcSs - ok
12:03:44.0336 3100	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
12:03:44.0414 3100	RSVP - ok
12:03:44.0430 3100	RTLE8023xp      (098de621085d7f922871a99b0ec7ddd6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:03:44.0446 3100	RTLE8023xp - ok
12:03:44.0477 3100	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:03:44.0539 3100	SamSs - ok
12:03:44.0555 3100	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:03:44.0618 3100	SCardSvr - ok
12:03:44.0649 3100	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:03:44.0727 3100	Schedule - ok
12:03:44.0789 3100	sdAuxService    (2881d5c135d076bcf52b0f5ad3d8dc0b) C:\Programme\Spyware Doctor\pctsAuxs.exe
12:03:44.0805 3100	sdAuxService - ok
12:03:44.0836 3100	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:03:44.0868 3100	Secdrv - ok
12:03:44.0899 3100	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:03:44.0977 3100	seclogon - ok
12:03:44.0993 3100	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:03:45.0055 3100	SENS - ok
12:03:45.0071 3100	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:03:45.0133 3100	serenum - ok
12:03:45.0149 3100	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
12:03:45.0211 3100	Serial - ok
12:03:45.0227 3100	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:03:45.0289 3100	Sfloppy - ok
12:03:45.0305 3100	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:03:45.0383 3100	SharedAccess - ok
12:03:45.0414 3100	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:03:45.0430 3100	ShellHWDetection - ok
12:03:45.0430 3100	Simbad - ok
12:03:45.0446 3100	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:03:45.0524 3100	SONYPVU1 - ok
12:03:45.0524 3100	Sparrow - ok
12:03:45.0539 3100	speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
12:03:45.0555 3100	speedfan ( UnsignedFile.Multi.Generic ) - warning
12:03:45.0555 3100	speedfan - detected UnsignedFile.Multi.Generic (1)
12:03:45.0555 3100	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:03:45.0618 3100	splitter - ok
12:03:45.0649 3100	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:03:45.0664 3100	Spooler - ok
12:03:45.0696 3100	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:03:45.0727 3100	sr - ok
12:03:45.0758 3100	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
12:03:45.0789 3100	srservice - ok
12:03:45.0821 3100	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:03:45.0836 3100	Srv - ok
12:03:45.0852 3100	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:03:45.0899 3100	SSDPSRV - ok
12:03:45.0899 3100	StarOpen - ok
12:03:45.0930 3100	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:03:46.0008 3100	stisvc - ok
12:03:46.0024 3100	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:03:46.0086 3100	swenum - ok
12:03:46.0102 3100	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:03:46.0164 3100	swmidi - ok
12:03:46.0164 3100	SwPrv - ok
12:03:46.0180 3100	symc810 - ok
12:03:46.0180 3100	symc8xx - ok
12:03:46.0180 3100	sym_hi - ok
12:03:46.0196 3100	sym_u3 - ok
12:03:46.0196 3100	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:03:46.0274 3100	sysaudio - ok
12:03:46.0289 3100	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:03:46.0352 3100	SysmonLog - ok
12:03:46.0368 3100	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:03:46.0446 3100	TapiSrv - ok
12:03:46.0477 3100	tbhsd           (c26c6dff638d9e51dc5cc60a7785d057) C:\WINDOWS\system32\drivers\tbhsd.sys
12:03:46.0477 3100	tbhsd - ok
12:03:46.0508 3100	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:03:46.0524 3100	Tcpip - ok
12:03:46.0539 3100	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:03:46.0618 3100	TDPIPE - ok
12:03:46.0618 3100	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:03:46.0696 3100	TDTCP - ok
12:03:46.0711 3100	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:03:46.0774 3100	TermDD - ok
12:03:46.0789 3100	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:03:46.0868 3100	TermService - ok
12:03:46.0899 3100	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:03:46.0914 3100	Themes - ok
12:03:46.0961 3100	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
12:03:46.0993 3100	TlntSvr - ok
12:03:47.0008 3100	TosIde - ok
12:03:47.0024 3100	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:03:47.0102 3100	TrkWks - ok
12:03:47.0118 3100	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:03:47.0180 3100	Udfs - ok
12:03:47.0180 3100	ultra - ok
12:03:47.0211 3100	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:03:47.0289 3100	Update - ok
12:03:47.0305 3100	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:03:47.0352 3100	upnphost - ok
12:03:47.0368 3100	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:03:47.0430 3100	UPS - ok
12:03:47.0461 3100	usb2vcom        (66276112dc7089d2d9e58c7cbf0855c1) C:\WINDOWS\system32\Drivers\usb2vcom.sys
12:03:47.0461 3100	usb2vcom ( UnsignedFile.Multi.Generic ) - warning
12:03:47.0461 3100	usb2vcom - detected UnsignedFile.Multi.Generic (1)
12:03:47.0477 3100	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:03:47.0539 3100	usbehci - ok
12:03:47.0555 3100	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:03:47.0618 3100	usbhub - ok
12:03:47.0633 3100	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:03:47.0696 3100	usbprint - ok
12:03:47.0711 3100	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:03:47.0774 3100	usbser - ok
12:03:47.0805 3100	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:03:47.0868 3100	USBSTOR - ok
12:03:47.0883 3100	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:03:47.0946 3100	usbuhci - ok
12:03:48.0149 3100	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:03:48.0227 3100	VgaSave - ok
12:03:48.0227 3100	ViaIde - ok
12:03:48.0243 3100	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:03:48.0305 3100	VolSnap - ok
12:03:48.0321 3100	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:03:48.0368 3100	VSS - ok
12:03:48.0383 3100	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:03:48.0477 3100	W32Time - ok
12:03:48.0493 3100	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:03:48.0555 3100	Wanarp - ok
12:03:48.0586 3100	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:03:48.0618 3100	Wdf01000 - ok
12:03:48.0618 3100	WDICA - ok
12:03:48.0633 3100	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:03:48.0696 3100	wdmaud - ok
12:03:48.0711 3100	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:03:48.0774 3100	WebClient - ok
12:03:48.0805 3100	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:03:48.0868 3100	winmgmt - ok
12:03:48.0914 3100	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:03:48.0914 3100	WmdmPmSN - ok
12:03:48.0961 3100	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:03:48.0977 3100	Wmi - ok
12:03:49.0008 3100	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:03:49.0071 3100	WmiApSrv - ok
12:03:49.0133 3100	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
12:03:49.0180 3100	WMPNetworkSvc - ok
12:03:49.0211 3100	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:03:49.0274 3100	wscsvc - ok
12:03:49.0305 3100	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:03:49.0368 3100	wuauserv - ok
12:03:49.0399 3100	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:03:49.0399 3100	WudfPf - ok
12:03:49.0414 3100	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:03:49.0430 3100	WudfRd - ok
12:03:49.0461 3100	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:03:49.0477 3100	WudfSvc - ok
12:03:49.0493 3100	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:03:49.0586 3100	WZCSVC - ok
12:03:49.0618 3100	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:03:49.0696 3100	xmlprov - ok
12:03:49.0696 3100	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:03:49.0899 3100	\Device\Harddisk0\DR0 - ok
12:03:49.0899 3100	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
12:03:52.0118 3100	\Device\Harddisk1\DR4 - ok
12:03:52.0118 3100	Boot (0x1200)   (3c316c7365933d10b3f14d87e352c4ef) \Device\Harddisk0\DR0\Partition0
12:03:52.0118 3100	\Device\Harddisk0\DR0\Partition0 - ok
12:03:52.0118 3100	Boot (0x1200)   (578f372d75f249e7dfd117ed7af69a0c) \Device\Harddisk0\DR0\Partition1
12:03:52.0118 3100	\Device\Harddisk0\DR0\Partition1 - ok
12:03:52.0133 3100	Boot (0x1200)   (9b06fd4c096a3fe3014b2087152cf244) \Device\Harddisk0\DR0\Partition2
12:03:52.0133 3100	\Device\Harddisk0\DR0\Partition2 - ok
12:03:52.0133 3100	Boot (0x1200)   (03c484ebf374f7d01828758619ebb1f6) \Device\Harddisk1\DR4\Partition0
12:03:52.0133 3100	\Device\Harddisk1\DR4\Partition0 - ok
12:03:52.0133 3100	============================================================
12:03:52.0133 3100	Scan finished
12:03:52.0133 3100	============================================================
12:03:52.0243 3048	Detected object count: 9
12:03:52.0243 3048	Actual detected object count: 9
12:04:45.0446 3048	AVMPORT ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048	AVMPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:04:45.0446 3048	ezplay ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048	ezplay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:04:45.0446 3048	giveio ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048	giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:04:45.0446 3048	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:04:45.0446 3048	nv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048	nv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:04:45.0446 3048	NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048	NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:04:45.0446 3048	pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048	pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:04:45.0446 3048	speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048	speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:04:45.0446 3048	usb2vcom ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048	usb2vcom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:07:54.0602 3920	============================================================
12:07:54.0602 3920	Scan started
12:07:54.0602 3920	Mode: Manual; SigCheck; TDLFS; 
12:07:54.0602 3920	============================================================
12:07:54.0914 3920	Aavmker4        (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:07:54.0930 3920	Aavmker4 - ok
12:07:54.0930 3920	Abiosdsk - ok
12:07:54.0946 3920	abp480n5 - ok
12:07:54.0961 3920	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:07:55.0071 3920	ACPI - ok
12:07:55.0086 3920	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:07:55.0180 3920	ACPIEC - ok
12:07:55.0180 3920	adpu160m - ok
12:07:55.0196 3920	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:07:55.0258 3920	aec - ok
12:07:55.0289 3920	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:07:55.0305 3920	AFD - ok
12:07:55.0305 3920	Aha154x - ok
12:07:55.0321 3920	aic78u2 - ok
12:07:55.0321 3920	aic78xx - ok
12:07:55.0352 3920	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:07:55.0414 3920	Alerter - ok
12:07:55.0430 3920	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:07:55.0461 3920	ALG - ok
12:07:55.0477 3920	AliIde - ok
12:07:55.0477 3920	amsint - ok
12:07:55.0508 3920	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:07:55.0539 3920	AppMgmt - ok
12:07:55.0586 3920	AR9271          (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys
12:07:55.0618 3920	AR9271 - ok
12:07:55.0633 3920	asc - ok
12:07:55.0633 3920	asc3350p - ok
12:07:55.0633 3920	asc3550 - ok
12:07:55.0680 3920	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:07:55.0696 3920	aspnet_state - ok
12:07:55.0696 3920	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:07:55.0696 3920	aswFsBlk - ok
12:07:55.0727 3920	aswMon2         (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
12:07:55.0743 3920	aswMon2 - ok
12:07:55.0743 3920	aswRdr          (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
12:07:55.0758 3920	aswRdr - ok
12:07:55.0789 3920	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
12:07:55.0805 3920	aswSnx - ok
12:07:55.0836 3920	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
12:07:55.0852 3920	aswSP - ok
12:07:55.0852 3920	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
12:07:55.0852 3920	aswTdi - ok
12:07:55.0883 3920	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:07:55.0946 3920	AsyncMac - ok
12:07:55.0961 3920	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:07:56.0024 3920	atapi - ok
12:07:56.0024 3920	Atdisk - ok
12:07:56.0055 3920	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:07:56.0118 3920	Atmarpc - ok
12:07:56.0133 3920	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:07:56.0196 3920	AudioSrv - ok
12:07:56.0227 3920	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:07:56.0289 3920	audstub - ok
12:07:56.0352 3920	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
12:07:56.0352 3920	avast! Antivirus - ok
12:07:56.0368 3920	AVMPORT         (02568a764ef2c37cfa6f9c471e67d475) C:\WINDOWS\System32\drivers\avmport.sys
12:07:56.0383 3920	AVMPORT ( UnsignedFile.Multi.Generic ) - warning
12:07:56.0383 3920	AVMPORT - detected UnsignedFile.Multi.Generic (1)
12:07:56.0414 3920	AVMWAN          (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
12:07:56.0477 3920	AVMWAN - ok
12:07:56.0508 3920	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:07:56.0571 3920	Beep - ok
12:07:56.0586 3920	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:07:56.0664 3920	BITS - ok
12:07:56.0680 3920	Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:07:56.0711 3920	Bridge - ok
12:07:56.0711 3920	BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:07:56.0758 3920	BridgeMP - ok
12:07:56.0774 3920	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:07:56.0836 3920	Browser - ok
12:07:56.0883 3920	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
12:07:56.0899 3920	BTHPORT - ok
12:07:56.0914 3920	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
12:07:56.0977 3920	BthServ - ok
12:07:56.0993 3920	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:07:57.0055 3920	BTHUSB - ok
12:07:57.0071 3920	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:07:57.0133 3920	cbidf2k - ok
12:07:57.0149 3920	cd20xrnt - ok
12:07:57.0164 3920	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:07:57.0227 3920	Cdaudio - ok
12:07:57.0258 3920	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:07:57.0336 3920	Cdfs - ok
12:07:57.0352 3920	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:07:57.0430 3920	Cdrom - ok
12:07:57.0430 3920	Changer - ok
12:07:57.0446 3920	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:07:57.0508 3920	CiSvc - ok
12:07:57.0524 3920	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:07:57.0602 3920	ClipSrv - ok
12:07:57.0649 3920	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:07:57.0649 3920	clr_optimization_v2.0.50727_32 - ok
12:07:57.0664 3920	CmdIde - ok
12:07:57.0664 3920	COMSysApp - ok
12:07:57.0664 3920	Cpqarray - ok
12:07:57.0696 3920	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:07:57.0758 3920	CryptSvc - ok
12:07:57.0758 3920	dac2w2k - ok
12:07:57.0774 3920	dac960nt - ok
12:07:57.0789 3920	DAdderFltr      (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
12:07:57.0805 3920	DAdderFltr - ok
12:07:57.0821 3920	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:07:57.0836 3920	DcomLaunch - ok
12:07:57.0868 3920	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:07:57.0930 3920	Dhcp - ok
12:07:57.0961 3920	DIGIRPS         (ac831d7c56b5c30a7b0987c4d8dd7608) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
12:07:58.0024 3920	DIGIRPS - ok
12:07:58.0039 3920	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:07:58.0102 3920	Disk - ok
12:07:58.0118 3920	dmadmin - ok
12:07:58.0149 3920	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:07:58.0258 3920	dmboot - ok
12:07:58.0258 3920	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:07:58.0321 3920	dmio - ok
12:07:58.0352 3920	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:07:58.0430 3920	dmload - ok
12:07:58.0446 3920	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:07:58.0508 3920	dmserver - ok
12:07:58.0524 3920	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:07:58.0586 3920	DMusic - ok
12:07:58.0602 3920	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:07:58.0618 3920	Dnscache - ok
12:07:58.0649 3920	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:07:58.0711 3920	Dot3svc - ok
12:07:58.0711 3920	dpti2o - ok
12:07:58.0727 3920	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:07:58.0789 3920	drmkaud - ok
12:07:58.0821 3920	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:07:58.0883 3920	EapHost - ok
12:07:58.0899 3920	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:07:58.0961 3920	ERSvc - ok
12:07:58.0993 3920	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:07:59.0008 3920	Eventlog - ok
12:07:59.0039 3920	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
12:07:59.0055 3920	EventSystem - ok
12:07:59.0071 3920	ezplay          (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
12:07:59.0086 3920	ezplay ( UnsignedFile.Multi.Generic ) - warning
12:07:59.0086 3920	ezplay - detected UnsignedFile.Multi.Generic (1)
12:07:59.0102 3920	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:07:59.0164 3920	Fastfat - ok
12:07:59.0180 3920	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:07:59.0196 3920	FastUserSwitchingCompatibility - ok
12:07:59.0211 3920	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:07:59.0274 3920	Fdc - ok
12:07:59.0305 3920	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:07:59.0368 3920	Fips - ok
12:07:59.0383 3920	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:07:59.0446 3920	Flpydisk - ok
12:07:59.0461 3920	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:07:59.0524 3920	FltMgr - ok
12:07:59.0586 3920	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:07:59.0586 3920	FontCache3.0.0.0 - ok
12:07:59.0618 3920	fpcibase        (03ddba31f856936baddd2d66e111faed) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
12:07:59.0649 3920	fpcibase - ok
12:07:59.0664 3920	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:07:59.0727 3920	Fs_Rec - ok
12:07:59.0743 3920	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:07:59.0805 3920	Ftdisk - ok
12:07:59.0821 3920	gdrv            (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
12:07:59.0821 3920	gdrv - ok
12:07:59.0836 3920	giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
12:07:59.0852 3920	giveio ( UnsignedFile.Multi.Generic ) - warning
12:07:59.0852 3920	giveio - detected UnsignedFile.Multi.Generic (1)
12:07:59.0852 3920	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:07:59.0930 3920	Gpc - ok
12:07:59.0977 3920	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:07:59.0993 3920	gupdate - ok
12:07:59.0993 3920	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:08:00.0008 3920	gupdatem - ok
12:08:00.0024 3920	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:08:00.0086 3920	HDAudBus - ok
12:08:00.0118 3920	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:08:00.0180 3920	helpsvc - ok
12:08:00.0180 3920	HidServ - ok
12:08:00.0211 3920	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:08:00.0274 3920	hidusb - ok
12:08:00.0305 3920	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:08:00.0368 3920	hkmsvc - ok
12:08:00.0368 3920	hpn - ok
12:08:00.0399 3920	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:08:00.0414 3920	HTTP - ok
12:08:00.0430 3920	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:08:00.0508 3920	HTTPFilter - ok
12:08:00.0508 3920	i2omgmt - ok
12:08:00.0524 3920	i2omp - ok
12:08:00.0524 3920	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:08:00.0586 3920	i8042prt - ok
12:08:00.0649 3920	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:08:00.0649 3920	IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:08:00.0649 3920	IDriverT - detected UnsignedFile.Multi.Generic (1)
12:08:00.0727 3920	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:08:00.0743 3920	idsvc - ok
12:08:00.0774 3920	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:08:00.0836 3920	Imapi - ok
12:08:00.0868 3920	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:08:00.0946 3920	ImapiService - ok
12:08:00.0946 3920	ini910u - ok
12:08:01.0039 3920	IntcAzAudAddService (e37589414437a60797e94c0f57c546db) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:08:01.0164 3920	IntcAzAudAddService - ok
12:08:01.0164 3920	IntelIde - ok
12:08:01.0180 3920	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:08:01.0243 3920	intelppm - ok
12:08:01.0258 3920	ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:08:01.0321 3920	ip6fw - ok
12:08:01.0368 3920	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:08:01.0430 3920	IpFilterDriver - ok
12:08:01.0446 3920	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:08:01.0508 3920	IpInIp - ok
12:08:01.0524 3920	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:08:01.0602 3920	IpNat - ok
12:08:01.0618 3920	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:08:01.0680 3920	IPSec - ok
12:08:01.0696 3920	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:08:01.0727 3920	IRENUM - ok
12:08:01.0743 3920	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:08:01.0805 3920	isapnp - ok
12:08:01.0821 3920	JGOGO           (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
12:08:01.0821 3920	JGOGO - ok
12:08:01.0836 3920	JRAID           (f90a4e8657319a652e04c5362926cfea) C:\WINDOWS\system32\DRIVERS\jraid.sys
12:08:01.0852 3920	JRAID - ok
12:08:01.0868 3920	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:08:01.0930 3920	Kbdclass - ok
12:08:01.0930 3920	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:08:01.0993 3920	kmixer - ok
12:08:02.0008 3920	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:08:02.0024 3920	KSecDD - ok
12:08:02.0055 3920	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:08:02.0071 3920	lanmanserver - ok
12:08:02.0086 3920	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:08:02.0118 3920	lanmanworkstation - ok
12:08:02.0118 3920	lbrtfdc - ok
12:08:02.0118 3920	LexBceS - ok
12:08:02.0149 3920	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:08:02.0211 3920	LmHosts - ok
12:08:02.0243 3920	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:08:02.0305 3920	Messenger - ok
12:08:02.0321 3920	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:08:02.0383 3920	mnmdd - ok
12:08:02.0414 3920	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
12:08:02.0477 3920	mnmsrvc - ok
12:08:02.0477 3920	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:08:02.0539 3920	Modem - ok
12:08:02.0555 3920	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:08:02.0618 3920	Mouclass - ok
12:08:02.0633 3920	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:08:02.0696 3920	mouhid - ok
12:08:02.0696 3920	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:08:02.0774 3920	MountMgr - ok
12:08:02.0774 3920	mraid35x - ok
12:08:02.0774 3920	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:08:02.0836 3920	MRxDAV - ok
12:08:02.0883 3920	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:08:02.0899 3920	MRxSmb - ok
12:08:02.0914 3920	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
12:08:02.0993 3920	MSDTC - ok
12:08:02.0993 3920	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:08:03.0055 3920	Msfs - ok
12:08:03.0055 3920	MSIServer - ok
12:08:03.0071 3920	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:08:03.0133 3920	MSKSSRV - ok
12:08:03.0164 3920	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:08:03.0211 3920	MSPCLOCK - ok
12:08:03.0227 3920	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:08:03.0289 3920	MSPQM - ok
12:08:03.0305 3920	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:08:03.0368 3920	mssmbios - ok
12:08:03.0399 3920	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:08:03.0414 3920	Mup - ok
12:08:03.0430 3920	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:08:03.0508 3920	napagent - ok
12:08:03.0524 3920	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:08:03.0586 3920	NDIS - ok
12:08:03.0602 3920	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:08:03.0618 3920	NdisTapi - ok
12:08:03.0618 3920	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:08:03.0696 3920	Ndisuio - ok
12:08:03.0711 3920	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:08:03.0774 3920	NdisWan - ok
12:08:03.0789 3920	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:08:03.0805 3920	NDProxy - ok
12:08:03.0868 3920	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
12:08:03.0883 3920	Nero BackItUp Scheduler 4.0 - ok
12:08:03.0899 3920	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:08:03.0961 3920	NetBIOS - ok
12:08:03.0977 3920	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:08:04.0039 3920	NetBT - ok
12:08:04.0071 3920	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:08:04.0149 3920	NetDDE - ok
12:08:04.0149 3920	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:08:04.0211 3920	NetDDEdsdm - ok
12:08:04.0243 3920	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:08:04.0305 3920	Netlogon - ok
12:08:04.0336 3920	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:08:04.0399 3920	Netman - ok
12:08:04.0461 3920	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:08:04.0461 3920	NetTcpPortSharing - ok
12:08:04.0493 3920	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:08:04.0508 3920	Nla - ok
12:08:04.0508 3920	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:08:04.0571 3920	Npfs - ok
12:08:04.0602 3920	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:08:04.0664 3920	Ntfs - ok
12:08:04.0664 3920	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
12:08:04.0743 3920	NtLmSsp - ok
12:08:04.0758 3920	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:08:04.0836 3920	NtmsSvc - ok
12:08:04.0852 3920	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:08:04.0914 3920	Null - ok
12:08:05.0039 3920	nv              (b518ab25714821ae21677a8ada1fdf86) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:08:05.0164 3920	nv ( UnsignedFile.Multi.Generic ) - warning
12:08:05.0164 3920	nv - detected UnsignedFile.Multi.Generic (1)
12:08:05.0196 3920	NVSvc           (77ecdf9e3d43d4e86e85b73886992625) C:\WINDOWS\system32\nvsvc32.exe
12:08:05.0196 3920	NVSvc ( UnsignedFile.Multi.Generic ) - warning
12:08:05.0196 3920	NVSvc - detected UnsignedFile.Multi.Generic (1)
12:08:05.0211 3920	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:08:05.0289 3920	NwlnkFlt - ok
12:08:05.0289 3920	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:08:05.0352 3920	NwlnkFwd - ok
12:08:05.0368 3920	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
12:08:05.0430 3920	Parport - ok
12:08:05.0446 3920	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:08:05.0508 3920	PartMgr - ok
12:08:05.0539 3920	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:08:05.0602 3920	ParVdm - ok
12:08:05.0618 3920	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
12:08:05.0633 3920	pccsmcfd - ok
12:08:05.0649 3920	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:08:05.0711 3920	PCI - ok
12:08:05.0711 3920	PCIDump - ok
12:08:05.0743 3920	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:08:05.0805 3920	PCIIde - ok
12:08:05.0821 3920	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:08:05.0883 3920	Pcmcia - ok
12:08:05.0914 3920	pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
12:08:05.0914 3920	pcouffin ( UnsignedFile.Multi.Generic ) - warning
12:08:05.0914 3920	pcouffin - detected UnsignedFile.Multi.Generic (1)
12:08:05.0930 3920	PCTCore         (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
12:08:05.0946 3920	PCTCore - ok
12:08:05.0946 3920	PDCOMP - ok
12:08:05.0946 3920	PDFRAME - ok
12:08:05.0961 3920	PDRELI - ok
12:08:05.0961 3920	PDRFRAME - ok
12:08:05.0961 3920	perc2 - ok
12:08:05.0977 3920	perc2hib - ok
12:08:05.0993 3920	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:08:06.0008 3920	PlugPlay - ok
12:08:06.0024 3920	PnkBstrA        (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
12:08:06.0039 3920	PnkBstrA - ok
12:08:06.0055 3920	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:08:06.0133 3920	PolicyAgent - ok
12:08:06.0133 3920	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:08:06.0196 3920	PptpMiniport - ok
12:08:06.0211 3920	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
12:08:06.0289 3920	Processor - ok
12:08:06.0289 3920	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:08:06.0352 3920	ProtectedStorage - ok
12:08:06.0383 3920	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:08:06.0446 3920	PSched - ok
12:08:06.0477 3920	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:08:06.0539 3920	Ptilink - ok
12:08:06.0571 3920	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:08:06.0571 3920	PxHelp20 - ok
12:08:06.0571 3920	ql1080 - ok
12:08:06.0586 3920	Ql10wnt - ok
12:08:06.0586 3920	ql12160 - ok
12:08:06.0602 3920	ql1240 - ok
12:08:06.0602 3920	ql1280 - ok
12:08:06.0618 3920	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:08:06.0680 3920	RasAcd - ok
12:08:06.0696 3920	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:08:06.0774 3920	RasAuto - ok
12:08:06.0774 3920	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:08:06.0836 3920	Rasl2tp - ok
12:08:06.0868 3920	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:08:06.0930 3920	RasMan - ok
12:08:06.0930 3920	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:08:06.0993 3920	RasPppoe - ok
12:08:07.0008 3920	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:08:07.0071 3920	Raspti - ok
12:08:07.0086 3920	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:08:07.0149 3920	Rdbss - ok
12:08:07.0149 3920	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:08:07.0211 3920	RDPCDD - ok
12:08:07.0227 3920	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:08:07.0289 3920	rdpdr - ok
12:08:07.0321 3920	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:08:07.0336 3920	RDPWD - ok
12:08:07.0368 3920	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:08:07.0430 3920	RDSessMgr - ok
12:08:07.0446 3920	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:08:07.0524 3920	redbook - ok
12:08:07.0539 3920	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:08:07.0618 3920	RemoteAccess - ok
12:08:07.0649 3920	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:08:07.0727 3920	RemoteRegistry - ok
12:08:07.0743 3920	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:08:07.0805 3920	ROOTMODEM - ok
12:08:07.0821 3920	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
12:08:07.0899 3920	RpcLocator - ok
12:08:07.0914 3920	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
12:08:07.0930 3920	RpcSs - ok
12:08:07.0946 3920	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
12:08:08.0008 3920	RSVP - ok
12:08:08.0024 3920	RTLE8023xp      (098de621085d7f922871a99b0ec7ddd6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:08:08.0039 3920	RTLE8023xp - ok
12:08:08.0055 3920	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:08:08.0133 3920	SamSs - ok
12:08:08.0149 3920	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:08:08.0211 3920	SCardSvr - ok
12:08:08.0227 3920	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:08:08.0305 3920	Schedule - ok
12:08:08.0368 3920	sdAuxService    (2881d5c135d076bcf52b0f5ad3d8dc0b) C:\Programme\Spyware Doctor\pctsAuxs.exe
12:08:08.0383 3920	sdAuxService - ok
12:08:08.0414 3920	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:08:08.0446 3920	Secdrv - ok
12:08:08.0477 3920	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:08:08.0539 3920	seclogon - ok
12:08:08.0571 3920	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:08:08.0633 3920	SENS - ok
12:08:08.0649 3920	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:08:08.0711 3920	serenum - ok
12:08:08.0727 3920	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
12:08:08.0789 3920	Serial - ok
12:08:08.0821 3920	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:08:08.0883 3920	Sfloppy - ok
12:08:08.0899 3920	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:08:08.0961 3920	SharedAccess - ok
12:08:08.0993 3920	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:08:09.0008 3920	ShellHWDetection - ok
12:08:09.0008 3920	Simbad - ok
12:08:09.0039 3920	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:08:09.0102 3920	SONYPVU1 - ok
12:08:09.0102 3920	Sparrow - ok
12:08:09.0133 3920	speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
12:08:09.0133 3920	speedfan ( UnsignedFile.Multi.Generic ) - warning
12:08:09.0133 3920	speedfan - detected UnsignedFile.Multi.Generic (1)
12:08:09.0149 3920	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:08:09.0196 3920	splitter - ok
12:08:09.0227 3920	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:08:09.0227 3920	Spooler - ok
12:08:09.0258 3920	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:08:09.0289 3920	sr - ok
12:08:09.0321 3920	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
12:08:09.0368 3920	srservice - ok
12:08:09.0399 3920	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:08:09.0414 3920	Srv - ok
12:08:09.0446 3920	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:08:09.0477 3920	SSDPSRV - ok
12:08:09.0493 3920	StarOpen - ok
12:08:09.0524 3920	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:08:09.0586 3920	stisvc - ok
12:08:09.0602 3920	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:08:09.0664 3920	swenum - ok
12:08:09.0680 3920	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:08:09.0743 3920	swmidi - ok
12:08:09.0743 3920	SwPrv - ok
12:08:09.0758 3920	symc810 - ok
12:08:09.0758 3920	symc8xx - ok
12:08:09.0758 3920	sym_hi - ok
12:08:09.0774 3920	sym_u3 - ok
12:08:09.0789 3920	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:08:09.0852 3920	sysaudio - ok
12:08:09.0868 3920	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:08:09.0946 3920	SysmonLog - ok
12:08:09.0961 3920	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:08:10.0024 3920	TapiSrv - ok
12:08:10.0071 3920	tbhsd           (c26c6dff638d9e51dc5cc60a7785d057) C:\WINDOWS\system32\drivers\tbhsd.sys
12:08:10.0071 3920	tbhsd - ok
12:08:10.0102 3920	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:08:10.0118 3920	Tcpip - ok
12:08:10.0133 3920	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:08:10.0196 3920	TDPIPE - ok
12:08:10.0211 3920	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:08:10.0274 3920	TDTCP - ok
12:08:10.0289 3920	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:08:10.0352 3920	TermDD - ok
12:08:10.0383 3920	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:08:10.0446 3920	TermService - ok
12:08:10.0461 3920	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:08:10.0477 3920	Themes - ok
12:08:10.0508 3920	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
12:08:10.0539 3920	TlntSvr - ok
12:08:10.0555 3920	TosIde - ok
12:08:10.0571 3920	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:08:10.0633 3920	TrkWks - ok
12:08:10.0664 3920	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:08:10.0727 3920	Udfs - ok
12:08:10.0727 3920	ultra - ok
12:08:10.0758 3920	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:08:10.0836 3920	Update - ok
12:08:10.0852 3920	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:08:10.0883 3920	upnphost - ok
12:08:10.0899 3920	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:08:10.0977 3920	UPS - ok
12:08:10.0993 3920	usb2vcom        (66276112dc7089d2d9e58c7cbf0855c1) C:\WINDOWS\system32\Drivers\usb2vcom.sys
12:08:11.0008 3920	usb2vcom ( UnsignedFile.Multi.Generic ) - warning
12:08:11.0008 3920	usb2vcom - detected UnsignedFile.Multi.Generic (1)
12:08:11.0024 3920	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:08:11.0086 3920	usbehci - ok
12:08:11.0086 3920	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:08:11.0149 3920	usbhub - ok
12:08:11.0164 3920	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:08:11.0227 3920	usbprint - ok
12:08:11.0243 3920	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:08:11.0305 3920	usbser - ok
12:08:11.0321 3920	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:08:11.0383 3920	USBSTOR - ok
12:08:11.0399 3920	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:08:11.0461 3920	usbuhci - ok
12:08:11.0461 3920	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:08:11.0524 3920	VgaSave - ok
12:08:11.0539 3920	ViaIde - ok
12:08:11.0555 3920	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:08:11.0618 3920	VolSnap - ok
12:08:11.0633 3920	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:08:11.0680 3920	VSS - ok
12:08:11.0696 3920	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:08:11.0758 3920	W32Time - ok
12:08:11.0789 3920	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:08:11.0868 3920	Wanarp - ok
12:08:11.0883 3920	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:08:11.0899 3920	Wdf01000 - ok
12:08:11.0914 3920	WDICA - ok
12:08:11.0930 3920	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:08:11.0993 3920	wdmaud - ok
12:08:12.0008 3920	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:08:12.0071 3920	WebClient - ok
12:08:12.0118 3920	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:08:12.0180 3920	winmgmt - ok
12:08:12.0211 3920	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:08:12.0211 3920	WmdmPmSN - ok
12:08:12.0243 3920	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:08:12.0258 3920	Wmi - ok
12:08:12.0274 3920	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:08:12.0336 3920	WmiApSrv - ok
12:08:12.0399 3920	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
12:08:12.0430 3920	WMPNetworkSvc - ok
12:08:12.0461 3920	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:08:12.0539 3920	wscsvc - ok
12:08:12.0555 3920	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:08:12.0633 3920	wuauserv - ok
12:08:12.0649 3920	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:08:12.0664 3920	WudfPf - ok
12:08:12.0696 3920	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:08:12.0696 3920	WudfRd - ok
12:08:12.0727 3920	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:08:12.0743 3920	WudfSvc - ok
12:08:12.0774 3920	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:08:12.0852 3920	WZCSVC - ok
12:08:12.0868 3920	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:08:12.0946 3920	xmlprov - ok
12:08:12.0946 3920	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:08:13.0164 3920	\Device\Harddisk0\DR0 - ok
12:08:13.0164 3920	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
12:08:15.0305 3920	\Device\Harddisk1\DR4 - ok
12:08:15.0305 3920	Boot (0x1200)   (3c316c7365933d10b3f14d87e352c4ef) \Device\Harddisk0\DR0\Partition0
12:08:15.0305 3920	\Device\Harddisk0\DR0\Partition0 - ok
12:08:15.0305 3920	Boot (0x1200)   (578f372d75f249e7dfd117ed7af69a0c) \Device\Harddisk0\DR0\Partition1
12:08:15.0305 3920	\Device\Harddisk0\DR0\Partition1 - ok
12:08:15.0321 3920	Boot (0x1200)   (9b06fd4c096a3fe3014b2087152cf244) \Device\Harddisk0\DR0\Partition2
12:08:15.0321 3920	\Device\Harddisk0\DR0\Partition2 - ok
12:08:15.0321 3920	Boot (0x1200)   (03c484ebf374f7d01828758619ebb1f6) \Device\Harddisk1\DR4\Partition0
12:08:15.0321 3920	\Device\Harddisk1\DR4\Partition0 - ok
12:08:15.0321 3920	============================================================
12:08:15.0321 3920	Scan finished
12:08:15.0321 3920	============================================================
12:08:15.0321 4052	Detected object count: 9
12:08:15.0321 4052	Actual detected object count: 9
12:08:45.0571 4052	AVMPORT ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052	AVMPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:08:45.0571 4052	ezplay ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052	ezplay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:08:45.0571 4052	giveio ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052	giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:08:45.0571 4052	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:08:45.0571 4052	nv ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052	nv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:08:45.0571 4052	NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052	NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:08:45.0571 4052	pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052	pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:08:45.0571 4052	speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052	speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:08:45.0571 4052	usb2vcom ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052	usb2vcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Infizierte Registrierungsschlüssel
about, administrator, anti-malware, autostart, data, dateien, dateisystem, explorer, file, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, image, infizierte, laptop, malwarebytes, microsoft, programme, pup.offerbundler.st, pup.spyware.marketscore, quarantäne, relevantknowledge, security, service pack 3, software, speicher, system volume information, test, _restore



Ähnliche Themen: Infizierte Registrierungsschlüssel


  1. Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )
    Plagegeister aller Art und deren Bekämpfung - 17.08.2014 (5)
  2. Infizierte Registrierungsschlüssel mit PUP&PUM 50% Auslastung svchost.exe
    Log-Analyse und Auswertung - 30.01.2014 (15)
  3. Malwarebytes findet Infizierte Dateien/Registrierungsschlüssel/Registrierungswerte/Verzeichnisse!
    Log-Analyse und Auswertung - 28.01.2014 (13)
  4. Infizierte Registrierungsschlüssel sowie suspicious.cloud.9.
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (9)
  5. Infizierte Registrierungsschlüssel
    Log-Analyse und Auswertung - 20.11.2013 (11)
  6. Malwarebytes ständig infizierte Registrierungsschlüssel?
    Alles rund um Windows - 18.11.2013 (3)
  7. Infizierte Registrierungsschlüssel und searchnu lsst sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (2)
  8. 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (43)
  9. Infizierte Registrierungsschlüssel: PUP.VShareRedir
    Log-Analyse und Auswertung - 22.10.2012 (39)
  10. 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden
    Log-Analyse und Auswertung - 08.08.2012 (16)
  11. Infizierte Registrierungsschlüssel: 2
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (1)
  12. Malwarebytes findet Spyware.Passwords / 2 infizierte Registrierungsschlüssel
    Log-Analyse und Auswertung - 06.03.2012 (15)
  13. Infizierte Registrierungsschlüssel gefunden ?!?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (25)
  14. Adware.MyWebSearch in Registrierungsschlüssel
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (11)
  15. Infizierte Registrierungsschlüssel und -werte
    Log-Analyse und Auswertung - 04.11.2009 (6)
  16. 91 Infizierte Registrierungsschlüssel, Trojaner etc. gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.05.2009 (9)
  17. Änderung Registrierungsschlüssel bei AOL-Anwahl
    Log-Analyse und Auswertung - 23.05.2008 (3)

Zum Thema Infizierte Registrierungsschlüssel - Hi Habe hier schon ein thema mit dem laptop von meinen bruder. Dachte mir ich kann mal über meinen gamer-pc Malwarebytes laufen lassen und habe auch 13 einträge bekommen unter - Infizierte Registrierungsschlüssel...
Archiv
Du betrachtest: Infizierte Registrierungsschlüssel auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.