Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner unter Windows XP

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.05.2012, 18:43   #1
Mr. Invisibl
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Guten Abend,
ebenso wie Hiltrud habe ich mir diesen Trojaner auf meinem Laptop eingefangen. Die Schritte, die in dem folgendem Thema erklärt wurden, habe ich bereits ausgeführt.
Leider öffnete mein Laptop auch nur die Datei "OTL.Txt" nach dem Klick auf "Run Scan". Aber ich werde sie als Anhang hinzufügen.

Code:
ATTFilter
OTL logfile created on: 5/28/2012 5:15:01 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
446.00 Mb Total Physical Memory | 259.00 Mb Available Physical Memory | 58.00% Memory free
366.00 Mb Paging File | 280.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.70 Gb Total Space | 19.63 Gb Free Space | 54.99% Space Free | Partition Type: FAT32
Drive D: | 35.87 Gb Total Space | 35.73 Gb Free Space | 99.60% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (NPFMntor)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 00:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/15 07:45:38 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/10/30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 14:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/08/08 19:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/08 17:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) [Auto] -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2005/11/15 13:02:04 | 000,061,440 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Auto] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/10/25 14:43:54 | 000,032,800 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009/10/25 14:43:52 | 000,093,344 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/04/13 06:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 06:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/31 08:41:32 | 000,081,408 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005/11/24 12:36:42 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2005/04/21 13:33:12 | 000,112,384 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/02 08:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110810&babsrc=HP_ss&mntrId=320d180e000000000000000fb5d0df74
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Hans-Peter_ON_C\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "NCH DE Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/19 08:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/02/23 07:03:04 | 000,000,000 | ---D | M]
 
[2008/07/19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Extensions
[2008/07/19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Extensions\home2@tomtom.com
[2010/02/23 07:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions
[2012/05/22 04:57:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/02 05:29:58 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012/03/20 08:20:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions\ffxtlbr@babylon.com
[2012/03/06 17:29:04 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\searchplugins\conduit.xml
[2012/03/19 08:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/03/19 08:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012/03/19 08:05:58 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- 
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HANS-PETER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HVAY6VXB.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/03/12 16:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/03/12 17:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/12 17:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/03/12 17:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/12 17:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/12 17:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/12 17:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012/03/20 08:17:48 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [KMConfig]  File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\Hans-Peter_ON_C..\Run: [320D180E] C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O4 - HKU\Hans-Peter_ON_C..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Hans-Peter_ON_C..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (T-Online International AG, Marmiko IT-Solutions GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Control.lnk = C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe) - C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O24 - Desktop Components:0 () - hxxp://www.actionbikes.de/actionbikes/images1/Bashan%20200%20seite1.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/15 05:47:50 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/24 20:50:46 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4a0f77aa-5640-11dd-a068-00038a000015}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/27 05:49:24 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/05/22 05:46:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc
[2012/05/22 05:45:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/28 03:28:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/28 03:28:48 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job
[2012/05/28 03:28:36 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 03:28:04 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 05:57:12 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/27 05:50:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/22 05:46:04 | 000,048,128 | -H-- | M] () -- C:\WINDOWS\System32\BE4C77A5320D180E0B3C.exe
[2012/05/21 05:17:36 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/15 07:32:22 | 000,461,330 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/15 07:32:22 | 000,443,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/15 07:32:22 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/15 07:32:22 | 000,072,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/15 07:29:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 21:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 21:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 21:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 21:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/09 08:00:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2012/05/09 07:18:32 | 000,070,198 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/22 05:46:02 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\BE4C77A5320D180E0B3C.exe
[2012/05/09 07:18:28 | 000,070,198 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf
[2012/02/15 06:02:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/15 06:37:01 | 000,294,974 | R--- | C] () -- C:\WINDOWS\System32\RTL283XACCESS.dll
[2010/11/15 06:36:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/01/09 06:26:35 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/09 06:26:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/09 06:26:35 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/09 06:26:35 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/09 06:26:35 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/09 06:26:35 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/09 06:26:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/09 06:26:35 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/01/09 06:26:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/09 06:26:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/09 06:26:35 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/09 06:26:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/09 06:26:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/09 06:26:35 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/01/09 06:26:35 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/01/09 06:26:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/09 06:26:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/09 06:26:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/09 06:26:34 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/09 06:25:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CSES20.ini
[2009/04/14 07:45:09 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/14 07:41:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\blib.dll
[2009/04/13 07:38:17 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\Hlduinst.exe
[2009/04/13 07:38:17 | 000,006,855 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2009/04/13 07:38:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2009/04/13 07:29:04 | 000,594,018 | ---- | C] () -- C:\WINDOWS\ETKEU.EXE
[2009/04/13 07:20:35 | 000,000,107 | ---- | C] () -- C:\WINDOWS\ETKVE.INI
[2009/01/09 01:44:09 | 000,001,055 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2008/09/01 02:02:14 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2008/08/09 05:29:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/08 02:28:44 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008/03/08 02:00:06 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/12/15 07:00:36 | 000,000,284 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ViewerApp.dat
[2007/12/15 05:44:44 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/09/19 20:19:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/29 06:52:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/02/27 01:52:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/28 04:27:39 | 000,038,400 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 07:04:43 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2006/12/09 07:04:35 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2006/12/09 07:04:35 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2006/12/09 07:04:35 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006/10/19 22:57:01 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2006/10/19 22:45:14 | 000,070,408 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/10/19 22:45:14 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/07/08 00:28:22 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/07 06:49:20 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\EnumDevLib.dll
[2006/02/24 03:40:01 | 000,001,278 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2006/02/01 08:55:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/31 08:41:31 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2006/01/11 18:55:15 | 000,000,196 | ---- | C] () -- C:\WINDOWS\LWRegWiz.ini
[2005/12/21 20:05:13 | 000,000,884 | ---- | C] () -- C:\WINDOWS\wo4_m.ini
[2005/12/21 19:35:50 | 000,002,584 | ---- | C] () -- C:\WINDOWS\WO4_R.INI
[2005/12/21 19:35:38 | 000,004,433 | ---- | C] () -- C:\WINDOWS\WO4.INI
[2005/12/16 13:51:41 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/12/16 06:32:45 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/03/09 10:30:25 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/08 10:51:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/08 10:31:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/08 10:28:01 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/08 10:28:00 | 000,000,321 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/08 10:28:00 | 000,000,235 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/07 23:55:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/07 23:54:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/07 23:54:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/07 23:54:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 23:46:28 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/03/07 23:46:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2005/03/07 23:46:15 | 000,201,556 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/07 23:41:16 | 000,001,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/03/07 23:36:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/03/07 23:36:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/03/07 23:36:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/03/07 23:34:44 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/07 23:34:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2005/03/07 23:33:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/07 23:28:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/07 23:27:45 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/07 23:23:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/07 23:22:44 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[1980/01/01 00:00:00 | 000,461,330 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1980/01/01 00:00:00 | 000,443,222 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1980/01/01 00:00:00 | 000,072,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1980/01/01 00:00:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI
 
========== LOP Check ==========
 
[2009/06/03 05:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2009/12/15 08:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2006/01/23 17:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-DSL SpeedManager
[2006/12/09 07:05:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-Online
[2007/05/05 04:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Zylom
[2007/06/20 06:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Opera
[2007/09/19 20:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Atari
[2007/12/11 05:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BayWatcher Pro
[2007/12/11 06:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ashampoo
[2008/03/08 02:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ulead Systems
[2008/03/24 07:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BOM
[2008/03/30 03:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ICQ Toolbar
[2008/04/11 23:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Babylon
[2008/07/19 21:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TomTom
[2008/12/07 03:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Friday's games
[2009/03/08 04:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston
[2009/04/08 06:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ascentive
[2009/07/21 07:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\MSNInstaller
[2009/12/15 07:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TuneUp Software
[2012/05/22 05:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc
[2006/01/23 18:00:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2007/02/27 21:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007/05/05 04:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2007/05/30 07:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2007/12/11 05:58:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ebay
[2007/12/11 05:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2008/03/08 01:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2008/04/11 23:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2008/07/19 21:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2008/12/07 03:51:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/04/08 06:11:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive
[2009/12/15 07:44:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/12/15 07:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010/01/09 06:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010/01/09 06:29:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2012/03/20 08:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2012/05/28 03:28:48 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Problemsuche.job
 
========== Purity Check ==========
 
 
< End of report >
         
Nun würde ich gerne wissen, wie es weiter geht. :-)

Vielen Dank schon einmal im voraus.

Viele Grüße
Benjamin S.
Angehängte Dateien
Dateityp: txt OTL.txt (73,6 KB, 156x aufgerufen)

Alt 30.05.2012, 15:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 30.05.2012, 15:31   #3
Mr. Invisibl
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Nein, funktioniert leider auch nicht mehr.
Nachdem ich das ausgewählt und mit Enter bestätigt habe, schaltet er sich aus und startet neu.
__________________

Alt 30.05.2012, 15:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O4 - HKU\Hans-Peter_ON_C..\Run: [320D180E] C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe) - C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/15 05:47:50 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/24 20:50:46 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4a0f77aa-5640-11dd-a068-00038a000015}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
[2012/05/27 05:49:24 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/05/22 05:46:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2012, 17:01   #5
Mr. Invisibl
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Durchgeführt. Die Datei mit dem Namen "05302012_044646" (nach dem Neustart automatisch geöffnet worden) enthält folgenden Text:

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_USERS\Hans-Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\320D180E deleted successfully.
C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe deleted successfully.
File C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTORUN.INF moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0f77aa-5640-11dd-a068-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0f77aa-5640-11dd-a068-00038a000015}\ not found.
File F:\InstallTomTomHOME.exe not found.
C:\FOUND.001 folder moved successfully.
C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34706 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17276966 bytes
 
User: Hans-Peter
->Temp folder emptied: 72673112 bytes
->Temporary Internet Files folder emptied: 11169492 bytes
->FireFox cache emptied: 315003821 bytes
->Flash cache emptied: 41661 bytes
 
User: Besitzer
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 927204 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59005489 bytes
 
Total Files Cleaned = 454.00 mb
 
 
[EMPTYFLASH]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hans-Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Besitzer
 
Total Flash Files Cleaned = 0.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05302012_044646

Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\ODO8NPKN.SH!\&special=rectangle&adsize=310x120&params[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_first_time&tile=17202187384382628012345678910a not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\ODO8NPKN.SH!\AKWS2FXCAQGIK4PCAXD2DGTCAYXE6SLCAUD2NSVCA5LF1D8CA5JGY3KCA5NO9YSCAB0G8MFCA11H7WJCAXIII98CA8ALBA9CAMNKVOGCAVSK2RACAWVYYHGCALM1LC8CAGJTB23CA4DBLZKCAXXZIW0[1].jpg not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\ODO8NPKN.SH!\NCAGA32WICAQ7FOU3CAJ0LIMGCAO3UU32CA600YKTCA9O85BWCAHT3PHQCARWFGEOCAI8VGOICAIGS3C0CAM1QK06CAOZNLT8CA3TXBOGCAC42AOWCAB69ZN9CANW1UNPCA0GTINRCA74UW71CASF0HAQ[1].jpg not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\3PWDSK31.SH!\NCAGA32WICAQ7FOU3CAJ0LIMGCAO3UU32CA600YKTCA9O85BWCAHT3PHQCARWFGEOCAI8VGOICAIGS3C0CAM1QK06CAOZNLT8CA3TXBOGCAC42AOWCAB69ZN9CANW1UNPCA0GTINRCA74UW71CASF0HAQ[1].jpg not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\HTP8EAVA.SH!\section=homepage&site=freemail&special=rectangle&category=homepage&adsize=300x250&adsize=310x170&pageview=loggedin&pageview=no_tprof&pg=m&pa=39&pp=D__95671&Params[1].htm not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\HTP8EAVA.SH!\section=content&site=freemail&category=content&special=top&adsize=468x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=m&pa=39&pp=[1] not found!

Registry entries deleted on Reboot...
         


Alt 30.05.2012, 17:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Verschlüsselungstrojaner unter Windows XP

Alt 30.05.2012, 17:28   #7
Mr. Invisibl
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Nachdem ich den Scan gestartet habe und wenige Minuten gewartet habe, zeigt er mir eine Liste gefundener Objekte auf:

Nach langem suchen habe selbst ich den Button "Report" gefunden.
Ich wusste nicht, was ich bei Aktion auswählen sollte, deswegen habe ich alles bei der Standard-Einstellung gelassen.

Report von TDSSKiller:
Code:
ATTFilter
06:16:55.0781 3908	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
06:16:56.0046 3908	============================================================
06:16:56.0046 3908	Current date / time: 2012/05/30 06:16:56.0046
06:16:56.0046 3908	SystemInfo:
06:16:56.0046 3908	
06:16:56.0078 3908	OS Version: 5.1.2600 ServicePack: 3.0
06:16:56.0078 3908	Product type: Workstation
06:16:56.0078 3908	ComputerName: ACER-9C5CBFE9EE
06:16:56.0078 3908	UserName: Hans-Peter
06:16:56.0078 3908	Windows directory: C:\WINDOWS
06:16:56.0078 3908	System windows directory: C:\WINDOWS
06:16:56.0078 3908	Processor architecture: Intel x86
06:16:56.0078 3908	Number of processors: 1
06:16:56.0078 3908	Page size: 0x1000
06:16:56.0078 3908	Boot type: Normal boot
06:16:56.0078 3908	============================================================
06:16:58.0828 3908	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:16:58.0843 3908	Drive \Device\Harddisk1\DR4 - Size: 0x7840FE00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
06:16:58.0843 3908	============================================================
06:16:58.0843 3908	\Device\Harddisk0\DR0:
06:16:58.0843 3908	MBR partitions:
06:16:58.0843 3908	\Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x5DE2BF, BlocksNum 0x476CEB6
06:16:58.0906 3908	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4D4B1B4, BlocksNum 0x47C330D
06:16:58.0906 3908	\Device\Harddisk1\DR4:
06:16:58.0906 3908	MBR partitions:
06:16:58.0906 3908	\Device\Harddisk1\DR4\Partition0: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
06:16:58.0906 3908	============================================================
06:16:58.0937 3908	C: <-> \Device\Harddisk0\DR0\Partition0
06:16:58.0937 3908	D: <-> \Device\Harddisk0\DR0\Partition1
06:16:58.0937 3908	============================================================
06:16:58.0937 3908	Initialize success
06:16:58.0937 3908	============================================================
06:17:38.0953 2148	============================================================
06:17:38.0953 2148	Scan started
06:17:38.0953 2148	Mode: Manual; SigCheck; TDLFS; 
06:17:38.0953 2148	============================================================
06:17:41.0000 2148	Abiosdsk - ok
06:17:41.0046 2148	abp480n5 - ok
06:17:41.0312 2148	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
06:17:41.0796 2148	ACDaemon - ok
06:17:41.0937 2148	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:17:49.0234 2148	ACPI - ok
06:17:49.0281 2148	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:17:49.0671 2148	ACPIEC - ok
06:17:49.0687 2148	adpu160m - ok
06:17:49.0781 2148	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:17:50.0156 2148	aec - ok
06:17:50.0187 2148	Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
06:17:50.0218 2148	Afc - ok
06:17:50.0281 2148	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:17:50.0515 2148	AFD - ok
06:17:50.0937 2148	AgereSoftModem  (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
06:17:51.0187 2148	AgereSoftModem - ok
06:17:51.0187 2148	Aha154x - ok
06:17:51.0234 2148	aic78u2 - ok
06:17:51.0265 2148	aic78xx - ok
06:17:51.0281 2148	ALCXWDM - ok
06:17:51.0375 2148	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
06:17:51.0718 2148	Alerter - ok
06:17:51.0750 2148	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
06:17:51.0953 2148	ALG - ok
06:17:51.0968 2148	AliIde - ok
06:17:52.0078 2148	AmdK8           (9ba1213aab7ff12af30ae9df2e0b4701) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:17:52.0156 2148	AmdK8 - ok
06:17:52.0187 2148	amsint - ok
06:17:52.0203 2148	anbmService - ok
06:17:52.0343 2148	AppMgmt - ok
06:17:52.0359 2148	asc - ok
06:17:52.0375 2148	asc3350p - ok
06:17:52.0406 2148	asc3550 - ok
06:17:52.0578 2148	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:17:52.0593 2148	aspnet_state - ok
06:17:52.0625 2148	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:17:52.0906 2148	AsyncMac - ok
06:17:53.0000 2148	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:17:53.0250 2148	atapi - ok
06:17:53.0265 2148	Atdisk - ok
06:17:53.0328 2148	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:17:53.0531 2148	Atmarpc - ok
06:17:53.0703 2148	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
06:17:53.0953 2148	AudioSrv - ok
06:17:53.0968 2148	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:17:54.0265 2148	audstub - ok
06:17:54.0453 2148	BCM43XX         (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
06:17:54.0625 2148	BCM43XX - ok
06:17:54.0671 2148	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:17:55.0015 2148	Beep - ok
06:17:55.0281 2148	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
06:17:55.0593 2148	BITS - ok
06:17:55.0687 2148	Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:17:55.0968 2148	Bridge - ok
06:17:55.0984 2148	BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:17:56.0171 2148	BridgeMP - ok
06:17:56.0234 2148	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
06:17:56.0500 2148	Browser - ok
06:17:56.0562 2148	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:17:56.0796 2148	cbidf2k - ok
06:17:56.0812 2148	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:17:57.0078 2148	CCDECODE - ok
06:17:57.0125 2148	cd20xrnt - ok
06:17:57.0171 2148	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:17:57.0453 2148	Cdaudio - ok
06:17:57.0593 2148	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:17:57.0875 2148	Cdfs - ok
06:17:57.0968 2148	cdrbsdrv        (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
06:17:57.0984 2148	cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
06:17:57.0984 2148	cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
06:17:58.0031 2148	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:17:58.0343 2148	Cdrom - ok
06:17:58.0343 2148	Changer - ok
06:17:58.0453 2148	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
06:17:58.0781 2148	CiSvc - ok
06:17:59.0031 2148	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
06:17:59.0203 2148	ClipSrv - ok
06:17:59.0281 2148	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:17:59.0296 2148	clr_optimization_v2.0.50727_32 - ok
06:17:59.0343 2148	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:17:59.0515 2148	CmBatt - ok
06:17:59.0531 2148	CmdIde - ok
06:17:59.0578 2148	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:17:59.0734 2148	Compbatt - ok
06:17:59.0781 2148	COMSysApp - ok
06:17:59.0812 2148	Cpqarray - ok
06:17:59.0906 2148	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
06:18:00.0062 2148	CryptSvc - ok
06:18:00.0078 2148	dac2w2k - ok
06:18:00.0093 2148	dac960nt - ok
06:18:00.0312 2148	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:18:00.0578 2148	DcomLaunch - ok
06:18:00.0640 2148	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
06:18:00.0984 2148	Dhcp - ok
06:18:01.0000 2148	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:18:01.0796 2148	Disk - ok
06:18:01.0859 2148	dmadmin - ok
06:18:02.0234 2148	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
06:18:02.0687 2148	dmboot - ok
06:18:02.0734 2148	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
06:18:03.0140 2148	dmio - ok
06:18:03.0187 2148	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:18:03.0515 2148	dmload - ok
06:18:03.0578 2148	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
06:18:03.0890 2148	dmserver - ok
06:18:03.0921 2148	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:18:04.0281 2148	DMusic - ok
06:18:04.0328 2148	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
06:18:04.0609 2148	Dnscache - ok
06:18:04.0828 2148	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
06:18:05.0109 2148	Dot3svc - ok
06:18:05.0109 2148	dpti2o - ok
06:18:05.0187 2148	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:18:05.0468 2148	drmkaud - ok
06:18:05.0531 2148	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
06:18:05.0875 2148	EapHost - ok
06:18:05.0890 2148	EAPPkt          (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
06:18:06.0046 2148	EAPPkt ( UnsignedFile.Multi.Generic ) - warning
06:18:06.0046 2148	EAPPkt - detected UnsignedFile.Multi.Generic (1)
06:18:06.0109 2148	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
06:18:06.0359 2148	ERSvc - ok
06:18:06.0546 2148	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:18:06.0750 2148	Eventlog - ok
06:18:06.0921 2148	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
06:18:07.0093 2148	EventSystem - ok
06:18:07.0203 2148	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:18:07.0546 2148	Fastfat - ok
06:18:07.0593 2148	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:18:07.0781 2148	FastUserSwitchingCompatibility - ok
06:18:07.0937 2148	Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
06:18:08.0265 2148	Fax - ok
06:18:08.0312 2148	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:18:08.0562 2148	Fdc - ok
06:18:08.0609 2148	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
06:18:08.0953 2148	Fips - ok
06:18:08.0953 2148	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:18:09.0250 2148	Flpydisk - ok
06:18:09.0328 2148	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:18:09.0562 2148	FltMgr - ok
06:18:09.0781 2148	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:18:09.0812 2148	FontCache3.0.0.0 - ok
06:18:09.0828 2148	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:18:10.0109 2148	Fs_Rec - ok
06:18:10.0171 2148	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:18:10.0515 2148	Ftdisk - ok
06:18:10.0562 2148	gagp30kx        (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
06:18:10.0875 2148	gagp30kx - ok
06:18:10.0921 2148	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:18:11.0265 2148	Gpc - ok
06:18:11.0421 2148	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
06:18:11.0437 2148	gupdate - ok
06:18:11.0468 2148	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
06:18:11.0468 2148	gupdatem - ok
06:18:11.0546 2148	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
06:18:11.0562 2148	gusvc - ok
06:18:11.0625 2148	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:18:11.0890 2148	helpsvc - ok
06:18:12.0031 2148	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
06:18:12.0359 2148	HidServ - ok
06:18:12.0390 2148	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:18:12.0703 2148	HidUsb - ok
06:18:12.0781 2148	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
06:18:12.0937 2148	hkmsvc - ok
06:18:12.0968 2148	hpn - ok
06:18:13.0218 2148	HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:18:13.0609 2148	HPZid412 - ok
06:18:13.0625 2148	HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:18:13.0859 2148	HPZipr12 - ok
06:18:13.0890 2148	HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:18:13.0953 2148	HPZius12 - ok
06:18:14.0015 2148	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:18:14.0046 2148	HTTP - ok
06:18:14.0109 2148	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
06:18:14.0281 2148	HTTPFilter - ok
06:18:14.0296 2148	i2omgmt - ok
06:18:14.0312 2148	i2omp - ok
06:18:14.0406 2148	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:18:14.0562 2148	i8042prt - ok
06:18:14.0671 2148	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:18:14.0750 2148	idsvc - ok
06:18:14.0796 2148	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:18:14.0984 2148	Imapi - ok
06:18:15.0234 2148	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
06:18:15.0484 2148	ImapiService - ok
06:18:15.0500 2148	ini910u - ok
06:18:15.0734 2148	int15.sys       (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Programme\acer\eRecovery\int15.sys
06:18:15.0812 2148	int15.sys ( UnsignedFile.Multi.Generic ) - warning
06:18:15.0812 2148	int15.sys - detected UnsignedFile.Multi.Generic (1)
06:18:15.0828 2148	IntelIde - ok
06:18:15.0890 2148	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:18:16.0093 2148	Ip6Fw - ok
06:18:16.0171 2148	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:18:16.0390 2148	IpFilterDriver - ok
06:18:16.0468 2148	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:18:16.0656 2148	IpInIp - ok
06:18:16.0718 2148	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:18:16.0937 2148	IpNat - ok
06:18:16.0968 2148	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:18:17.0234 2148	IPSec - ok
06:18:17.0312 2148	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:18:17.0500 2148	IRENUM - ok
06:18:17.0765 2148	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:18:17.0953 2148	isapnp - ok
06:18:18.0000 2148	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:18:18.0156 2148	Kbdclass - ok
06:18:18.0187 2148	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:18:18.0375 2148	kbdhid - ok
06:18:18.0453 2148	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:18:18.0703 2148	kmixer - ok
06:18:19.0750 2148	KMWDSERVICE     (257cab50360a7d21ea237f2d8eee8478) C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
06:18:20.0000 2148	KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
06:18:20.0000 2148	KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
06:18:20.0484 2148	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:18:20.0765 2148	KSecDD - ok
06:18:20.0953 2148	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
06:18:21.0062 2148	lanmanserver - ok
06:18:21.0531 2148	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
06:18:21.0578 2148	lanmanworkstation - ok
06:18:21.0593 2148	lbrtfdc - ok
06:18:21.0671 2148	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
06:18:21.0828 2148	LmHosts - ok
06:18:21.0921 2148	MACNDIS5        (20098f89e7638892ec22a69af5287844) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
06:18:22.0031 2148	MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
06:18:22.0031 2148	MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
06:18:22.0500 2148	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
06:18:22.0515 2148	McComponentHostService - ok
06:18:22.0578 2148	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
06:18:22.0750 2148	Messenger - ok
06:18:22.0781 2148	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:18:23.0031 2148	mnmdd - ok
06:18:23.0078 2148	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
06:18:23.0312 2148	mnmsrvc - ok
06:18:23.0468 2148	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
06:18:23.0625 2148	Modem - ok
06:18:23.0656 2148	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:18:23.0843 2148	Mouclass - ok
06:18:23.0875 2148	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:18:24.0140 2148	mouhid - ok
06:18:24.0171 2148	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:18:24.0406 2148	MountMgr - ok
06:18:24.0484 2148	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
06:18:24.0671 2148	MPE - ok
06:18:24.0687 2148	mraid35x - ok
06:18:24.0765 2148	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:18:24.0968 2148	MRxDAV - ok
06:18:25.0109 2148	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:18:25.0250 2148	MRxSmb - ok
06:18:25.0406 2148	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
06:18:25.0734 2148	MSDTC - ok
06:18:25.0796 2148	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:18:25.0984 2148	Msfs - ok
06:18:26.0031 2148	MSIServer - ok
06:18:26.0078 2148	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:18:26.0265 2148	MSKSSRV - ok
06:18:26.0296 2148	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:18:26.0468 2148	MSPCLOCK - ok
06:18:26.0484 2148	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:18:26.0640 2148	MSPQM - ok
06:18:26.0734 2148	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:18:26.0921 2148	mssmbios - ok
06:18:26.0937 2148	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:18:27.0078 2148	MSTEE - ok
06:18:27.0109 2148	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:18:27.0156 2148	Mup - ok
06:18:27.0203 2148	MZCCntrl        (1c36625bb3ab79e1ad11e808033a80f5) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
06:18:27.0218 2148	MZCCntrl ( UnsignedFile.Multi.Generic ) - warning
06:18:27.0218 2148	MZCCntrl - detected UnsignedFile.Multi.Generic (1)
06:18:27.0250 2148	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:18:27.0406 2148	NABTSFEC - ok
06:18:27.0562 2148	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
06:18:27.0734 2148	napagent - ok
06:18:27.0859 2148	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:18:28.0078 2148	NDIS - ok
06:18:28.0109 2148	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:18:28.0281 2148	NdisIP - ok
06:18:28.0296 2148	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:18:28.0453 2148	NdisTapi - ok
06:18:28.0515 2148	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:18:28.0671 2148	Ndisuio - ok
06:18:28.0734 2148	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:18:28.0937 2148	NdisWan - ok
06:18:29.0046 2148	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:18:29.0093 2148	NDProxy - ok
06:18:29.0140 2148	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:18:29.0328 2148	NetBIOS - ok
06:18:29.0437 2148	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:18:29.0609 2148	NetBT - ok
06:18:29.0812 2148	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:18:29.0984 2148	NetDDE - ok
06:18:30.0000 2148	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:18:30.0140 2148	NetDDEdsdm - ok
06:18:30.0234 2148	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:30.0390 2148	Netlogon - ok
06:18:30.0468 2148	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
06:18:30.0625 2148	Netman - ok
06:18:30.0796 2148	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:18:30.0812 2148	NetTcpPortSharing - ok
06:18:30.0875 2148	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
06:18:30.0921 2148	Nla - ok
06:18:30.0968 2148	nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
06:18:31.0109 2148	nm - ok
06:18:31.0171 2148	NPFMntor - ok
06:18:31.0218 2148	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:18:31.0343 2148	Npfs - ok
06:18:31.0406 2148	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:18:31.0593 2148	Ntfs - ok
06:18:31.0625 2148	NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
06:18:31.0625 2148	NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
06:18:31.0625 2148	NTIDrvr - detected UnsignedFile.Multi.Generic (1)
06:18:31.0656 2148	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:31.0796 2148	NtLmSsp - ok
06:18:31.0921 2148	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
06:18:32.0125 2148	NtmsSvc - ok
06:18:32.0156 2148	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:18:32.0343 2148	Null - ok
06:18:32.0390 2148	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:18:32.0578 2148	NwlnkFlt - ok
06:18:32.0593 2148	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:18:32.0796 2148	NwlnkFwd - ok
06:18:32.0828 2148	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
06:18:32.0984 2148	Parport - ok
06:18:33.0031 2148	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:18:33.0187 2148	PartMgr - ok
06:18:33.0234 2148	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
06:18:33.0421 2148	ParVdm - ok
06:18:33.0453 2148	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
06:18:33.0609 2148	PCI - ok
06:18:33.0625 2148	PCIDump - ok
06:18:33.0640 2148	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:18:33.0828 2148	PCIIde - ok
06:18:33.0859 2148	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:18:34.0031 2148	Pcmcia - ok
06:18:34.0046 2148	PDCOMP - ok
06:18:34.0062 2148	PDFRAME - ok
06:18:34.0093 2148	PDRELI - ok
06:18:34.0109 2148	PDRFRAME - ok
06:18:34.0125 2148	perc2 - ok
06:18:34.0156 2148	perc2hib - ok
06:18:34.0218 2148	pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
06:18:34.0218 2148	pfc ( UnsignedFile.Multi.Generic ) - warning
06:18:34.0218 2148	pfc - detected UnsignedFile.Multi.Generic (1)
06:18:34.0296 2148	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:18:34.0359 2148	PlugPlay - ok
06:18:34.0437 2148	Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
06:18:34.0437 2148	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:18:34.0437 2148	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
06:18:34.0500 2148	Point32         (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
06:18:34.0500 2148	Point32 ( UnsignedFile.Multi.Generic ) - warning
06:18:34.0500 2148	Point32 - detected UnsignedFile.Multi.Generic (1)
06:18:34.0531 2148	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:34.0671 2148	PolicyAgent - ok
06:18:34.0703 2148	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:18:35.0265 2148	PptpMiniport - ok
06:18:35.0296 2148	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:35.0437 2148	ProtectedStorage - ok
06:18:35.0468 2148	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:18:35.0640 2148	PSched - ok
06:18:35.0671 2148	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:18:35.0843 2148	Ptilink - ok
06:18:35.0875 2148	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:18:35.0890 2148	PxHelp20 - ok
06:18:35.0906 2148	ql1080 - ok
06:18:35.0921 2148	Ql10wnt - ok
06:18:35.0953 2148	ql12160 - ok
06:18:35.0984 2148	ql1240 - ok
06:18:36.0015 2148	ql1280 - ok
06:18:36.0062 2148	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:18:36.0281 2148	RasAcd - ok
06:18:36.0343 2148	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
06:18:36.0500 2148	RasAuto - ok
06:18:36.0515 2148	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:18:36.0718 2148	Rasl2tp - ok
06:18:36.0781 2148	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
06:18:36.0937 2148	RasMan - ok
06:18:36.0953 2148	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:18:37.0109 2148	RasPppoe - ok
06:18:37.0125 2148	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:18:37.0312 2148	Raspti - ok
06:18:37.0375 2148	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:18:37.0515 2148	Rdbss - ok
06:18:37.0531 2148	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:18:37.0718 2148	RDPCDD - ok
06:18:37.0781 2148	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
06:18:37.0812 2148	RDPWD - ok
06:18:37.0859 2148	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
06:18:38.0000 2148	RDSessMgr - ok
06:18:38.0046 2148	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:18:38.0203 2148	redbook - ok
06:18:38.0265 2148	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
06:18:38.0406 2148	RemoteAccess - ok
06:18:38.0437 2148	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
06:18:38.0593 2148	RpcLocator - ok
06:18:38.0687 2148	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:18:38.0734 2148	RpcSs - ok
06:18:38.0796 2148	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
06:18:38.0984 2148	RSVP - ok
06:18:39.0046 2148	RTL2832UBDA     (9f9acc7e0c86d7f2e29fcb6f949173e1) C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
06:18:39.0062 2148	RTL2832UBDA - ok
06:18:39.0093 2148	RTL2832UUSB     (ad5774a01bd623b4e2ef42b82b13a3f0) C:\WINDOWS\system32\Drivers\RTL2832UUSB.sys
06:18:39.0109 2148	RTL2832UUSB - ok
06:18:39.0140 2148	RTLWUSB         (f564f1c5813b47a86903d42cd778311c) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
06:18:39.0171 2148	RTLWUSB ( UnsignedFile.Multi.Generic ) - warning
06:18:39.0171 2148	RTLWUSB - detected UnsignedFile.Multi.Generic (1)
06:18:39.0234 2148	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:39.0359 2148	SamSs - ok
06:18:39.0406 2148	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
06:18:39.0578 2148	SCardSvr - ok
06:18:39.0640 2148	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
06:18:39.0781 2148	Schedule - ok
06:18:39.0843 2148	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:18:39.0984 2148	Secdrv - ok
06:18:40.0062 2148	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
06:18:40.0234 2148	seclogon - ok
06:18:40.0281 2148	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
06:18:40.0453 2148	SENS - ok
06:18:40.0500 2148	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
06:18:40.0656 2148	Serial - ok
06:18:40.0703 2148	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:18:40.0859 2148	Sfloppy - ok
06:18:40.0953 2148	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
06:18:41.0281 2148	SharedAccess - ok
06:18:41.0343 2148	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:18:41.0359 2148	ShellHWDetection - ok
06:18:41.0375 2148	Simbad - ok
06:18:41.0421 2148	SiS315          (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
06:18:41.0500 2148	SiS315 - ok
06:18:41.0531 2148	SISAGP          (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
06:18:41.0562 2148	SISAGP - ok
06:18:41.0593 2148	SiSkp           (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
06:18:41.0625 2148	SiSkp - ok
06:18:41.0671 2148	SISNICXP        (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
06:18:41.0734 2148	SISNICXP - ok
06:18:41.0796 2148	SjyPkt          (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
06:18:41.0828 2148	SjyPkt ( UnsignedFile.Multi.Generic ) - warning
06:18:41.0828 2148	SjyPkt - detected UnsignedFile.Multi.Generic (1)
06:18:41.0875 2148	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:18:42.0031 2148	SLIP - ok
06:18:42.0093 2148	sonypvs1        (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
06:18:42.0109 2148	sonypvs1 ( UnsignedFile.Multi.Generic ) - warning
06:18:42.0109 2148	sonypvs1 - detected UnsignedFile.Multi.Generic (1)
06:18:42.0125 2148	Sparrow - ok
06:18:42.0156 2148	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:18:42.0312 2148	splitter - ok
06:18:42.0359 2148	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:18:42.0390 2148	Spooler - ok
06:18:42.0421 2148	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
06:18:42.0578 2148	sr - ok
06:18:42.0640 2148	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
06:18:42.0812 2148	srservice - ok
06:18:42.0875 2148	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:18:42.0968 2148	Srv - ok
06:18:43.0031 2148	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
06:18:43.0171 2148	SSDPSRV - ok
06:18:43.0250 2148	SSHDRV86        (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
06:18:43.0265 2148	SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
06:18:43.0265 2148	SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
06:18:43.0343 2148	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
06:18:43.0578 2148	stisvc - ok
06:18:43.0593 2148	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:18:43.0734 2148	streamip - ok
06:18:43.0765 2148	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:18:43.0937 2148	swenum - ok
06:18:43.0968 2148	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:18:44.0156 2148	swmidi - ok
06:18:44.0234 2148	SwPrv - ok
06:18:44.0265 2148	symc810 - ok
06:18:44.0281 2148	symc8xx - ok
06:18:44.0312 2148	sym_hi - ok
06:18:44.0328 2148	sym_u3 - ok
06:18:44.0390 2148	SynTP           (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:18:44.0437 2148	SynTP - ok
06:18:44.0468 2148	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:18:44.0609 2148	sysaudio - ok
06:18:44.0687 2148	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
06:18:44.0859 2148	SysmonLog - ok
06:18:44.0937 2148	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
06:18:45.0109 2148	TapiSrv - ok
06:18:45.0156 2148	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:18:45.0187 2148	Tcpip - ok
06:18:45.0265 2148	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:18:45.0421 2148	TDPIPE - ok
06:18:45.0453 2148	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:18:45.0578 2148	TDTCP - ok
06:18:45.0625 2148	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:18:45.0765 2148	TermDD - ok
06:18:45.0843 2148	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
06:18:46.0031 2148	TermService - ok
06:18:46.0093 2148	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:18:46.0125 2148	Themes - ok
06:18:46.0140 2148	TosIde - ok
06:18:46.0203 2148	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
06:18:46.0343 2148	TrkWks - ok
06:18:46.0484 2148	TuneUp.Defrag   (5d1ccc2692851213065bd23701ab27f4) C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
06:18:46.0531 2148	TuneUp.Defrag - ok
06:18:46.0875 2148	TuneUp.UtilitiesSvc (6358390595647e745d7cbb00bdf44c6d) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
06:18:46.0937 2148	TuneUp.UtilitiesSvc - ok
06:18:47.0015 2148	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
06:18:47.0015 2148	TuneUpUtilitiesDrv - ok
06:18:47.0062 2148	UBHelper        (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
06:18:47.0109 2148	UBHelper ( UnsignedFile.Multi.Generic ) - warning
06:18:47.0109 2148	UBHelper - detected UnsignedFile.Multi.Generic (1)
06:18:47.0218 2148	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:18:47.0375 2148	Udfs - ok
06:18:47.0390 2148	ultra - ok
06:18:47.0453 2148	UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
06:18:47.0515 2148	UMWdf - ok
06:18:47.0609 2148	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:18:47.0812 2148	Update - ok
06:18:47.0921 2148	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
06:18:48.0093 2148	upnphost - ok
06:18:48.0156 2148	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
06:18:48.0296 2148	UPS - ok
06:18:48.0359 2148	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:18:48.0500 2148	usbaudio - ok
06:18:48.0562 2148	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:18:48.0750 2148	usbccgp - ok
06:18:48.0781 2148	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:18:48.0937 2148	usbehci - ok
06:18:48.0984 2148	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:18:49.0125 2148	usbhub - ok
06:18:49.0156 2148	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:18:49.0296 2148	usbohci - ok
06:18:49.0343 2148	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:18:49.0500 2148	usbprint - ok
06:18:49.0515 2148	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:18:49.0656 2148	usbscan - ok
06:18:49.0687 2148	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:18:49.0843 2148	USBSTOR - ok
06:18:49.0906 2148	UxTuneUp        (69d0e8ca1a30335029b3c5609ecdb654) C:\WINDOWS\System32\uxtuneup.dll
06:18:49.0921 2148	UxTuneUp - ok
06:18:49.0953 2148	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:18:50.0078 2148	VgaSave - ok
06:18:50.0093 2148	ViaIde - ok
06:18:50.0125 2148	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
06:18:50.0281 2148	VolSnap - ok
06:18:50.0375 2148	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
06:18:50.0546 2148	VSS - ok
06:18:50.0593 2148	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
06:18:50.0781 2148	W32Time - ok
06:18:50.0828 2148	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:18:50.0984 2148	Wanarp - ok
06:18:51.0031 2148	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:18:51.0093 2148	wanatw - ok
06:18:51.0109 2148	WDICA - ok
06:18:51.0156 2148	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:18:51.0312 2148	wdmaud - ok
06:18:51.0421 2148	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
06:18:51.0625 2148	WebClient - ok
06:18:51.0671 2148	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:18:51.0890 2148	winmgmt - ok
06:18:52.0000 2148	WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
06:18:52.0062 2148	WmdmPmSN - ok
06:18:52.0125 2148	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:18:52.0281 2148	WmiApSrv - ok
06:18:52.0328 2148	WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
06:18:52.0359 2148	WpdUsb - ok
06:18:52.0421 2148	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
06:18:52.0578 2148	wscsvc - ok
06:18:52.0609 2148	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:18:52.0765 2148	WSTCODEC - ok
06:18:52.0812 2148	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
06:18:52.0953 2148	wuauserv - ok
06:18:53.0062 2148	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
06:18:53.0250 2148	WZCSVC - ok
06:18:53.0328 2148	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
06:18:53.0468 2148	xmlprov - ok
06:18:53.0531 2148	MBR (0x1B8)     (67d07fa51dcd5a4397248f397bb779ae) \Device\Harddisk0\DR0
06:18:57.0296 2148	\Device\Harddisk0\DR0 - ok
06:18:57.0312 2148	MBR (0x1B8)     (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
06:18:57.0421 2148	\Device\Harddisk1\DR4 - ok
06:18:57.0468 2148	Boot (0x1200)   (3a2a001b2e7d5f54bd00acbe8b7d7016) \Device\Harddisk0\DR0\Partition0
06:18:57.0468 2148	\Device\Harddisk0\DR0\Partition0 - ok
06:18:57.0484 2148	Boot (0x1200)   (8a8265b0a2f8ddc5517aca81f067b166) \Device\Harddisk0\DR0\Partition1
06:18:57.0484 2148	\Device\Harddisk0\DR0\Partition1 - ok
06:18:57.0500 2148	Boot (0x1200)   (8ad49433727e46a48aaf2f89bfaff2da) \Device\Harddisk1\DR4\Partition0
06:18:57.0500 2148	\Device\Harddisk1\DR4\Partition0 - ok
06:18:57.0515 2148	============================================================
06:18:57.0515 2148	Scan finished
06:18:57.0515 2148	============================================================
06:18:57.0656 2612	Detected object count: 15
06:18:57.0656 2612	Actual detected object count: 15
06:19:16.0859 2612	cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0859 2612	cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0859 2612	EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0859 2612	EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0875 2612	int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0875 2612	int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0875 2612	KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0875 2612	KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0875 2612	MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0875 2612	MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0875 2612	MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0875 2612	MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0890 2612	NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0890 2612	NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0890 2612	pfc ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0890 2612	pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0906 2612	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0906 2612	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0921 2612	Point32 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612	Point32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0921 2612	RTLWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612	RTLWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0921 2612	SjyPkt ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612	SjyPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0921 2612	sonypvs1 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612	sonypvs1 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0921 2612	SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612	SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:16.0921 2612	UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612	UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:19:25.0328 3912	============================================================
06:19:25.0328 3912	Scan started
06:19:25.0328 3912	Mode: Manual; SigCheck; TDLFS; 
06:19:25.0328 3912	============================================================
06:19:26.0609 3912	Abiosdsk - ok
06:19:26.0640 3912	abp480n5 - ok
06:19:27.0640 3912	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
06:19:27.0671 3912	ACDaemon - ok
06:19:27.0906 3912	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:19:28.0062 3912	ACPI - ok
06:19:28.0093 3912	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:19:28.0312 3912	ACPIEC - ok
06:19:28.0343 3912	adpu160m - ok
06:19:28.0484 3912	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:19:28.0656 3912	aec - ok
06:19:28.0687 3912	Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
06:19:28.0703 3912	Afc - ok
06:19:28.0843 3912	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:19:28.0890 3912	AFD - ok
06:19:29.0812 3912	AgereSoftModem  (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
06:19:29.0937 3912	AgereSoftModem - ok
06:19:29.0953 3912	Aha154x - ok
06:19:29.0984 3912	aic78u2 - ok
06:19:30.0031 3912	aic78xx - ok
06:19:30.0046 3912	ALCXWDM - ok
06:19:30.0281 3912	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
06:19:30.0500 3912	Alerter - ok
06:19:30.0593 3912	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
06:19:30.0765 3912	ALG - ok
06:19:30.0781 3912	AliIde - ok
06:19:30.0812 3912	AmdK8           (9ba1213aab7ff12af30ae9df2e0b4701) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:19:30.0859 3912	AmdK8 - ok
06:19:30.0875 3912	amsint - ok
06:19:30.0906 3912	anbmService - ok
06:19:31.0015 3912	AppMgmt - ok
06:19:31.0031 3912	asc - ok
06:19:31.0062 3912	asc3350p - ok
06:19:31.0078 3912	asc3550 - ok
06:19:31.0250 3912	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:19:31.0265 3912	aspnet_state - ok
06:19:31.0281 3912	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:19:31.0437 3912	AsyncMac - ok
06:19:31.0484 3912	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:19:31.0640 3912	atapi - ok
06:19:31.0656 3912	Atdisk - ok
06:19:31.0703 3912	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:19:31.0859 3912	Atmarpc - ok
06:19:31.0937 3912	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
06:19:32.0093 3912	AudioSrv - ok
06:19:32.0109 3912	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:19:32.0265 3912	audstub - ok
06:19:32.0343 3912	BCM43XX         (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
06:19:32.0406 3912	BCM43XX - ok
06:19:32.0437 3912	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:19:32.0609 3912	Beep - ok
06:19:32.0687 3912	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
06:19:32.0875 3912	BITS - ok
06:19:32.0921 3912	Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:19:33.0062 3912	Bridge - ok
06:19:33.0062 3912	BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:19:33.0234 3912	BridgeMP - ok
06:19:33.0312 3912	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
06:19:33.0437 3912	Browser - ok
06:19:33.0500 3912	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:19:33.0671 3912	cbidf2k - ok
06:19:33.0687 3912	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:19:33.0812 3912	CCDECODE - ok
06:19:33.0828 3912	cd20xrnt - ok
06:19:33.0859 3912	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:19:34.0046 3912	Cdaudio - ok
06:19:34.0062 3912	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:19:34.0203 3912	Cdfs - ok
06:19:34.0234 3912	cdrbsdrv        (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
06:19:34.0250 3912	cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
06:19:34.0250 3912	cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
06:19:34.0265 3912	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:19:34.0406 3912	Cdrom - ok
06:19:34.0421 3912	Changer - ok
06:19:34.0484 3912	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
06:19:34.0625 3912	CiSvc - ok
06:19:34.0718 3912	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
06:19:34.0859 3912	ClipSrv - ok
06:19:34.0921 3912	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:19:34.0937 3912	clr_optimization_v2.0.50727_32 - ok
06:19:34.0968 3912	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:19:35.0109 3912	CmBatt - ok
06:19:35.0125 3912	CmdIde - ok
06:19:35.0140 3912	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:19:35.0281 3912	Compbatt - ok
06:19:35.0343 3912	COMSysApp - ok
06:19:35.0390 3912	Cpqarray - ok
06:19:35.0500 3912	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
06:19:35.0625 3912	CryptSvc - ok
06:19:35.0640 3912	dac2w2k - ok
06:19:35.0656 3912	dac960nt - ok
06:19:35.0734 3912	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:19:36.0109 3912	DcomLaunch - ok
06:19:36.0171 3912	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
06:19:36.0312 3912	Dhcp - ok
06:19:36.0328 3912	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:19:36.0484 3912	Disk - ok
06:19:36.0546 3912	dmadmin - ok
06:19:36.0703 3912	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
06:19:36.0953 3912	dmboot - ok
06:19:36.0984 3912	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
06:19:37.0125 3912	dmio - ok
06:19:37.0156 3912	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:19:37.0343 3912	dmload - ok
06:19:37.0406 3912	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
06:19:37.0546 3912	dmserver - ok
06:19:37.0578 3912	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:19:37.0718 3912	DMusic - ok
06:19:37.0765 3912	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
06:19:37.0796 3912	Dnscache - ok
06:19:37.0906 3912	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
06:19:38.0031 3912	Dot3svc - ok
06:19:38.0046 3912	dpti2o - ok
06:19:38.0078 3912	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:19:38.0218 3912	drmkaud - ok
06:19:38.0265 3912	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
06:19:38.0421 3912	EapHost - ok
06:19:38.0484 3912	EAPPkt          (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
06:19:38.0500 3912	EAPPkt ( UnsignedFile.Multi.Generic ) - warning
06:19:38.0500 3912	EAPPkt - detected UnsignedFile.Multi.Generic (1)
06:19:38.0593 3912	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
06:19:38.0750 3912	ERSvc - ok
06:19:38.0843 3912	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:19:38.0890 3912	Eventlog - ok
06:19:38.0953 3912	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
06:19:39.0000 3912	EventSystem - ok
06:19:39.0031 3912	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:19:39.0171 3912	Fastfat - ok
06:19:39.0250 3912	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:19:39.0265 3912	FastUserSwitchingCompatibility - ok
06:19:39.0343 3912	Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
06:19:39.0484 3912	Fax - ok
06:19:39.0515 3912	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:19:39.0640 3912	Fdc - ok
06:19:39.0656 3912	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
06:19:39.0796 3912	Fips - ok
06:19:39.0812 3912	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:19:39.0937 3912	Flpydisk - ok
06:19:39.0968 3912	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:19:40.0109 3912	FltMgr - ok
06:19:40.0234 3912	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:19:40.0250 3912	FontCache3.0.0.0 - ok
06:19:40.0281 3912	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:19:40.0484 3912	Fs_Rec - ok
06:19:40.0515 3912	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:19:40.0703 3912	Ftdisk - ok
06:19:40.0718 3912	gagp30kx        (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
06:19:40.0875 3912	gagp30kx - ok
06:19:40.0906 3912	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:19:41.0031 3912	Gpc - ok
06:19:41.0187 3912	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
06:19:41.0203 3912	gupdate - ok
06:19:41.0218 3912	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
06:19:41.0250 3912	gupdatem - ok
06:19:41.0328 3912	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
06:19:41.0343 3912	gusvc - ok
06:19:41.0390 3912	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:19:41.0515 3912	helpsvc - ok
06:19:41.0609 3912	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
06:19:41.0781 3912	HidServ - ok
06:19:41.0796 3912	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:19:41.0953 3912	HidUsb - ok
06:19:42.0031 3912	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
06:19:42.0156 3912	hkmsvc - ok
06:19:42.0171 3912	hpn - ok
06:19:42.0234 3912	HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:19:42.0281 3912	HPZid412 - ok
06:19:42.0312 3912	HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:19:42.0328 3912	HPZipr12 - ok
06:19:42.0343 3912	HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:19:42.0390 3912	HPZius12 - ok
06:19:42.0453 3912	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:19:42.0500 3912	HTTP - ok
06:19:42.0578 3912	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
06:19:42.0703 3912	HTTPFilter - ok
06:19:42.0718 3912	i2omgmt - ok
06:19:42.0750 3912	i2omp - ok
06:19:42.0812 3912	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:19:43.0000 3912	i8042prt - ok
06:19:43.0312 3912	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:19:43.0359 3912	idsvc - ok
06:19:43.0390 3912	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:19:43.0531 3912	Imapi - ok
06:19:43.0625 3912	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
06:19:43.0765 3912	ImapiService - ok
06:19:43.0796 3912	ini910u - ok
06:19:43.0921 3912	int15.sys       (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Programme\acer\eRecovery\int15.sys
06:19:43.0921 3912	int15.sys ( UnsignedFile.Multi.Generic ) - warning
06:19:43.0921 3912	int15.sys - detected UnsignedFile.Multi.Generic (1)
06:19:43.0953 3912	IntelIde - ok
06:19:44.0000 3912	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:19:44.0156 3912	Ip6Fw - ok
06:19:44.0187 3912	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:19:44.0406 3912	IpFilterDriver - ok
06:19:44.0453 3912	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:19:44.0593 3912	IpInIp - ok
06:19:44.0640 3912	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:19:44.0781 3912	IpNat - ok
06:19:44.0828 3912	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:19:44.0968 3912	IPSec - ok
06:19:45.0015 3912	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:19:45.0156 3912	IRENUM - ok
06:19:45.0203 3912	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:19:45.0343 3912	isapnp - ok
06:19:45.0375 3912	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:19:45.0515 3912	Kbdclass - ok
06:19:45.0546 3912	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:19:45.0703 3912	kbdhid - ok
06:19:45.0734 3912	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:19:45.0875 3912	kmixer - ok
06:19:46.0093 3912	KMWDSERVICE     (257cab50360a7d21ea237f2d8eee8478) C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
06:19:46.0171 3912	KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
06:19:46.0171 3912	KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
06:19:46.0296 3912	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:19:46.0328 3912	KSecDD - ok
06:19:46.0375 3912	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
06:19:46.0390 3912	lanmanserver - ok
06:19:46.0515 3912	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
06:19:46.0531 3912	lanmanworkstation - ok
06:19:46.0546 3912	lbrtfdc - ok
06:19:46.0609 3912	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
06:19:46.0750 3912	LmHosts - ok
06:19:46.0843 3912	MACNDIS5        (20098f89e7638892ec22a69af5287844) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
06:19:46.0843 3912	MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
06:19:46.0843 3912	MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
06:19:46.0968 3912	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
06:19:46.0984 3912	McComponentHostService - ok
06:19:47.0046 3912	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
06:19:47.0203 3912	Messenger - ok
06:19:47.0234 3912	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:19:47.0421 3912	mnmdd - ok
06:19:47.0468 3912	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
06:19:47.0609 3912	mnmsrvc - ok
06:19:47.0640 3912	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
06:19:47.0796 3912	Modem - ok
06:19:47.0828 3912	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:19:47.0984 3912	Mouclass - ok
06:19:48.0031 3912	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:19:48.0218 3912	mouhid - ok
06:19:48.0468 3912	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:19:48.0593 3912	MountMgr - ok
06:19:48.0625 3912	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
06:19:48.0750 3912	MPE - ok
06:19:48.0765 3912	mraid35x - ok
06:19:48.0796 3912	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:19:48.0921 3912	MRxDAV - ok
06:19:49.0000 3912	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:19:49.0031 3912	MRxSmb - ok
06:19:49.0156 3912	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
06:19:49.0296 3912	MSDTC - ok
06:19:49.0343 3912	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:19:49.0484 3912	Msfs - ok
06:19:49.0531 3912	MSIServer - ok
06:19:49.0578 3912	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:19:49.0718 3912	MSKSSRV - ok
06:19:49.0734 3912	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:19:49.0890 3912	MSPCLOCK - ok
06:19:49.0906 3912	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:19:50.0031 3912	MSPQM - ok
06:19:50.0062 3912	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:19:50.0187 3912	mssmbios - ok
06:19:50.0203 3912	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:19:50.0343 3912	MSTEE - ok
06:19:50.0359 3912	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:19:50.0406 3912	Mup - ok
06:19:50.0437 3912	MZCCntrl        (1c36625bb3ab79e1ad11e808033a80f5) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
06:19:50.0453 3912	MZCCntrl ( UnsignedFile.Multi.Generic ) - warning
06:19:50.0453 3912	MZCCntrl - detected UnsignedFile.Multi.Generic (1)
06:19:50.0484 3912	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:19:50.0640 3912	NABTSFEC - ok
06:19:50.0718 3912	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
06:19:50.0859 3912	napagent - ok
06:19:50.0906 3912	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:19:51.0046 3912	NDIS - ok
06:19:51.0093 3912	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:19:51.0218 3912	NdisIP - ok
06:19:51.0250 3912	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:19:51.0265 3912	NdisTapi - ok
06:19:51.0312 3912	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:19:51.0437 3912	Ndisuio - ok
06:19:51.0453 3912	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:19:51.0593 3912	NdisWan - ok
06:19:51.0609 3912	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:19:51.0625 3912	NDProxy - ok
06:19:51.0640 3912	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:19:51.0765 3912	NetBIOS - ok
06:19:51.0812 3912	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:19:51.0937 3912	NetBT - ok
06:19:52.0031 3912	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:19:52.0156 3912	NetDDE - ok
06:19:52.0171 3912	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:19:52.0296 3912	NetDDEdsdm - ok
06:19:52.0390 3912	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:19:52.0515 3912	Netlogon - ok
06:19:52.0609 3912	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
06:19:52.0734 3912	Netman - ok
06:19:52.0843 3912	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:19:52.0859 3912	NetTcpPortSharing - ok
06:19:52.0953 3912	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
06:19:52.0968 3912	Nla - ok
06:19:53.0015 3912	nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
06:19:53.0156 3912	nm - ok
06:19:53.0187 3912	NPFMntor - ok
06:19:53.0218 3912	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:19:53.0375 3912	Npfs - ok
06:19:53.0453 3912	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:19:53.0593 3912	Ntfs - ok
06:19:53.0625 3912	NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
06:19:53.0625 3912	NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
06:19:53.0625 3912	NTIDrvr - detected UnsignedFile.Multi.Generic (1)
06:19:53.0671 3912	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:19:53.0796 3912	NtLmSsp - ok
06:19:53.0921 3912	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
06:19:54.0093 3912	NtmsSvc - ok
06:19:54.0125 3912	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:19:54.0281 3912	Null - ok
06:19:54.0343 3912	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:19:54.0546 3912	NwlnkFlt - ok
06:19:54.0562 3912	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:19:54.0750 3912	NwlnkFwd - ok
06:19:54.0781 3912	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
06:19:54.0921 3912	Parport - ok
06:19:54.0953 3912	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:19:55.0093 3912	PartMgr - ok
06:19:55.0125 3912	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
06:19:55.0281 3912	ParVdm - ok
06:19:55.0328 3912	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
06:19:55.0468 3912	PCI - ok
06:19:55.0484 3912	PCIDump - ok
06:19:55.0500 3912	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:19:55.0703 3912	PCIIde - ok
06:19:55.0750 3912	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:19:55.0890 3912	Pcmcia - ok
06:19:55.0906 3912	PDCOMP - ok
06:19:55.0937 3912	PDFRAME - ok
06:19:55.0953 3912	PDRELI - ok
06:19:55.0968 3912	PDRFRAME - ok
06:19:56.0000 3912	perc2 - ok
06:19:56.0015 3912	perc2hib - ok
06:19:56.0078 3912	pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
06:19:56.0078 3912	pfc ( UnsignedFile.Multi.Generic ) - warning
06:19:56.0093 3912	pfc - detected UnsignedFile.Multi.Generic (1)
06:19:56.0171 3912	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:19:56.0218 3912	PlugPlay - ok
06:19:56.0296 3912	Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
06:19:56.0312 3912	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:19:56.0312 3912	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
06:19:56.0359 3912	Point32         (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
06:19:56.0359 3912	Point32 ( UnsignedFile.Multi.Generic ) - warning
06:19:56.0359 3912	Point32 - detected UnsignedFile.Multi.Generic (1)
06:19:56.0390 3912	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:19:56.0531 3912	PolicyAgent - ok
06:19:56.0578 3912	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:19:56.0734 3912	PptpMiniport - ok
06:19:56.0765 3912	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:19:56.0890 3912	ProtectedStorage - ok
06:19:56.0921 3912	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:19:57.0093 3912	PSched - ok
06:19:57.0109 3912	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:19:57.0281 3912	Ptilink - ok
06:19:57.0312 3912	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:19:57.0328 3912	PxHelp20 - ok
06:19:57.0343 3912	ql1080 - ok
06:19:57.0375 3912	Ql10wnt - ok
06:19:57.0390 3912	ql12160 - ok
06:19:57.0421 3912	ql1240 - ok
06:19:57.0437 3912	ql1280 - ok
06:19:57.0453 3912	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:19:57.0671 3912	RasAcd - ok
06:19:57.0750 3912	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
06:19:57.0875 3912	RasAuto - ok
06:19:57.0906 3912	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:19:58.0031 3912	Rasl2tp - ok
06:19:58.0093 3912	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
06:19:58.0234 3912	RasMan - ok
06:19:58.0250 3912	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:19:58.0390 3912	RasPppoe - ok
06:19:58.0406 3912	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:19:58.0593 3912	Raspti - ok
06:19:58.0625 3912	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:19:58.0750 3912	Rdbss - ok
06:19:58.0781 3912	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:19:58.0968 3912	RDPCDD - ok
06:19:59.0031 3912	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
06:19:59.0046 3912	RDPWD - ok
06:19:59.0093 3912	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
06:19:59.0234 3912	RDSessMgr - ok
06:19:59.0265 3912	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:19:59.0406 3912	redbook - ok
06:19:59.0484 3912	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
06:19:59.0609 3912	RemoteAccess - ok
06:19:59.0640 3912	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
06:19:59.0796 3912	RpcLocator - ok
06:19:59.0890 3912	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:19:59.0953 3912	RpcSs - ok
06:20:00.0015 3912	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
06:20:00.0187 3912	RSVP - ok
06:20:00.0234 3912	RTL2832UBDA     (9f9acc7e0c86d7f2e29fcb6f949173e1) C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
06:20:00.0250 3912	RTL2832UBDA - ok
06:20:00.0281 3912	RTL2832UUSB     (ad5774a01bd623b4e2ef42b82b13a3f0) C:\WINDOWS\system32\Drivers\RTL2832UUSB.sys
06:20:00.0296 3912	RTL2832UUSB - ok
06:20:00.0328 3912	RTLWUSB         (f564f1c5813b47a86903d42cd778311c) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
06:20:00.0375 3912	RTLWUSB ( UnsignedFile.Multi.Generic ) - warning
06:20:00.0375 3912	RTLWUSB - detected UnsignedFile.Multi.Generic (1)
06:20:00.0437 3912	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:20:00.0578 3912	SamSs - ok
06:20:00.0625 3912	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
06:20:00.0781 3912	SCardSvr - ok
06:20:00.0859 3912	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
06:20:01.0015 3912	Schedule - ok
06:20:01.0062 3912	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:20:01.0187 3912	Secdrv - ok
06:20:01.0281 3912	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
06:20:01.0421 3912	seclogon - ok
06:20:01.0500 3912	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
06:20:01.0640 3912	SENS - ok
06:20:01.0671 3912	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
06:20:01.0828 3912	Serial - ok
06:20:01.0875 3912	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:20:02.0015 3912	Sfloppy - ok
06:20:02.0093 3912	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
06:20:02.0234 3912	SharedAccess - ok
06:20:02.0296 3912	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:20:02.0312 3912	ShellHWDetection - ok
06:20:02.0328 3912	Simbad - ok
06:20:02.0375 3912	SiS315          (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
06:20:02.0421 3912	SiS315 - ok
06:20:02.0468 3912	SISAGP          (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
06:20:02.0468 3912	SISAGP - ok
06:20:02.0500 3912	SiSkp           (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
06:20:02.0531 3912	SiSkp - ok
06:20:02.0562 3912	SISNICXP        (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
06:20:02.0593 3912	SISNICXP - ok
06:20:02.0640 3912	SjyPkt          (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
06:20:02.0656 3912	SjyPkt ( UnsignedFile.Multi.Generic ) - warning
06:20:02.0656 3912	SjyPkt - detected UnsignedFile.Multi.Generic (1)
06:20:02.0703 3912	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:20:02.0843 3912	SLIP - ok
06:20:02.0906 3912	sonypvs1        (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
06:20:02.0921 3912	sonypvs1 ( UnsignedFile.Multi.Generic ) - warning
06:20:02.0921 3912	sonypvs1 - detected UnsignedFile.Multi.Generic (1)
06:20:02.0937 3912	Sparrow - ok
06:20:02.0984 3912	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:20:03.0125 3912	splitter - ok
06:20:03.0171 3912	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:20:03.0187 3912	Spooler - ok
06:20:03.0218 3912	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
06:20:03.0375 3912	sr - ok
06:20:03.0484 3912	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
06:20:03.0609 3912	srservice - ok
06:20:03.0671 3912	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:20:03.0734 3912	Srv - ok
06:20:03.0781 3912	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
06:20:03.0921 3912	SSDPSRV - ok
06:20:03.0968 3912	SSHDRV86        (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
06:20:03.0984 3912	SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
06:20:03.0984 3912	SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
06:20:04.0078 3912	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
06:20:04.0250 3912	stisvc - ok
06:20:04.0265 3912	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:20:04.0421 3912	streamip - ok
06:20:04.0453 3912	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:20:04.0593 3912	swenum - ok
06:20:04.0640 3912	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:20:04.0765 3912	swmidi - ok
06:20:04.0859 3912	SwPrv - ok
06:20:04.0890 3912	symc810 - ok
06:20:04.0906 3912	symc8xx - ok
06:20:04.0937 3912	sym_hi - ok
06:20:04.0953 3912	sym_u3 - ok
06:20:05.0000 3912	SynTP           (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:20:05.0015 3912	SynTP - ok
06:20:05.0062 3912	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:20:05.0187 3912	sysaudio - ok
06:20:05.0250 3912	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
06:20:05.0390 3912	SysmonLog - ok
06:20:05.0484 3912	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
06:20:05.0625 3912	TapiSrv - ok
06:20:05.0703 3912	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:20:05.0750 3912	Tcpip - ok
06:20:05.0796 3912	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:20:05.0921 3912	TDPIPE - ok
06:20:05.0937 3912	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:20:06.0093 3912	TDTCP - ok
06:20:06.0140 3912	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:20:06.0281 3912	TermDD - ok
06:20:06.0375 3912	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
06:20:06.0515 3912	TermService - ok
06:20:06.0578 3912	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:20:06.0593 3912	Themes - ok
06:20:06.0625 3912	TosIde - ok
06:20:06.0703 3912	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
06:20:06.0828 3912	TrkWks - ok
06:20:06.0968 3912	TuneUp.Defrag   (5d1ccc2692851213065bd23701ab27f4) C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
06:20:06.0984 3912	TuneUp.Defrag - ok
06:20:07.0078 3912	TuneUp.UtilitiesSvc (6358390595647e745d7cbb00bdf44c6d) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
06:20:07.0125 3912	TuneUp.UtilitiesSvc - ok
06:20:07.0171 3912	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
06:20:07.0187 3912	TuneUpUtilitiesDrv - ok
06:20:07.0218 3912	UBHelper        (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
06:20:07.0218 3912	UBHelper ( UnsignedFile.Multi.Generic ) - warning
06:20:07.0218 3912	UBHelper - detected UnsignedFile.Multi.Generic (1)
06:20:07.0281 3912	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:20:07.0421 3912	Udfs - ok
06:20:07.0437 3912	ultra - ok
06:20:07.0515 3912	UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
06:20:07.0546 3912	UMWdf - ok
06:20:07.0640 3912	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:20:07.0796 3912	Update - ok
06:20:07.0921 3912	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
06:20:08.0078 3912	upnphost - ok
06:20:08.0140 3912	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
06:20:08.0312 3912	UPS - ok
06:20:08.0343 3912	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:20:08.0484 3912	usbaudio - ok
06:20:08.0531 3912	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:20:08.0656 3912	usbccgp - ok
06:20:08.0703 3912	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:20:08.0843 3912	usbehci - ok
06:20:08.0875 3912	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:20:09.0000 3912	usbhub - ok
06:20:09.0031 3912	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:20:09.0171 3912	usbohci - ok
06:20:09.0218 3912	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:20:09.0359 3912	usbprint - ok
06:20:09.0375 3912	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:20:09.0515 3912	usbscan - ok
06:20:09.0531 3912	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:20:09.0671 3912	USBSTOR - ok
06:20:09.0734 3912	UxTuneUp        (69d0e8ca1a30335029b3c5609ecdb654) C:\WINDOWS\System32\uxtuneup.dll
06:20:09.0750 3912	UxTuneUp - ok
06:20:09.0781 3912	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:20:09.0906 3912	VgaSave - ok
06:20:09.0921 3912	ViaIde - ok
06:20:09.0968 3912	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
06:20:10.0093 3912	VolSnap - ok
06:20:10.0187 3912	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
06:20:10.0328 3912	VSS - ok
06:20:10.0390 3912	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
06:20:10.0531 3912	W32Time - ok
06:20:10.0593 3912	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:20:10.0718 3912	Wanarp - ok
06:20:10.0781 3912	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:20:10.0812 3912	wanatw - ok
06:20:10.0828 3912	WDICA - ok
06:20:10.0875 3912	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:20:11.0046 3912	wdmaud - ok
06:20:11.0109 3912	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
06:20:11.0250 3912	WebClient - ok
06:20:11.0312 3912	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:20:11.0453 3912	winmgmt - ok
06:20:11.0562 3912	WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
06:20:11.0578 3912	WmdmPmSN - ok
06:20:11.0640 3912	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:20:11.0781 3912	WmiApSrv - ok
06:20:11.0828 3912	WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
06:20:11.0843 3912	WpdUsb - ok
06:20:11.0937 3912	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
06:20:12.0093 3912	wscsvc - ok
06:20:12.0109 3912	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:20:12.0250 3912	WSTCODEC - ok
06:20:12.0296 3912	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
06:20:12.0453 3912	wuauserv - ok
06:20:12.0546 3912	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
06:20:12.0703 3912	WZCSVC - ok
06:20:12.0765 3912	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
06:20:12.0906 3912	xmlprov - ok
06:20:12.0968 3912	MBR (0x1B8)     (67d07fa51dcd5a4397248f397bb779ae) \Device\Harddisk0\DR0
06:20:16.0750 3912	\Device\Harddisk0\DR0 - ok
06:20:16.0765 3912	MBR (0x1B8)     (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
06:20:16.0890 3912	\Device\Harddisk1\DR4 - ok
06:20:16.0921 3912	Boot (0x1200)   (f6237a10fc85b5e8cbda2e8956a5509e) \Device\Harddisk0\DR0\Partition0
06:20:16.0921 3912	\Device\Harddisk0\DR0\Partition0 - ok
06:20:16.0921 3912	Boot (0x1200)   (73c838f6a6c1b6e38123759d7a44a96f) \Device\Harddisk0\DR0\Partition1
06:20:16.0921 3912	\Device\Harddisk0\DR0\Partition1 - ok
06:20:16.0953 3912	Boot (0x1200)   (8ad49433727e46a48aaf2f89bfaff2da) \Device\Harddisk1\DR4\Partition0
06:20:16.0953 3912	\Device\Harddisk1\DR4\Partition0 - ok
06:20:16.0953 3912	============================================================
06:20:16.0953 3912	Scan finished
06:20:16.0953 3912	============================================================
06:20:16.0984 3924	Detected object count: 15
06:20:16.0984 3924	Actual detected object count: 15
06:23:42.0390 3924	cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0390 3924	cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0390 3924	EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0390 3924	EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0406 3924	int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0406 3924	int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0406 3924	KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0406 3924	KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0421 3924	MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0421 3924	MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0421 3924	MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0421 3924	MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0421 3924	NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0421 3924	NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0421 3924	pfc ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0421 3924	pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0437 3924	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0437 3924	Point32 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924	Point32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0437 3924	RTLWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924	RTLWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0437 3924	SjyPkt ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924	SjyPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0437 3924	sonypvs1 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924	sonypvs1 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0437 3924	SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924	SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:23:42.0437 3924	UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924	UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Geändert von Mr. Invisibl (30.05.2012 um 17:44 Uhr)

Alt 30.05.2012, 21:37   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.05.2012, 01:07   #9
Mr. Invisibl
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Diesen Schritt habe ich ebenfalls ohne Probleme hinbekommen!

ComboFix.txt:
Code:
ATTFilter
ComboFix 12-05-30.04 - Hans-Peter 30.05.2012  10:29:39.2.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.446.139 [GMT -12:00]
ausgeführt von:: c:\dokumente und einstellungen\Hans-Peter\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\389D51A1.TMP
c:\dokumente und einstellungen\Hans-Peter\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\winsh320
c:\windows\system32\winsh321
c:\windows\system32\winsh322
c:\windows\system32\winsh323
c:\windows\system32\winsh324
c:\windows\system32\winsh325
c:\windows\Uninstall.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-30 16:46 . 2011-07-13 10:55	2237440	----a-r-	C:\OTLPE.exe
2012-05-30 16:46 . 2012-05-30 16:46	--------	d-----w-	C:\_OTL
2012-05-22 17:45 . 2012-05-22 17:45	--------	d--h--w-	c:\windows\PIF
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:51 . 2004-08-04 12:50	2071424	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 1980-01-01 12:00	2194944	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 1980-01-01 12:00	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-03-13 04:38 . 2012-03-19 20:05	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\programme\NCH_DE\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b106b661-3e1b-4015-af5c-195e909f35c6}]
2011-05-09 08:49	176936	----a-w-	c:\programme\NCH_DE\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\programme\NCH_DE\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-04 68856]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2006-08-07 647220]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"KMConfig"="c:\programme\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" [2007-03-07 212992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Remote Control.lnk - c:\programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe [2010-11-15 90112]
TMMonitor.lnk - c:\programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-11-15 258048]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
"Performance Center"=c:\programme\Ascentive\Performance Center\ApcMain.exe -m
"T-Online_Software_6\WLAN-Access Finder"=c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"DelayShred"=c:\progra~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.IE5\ODO8NPKN.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.IE5\3PWDSK31.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.IE5\HTP8EAVA.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.IE5\67454PQ9.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1.SH!
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"=c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
"RealTray"=c:\programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"eRecoveryService"=c:\windows\System32\Check.exe
"SiS Windows KeyHook"=c:\windows\system32\keyhook.exe
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe"
"PCMService"="c:\programme\Arcade\PCMService.exe"
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [31.01.2006 08:41 81408]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [31.01.2006 07:08 66048]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe [08.05.2007 17:00 2179072]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [09.12.2006 07:04 17280]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [22.02.2010 06:46 135664]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [22.02.2010 06:46 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 00:49 227232]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [15.11.2010 06:36 93344]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [15.11.2010 06:36 32800]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [07.03.2006 06:49 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [07.03.2006 06:49 13532]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-31 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-23 05:36]
.
2012-05-30 c:\windows\Tasks\Automatische Problemsuche.job
- c:\programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-31 02:38]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-22 18:46]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-22 18:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?AF=110810&babsrc=HP_ss&mntrId=320d180e000000000000000fb5d0df74
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\dokumente und einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - NCH DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110810
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 320d180e000000000000000fb5d0df74
FF - user.js: extensions.BabylonToolbar_i.hardId - 320d180e000000000000000fb5d0df74
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15419
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 10:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2139227033-4218479189-3264577692-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,60,04,36,60,10,75,db,68,49,a1,ce,a7,a8,12,e6,05,2e,16,0d,37,6c,07,
   27,b3,be,79,b4,50,6d,7f,25,1a,84,41,0a,a1,45,59,5e,dd,79,fc,8d,83,1b,12,44,\
"??"=hex:c7,06,59,9d,c4,67,6a,09,e3,23,2a,33,6c,b4,35,14
.
Zeit der Fertigstellung: 2012-05-30  10:38:43
ComboFix-quarantined-files.txt  2012-05-30 22:38
.
Vor Suchlauf: 19 Verzeichnis(se), 21.837.447.168 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 21.982.838.784 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A0EA364F3BC22163B52FF00AD6257AA0
         

Alt 31.05.2012, 08:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Partitionen nach NTFS konvertieren:
1) Start, Ausführen, cmd eintippen und ok
2) Befehl convert d: /fs:ntfs eintippen bestätigen mit Return oder Enter
3) Die aktuelle Bezeichnung von D: eintippen (siehst Du im Arbeitsplatz auf D: - wenn "Lokaler Datenträger" da nur steht hat D: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung) - notfalls einen einfachen Namen für diese Partition vergeben im Arbeitsplatz über Rechtsklick=>Eigenschaften
4) Ggf. Bestätigen, dass das Laufwerk für den exklusiven Zugriff gesperrt werden muss mit J
5) Abwarten bis convert durch ist
Danach kommt C: dran
6) Befehl convert c: /fs:ntfs eintippen bestätigen mit Return oder Enter
7) Die aktuelle Bezeichnung von C: eintippen (siehst Du im Arbeitsplatz auf C:, wenn "Lokaler Datenträger" da nur steht hat C: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung)
8) Hinweis, dass das Laufwerk beim nächsten Windows-Start konvertiert werden soll mit J bestätigen und Windows neustarten lassen, geduldig sein!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.05.2012, 11:06   #11
Mr. Invisibl
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Gut, das habe ich beides ausgeführt.
Wie geht es nun weiter?

Alt 31.05.2012, 11:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Mach bitte ein neues OTL-Log zur Kontrolle - Bitte wieder alles nach Möglichkeit hier in CODE-Tags posten.


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.05.2012, 12:30   #13
Mr. Invisibl
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



OTL.txt:


Code:
ATTFilter
OTL logfile created on: 30.05.2012 23:12:19 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Dokumente und Einstellungen\Hans-Peter\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
446,48 Mb Total Physical Memory | 163,90 Mb Available Physical Memory | 36,71% Memory free
1,03 Gb Paging File | 0,84 Gb Available in Paging File | 81,55% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35,71 Gb Total Space | 21,74 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive D: | 35,88 Gb Total Space | 35,68 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 0,93 Gb Free Space | 50,18% Space Free | Partition Type: FAT
 
Computer Name: ACER-9C5CBFE9EE | User Name: Hans-Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.31 11:31:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\OTL.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.01.15 00:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.30 14:33:46 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.10.30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.10.09 00:12:56 | 000,090,112 | R--- | M] () -- C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe
PRC - [2008.12.30 11:20:20 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2008.04.13 14:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.25 23:18:54 | 000,561,152 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMProcess.exe
PRC - [2007.09.17 22:51:14 | 001,470,464 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMConfig.exe
PRC - [2007.08.08 19:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007.05.08 17:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
PRC - [2007.03.06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe
PRC - [2005.11.15 13:02:04 | 000,061,440 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2004.10.07 23:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004.08.16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.10.09 00:12:56 | 000,090,112 | R--- | M] () -- C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.13 14:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.03.24 16:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007.08.05 22:53:32 | 000,053,248 | ---- | M] () -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\MouseHook.dll
MOD - [2007.08.05 21:31:02 | 000,114,688 | ---- | M] () -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\keydll.dll
MOD - [2007.04.19 09:39:08 | 000,436,992 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\FPXLIB.DLL
MOD - [2007.04.19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\uPiApi.dll
MOD - [2007.04.19 09:29:42 | 000,273,216 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\magengin.dll
MOD - [2007.04.19 09:29:38 | 000,187,136 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\kgl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.15 00:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.15 07:45:38 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.10.30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.10.30 14:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.13 14:22:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.13 14:22:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.13 14:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.13 14:22:08 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007.08.08 19:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007.05.08 17:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2005.11.15 13:02:04 | 000,061,440 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2004.08.16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\HANS-P~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009.10.25 14:43:54 | 000,032,800 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.10.25 14:43:52 | 000,093,344 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.04.13 13:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008.04.13 13:58:14 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.13 06:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 06:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 06:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006.01.31 08:41:32 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005.11.24 12:36:42 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2005.04.21 13:33:12 | 000,112,384 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005.03.02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005.02.25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.12.21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.11.05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004.10.07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.08.04 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004.08.04 05:00:00 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004.08.04 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004.03.08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003.12.05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.07.18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003.01.10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002.10.15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002.10.02 08:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110810&babsrc=HP_ss&mntrId=320d180e000000000000000fb5d0df74
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {F044364B-0B38-4713-B87A-C8752784F68B}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110810&babsrc=SP_ss&mntrId=320d180e000000000000000fb5d0df74
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\..\SearchScopes\{F044364B-0B38-4713-B87A-C8752784F68B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "NCH DE Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 08:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.02.23 07:03:04 | 000,000,000 | ---D | M]
 
[2008.07.19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Extensions
[2008.07.19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2010.02.23 07:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\extensions
[2012.05.22 04:57:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.02 05:29:58 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.03.20 08:20:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\extensions\ffxtlbr@babylon.com
[2012.03.06 17:29:04 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\searchplugins\conduit.xml
[2012.03.19 08:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.19 08:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.03.19 08:05:58 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.05.03 05:19:24 | 000,570,013 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HANS-PETER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HVAY6VXB.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.03.12 16:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.12 17:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.20 08:17:48 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.03.12 17:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.12 17:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.12 17:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.12 17:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.12 17:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.30 10:36:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [KMConfig] "C:\Programme\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" KMConfig.exe File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (T-Online International AG, Marmiko IT-Solutions GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Control.lnk = C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{034B6442-2FEA-4241-8D73-1E8D520BEA29}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - hxxp://www.actionbikes.de/actionbikes/images1/Bashan%20200%20seite1.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.30 23:04:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\OTL.exe
[2012.05.30 13:08:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.05.30 13:08:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.05.30 13:08:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.05.30 13:08:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.05.30 13:08:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.05.30 13:08:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.30 13:08:14 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Hans-Peter\Startmenü\Programme\Verwaltung
[2012.05.30 10:38:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.05.30 10:24:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.05.30 10:23:18 | 004,532,250 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\ComboFix.exe
[2012.05.30 04:46:49 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.05.30 04:46:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.22 05:45:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.31 11:31:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\OTL.exe
[2012.05.31 00:03:26 | 004,532,250 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\ComboFix.exe
[2012.05.30 22:57:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.30 22:45:54 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job
[2012.05.30 22:36:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.30 22:35:56 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.30 22:35:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.30 22:35:35 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.30 12:00:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2012.05.30 10:24:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.05.21 05:17:36 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.15 07:32:22 | 000,461,330 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.15 07:32:22 | 000,443,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.15 07:32:22 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.15 07:32:22 | 000,072,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.15 07:29:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.05.09 07:18:32 | 000,070,198 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf
 
========== Files Created - No Company Name ==========
 
[2012.05.30 13:08:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.05.30 13:08:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.05.30 13:08:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.05.30 13:08:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.05.30 13:08:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.05.30 10:24:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.05.30 10:24:33 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.05.09 07:18:28 | 000,070,198 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf
[2012.02.15 06:02:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.11.15 06:37:01 | 000,294,974 | R--- | C] () -- C:\WINDOWS\System32\RTL283XACCESS.dll
[2010.11.15 06:36:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
 
========== LOP Check ==========
 
[2009.04.08 06:11:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive
[2007.12.11 05:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2008.04.11 23:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.03.20 08:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2007.12.11 05:58:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ebay
[2010.01.09 06:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2007.05.30 07:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2006.01.23 18:00:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2007.02.27 21:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2008.07.19 21:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2009.12.15 07:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.01.09 06:29:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2008.03.08 01:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2007.05.05 04:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2009.12.15 07:44:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009.04.08 06:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ascentive
[2007.12.11 06:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ashampoo
[2007.09.19 20:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Atari
[2008.04.11 23:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Babylon
[2007.12.11 05:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BayWatcher Pro
[2008.03.24 07:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BOM
[2008.12.07 03:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Friday's games
[2008.03.30 03:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ICQ Toolbar
[2009.03.08 04:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston
[2009.07.21 07:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\MSNInstaller
[2007.06.20 06:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Opera
[2006.01.23 17:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-DSL SpeedManager
[2006.12.09 07:05:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-Online
[2008.07.19 21:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TomTom
[2009.12.15 07:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TuneUp Software
[2008.03.08 02:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ulead Systems
[2007.05.05 04:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Zylom
[2012.05.30 22:45:54 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Problemsuche.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2005.12.21 20:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Adobe
[2005.12.21 20:01:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\AdobeUM
[2005.03.08 10:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\AOL
[2010.11.15 06:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ArcSoft
[2009.04.08 06:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ascentive
[2007.12.11 06:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ashampoo
[2007.09.19 20:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Atari
[2008.04.11 23:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Babylon
[2007.12.11 05:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BayWatcher Pro
[2008.03.24 07:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BOM
[2005.12.16 13:52:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Cyberlink
[2007.11.01 07:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\DivX
[2008.12.07 03:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Friday's games
[2007.11.23 09:34:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Google
[2007.01.01 01:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Help
[2008.03.30 03:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ICQ Toolbar
[2005.03.07 23:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Identities
[2009.07.21 07:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\InstallShield
[2009.03.08 04:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston
[2006.01.28 22:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Macromedia
[2005.03.07 23:23:00 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Microsoft
[2008.03.30 00:47:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla
[2009.07.21 07:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\MSNInstaller
[2007.06.20 06:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Opera
[2007.11.30 07:23:36 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\SecuROM
[2005.12.16 06:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Symantec
[2006.01.23 17:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-DSL SpeedManager
[2006.12.09 07:05:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-Online
[2008.07.19 21:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TomTom
[2009.12.15 07:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TuneUp Software
[2008.03.08 02:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ulead Systems
[2009.04.13 07:10:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\WinRAR
[2005.03.08 10:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\You've Got Pictures Screensaver
[2007.05.05 04:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Zylom
 
< %APPDATA%\*.exe /s >
[2007.09.25 18:29:14 | 002,867,864 | ---- | M] (Adobe Systems Inc                                           ) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\Ac705EmP_efgj.exe
[2007.06.08 01:46:52 | 023,813,608 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe
[2008.09.19 01:19:30 | 000,937,465 | ---- | M] (                                                            ) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\SecureTraveler.exe
[2008.09.18 15:32:22 | 001,839,104 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\SecureTravelerA.exe
[2008.09.19 01:05:36 | 003,231,744 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\SecureTravelerB.exe
[2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\SecureTravelerDaemon.exe
[2008.09.18 15:32:22 | 001,839,104 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\tmp\SecureTravelerA.exe
[2008.09.19 01:05:36 | 003,231,744 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\tmp\SecureTravelerB.exe
[2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\tmp\SecureTravelerDaemon.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.10.25 01:08:08 | 002,368,347 | ---- | M] (InstallShield Software Corporation) -- C:\JSetup.exe
[2011.07.12 22:55:06 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2011.10.19 03:16:28 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.10.19 03:16:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 06:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 06:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 06:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2011.10.19 03:16:28 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.10.19 03:16:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 06:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 06:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 06:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.13 14:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.13 14:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.13 14:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.13 14:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.13 14:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.13 14:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 06:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 06:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.13 14:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.13 14:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.13 14:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 06:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 03:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 06:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 03:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.13 14:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.13 14:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.13 14:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.13 14:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.13 14:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.13 14:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.13 14:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.13 14:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.13 14:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.03.07 23:22:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005.03.07 23:22:08 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.03.07 23:22:06 | 000,413,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 31.05.2012, 14:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.05.2012, 17:06   #15
Mr. Invisibl
 
Verschlüsselungstrojaner unter Windows XP - Standard

Verschlüsselungstrojaner unter Windows XP



Nach dem Starten von GMER stürzt der PC wieder ab und es kommt folgende Meldung:


OSAM.log:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 03:37:01 on 31.05.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17109

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HPpromotions journeysoftware.job" - "hp" - C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Automatische Problemsuche.job" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\DOKUME~1\HANS-P~1\LOKALE~1\Temp\catchme.sys  (File not found)
"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsdrv.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"int15.sys" (int15.sys) - ? - C:\Programme\acer\eRecovery\int15.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"Microsoft IntelliPoint Filter Driver" (Point32) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\point32.sys
"NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver" (RTLWUSB) - "NETGEAR Inc." - C:\WINDOWS\System32\DRIVERS\wg111v2.sys
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Realtek EAPPkt Protocol" (EAPPkt) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\EAPPkt.sys
"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - ? - C:\WINDOWS\System32\drivers\ALCXWDM.SYS  (File not found)
"SjyPkt" (SjyPkt) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\Drivers\SjyPkt.sys
"Sony Digital Imaging Video2" (sonypvs1) - "Sony Corporation" - C:\WINDOWS\System32\DRIVERS\sonypvs1.sys
"SSHDRV86" (SSHDRV86) - ? - C:\WINDOWS\system32\drivers\SSHDRV86.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://www.actionbikes.de/actionbikes/images1/Bashan%20200%20seite1.jpg  (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{b106b661-3e1b-4015-af5c-195e909f35c6} "NCH DE Toolbar" - "Conduit Ltd." - C:\Programme\NCH_DE\prxtbNCH_.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} "Get_ActiveX Control" - "Netopsystems AG" - C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX / https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10n.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{98889811-442D-49dd-99D7-DC866BE87DBC} "Babylon Toolbar" - "Babylon Ltd." - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{b106b661-3e1b-4015-af5c-195e909f35c6} "NCH DE Toolbar" - "Conduit Ltd." - C:\Programme\NCH_DE\prxtbNCH_.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{2EECD738-5844-4a99-B4B6-146BF802613B} "Babylon toolbar helper" - "Babylon BHO" - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{b106b661-3e1b-4015-af5c-195e909f35c6} "NCH DE Toolbar" - "Conduit Ltd." - C:\Programme\NCH_DE\prxtbNCH_.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
"Remote Control.lnk" - ? - C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe  (Shortcut exists | File exists)
"TMMonitor.lnk" - "ArcSoft, Inc." - C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Hans-Peter\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"T-Online_Software_6\WLAN-Access Finder" - "T-Online International AG, Marmiko IT-Solutions GmbH" - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
"KMConfig" - "UASSOFT.COM" - "C:\Programme\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" KMConfig.exe
"LaunchApp" - "Acer Inc." - Alaunch

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Keyboard And Mouse Communication Service" (KMWDSERVICE) - "UASSOFT.COM" - C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
"Norton AntiVirus Firewall Monitor Service" (NPFMntor) - ? - "C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe"  (File not found)
"Notebook Manager Service" (anbmService) - "OSA Technologies Inc." - C:\Acer\eManager\anbmServ.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "T-Online International AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\WINDOWS\ACER.SCR  (File found, but it contains no detailed information)
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
aswMBR.txt:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 03:45:59
-----------------------------
03:45:59.687    OS Version: Windows 5.1.2600 Service Pack 3
03:45:59.687    Number of processors: 1 586 0x2C02
03:45:59.687    ComputerName: ACER-9C5CBFE9EE  UserName: Hans-Peter
03:46:00.046    Initialize success
03:48:44.781    AVAST engine defs: 12053100
03:48:55.234    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:48:55.234    Disk 0 Vendor: HTS541080G9AT00 MB4VA60A Size: 76319MB BusType: 3
03:48:55.265    Disk 0 MBR read successfully
03:48:55.265    Disk 0 MBR scan
03:48:55.812    Disk 0 unknown MBR code
03:48:55.828    Disk 0 Partition 1 00     12  Compaq diag MSWIN4.1     3004 MB offset 63
03:48:56.171    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        36569 MB offset 6152895
03:48:56.734    Disk 0 Partition - 00     0F Extended LBA             36742 MB offset 81047925
03:48:56.750    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        36742 MB offset 81047988
03:48:56.781    Disk 0 scanning sectors +156296385
03:48:57.312    Disk 0 scanning C:\WINDOWS\system32\drivers
03:49:20.687    Service scanning
03:49:45.218    Modules scanning
03:49:51.828    Disk 0 trace - called modules:
03:49:51.875    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
03:49:51.875    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dce5e0]
03:49:51.890    3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\00000070[0x84d69f18]
03:49:51.906    5 ACPI.sys[f7494620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84dcfd98]
03:49:52.531    AVAST engine scan C:\WINDOWS
03:50:10.765    AVAST engine scan C:\WINDOWS\system32
03:53:47.156    AVAST engine scan C:\WINDOWS\system32\drivers
03:54:01.781    AVAST engine scan C:\Dokumente und Einstellungen\Hans-Peter
03:55:45.203    AVAST engine scan C:\Dokumente und Einstellungen\All Users
03:55:58.171    Scan finished successfully
03:57:34.796    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Hans-Peter\Desktop\MBR.dat"
03:57:34.828    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Hans-Peter\Desktop\aswMBR.txt"
         

Antwort

Themen zu Verschlüsselungstrojaner unter Windows XP
.com, babylon toolbar, babylontoolbar, bho, conduit, dateien, desktop, disabletaskmgr, einstellungen, error, explorer, firefox, format, helper, icq, logfile, netgear, object, realtek, registry, scan, security, security scan, software, trojaner, unter windows xp, wallpaper, windows, windows xp, winlogon, yahoo



Ähnliche Themen: Verschlüsselungstrojaner unter Windows XP


  1. l+f: Verschlüsselungstrojaner leidet unter Gedächtnisschwund
    Nachrichten - 09.11.2015 (0)
  2. Begrenzte Internetverbindung unter Windows 10; keinerlei Probleme unter Ubuntu
    Netzwerk und Hardware - 05.09.2015 (13)
  3. Windows-Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (4)
  4. Verschlüsselungstrojaner unter Windows Vista blockiert Bildschirm
    Log-Analyse und Auswertung - 27.07.2012 (18)
  5. Windows Update Verschlüsselungstrojaner unter XP
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (10)
  6. Verschlüsselungstrojaner (BKA) Windows 7 64 Bit
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (3)
  7. Windows XP Pro, Verschlüsselungstrojaner, Windows fährt nicht vollständig hoch
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (1)
  8. Erwischt: Windows Verschlüsselungstrojaner unter Windows XP via E-Mail
    Log-Analyse und Auswertung - 18.06.2012 (11)
  9. Windows Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 15.06.2012 (13)
  10. Windows verschlüsselungstrojaner
    Log-Analyse und Auswertung - 14.06.2012 (3)
  11. Verschlüsselungstrojaner (neue Version?) unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  12. Verschlüsselungstrojaner unter XP
    Log-Analyse und Auswertung - 06.06.2012 (3)
  13. Windows Verschlüsselungstrojaner .....
    Log-Analyse und Auswertung - 29.05.2012 (1)
  14. Windows Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 17.05.2012 (25)
  15. Verschlüsselungstrojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (5)
  16. Windows XP-Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 07.05.2012 (5)
  17. windows verschlüsselungstrojaner
    Log-Analyse und Auswertung - 27.04.2012 (12)

Zum Thema Verschlüsselungstrojaner unter Windows XP - Guten Abend, ebenso wie Hiltrud habe ich mir diesen Trojaner auf meinem Laptop eingefangen. Die Schritte, die in dem folgendem Thema erklärt wurden, habe ich bereits ausgeführt. Leider öffnete mein - Verschlüsselungstrojaner unter Windows XP...
Archiv
Du betrachtest: Verschlüsselungstrojaner unter Windows XP auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.