Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rocketnews-Trojaner und Spyhunter4 auf dem Rechner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.05.2012, 19:36   #1
juppxy
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Guten Abend,

ich habe folgendes Problem, welches hier auch schon öfters beschrieben wurde. Wenn ich bei google einen Suchtext eingebe werde ich automatisch mit der rocketnews Seite verbunden, welche sich jedoch nicht aufbaut.

In der Hoffnung diesen Trojaner zu entfernen habe ich leider den nächsten Fehler gemacht und Spyhunter4 installiert. Wie ich mittlerweile weiß war dies wohl ein Fehler, zumindest wird das hier so beschrieben.

Ich hoffe ihr könnt mir helfen meinen Rechner wieder sauber zu bekommen.

Vielen Dank im Voraus

Sarah

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.30.05

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 6.0.2900.5512
Sarah Wassermann :: ACER-F17C439E3C [Administrator]

30.05.2012 20:21:21
mbam-log-2012-05-30 (20-21-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217695
Laufzeit: 9 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 31.05.2012, 14:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 01.06.2012, 12:07   #3
juppxy
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Hallo,
vielen Dank, dass du dich meiner angenommen hast! Ich bin echt ziemlich verzweifelt... Ich habe jetzt alle Dinge gemacht, die du genannt hast. Leider bin ich total planlos, wie ich das nun poste - ich hoffe, dass das jetzt so ok ist?!
Hier nun die Daten von dem malware:

Code:
ATTFilter
rtfgswaqaMalwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.05.30.05

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 6.0.2900.5512
Sarah Wassermann :: ACER-F17C439E3C [Administrator]

31.05.2012 21:52:41
mbam-log-2012-05-31 (21-52-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 294203
Laufzeit: 1 Stunde(n), 28 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
         
Und hier die Daten von dem Esetscan:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=50ef877eb77823458865a94c88a57515
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-01 10:51:42
# local_time=2012-06-01 12:51:42 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777179 100 0 6490273 6490273 0 0
# compatibility_mode=8192 67108863 100 0 1037 1037 0 0
# scanned=83623
# found=3
# cleaned=0
# scan_time=3686
C:\WINDOWS\system32\BrDctF2LK.dll	a variant of Win32/Ponmocup.CU trojan (unable to clean)	00000000000000000000000000000000	I
C:\WINDOWS\Temp\2444ab.exe	Win32/PSW.Delf.OBN trojan (unable to clean)	00000000000000000000000000000000	I
${Memory}	probably a variant of Win32/Ponmocup.AA trojan	00000000000000000000000000000000	I
         
Bitte Bescheid geben, wenn ich das falsch poste, also ohne diese code-tags. Ich bin leider in diesem Bereich echt total ohne Plan, von daher würde ich mich umso mehr freuen, wenn du/ihr mir helfen könntet! EInfach Bescheid geben, wenn ich es anders posten soll!
Vielen, vielen Dank!
__________________

Geändert von juppxy (01.06.2012 um 12:26 Uhr)

Alt 01.06.2012, 14:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.06.2012, 15:14   #5
juppxy
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Sorry! Ich dachte, ich hätte das nur einmal gemacht!
Hier also der 1. und 2. log

Code:
ATTFilter
rtfgswaqaMalwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.30.05

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 6.0.2900.5512
Sarah Wassermann :: ACER-F17C439E3C [Administrator]

31.05.2012 21:52:41
mbam-log-2012-05-31 (21-52-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 294203
Laufzeit: 1 Stunde(n), 28 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Hier der zweite

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.30.05

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 6.0.2900.5512
Sarah Wassermann :: ACER-F17C439E3C [Administrator]

30.05.2012 20:21:21
mbam-log-2012-05-30 (20-21-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217695
Laufzeit: 9 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Passt das? Vielen, vielen Dank dir und entschuldige, meine Dusseligkeit!


Alt 01.06.2012, 15:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Rocketnews-Trojaner und Spyhunter4 auf dem Rechner

Alt 01.06.2012, 16:42   #7
juppxy
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Hallo Pc-Retter,

alles ist im Startmenü da, ich kann keine leeren Ordner sehen und Windows funktioniert, wie auch schon vorher, abgesehen von excel (aber das spinnt schon länger), einwandfrei.

Liebe Grüße!

Alt 02.06.2012, 15:57   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.06.2012, 16:50   #9
juppxy
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Hallo,
hier die otl-log

Code:
ATTFilter
OTL logfile created on: 02.06.2012 17:30:57 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Dokumente und Einstellungen\\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,98 Mb Total Physical Memory | 568,65 Mb Available Physical Memory | 56,08% Memory free
2,38 Gb Paging File | 1,98 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 44,99 Gb Total Space | 6,30 Gb Free Space | 14,00% Space Free | Partition Type: FAT32
Drive D: | 45,22 Gb Total Space | 45,06 Gb Free Space | 99,66% Space Free | Partition Type: FAT32
 
Computer Name: ACER-F17C439E3C | User Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 17:30:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Eigene Dateien\Downloads\OTL(2).exe
PRC - [2012.05.21 08:06:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.21 08:06:50 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.21 08:06:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.21 08:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.21 08:06:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.31 14:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007.12.14 17:19:26 | 000,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Programme\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2005.08.17 09:07:36 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Programme\acer\eRecovery\Monitor.exe
PRC - [2005.08.16 14:06:22 | 000,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.06.06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005.03.28 18:04:00 | 000,188,416 | ---- | M] (Acer Inc) -- C:\Acer\ePM\EPM-DM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.21 08:06:52 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2005.08.16 14:07:42 | 000,053,248 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\netmanage.dll -- (NetManager)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\dnscon70.dll -- (dnscon)
SRV - [2012.05.21 08:06:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.21 08:06:50 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.21 08:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.02 16:33:44 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 07:53:04 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008.04.14 07:52:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 07:52:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 07:52:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008.04.14 07:52:34 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008.04.14 07:52:18 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 07:52:16 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008.04.14 07:52:08 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007.09.05 21:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2005.06.06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.05.21 08:06:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.21 08:06:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:08 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.11.11 13:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2009.10.08 16:55:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.24 12:02:36 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.04.14 07:28:20 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008.04.14 07:28:14 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008.04.14 00:44:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008.04.14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2007.09.05 21:25:30 | 001,246,456 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005.08.16 13:53:54 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005.08.16 13:52:32 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005.08.16 13:52:28 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005.08.16 13:51:32 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.08.16 13:49:38 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.08.16 13:49:04 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.08.16 13:46:08 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005.06.30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.03.24 16:54:08 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005.02.10 09:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.10.07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.08.04 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004.08.04 05:00:00 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004.08.04 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004.07.19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2003.05.21 19:47:12 | 000,175,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = 
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid=&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.0
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.02.23 20:02:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.01.27 21:15:48 | 000,000,000 | ---D | M]
 
[2010.01.27 21:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sarah Wassermann\Anwendungsdaten\Mozilla\Extensions
[2010.01.27 21:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sarah Wassermann\Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions
[2010.07.26 21:21:40 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Sarah Wassermann\Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.27 21:25:06 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Dokumente und Einstellungen\Sarah Wassermann\Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.02.28 17:08:08 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Sarah Wassermann\Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.03.01 06:12:20 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\conduit.xml
[2011.12.20 14:29:56 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\webde-suche.xml
[2011.12.20 14:29:56 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\gmx-suche.xml
[2011.12.20 14:29:56 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\11-suche.xml
[2011.12.20 14:29:56 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\lastminute.xml
[2011.12.20 14:29:56 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\englische-ergebnisse.xml
[2010.01.27 21:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.18 07:45:36 | 000,576,958 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SARAH \ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DFV98DAO.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.05.02 16:33:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.06.10 13:52:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.14 06:21:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012.02.14 06:21:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 06:21:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 06:21:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 06:21:04 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.14 06:21:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\Toolbar\ShellBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [eRecoveryService] C:\Programme\acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER File not found
O4 - HKLM..\Run: [SMSTray] C:\Programme\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\Sarah \Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Senden an &Bluetooth - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/40.11/uploader2.cab (UploadListView Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A65AE0-4098-4A9E-916A-F33DAAA60B83}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\rtutily.dll File not found
O21 - SSODL: UpdateCheck - {62B433F2-6CBE-4094-A163-D75660173871} - C:\WINDOWS\system32\rtutily.dll File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Programme\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.23 17:08:56 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{04668d6a-ce72-11dd-8586-00038a000015}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{04668d6a-ce72-11dd-8586-00038a000015}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{09bbdd4c-0ee2-11dd-82c8-00038a000015}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{09bbdd4c-0ee2-11dd-82c8-00038a000015}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{2cc860a4-72a9-11de-8726-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc860a4-72a9-11de-8726-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2cc860a4-72a9-11de-8726-00038a000015}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{534ed714-653c-11de-8701-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{534ed714-653c-11de-8701-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{534ed714-653c-11de-8701-00038a000015}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6c948fd0-104b-11dd-82c9-00038a000015}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{6c948fd0-104b-11dd-82c9-00038a000015}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{d38dd680-5cce-11de-86e9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d38dd680-5cce-11de-86e9-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d38dd680-5cce-11de-86e9-00038a000015}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 11:32:58 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.05.31 21:47:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Desktop\Henny&Kalle
[2012.05.30 22:55:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\\Desktop\desktop alle dateien
[2012.05.30 22:27:45 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012.05.30 22:27:25 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.a3df.deleteme
[2012.05.30 22:27:14 | 000,000,000 | ---D | C] -- C:\Programme\stinger
[2012.05.30 21:08:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\MSNInstaller
[2012.05.30 20:19:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Malwarebytes
[2012.05.30 20:19:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.05.30 20:19:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.05.30 20:19:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.30 20:19:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.05.30 19:57:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\AskToolbar
[2012.05.30 19:42:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.05.30 19:42:37 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2012.05.30 19:40:44 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2012.05.30 19:32:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\TuneUp Software
[2012.05.30 19:31:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.05.30 19:31:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.30 19:31:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.05.06 19:49:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah \Eigene Dateien\Meine empfangenen Dateien
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.02 17:34:04 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.06.02 17:27:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012.06.02 17:27:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.02 17:26:52 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012.06.02 17:26:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.02 17:26:40 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Sfre.job
[2012.06.02 17:26:36 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.02 17:26:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.02 17:25:32 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012.06.02 14:53:12 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.01 13:25:36 | 000,062,474 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\wklnhst.dat
[2012.05.30 22:40:40 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012.05.30 22:27:22 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.a3df.deleteme
[2012.05.21 08:06:52 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.05.21 08:06:52 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.05.14 21:52:26 | 000,000,432 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012.05.10 06:24:46 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.09 21:26:10 | 000,464,856 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.09 21:26:10 | 000,446,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.09 21:26:10 | 000,087,060 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.09 21:26:10 | 000,073,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.09 21:23:12 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.30 15:45:47 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\Sfre.job
[2012.02.16 06:48:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.01.13 01:49:56 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011.01.12 16:48:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011.01.12 09:14:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011.01.12 09:14:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
 
========== LOP Check ==========
 
[2005.09.23 18:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010.01.16 10:41:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2012.04.21 08:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012.05.30 19:31:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.05.30 19:31:24 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.30 19:31:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.01.27 21:25:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\QuickScan
[2010.06.10 13:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\OpenOffice.org
[2010.07.03 21:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\PriceGong
[2010.07.26 21:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.11.29 21:36:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\InterTrust
[2011.02.08 16:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\ScanSoft
[2011.07.17 18:26:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\DVDVideoSoft
[2012.02.13 09:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\ElevatedDiagnostics
[2012.05.30 19:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\TuneUp Software
[2012.05.30 19:57:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\AskToolbar
[2012.05.30 21:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\MSNInstaller
[2008.05.13 09:59:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Ordner HP Share-to-Web
[2008.05.23 10:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Viewpoint
[2008.06.11 13:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\DataCast
[2012.06.02 17:26:52 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2012.06.02 17:34:04 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012.06.02 17:26:40 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\Sfre.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2005.09.23 16:54:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Identities
[2005.09.23 18:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\You've Got Pictures Screensaver
[2005.09.23 18:28:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\AOL
[2005.09.23 16:38:42 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Microsoft
[2010.01.27 21:16:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla
[2009.07.20 19:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Help
[2010.01.16 10:43:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\InstallShield
[2010.01.18 09:57:02 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Brother
[2010.01.27 21:25:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\QuickScan
[2010.02.09 20:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Sun
[2010.06.10 13:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\OpenOffice.org
[2010.06.17 22:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Real
[2010.07.03 21:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\PriceGong
[2010.07.26 21:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.11.29 21:36:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\InterTrust
[2011.02.08 16:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\ScanSoft
[2011.07.17 18:26:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\DVDVideoSoft
[2012.02.13 09:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\ElevatedDiagnostics
[2012.03.18 10:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Avira
[2012.05.30 19:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\TuneUp Software
[2012.05.30 19:57:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\AskToolbar
[2012.05.30 20:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Malwarebytes
[2012.05.30 21:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \\MSNInstaller
[2008.04.29 09:32:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Adobe
[2008.04.29 09:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\AdobeUM
[2008.04.29 10:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Macromedia
[2008.05.01 10:53:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\skypePM
[2008.05.01 11:58:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Google
[2008.05.13 09:59:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Ordner HP Share-to-Web
[2008.05.23 10:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Viewpoint
[2008.06.11 13:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\DataCast
[2008.06.24 20:40:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\CyberLink
 
< %APPDATA%\*.exe /s >
[2012.04.21 08:33:24 | 014,852,504 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.09.23 16:37:32 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2005.09.23 16:37:32 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.09.23 16:37:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         
Und hier war auch noch ein extra.log von otl. Ich weiß nicht, ob der auch wichtig ist, aber ich poste es einfach mal:

Code:
ATTFilter
OTL Extras logfile created on: 02.06.2012 17:30:57 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Dokumente und Einstellungen\Sarah \Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,98 Mb Total Physical Memory | 568,65 Mb Available Physical Memory | 56,08% Memory free
2,38 Gb Paging File | 1,98 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 44,99 Gb Total Space | 6,30 Gb Free Space | 14,00% Space Free | Partition Type: FAT32
Drive D: | 45,22 Gb Total Space | 45,06 Gb Free Space | 99,66% Space Free | Partition Type: FAT32
 
Computer Name: ACER-F17C439E3C | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\Real\RealPlayer\RealPlay.exe" = C:\Programme\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer
"C:\WINDOWS\System32\muzapp.exe" = C:\WINDOWS\System32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{C7CA945E-1F10-458B-AAAF-C566D25E3C02}" = Georg Büchner – Woyzeck
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFD11EED-40F8-4305-A445-354B8343E725}" = Thomas Mann - Mario und der Zauberer
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.6.715
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"Klett Lehrersoftware Green Line (Band 4)" = Klett Lehrersoftware Green Line (Band 4)
"Klett Lehrersoftware Green Line (Band 6)" = Klett Lehrersoftware Green Line (Band 6)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"QuickTime" = QuickTime
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.05.2012 12:46:42 | Computer Name = ACER-F17C439E3C | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.5604.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.05.2012 12:47:47 | Computer Name = ACER-F17C439E3C | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.5604.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.05.2012 03:04:11 | Computer Name = ACER-F17C439E3C | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
 
Error - 30.05.2012 09:15:01 | Computer Name = ACER-F17C439E3C | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 12.0.0.4493, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.05.2012 10:47:31 | Computer Name = ACER-F17C439E3C | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.5604.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.05.2012 13:05:38 | Computer Name = ACER-F17C439E3C | Source = VSS | ID = 4001
Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen
 von Schattenkopien nicht gefunden werden.  Fügen Sie mindestens ein NTFS-Laufwerk
 mit ausreichend Speicherplatz dem System hinzu.  Es sind mindestens 100 MB freier
 Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich.
 
Error - 30.05.2012 13:08:45 | Computer Name = ACER-F17C439E3C | Source = VSS | ID = 4001
Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen
 von Schattenkopien nicht gefunden werden.  Fügen Sie mindestens ein NTFS-Laufwerk
 mit ausreichend Speicherplatz dem System hinzu.  Es sind mindestens 100 MB freier
 Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich.
 
Error - 30.05.2012 13:14:31 | Computer Name = ACER-F17C439E3C | Source = VSS | ID = 4001
Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen
 von Schattenkopien nicht gefunden werden.  Fügen Sie mindestens ein NTFS-Laufwerk
 mit ausreichend Speicherplatz dem System hinzu.  Es sind mindestens 100 MB freier
 Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich.
 
Error - 30.05.2012 13:14:46 | Computer Name = ACER-F17C439E3C | Source = VSS | ID = 4001
Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen
 von Schattenkopien nicht gefunden werden.  Fügen Sie mindestens ein NTFS-Laufwerk
 mit ausreichend Speicherplatz dem System hinzu.  Es sind mindestens 100 MB freier
 Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich.
 
Error - 01.06.2012 14:44:55 | Computer Name = ACER-F17C439E3C | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x02ce0ff0.
 
[ System Events ]
Error - 02.06.2012 01:59:01 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS Connection" wurde mit folgendem Fehler beendet:   %%126
 
Error - 02.06.2012 01:59:01 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Network Manager Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 02.06.2012 08:51:10 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS Connection" wurde mit folgendem Fehler beendet:   %%126
 
Error - 02.06.2012 08:51:10 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Network Manager Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 02.06.2012 09:32:51 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS Connection" wurde mit folgendem Fehler beendet:   %%126
 
Error - 02.06.2012 09:32:51 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Network Manager Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 02.06.2012 11:11:56 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS Connection" wurde mit folgendem Fehler beendet:   %%126
 
Error - 02.06.2012 11:11:56 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Network Manager Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 02.06.2012 11:28:12 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS Connection" wurde mit folgendem Fehler beendet:   %%126
 
Error - 02.06.2012 11:28:13 | Computer Name = ACER-F17C439E3C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Network Manager Service" wurde mit folgendem Fehler beendet:
   %%126
 
 
< End of report >
         
Ist das so ok?

Liebe Grüße

Geändert von juppxy (02.06.2012 um 17:07 Uhr)

Alt 02.06.2012, 19:34   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid=&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS
FF - user.js - File not found
[2010.02.28 17:08:08 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Sarah Wassermann\Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.03.01 06:12:20 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\conduit.xml
[2011.12.20 14:29:56 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\webde-suche.xml
[2011.12.20 14:29:56 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\gmx-suche.xml
[2011.12.20 14:29:56 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\11-suche.xml
[2011.12.20 14:29:56 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\lastminute.xml
[2011.12.20 14:29:56 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\englische-ergebnisse.xml
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\Toolbar\ShellBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\rtutily.dll File not found
O21 - SSODL: UpdateCheck - {62B433F2-6CBE-4094-A163-D75660173871} - C:\WINDOWS\system32\rtutily.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.23 17:08:56 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{04668d6a-ce72-11dd-8586-00038a000015}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{04668d6a-ce72-11dd-8586-00038a000015}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{09bbdd4c-0ee2-11dd-82c8-00038a000015}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{09bbdd4c-0ee2-11dd-82c8-00038a000015}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{2cc860a4-72a9-11de-8726-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc860a4-72a9-11de-8726-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2cc860a4-72a9-11de-8726-00038a000015}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{534ed714-653c-11de-8701-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{534ed714-653c-11de-8701-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{534ed714-653c-11de-8701-00038a000015}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6c948fd0-104b-11dd-82c9-00038a000015}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{6c948fd0-104b-11dd-82c9-00038a000015}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{d38dd680-5cce-11de-86e9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d38dd680-5cce-11de-86e9-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d38dd680-5cce-11de-86e9-00038a000015}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2012.05.30 19:57:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\AskToolbar
[2012.05.30 19:42:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.07.03 21:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\PriceGong
:Files
C:\Programme\Ask.com

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.06.2012, 20:03   #11
juppxy
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Hallihallo,

hier also die Ergebnisse:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}\ deleted successfully.
C:\Programme\AskSearch\bin\DefaultSearch.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
C:\Dokumente und Einstellungen\Sarah Wassermann\Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully.
C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully.
C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully.
File C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\conduit.xml not found.
File C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\webde-suche.xml not found.
File C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\gmx-suche.xml not found.
File C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\11-suche.xml not found.
File C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\lastminute.xml not found.
File C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\Mozilla\Firefox\Profiles\dfv98dao.default\searchplugins\englische-ergebnisse.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2913619195-3556326265-1765705353-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\UpdateCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62B433F2-6CBE-4094-A163-D75660173871}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04668d6a-ce72-11dd-8586-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04668d6a-ce72-11dd-8586-00038a000015}\ not found.
File E:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04668d6a-ce72-11dd-8586-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04668d6a-ce72-11dd-8586-00038a000015}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09bbdd4c-0ee2-11dd-82c8-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09bbdd4c-0ee2-11dd-82c8-00038a000015}\ not found.
File G:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09bbdd4c-0ee2-11dd-82c8-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09bbdd4c-0ee2-11dd-82c8-00038a000015}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cc860a4-72a9-11de-8726-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cc860a4-72a9-11de-8726-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cc860a4-72a9-11de-8726-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cc860a4-72a9-11de-8726-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cc860a4-72a9-11de-8726-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cc860a4-72a9-11de-8726-00038a000015}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{534ed714-653c-11de-8701-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534ed714-653c-11de-8701-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{534ed714-653c-11de-8701-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534ed714-653c-11de-8701-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{534ed714-653c-11de-8701-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534ed714-653c-11de-8701-00038a000015}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c948fd0-104b-11dd-82c9-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c948fd0-104b-11dd-82c9-00038a000015}\ not found.
File G:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c948fd0-104b-11dd-82c9-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c948fd0-104b-11dd-82c9-00038a000015}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d38dd680-5cce-11de-86e9-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d38dd680-5cce-11de-86e9-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d38dd680-5cce-11de-86e9-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d38dd680-5cce-11de-86e9-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d38dd680-5cce-11de-86e9-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d38dd680-5cce-11de-86e9-00038a000015}\ not found.
File E:\AutoRun.exe not found.
Folder C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\AskToolbar\ not found.
C:\sh4ldr folder moved successfully.
Folder C:\Dokumente und Einstellungen\Sarah \Anwendungsdaten\PriceGong\ not found.
========== FILES ==========
C:\Programme\Ask.com\assets\oobe folder moved successfully.
C:\Programme\Ask.com\assets folder moved successfully.
C:\Programme\Ask.com\Updater folder moved successfully.
C:\Programme\Ask.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400807 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 49353 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: Sarah 
->Temp folder emptied: 350107011 bytes
->Temporary Internet Files folder emptied: 153259277 bytes
->Java cache emptied: 9013837 bytes
->FireFox cache emptied: 303826356 bytes
->Flash cache emptied: 15204461 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1479885 bytes
%systemroot%\System32 .tmp files removed: 3487623 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33734460 bytes
RecycleBin emptied: 814 bytes
 
Total Files Cleaned = 830,00 mb
 
 
[EMPTYFLASH]
 
User: Default User
 
User: All Users
 
User: NetworkService
 
User: LocalService
 
User: Administrator
 
User: Sarah 
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 06022012_205120

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Sarah \Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für Stationsarbeit zur Wiederholung und Erarbeitung der Zeitformen des deutschen Verbs.zip\Stationen zur Vertiefung von Zeitformen\Stationen Aufregung im Wintercamp.doc not found!

Registry entries deleted on Reboot...
         
Vielen Dank! Ich bin echt sehr dankbar, dass man mir hilft!

Alt 03.06.2012, 12:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.06.2012, 13:19   #13
juppxy
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Hier log Nr. 1 vom TDSS:

Code:
ATTFilter
14:10:33.0718 3520	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:10:33.0921 3520	============================================================
14:10:33.0921 3520	Current date / time: 2012/06/03 14:10:33.0921
14:10:33.0921 3520	SystemInfo:
14:10:33.0921 3520	
14:10:33.0921 3520	OS Version: 5.1.2600 ServicePack: 3.0
14:10:33.0921 3520	Product type: Workstation
14:10:33.0921 3520	ComputerName: ACER-F17C439E3C
14:10:33.0921 3520	UserName: Sarah 
14:10:33.0921 3520	Windows directory: C:\WINDOWS
14:10:33.0921 3520	System windows directory: C:\WINDOWS
14:10:33.0921 3520	Processor architecture: Intel x86
14:10:33.0921 3520	Number of processors: 1
14:10:33.0921 3520	Page size: 0x1000
14:10:33.0921 3520	Boot type: Normal boot
14:10:33.0921 3520	============================================================
14:10:36.0593 3520	Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:10:36.0609 3520	============================================================
14:10:36.0609 3520	\Device\Harddisk0\DR0:
14:10:36.0640 3520	MBR partitions:
14:10:36.0640 3520	\Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x5DE2BF, BlocksNum 0x59FE872
14:10:36.0656 3520	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x5FDCB70, BlocksNum 0x5A742D1
14:10:36.0656 3520	============================================================
14:10:36.0906 3520	C: <-> \Device\Harddisk0\DR0\Partition0
14:10:36.0921 3520	D: <-> \Device\Harddisk0\DR0\Partition1
14:10:36.0921 3520	============================================================
14:10:36.0921 3520	Initialize success
14:10:36.0921 3520	============================================================
14:11:55.0921 1608	============================================================
14:11:55.0921 1608	Scan started
14:11:55.0921 1608	Mode: Manual; SigCheck; TDLFS; 
14:11:55.0921 1608	============================================================
14:11:56.0218 1608	Abiosdsk - ok
14:11:56.0265 1608	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:11:56.0609 1608	abp480n5 - ok
14:11:56.0640 1608	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:11:56.0750 1608	ACPI - ok
14:11:56.0750 1608	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:11:56.0890 1608	ACPIEC - ok
14:11:56.0906 1608	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:11:57.0031 1608	adpu160m - ok
14:11:57.0093 1608	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:11:57.0203 1608	aec - ok
14:11:57.0250 1608	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:11:57.0296 1608	AFD - ok
14:11:57.0390 1608	AgereSoftModem  (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:11:57.0546 1608	AgereSoftModem - ok
14:11:57.0562 1608	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:11:57.0687 1608	agp440 - ok
14:11:57.0718 1608	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:11:57.0812 1608	agpCPQ - ok
14:11:57.0828 1608	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:11:57.0875 1608	Aha154x - ok
14:11:57.0890 1608	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:11:58.0015 1608	aic78u2 - ok
14:11:58.0031 1608	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:11:58.0125 1608	aic78xx - ok
14:11:58.0281 1608	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
14:11:58.0406 1608	Alerter - ok
14:11:58.0484 1608	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
14:11:58.0593 1608	ALG - ok
14:11:58.0609 1608	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:11:58.0718 1608	AliIde - ok
14:11:58.0734 1608	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:11:58.0859 1608	alim1541 - ok
14:11:58.0875 1608	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:11:58.0984 1608	amdagp - ok
14:11:59.0000 1608	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:11:59.0046 1608	amsint - ok
14:11:59.0062 1608	anbmService - ok
14:11:59.0140 1608	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
14:11:59.0156 1608	AntiVirSchedulerService - ok
14:11:59.0187 1608	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
14:11:59.0203 1608	AntiVirService - ok
14:11:59.0250 1608	AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:11:59.0281 1608	AntiVirWebService - ok
14:11:59.0390 1608	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
14:11:59.0500 1608	AppMgmt - ok
14:11:59.0546 1608	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:11:59.0656 1608	Arp1394 - ok
14:11:59.0671 1608	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:11:59.0796 1608	asc - ok
14:11:59.0812 1608	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:11:59.0859 1608	asc3350p - ok
14:11:59.0890 1608	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:12:00.0000 1608	asc3550 - ok
14:12:00.0140 1608	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:12:00.0140 1608	aspnet_state - ok
14:12:00.0187 1608	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:12:00.0296 1608	AsyncMac - ok
14:12:00.0312 1608	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:12:00.0421 1608	atapi - ok
14:12:00.0437 1608	Atdisk - ok
14:12:00.0468 1608	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:12:00.0578 1608	Atmarpc - ok
14:12:00.0671 1608	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
14:12:00.0796 1608	AudioSrv - ok
14:12:00.0812 1608	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:12:00.0921 1608	audstub - ok
14:12:00.0968 1608	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:12:01.0000 1608	avgntflt - ok
14:12:01.0046 1608	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:12:01.0062 1608	avipbb - ok
14:12:01.0078 1608	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:12:01.0078 1608	avkmgr - ok
14:12:01.0109 1608	b57w2k          (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:12:01.0156 1608	b57w2k - ok
14:12:01.0187 1608	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:12:01.0312 1608	Beep - ok
14:12:01.0390 1608	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
14:12:01.0515 1608	BITS - ok
14:12:01.0593 1608	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
14:12:01.0718 1608	Browser - ok
14:12:01.0765 1608	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
14:12:01.0812 1608	BrScnUsb - ok
14:12:01.0875 1608	btaudio         (6acd0c20891e5aeb553595411346b651) C:\WINDOWS\system32\drivers\btaudio.sys
14:12:01.0937 1608	btaudio ( UnsignedFile.Multi.Generic ) - warning
14:12:01.0937 1608	btaudio - detected UnsignedFile.Multi.Generic (1)
14:12:01.0984 1608	BTDriver        (c28d56499a050c43f4f6616d1f9d9aeb) C:\WINDOWS\system32\DRIVERS\btport.sys
14:12:02.0000 1608	BTDriver ( UnsignedFile.Multi.Generic ) - warning
14:12:02.0000 1608	BTDriver - detected UnsignedFile.Multi.Generic (1)
14:12:02.0031 1608	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:12:02.0125 1608	BthEnum - ok
14:12:02.0140 1608	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:12:02.0265 1608	BthPan - ok
14:12:02.0328 1608	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
14:12:02.0375 1608	BTHPORT - ok
14:12:02.0406 1608	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
14:12:02.0531 1608	BthServ - ok
14:12:02.0546 1608	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:12:02.0656 1608	BTHUSB - ok
14:12:02.0750 1608	BTKRNL          (ad43bb2d7bd92ff55b568cfe7404ce7a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:12:02.0843 1608	BTKRNL ( UnsignedFile.Multi.Generic ) - warning
14:12:02.0843 1608	BTKRNL - detected UnsignedFile.Multi.Generic (1)
14:12:02.0906 1608	BTSERIAL        (bec73a460c1f4a77a4e4081090762453) C:\WINDOWS\system32\drivers\btserial.sys
14:12:02.0921 1608	BTSERIAL ( UnsignedFile.Multi.Generic ) - warning
14:12:02.0921 1608	BTSERIAL - detected UnsignedFile.Multi.Generic (1)
14:12:02.0937 1608	BTSLBCSP        (cf7051b21b3faa33cb78ee0b56129d1c) C:\WINDOWS\system32\drivers\btslbcsp.sys
14:12:02.0953 1608	BTSLBCSP ( UnsignedFile.Multi.Generic ) - warning
14:12:02.0953 1608	BTSLBCSP - detected UnsignedFile.Multi.Generic (1)
14:12:03.0093 1608	btwdins         (3ac1a3ad155fc9b0c3adde8e10411785) c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:12:03.0109 1608	btwdins ( UnsignedFile.Multi.Generic ) - warning
14:12:03.0109 1608	btwdins - detected UnsignedFile.Multi.Generic (1)
14:12:03.0156 1608	BTWDNDIS        (bd9b026ffe8cc4cc9eead94cfff73aa7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
14:12:03.0171 1608	BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
14:12:03.0171 1608	BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
14:12:03.0218 1608	BTWUSB          (d46543449fe424de9efe8333f60bdfa6) C:\WINDOWS\system32\Drivers\btwusb.sys
14:12:03.0234 1608	BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:12:03.0234 1608	BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:12:03.0281 1608	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:12:03.0406 1608	cbidf - ok
14:12:03.0406 1608	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:12:04.0359 1608	cbidf2k - ok
14:12:04.0375 1608	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:12:04.0437 1608	cd20xrnt - ok
14:12:04.0453 1608	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:12:04.0578 1608	Cdaudio - ok
14:12:04.0625 1608	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:12:04.0718 1608	Cdfs - ok
14:12:04.0750 1608	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:12:04.0859 1608	Cdrom - ok
14:12:04.0875 1608	Changer - ok
14:12:04.0984 1608	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
14:12:05.0109 1608	CiSvc - ok
14:12:05.0218 1608	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
14:12:05.0343 1608	ClipSrv - ok
14:12:05.0437 1608	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:12:05.0437 1608	clr_optimization_v2.0.50727_32 - ok
14:12:05.0468 1608	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:12:05.0578 1608	CmBatt - ok
14:12:05.0609 1608	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:12:05.0718 1608	CmdIde - ok
14:12:05.0718 1608	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:12:05.0828 1608	Compbatt - ok
14:12:05.0890 1608	COMSysApp - ok
14:12:05.0921 1608	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:12:06.0031 1608	Cpqarray - ok
14:12:06.0046 1608	cpudrv - ok
14:12:06.0140 1608	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
14:12:06.0265 1608	CryptSvc - ok
14:12:06.0281 1608	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:12:06.0390 1608	dac2w2k - ok
14:12:06.0406 1608	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:12:06.0531 1608	dac960nt - ok
14:12:06.0609 1608	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
14:12:06.0718 1608	DcomLaunch - ok
14:12:06.0765 1608	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
14:12:06.0875 1608	Dhcp - ok
14:12:06.0890 1608	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:12:07.0000 1608	Disk - ok
14:12:07.0062 1608	dmadmin - ok
14:12:07.0187 1608	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:12:07.0343 1608	dmboot - ok
14:12:07.0390 1608	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
14:12:07.0515 1608	dmio - ok
14:12:07.0531 1608	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:12:07.0656 1608	dmload - ok
14:12:07.0750 1608	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
14:12:07.0859 1608	dmserver - ok
14:12:07.0890 1608	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:12:08.0015 1608	DMusic - ok
14:12:08.0046 1608	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
14:12:08.0109 1608	Dnscache - ok
14:12:08.0156 1608	dnscon - ok
14:12:08.0218 1608	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
14:12:08.0343 1608	Dot3svc - ok
14:12:08.0375 1608	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:12:08.0500 1608	dpti2o - ok
14:12:08.0546 1608	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:12:08.0656 1608	drmkaud - ok
14:12:08.0750 1608	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
14:12:08.0875 1608	EapHost - ok
14:12:08.0921 1608	EpmPsd          (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
14:12:08.0937 1608	EpmPsd ( UnsignedFile.Multi.Generic ) - warning
14:12:08.0937 1608	EpmPsd - detected UnsignedFile.Multi.Generic (1)
14:12:08.0953 1608	EpmShd          (b2d71ba438701b5f0368b958bea2dc62) C:\WINDOWS\system32\drivers\epm-shd.sys
14:12:08.0953 1608	EpmShd ( UnsignedFile.Multi.Generic ) - warning
14:12:08.0953 1608	EpmShd - detected UnsignedFile.Multi.Generic (1)
14:12:09.0046 1608	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
14:12:09.0156 1608	ERSvc - ok
14:12:09.0234 1608	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:12:09.0265 1608	Eventlog - ok
14:12:09.0312 1608	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
14:12:09.0343 1608	EventSystem - ok
14:12:09.0359 1608	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:12:09.0468 1608	Fastfat - ok
14:12:09.0515 1608	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:12:09.0562 1608	FastUserSwitchingCompatibility - ok
14:12:09.0640 1608	Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
14:12:09.0750 1608	Fax - ok
14:12:09.0781 1608	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:12:09.0890 1608	Fdc - ok
14:12:09.0921 1608	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:12:10.0031 1608	Fips - ok
14:12:10.0046 1608	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:12:10.0140 1608	Flpydisk - ok
14:12:10.0171 1608	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:12:10.0296 1608	FltMgr - ok
14:12:10.0375 1608	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:12:10.0390 1608	FontCache3.0.0.0 - ok
14:12:10.0390 1608	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:12:10.0531 1608	Fs_Rec - ok
14:12:10.0546 1608	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:12:10.0656 1608	Ftdisk - ok
14:12:10.0687 1608	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:12:10.0796 1608	Gpc - ok
14:12:10.0937 1608	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
14:12:10.0953 1608	gupdate - ok
14:12:10.0953 1608	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
14:12:10.0968 1608	gupdatem - ok
14:12:11.0000 1608	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:12:11.0125 1608	HDAudBus - ok
14:12:11.0187 1608	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:12:11.0296 1608	helpsvc - ok
14:12:11.0343 1608	HidServ - ok
14:12:11.0437 1608	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
14:12:11.0546 1608	hkmsvc - ok
14:12:11.0578 1608	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:12:11.0687 1608	hpn - ok
14:12:11.0734 1608	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:12:11.0796 1608	HTTP - ok
14:12:11.0890 1608	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
14:12:12.0000 1608	HTTPFilter - ok
14:12:12.0046 1608	hwdatacard      (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:12:12.0093 1608	hwdatacard - ok
14:12:12.0125 1608	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:12:12.0234 1608	i2omgmt - ok
14:12:12.0250 1608	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:12:12.0359 1608	i2omp - ok
14:12:12.0375 1608	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:12:12.0500 1608	i8042prt - ok
14:12:12.0562 1608	ialm            (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:12:12.0671 1608	ialm - ok
14:12:12.0781 1608	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:12:12.0875 1608	idsvc - ok
14:12:12.0906 1608	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:12:13.0015 1608	Imapi - ok
14:12:13.0156 1608	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
14:12:13.0281 1608	ImapiService - ok
14:12:13.0328 1608	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:12:13.0437 1608	ini910u - ok
14:12:13.0546 1608	int15.sys       (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Programme\Acer\eRecovery\int15.sys
14:12:13.0562 1608	int15.sys ( UnsignedFile.Multi.Generic ) - warning
14:12:13.0562 1608	int15.sys - detected UnsignedFile.Multi.Generic (1)
14:12:13.0562 1608	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:12:13.0671 1608	IntelIde - ok
14:12:13.0687 1608	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:12:13.0812 1608	intelppm - ok
14:12:13.0828 1608	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:12:13.0937 1608	Ip6Fw - ok
14:12:13.0968 1608	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:12:14.0078 1608	IpFilterDriver - ok
14:12:14.0109 1608	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:12:14.0218 1608	IpInIp - ok
14:12:14.0265 1608	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:12:14.0359 1608	IpNat - ok
14:12:14.0390 1608	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:12:14.0484 1608	IPSec - ok
14:12:14.0546 1608	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
14:12:14.0671 1608	irda - ok
14:12:14.0703 1608	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:12:14.0796 1608	IRENUM - ok
14:12:14.0859 1608	Irmon           (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
14:12:14.0968 1608	Irmon - ok
14:12:15.0000 1608	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:12:15.0109 1608	isapnp - ok
14:12:15.0234 1608	JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe
14:12:15.0250 1608	JavaQuickStarterService - ok
14:12:15.0265 1608	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:12:15.0390 1608	Kbdclass - ok
14:12:15.0468 1608	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:12:15.0578 1608	kmixer - ok
14:12:15.0593 1608	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:12:15.0656 1608	KSecDD - ok
14:12:15.0703 1608	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
14:12:15.0734 1608	lanmanserver - ok
14:12:15.0765 1608	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
14:12:15.0812 1608	lanmanworkstation - ok
14:12:15.0828 1608	lbrtfdc - ok
14:12:15.0859 1608	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
14:12:15.0968 1608	LmHosts - ok
14:12:16.0031 1608	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
14:12:16.0125 1608	Messenger - ok
14:12:16.0156 1608	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:12:16.0265 1608	mnmdd - ok
14:12:16.0312 1608	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
14:12:16.0421 1608	mnmsrvc - ok
14:12:16.0437 1608	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:12:16.0546 1608	Modem - ok
14:12:16.0578 1608	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:12:16.0703 1608	Mouclass - ok
14:12:16.0734 1608	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:12:16.0828 1608	MountMgr - ok
14:12:16.0906 1608	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:12:16.0921 1608	MozillaMaintenance - ok
14:12:16.0937 1608	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:12:17.0046 1608	mraid35x - ok
14:12:17.0078 1608	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:12:17.0187 1608	MRxDAV - ok
14:12:17.0234 1608	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:12:17.0328 1608	MRxSmb - ok
14:12:17.0421 1608	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
14:12:17.0531 1608	MSDTC - ok
14:12:17.0546 1608	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:12:17.0656 1608	Msfs - ok
14:12:17.0750 1608	MSIServer - ok
14:12:17.0796 1608	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:12:17.0906 1608	MSKSSRV - ok
14:12:17.0921 1608	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:12:18.0015 1608	MSPCLOCK - ok
14:12:18.0046 1608	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:12:18.0156 1608	MSPQM - ok
14:12:18.0171 1608	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:12:18.0281 1608	mssmbios - ok
14:12:18.0312 1608	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:12:18.0343 1608	Mup - ok
14:12:18.0484 1608	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
14:12:18.0609 1608	napagent - ok
14:12:18.0640 1608	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:12:18.0750 1608	NDIS - ok
14:12:18.0765 1608	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:12:18.0796 1608	NdisTapi - ok
14:12:18.0812 1608	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:12:18.0921 1608	Ndisuio - ok
14:12:18.0953 1608	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:12:19.0062 1608	NdisWan - ok
14:12:19.0109 1608	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:12:19.0140 1608	NDProxy - ok
14:12:19.0156 1608	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:12:19.0265 1608	NetBIOS - ok
14:12:19.0328 1608	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:12:19.0437 1608	NetBT - ok
14:12:19.0531 1608	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:12:19.0640 1608	NetDDE - ok
14:12:19.0656 1608	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:12:19.0750 1608	NetDDEdsdm - ok
14:12:19.0796 1608	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:12:19.0906 1608	Netlogon - ok
14:12:19.0953 1608	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
14:12:20.0062 1608	Netman - ok
14:12:20.0125 1608	NetManager - ok
14:12:20.0218 1608	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:12:20.0234 1608	NetTcpPortSharing - ok
14:12:20.0265 1608	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:12:20.0390 1608	NIC1394 - ok
14:12:20.0453 1608	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
14:12:20.0515 1608	Nla - ok
14:12:20.0531 1608	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:12:20.0640 1608	Npfs - ok
14:12:20.0671 1608	NSCIRDA         (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:12:20.0765 1608	NSCIRDA - ok
14:12:20.0859 1608	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:12:20.0968 1608	Ntfs - ok
14:12:21.0015 1608	NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
14:12:21.0046 1608	NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
14:12:21.0046 1608	NTIDrvr - detected UnsignedFile.Multi.Generic (1)
14:12:21.0062 1608	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:12:21.0156 1608	NtLmSsp - ok
14:12:21.0265 1608	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
14:12:21.0437 1608	NtmsSvc - ok
14:12:21.0484 1608	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:12:21.0593 1608	Null - ok
14:12:21.0625 1608	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:12:21.0750 1608	NwlnkFlt - ok
14:12:21.0750 1608	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:12:21.0875 1608	NwlnkFwd - ok
14:12:21.0906 1608	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:12:22.0015 1608	ohci1394 - ok
14:12:22.0062 1608	osaio           (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
14:12:22.0078 1608	osaio ( UnsignedFile.Multi.Generic ) - warning
14:12:22.0078 1608	osaio - detected UnsignedFile.Multi.Generic (1)
14:12:22.0093 1608	osanbm          (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
14:12:22.0109 1608	osanbm ( UnsignedFile.Multi.Generic ) - warning
14:12:22.0109 1608	osanbm - detected UnsignedFile.Multi.Generic (1)
14:12:22.0234 1608	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:12:22.0265 1608	ose - ok
14:12:22.0296 1608	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
14:12:22.0406 1608	Parport - ok
14:12:22.0421 1608	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:12:22.0515 1608	PartMgr - ok
14:12:22.0562 1608	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:12:22.0671 1608	ParVdm - ok
14:12:22.0687 1608	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:12:22.0796 1608	PCI - ok
14:12:22.0812 1608	PCIDump - ok
14:12:22.0828 1608	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:12:22.0953 1608	PCIIde - ok
14:12:22.0984 1608	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:12:23.0078 1608	Pcmcia - ok
14:12:23.0093 1608	PDCOMP - ok
14:12:23.0109 1608	PDFRAME - ok
14:12:23.0125 1608	PDRELI - ok
14:12:23.0140 1608	PDRFRAME - ok
14:12:23.0156 1608	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:12:23.0265 1608	perc2 - ok
14:12:23.0281 1608	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:12:23.0390 1608	perc2hib - ok
14:12:23.0453 1608	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:12:23.0500 1608	PlugPlay - ok
14:12:23.0531 1608	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:12:23.0640 1608	PolicyAgent - ok
14:12:23.0671 1608	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:12:23.0765 1608	PptpMiniport - ok
14:12:23.0796 1608	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:12:23.0906 1608	ProtectedStorage - ok
14:12:23.0921 1608	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:12:24.0031 1608	PSched - ok
14:12:24.0046 1608	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:12:24.0156 1608	Ptilink - ok
14:12:24.0171 1608	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:12:24.0281 1608	ql1080 - ok
14:12:24.0296 1608	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:12:24.0390 1608	Ql10wnt - ok
14:12:24.0406 1608	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:12:24.0531 1608	ql12160 - ok
14:12:24.0546 1608	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:12:24.0656 1608	ql1240 - ok
14:12:24.0671 1608	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:12:24.0796 1608	ql1280 - ok
14:12:24.0812 1608	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:12:24.0937 1608	RasAcd - ok
14:12:25.0000 1608	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
14:12:25.0109 1608	RasAuto - ok
14:12:25.0125 1608	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:12:25.0187 1608	Rasirda - ok
14:12:25.0203 1608	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:12:25.0296 1608	Rasl2tp - ok
14:12:25.0375 1608	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
14:12:25.0468 1608	RasMan - ok
14:12:25.0500 1608	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:12:25.0593 1608	RasPppoe - ok
14:12:25.0609 1608	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:12:25.0734 1608	Raspti - ok
14:12:25.0765 1608	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:12:25.0875 1608	Rdbss - ok
14:12:25.0875 1608	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:12:25.0984 1608	RDPCDD - ok
14:12:26.0062 1608	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:12:26.0171 1608	rdpdr - ok
14:12:26.0203 1608	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:12:26.0218 1608	RDPWD - ok
14:12:26.0281 1608	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
14:12:26.0390 1608	RDSessMgr - ok
14:12:26.0421 1608	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:12:26.0531 1608	redbook - ok
14:12:26.0656 1608	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
14:12:26.0765 1608	RemoteAccess - ok
14:12:26.0812 1608	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
14:12:26.0921 1608	RemoteRegistry - ok
14:12:26.0953 1608	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:12:27.0062 1608	RFCOMM - ok
14:12:27.0109 1608	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
14:12:27.0218 1608	RpcLocator - ok
14:12:27.0312 1608	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
14:12:27.0359 1608	RpcSs - ok
14:12:27.0406 1608	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
14:12:27.0515 1608	RSVP - ok
14:12:27.0562 1608	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:12:27.0656 1608	SamSs - ok
14:12:27.0687 1608	sbp2port        (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
14:12:27.0796 1608	sbp2port - ok
14:12:27.0843 1608	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
14:12:27.0953 1608	SCardSvr - ok
14:12:28.0000 1608	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
14:12:28.0109 1608	Schedule - ok
14:12:28.0156 1608	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:12:28.0265 1608	Secdrv - ok
14:12:28.0359 1608	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
14:12:28.0468 1608	seclogon - ok
14:12:28.0562 1608	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
14:12:28.0656 1608	SENS - ok
14:12:28.0687 1608	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:12:28.0781 1608	serenum - ok
14:12:28.0796 1608	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
14:12:28.0921 1608	Serial - ok
14:12:28.0968 1608	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:12:29.0078 1608	Sfloppy - ok
14:12:29.0203 1608	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
14:12:29.0328 1608	SharedAccess - ok
14:12:29.0359 1608	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:12:29.0390 1608	ShellHWDetection - ok
14:12:29.0406 1608	Simbad - ok
14:12:29.0421 1608	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:12:29.0546 1608	sisagp - ok
14:12:29.0562 1608	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:12:29.0609 1608	Sparrow - ok
14:12:29.0671 1608	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:12:29.0796 1608	splitter - ok
14:12:29.0828 1608	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:12:29.0875 1608	Spooler - ok
14:12:29.0890 1608	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:12:30.0000 1608	sr - ok
14:12:30.0078 1608	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
14:12:30.0187 1608	srservice - ok
14:12:30.0250 1608	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:12:30.0328 1608	Srv - ok
14:12:30.0375 1608	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
14:12:30.0484 1608	SSDPSRV - ok
14:12:30.0531 1608	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:12:30.0531 1608	ssmdrv - ok
14:12:30.0593 1608	STacSV          (f70ab08582e06a8bda3e470592d1a394) C:\WINDOWS\system32\STacSV.exe
14:12:30.0625 1608	STacSV - ok
14:12:30.0796 1608	STHDA           (146fac5d70c235cacebeff21b67651ba) C:\WINDOWS\system32\drivers\sthda.sys
14:12:30.0921 1608	STHDA - ok
14:12:31.0000 1608	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
14:12:31.0156 1608	stisvc - ok
14:12:31.0218 1608	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:31.0328 1608	swenum - ok
14:12:31.0375 1608	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:12:31.0484 1608	swmidi - ok
14:12:31.0578 1608	SwPrv - ok
14:12:31.0625 1608	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:12:31.0750 1608	symc810 - ok
14:12:31.0765 1608	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:12:31.0875 1608	symc8xx - ok
14:12:31.0890 1608	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:12:32.0015 1608	sym_hi - ok
14:12:32.0015 1608	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:12:32.0125 1608	sym_u3 - ok
14:12:32.0156 1608	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:32.0265 1608	sysaudio - ok
14:12:32.0312 1608	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
14:12:32.0406 1608	SysmonLog - ok
14:12:32.0500 1608	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
14:12:32.0625 1608	TapiSrv - ok
14:12:32.0671 1608	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:32.0765 1608	Tcpip - ok
14:12:32.0781 1608	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:32.0890 1608	TDPIPE - ok
14:12:32.0906 1608	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:33.0015 1608	TDTCP - ok
14:12:33.0062 1608	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:33.0171 1608	TermDD - ok
14:12:33.0265 1608	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
14:12:33.0406 1608	TermService - ok
14:12:33.0453 1608	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:12:33.0453 1608	Themes - ok
14:12:33.0484 1608	tifm21          (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
14:12:33.0515 1608	tifm21 - ok
14:12:33.0609 1608	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
14:12:33.0703 1608	TlntSvr - ok
14:12:33.0718 1608	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
14:12:33.0843 1608	TosIde - ok
14:12:33.0906 1608	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
14:12:34.0015 1608	TrkWks - ok
14:12:34.0046 1608	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:12:34.0171 1608	Udfs - ok
14:12:34.0187 1608	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:12:34.0234 1608	ultra - ok
14:12:34.0265 1608	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:12:34.0421 1608	Update - ok
14:12:34.0484 1608	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
14:12:34.0593 1608	upnphost - ok
14:12:34.0656 1608	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
14:12:34.0765 1608	UPS - ok
14:12:34.0796 1608	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:12:34.0921 1608	usbccgp - ok
14:12:34.0937 1608	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:35.0046 1608	usbehci - ok
14:12:35.0093 1608	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:35.0203 1608	usbhub - ok
14:12:35.0234 1608	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:12:35.0343 1608	usbprint - ok
14:12:35.0375 1608	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:12:35.0468 1608	usbscan - ok
14:12:35.0484 1608	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:35.0593 1608	USBSTOR - ok
14:12:35.0625 1608	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:12:35.0734 1608	usbuhci - ok
14:12:35.0765 1608	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:12:35.0875 1608	VgaSave - ok
14:12:35.0906 1608	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:12:36.0015 1608	viaagp - ok
14:12:36.0031 1608	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:12:36.0125 1608	ViaIde - ok
14:12:36.0140 1608	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:36.0250 1608	VolSnap - ok
14:12:36.0343 1608	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
14:12:36.0468 1608	VSS - ok
14:12:36.0609 1608	w29n51          (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
14:12:36.0781 1608	w29n51 - ok
14:12:36.0890 1608	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
14:12:37.0000 1608	W32Time - ok
14:12:37.0062 1608	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:37.0171 1608	Wanarp - ok
14:12:37.0187 1608	wanatw - ok
14:12:37.0203 1608	WDICA - ok
14:12:37.0265 1608	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:37.0375 1608	wdmaud - ok
14:12:37.0437 1608	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
14:12:37.0546 1608	WebClient - ok
14:12:37.0625 1608	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:12:37.0750 1608	winmgmt - ok
14:12:37.0828 1608	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:12:37.0890 1608	WmdmPmSN - ok
14:12:37.0953 1608	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
14:12:38.0046 1608	Wmi - ok
14:12:38.0078 1608	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:12:38.0203 1608	WmiApSrv - ok
14:12:38.0312 1608	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
14:12:38.0421 1608	WMPNetworkSvc - ok
14:12:38.0500 1608	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:12:38.0531 1608	WpdUsb - ok
14:12:38.0562 1608	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:12:38.0687 1608	WS2IFSL - ok
14:12:38.0828 1608	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
14:12:38.0953 1608	wscsvc - ok
14:12:39.0046 1608	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
14:12:39.0156 1608	wuauserv - ok
14:12:39.0218 1608	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:12:39.0250 1608	WudfPf - ok
14:12:39.0281 1608	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:12:39.0328 1608	WudfRd - ok
14:12:39.0375 1608	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:12:39.0390 1608	WudfSvc - ok
14:12:39.0468 1608	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
14:12:39.0625 1608	WZCSVC - ok
14:12:39.0734 1608	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
14:12:39.0843 1608	xmlprov - ok
14:12:39.0890 1608	MBR (0x1B8)     (67d07fa51dcd5a4397248f397bb779ae) \Device\Harddisk0\DR0
14:12:43.0265 1608	\Device\Harddisk0\DR0 - ok
14:12:43.0296 1608	Boot (0x1200)   (e59f0cb02c3c4e1ecb898cd5abe3eb35) \Device\Harddisk0\DR0\Partition0
14:12:43.0312 1608	\Device\Harddisk0\DR0\Partition0 - ok
14:12:43.0328 1608	Boot (0x1200)   (e8c8b62123fae8a469368f9d5e703bc6) \Device\Harddisk0\DR0\Partition1
14:12:43.0328 1608	\Device\Harddisk0\DR0\Partition1 - ok
14:12:43.0343 1608	============================================================
14:12:43.0343 1608	Scan finished
14:12:43.0343 1608	============================================================
14:12:43.0453 2712	Detected object count: 14
14:12:43.0453 2712	Actual detected object count: 14
         

Und hier Nr. 2:

Code:
ATTFilter
14:09:23.0140 0584	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:09:23.0312 0584	============================================================
14:09:23.0312 0584	Current date / time: 2012/06/03 14:09:23.0312
14:09:23.0312 0584	SystemInfo:
14:09:23.0312 0584	
14:09:23.0312 0584	OS Version: 5.1.2600 ServicePack: 3.0
14:09:23.0312 0584	Product type: Workstation
14:09:23.0312 0584	ComputerName: ACER-F17C439E3C
14:09:23.0312 0584	UserName: Sarah 
14:09:23.0312 0584	Windows directory: C:\WINDOWS
14:09:23.0312 0584	System windows directory: C:\WINDOWS
14:09:23.0312 0584	Processor architecture: Intel x86
14:09:23.0312 0584	Number of processors: 1
14:09:23.0312 0584	Page size: 0x1000
14:09:23.0312 0584	Boot type: Normal boot
14:09:23.0312 0584	============================================================
14:09:25.0625 0584	Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:09:25.0625 0584	============================================================
14:09:25.0625 0584	\Device\Harddisk0\DR0:
14:09:25.0625 0584	MBR partitions:
14:09:25.0625 0584	\Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x5DE2BF, BlocksNum 0x59FE872
14:09:25.0640 0584	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x5FDCB70, BlocksNum 0x5A742D1
14:09:25.0640 0584	============================================================
14:09:25.0843 0584	C: <-> \Device\Harddisk0\DR0\Partition0
14:09:25.0843 0584	D: <-> \Device\Harddisk0\DR0\Partition1
14:09:25.0859 0584	============================================================
14:09:25.0859 0584	Initialize success
14:09:25.0859 0584	============================================================
14:10:08.0000 0652	Deinitialize success
         
Einen schönen Sonntag noch und vielen Dank

Sarah

Alt 03.06.2012, 13:38   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Logs sind unvollständig. Und wieso hast du zwei Logs vom TDSS-Killer
Das erste Log sollte richtig sein, allerdings fehlt da die untere Zusammenfassung
Das zweite passt irgendwie garnicht ins Schema, viel zu kurz
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.06.2012, 13:50   #15
juppxy
 
Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Standard

Rocketnews-Trojaner und Spyhunter4 auf dem Rechner



Mhm, ich glaube, ich bin einfach nur ein Tolpatsch - ich habs jetzt nochmal gemacht, und jetzt kam nur eine log dabei raus:

Code:
ATTFilter
14:45:25.0125 1748	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:45:25.0234 1748	============================================================
14:45:25.0234 1748	Current date / time: 2012/06/03 14:45:25.0234
14:45:25.0234 1748	SystemInfo:
14:45:25.0234 1748	
14:45:25.0234 1748	OS Version: 5.1.2600 ServicePack: 3.0
14:45:25.0234 1748	Product type: Workstation
14:45:25.0234 1748	ComputerName: ACER-F17C439E3C
14:45:25.0234 1748	UserName: Sarah 
14:45:25.0234 1748	Windows directory: C:\WINDOWS
14:45:25.0234 1748	System windows directory: C:\WINDOWS
14:45:25.0234 1748	Processor architecture: Intel x86
14:45:25.0234 1748	Number of processors: 1
14:45:25.0234 1748	Page size: 0x1000
14:45:25.0234 1748	Boot type: Normal boot
14:45:25.0234 1748	============================================================
14:45:26.0453 1748	Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:45:26.0453 1748	============================================================
14:45:26.0453 1748	\Device\Harddisk0\DR0:
14:45:26.0468 1748	MBR partitions:
14:45:26.0468 1748	\Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x5DE2BF, BlocksNum 0x59FE872
14:45:26.0500 1748	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x5FDCB70, BlocksNum 0x5A742D1
14:45:26.0500 1748	============================================================
14:45:26.0609 1748	C: <-> \Device\Harddisk0\DR0\Partition0
14:45:26.0609 1748	D: <-> \Device\Harddisk0\DR0\Partition1
14:45:26.0609 1748	============================================================
14:45:26.0609 1748	Initialize success
14:45:26.0609 1748	============================================================
14:45:32.0734 0240	============================================================
14:45:32.0734 0240	Scan started
14:45:32.0734 0240	Mode: Manual; SigCheck; TDLFS; 
14:45:32.0734 0240	============================================================
14:45:32.0937 0240	Abiosdsk - ok
14:45:32.0984 0240	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:45:33.0281 0240	abp480n5 - ok
14:45:33.0312 0240	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:45:33.0421 0240	ACPI - ok
14:45:33.0437 0240	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:45:33.0578 0240	ACPIEC - ok
14:45:33.0593 0240	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:45:33.0718 0240	adpu160m - ok
14:45:33.0781 0240	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:45:33.0906 0240	aec - ok
14:45:33.0937 0240	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:45:33.0984 0240	AFD - ok
14:45:34.0078 0240	AgereSoftModem  (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:45:34.0203 0240	AgereSoftModem - ok
14:45:34.0218 0240	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:45:34.0359 0240	agp440 - ok
14:45:34.0390 0240	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:45:34.0500 0240	agpCPQ - ok
14:45:34.0500 0240	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:45:34.0578 0240	Aha154x - ok
14:45:34.0593 0240	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:45:34.0718 0240	aic78u2 - ok
14:45:34.0734 0240	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:45:34.0859 0240	aic78xx - ok
14:45:35.0000 0240	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
14:45:35.0125 0240	Alerter - ok
14:45:35.0203 0240	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
14:45:35.0312 0240	ALG - ok
14:45:35.0328 0240	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:45:35.0437 0240	AliIde - ok
14:45:35.0468 0240	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:45:35.0578 0240	alim1541 - ok
14:45:35.0593 0240	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:45:35.0703 0240	amdagp - ok
14:45:35.0718 0240	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:45:35.0765 0240	amsint - ok
14:45:35.0765 0240	anbmService - ok
14:45:35.0859 0240	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
14:45:35.0875 0240	AntiVirSchedulerService - ok
14:45:35.0906 0240	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
14:45:35.0906 0240	AntiVirService - ok
14:45:35.0953 0240	AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:45:36.0000 0240	AntiVirWebService - ok
14:45:36.0109 0240	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
14:45:36.0218 0240	AppMgmt - ok
14:45:36.0265 0240	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:45:36.0375 0240	Arp1394 - ok
14:45:36.0406 0240	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:45:36.0546 0240	asc - ok
14:45:36.0546 0240	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:45:36.0625 0240	asc3350p - ok
14:45:36.0625 0240	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:45:36.0750 0240	asc3550 - ok
14:45:36.0875 0240	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:45:36.0890 0240	aspnet_state - ok
14:45:36.0937 0240	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:45:37.0031 0240	AsyncMac - ok
14:45:37.0046 0240	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:45:37.0156 0240	atapi - ok
14:45:37.0171 0240	Atdisk - ok
14:45:37.0203 0240	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:45:37.0312 0240	Atmarpc - ok
14:45:37.0406 0240	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
14:45:37.0515 0240	AudioSrv - ok
14:45:37.0546 0240	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:45:37.0656 0240	audstub - ok
14:45:37.0703 0240	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:45:37.0750 0240	avgntflt - ok
14:45:37.0781 0240	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:45:37.0796 0240	avipbb - ok
14:45:37.0828 0240	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:45:37.0828 0240	avkmgr - ok
14:45:37.0875 0240	b57w2k          (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:45:37.0921 0240	b57w2k - ok
14:45:37.0953 0240	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:45:38.0078 0240	Beep - ok
14:45:38.0171 0240	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
14:45:38.0296 0240	BITS - ok
14:45:38.0390 0240	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
14:45:38.0500 0240	Browser - ok
14:45:38.0546 0240	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
14:45:38.0593 0240	BrScnUsb - ok
14:45:38.0656 0240	btaudio         (6acd0c20891e5aeb553595411346b651) C:\WINDOWS\system32\drivers\btaudio.sys
14:45:38.0734 0240	btaudio ( UnsignedFile.Multi.Generic ) - warning
14:45:38.0734 0240	btaudio - detected UnsignedFile.Multi.Generic (1)
14:45:38.0750 0240	BTDriver        (c28d56499a050c43f4f6616d1f9d9aeb) C:\WINDOWS\system32\DRIVERS\btport.sys
14:45:38.0781 0240	BTDriver ( UnsignedFile.Multi.Generic ) - warning
14:45:38.0781 0240	BTDriver - detected UnsignedFile.Multi.Generic (1)
14:45:38.0828 0240	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:45:38.0937 0240	BthEnum - ok
14:45:38.0968 0240	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:45:39.0078 0240	BthPan - ok
14:45:39.0140 0240	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
14:45:39.0187 0240	BTHPORT - ok
14:45:39.0234 0240	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
14:45:39.0343 0240	BthServ - ok
14:45:39.0359 0240	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:45:39.0468 0240	BTHUSB - ok
14:45:39.0562 0240	BTKRNL          (ad43bb2d7bd92ff55b568cfe7404ce7a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:45:39.0671 0240	BTKRNL ( UnsignedFile.Multi.Generic ) - warning
14:45:39.0671 0240	BTKRNL - detected UnsignedFile.Multi.Generic (1)
14:45:39.0703 0240	BTSERIAL        (bec73a460c1f4a77a4e4081090762453) C:\WINDOWS\system32\drivers\btserial.sys
14:45:39.0718 0240	BTSERIAL ( UnsignedFile.Multi.Generic ) - warning
14:45:39.0718 0240	BTSERIAL - detected UnsignedFile.Multi.Generic (1)
14:45:39.0750 0240	BTSLBCSP        (cf7051b21b3faa33cb78ee0b56129d1c) C:\WINDOWS\system32\drivers\btslbcsp.sys
14:45:39.0765 0240	BTSLBCSP ( UnsignedFile.Multi.Generic ) - warning
14:45:39.0765 0240	BTSLBCSP - detected UnsignedFile.Multi.Generic (1)
14:45:39.0890 0240	btwdins         (3ac1a3ad155fc9b0c3adde8e10411785) c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:45:39.0921 0240	btwdins ( UnsignedFile.Multi.Generic ) - warning
14:45:39.0921 0240	btwdins - detected UnsignedFile.Multi.Generic (1)
14:45:39.0953 0240	BTWDNDIS        (bd9b026ffe8cc4cc9eead94cfff73aa7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
14:45:39.0984 0240	BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
14:45:39.0984 0240	BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
14:45:40.0015 0240	BTWUSB          (d46543449fe424de9efe8333f60bdfa6) C:\WINDOWS\system32\Drivers\btwusb.sys
14:45:40.0031 0240	BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:45:40.0031 0240	BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:45:40.0078 0240	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:45:40.0203 0240	cbidf - ok
14:45:40.0203 0240	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:45:40.0312 0240	cbidf2k - ok
14:45:40.0328 0240	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:45:40.0390 0240	cd20xrnt - ok
14:45:40.0421 0240	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:45:40.0531 0240	Cdaudio - ok
14:45:40.0593 0240	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:45:40.0703 0240	Cdfs - ok
14:45:40.0718 0240	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:45:40.0828 0240	Cdrom - ok
14:45:40.0843 0240	Changer - ok
14:45:40.0968 0240	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
14:45:41.0078 0240	CiSvc - ok
14:45:41.0187 0240	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
14:45:41.0312 0240	ClipSrv - ok
14:45:41.0406 0240	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:45:41.0421 0240	clr_optimization_v2.0.50727_32 - ok
14:45:41.0437 0240	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:45:41.0562 0240	CmBatt - ok
14:45:41.0593 0240	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:45:41.0703 0240	CmdIde - ok
14:45:41.0718 0240	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:45:41.0812 0240	Compbatt - ok
14:45:41.0859 0240	COMSysApp - ok
14:45:41.0906 0240	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:45:42.0031 0240	Cpqarray - ok
14:45:42.0031 0240	cpudrv - ok
14:45:42.0140 0240	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
14:45:42.0265 0240	CryptSvc - ok
14:45:42.0281 0240	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:45:42.0390 0240	dac2w2k - ok
14:45:42.0406 0240	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:45:42.0531 0240	dac960nt - ok
14:45:42.0609 0240	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
14:45:42.0718 0240	DcomLaunch - ok
14:45:42.0734 0240	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
14:45:42.0843 0240	Dhcp - ok
14:45:42.0875 0240	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:45:42.0984 0240	Disk - ok
14:45:43.0031 0240	dmadmin - ok
14:45:43.0171 0240	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:45:43.0343 0240	dmboot - ok
14:45:43.0390 0240	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
14:45:43.0500 0240	dmio - ok
14:45:43.0531 0240	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:45:43.0656 0240	dmload - ok
14:45:43.0734 0240	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
14:45:43.0859 0240	dmserver - ok
14:45:43.0875 0240	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:45:44.0000 0240	DMusic - ok
14:45:44.0046 0240	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
14:45:44.0093 0240	Dnscache - ok
14:45:44.0156 0240	dnscon - ok
14:45:44.0218 0240	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
14:45:44.0328 0240	Dot3svc - ok
14:45:44.0359 0240	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:45:44.0484 0240	dpti2o - ok
14:45:44.0515 0240	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:45:44.0656 0240	drmkaud - ok
14:45:44.0859 0240	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
14:45:45.0015 0240	EapHost - ok
14:45:45.0093 0240	EpmPsd          (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
14:45:45.0125 0240	EpmPsd ( UnsignedFile.Multi.Generic ) - warning
14:45:45.0125 0240	EpmPsd - detected UnsignedFile.Multi.Generic (1)
14:45:45.0218 0240	EpmShd          (b2d71ba438701b5f0368b958bea2dc62) C:\WINDOWS\system32\drivers\epm-shd.sys
14:45:45.0234 0240	EpmShd ( UnsignedFile.Multi.Generic ) - warning
14:45:45.0234 0240	EpmShd - detected UnsignedFile.Multi.Generic (1)
14:45:45.0328 0240	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
14:45:45.0453 0240	ERSvc - ok
14:45:45.0625 0240	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:45:45.0671 0240	Eventlog - ok
14:45:45.0921 0240	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
14:45:46.0015 0240	EventSystem - ok
14:45:46.0062 0240	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:45:46.0203 0240	Fastfat - ok
14:45:46.0312 0240	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:45:46.0375 0240	FastUserSwitchingCompatibility - ok
14:45:46.0468 0240	Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
14:45:46.0593 0240	Fax - ok
14:45:46.0656 0240	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:45:46.0750 0240	Fdc - ok
14:45:46.0765 0240	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:45:46.0890 0240	Fips - ok
14:45:46.0890 0240	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:45:47.0000 0240	Flpydisk - ok
14:45:47.0031 0240	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:45:47.0156 0240	FltMgr - ok
14:45:47.0250 0240	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:45:47.0265 0240	FontCache3.0.0.0 - ok
14:45:47.0265 0240	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:45:47.0406 0240	Fs_Rec - ok
14:45:47.0421 0240	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:45:47.0531 0240	Ftdisk - ok
14:45:47.0562 0240	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:45:47.0656 0240	Gpc - ok
14:45:47.0796 0240	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
14:45:47.0812 0240	gupdate - ok
14:45:47.0828 0240	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
14:45:47.0828 0240	gupdatem - ok
14:45:47.0859 0240	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:45:47.0968 0240	HDAudBus - ok
14:45:48.0031 0240	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:45:48.0125 0240	helpsvc - ok
14:45:48.0187 0240	HidServ - ok
14:45:48.0296 0240	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
14:45:48.0406 0240	hkmsvc - ok
14:45:48.0437 0240	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:45:48.0546 0240	hpn - ok
14:45:48.0593 0240	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:45:48.0656 0240	HTTP - ok
14:45:48.0750 0240	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
14:45:48.0859 0240	HTTPFilter - ok
14:45:48.0890 0240	hwdatacard      (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:45:48.0937 0240	hwdatacard - ok
14:45:48.0984 0240	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:45:49.0093 0240	i2omgmt - ok
14:45:49.0109 0240	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:45:49.0250 0240	i2omp - ok
14:45:49.0265 0240	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:45:49.0390 0240	i8042prt - ok
14:45:49.0453 0240	ialm            (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:45:49.0562 0240	ialm - ok
14:45:49.0671 0240	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:45:49.0750 0240	idsvc - ok
14:45:49.0781 0240	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:45:49.0890 0240	Imapi - ok
14:45:50.0031 0240	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
14:45:50.0140 0240	ImapiService - ok
14:45:50.0203 0240	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:45:50.0328 0240	ini910u - ok
14:45:50.0406 0240	int15.sys       (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Programme\Acer\eRecovery\int15.sys
14:45:50.0421 0240	int15.sys ( UnsignedFile.Multi.Generic ) - warning
14:45:50.0421 0240	int15.sys - detected UnsignedFile.Multi.Generic (1)
14:45:50.0421 0240	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:45:50.0531 0240	IntelIde - ok
14:45:50.0562 0240	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:45:50.0687 0240	intelppm - ok
14:45:50.0718 0240	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:45:50.0828 0240	Ip6Fw - ok
14:45:50.0875 0240	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:45:50.0968 0240	IpFilterDriver - ok
14:45:51.0015 0240	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:45:51.0125 0240	IpInIp - ok
14:45:51.0156 0240	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:45:51.0265 0240	IpNat - ok
14:45:51.0296 0240	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:45:51.0390 0240	IPSec - ok
14:45:51.0437 0240	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
14:45:51.0562 0240	irda - ok
14:45:51.0578 0240	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:45:51.0687 0240	IRENUM - ok
14:45:51.0750 0240	Irmon           (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
14:45:51.0843 0240	Irmon - ok
14:45:51.0875 0240	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:45:52.0000 0240	isapnp - ok
14:45:52.0109 0240	JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe
14:45:52.0125 0240	JavaQuickStarterService - ok
14:45:52.0140 0240	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:45:52.0250 0240	Kbdclass - ok
14:45:52.0312 0240	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:45:52.0421 0240	kmixer - ok
14:45:52.0437 0240	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:45:52.0484 0240	KSecDD - ok
14:45:52.0546 0240	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
14:45:52.0578 0240	lanmanserver - ok
14:45:52.0609 0240	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
14:45:52.0656 0240	lanmanworkstation - ok
14:45:52.0671 0240	lbrtfdc - ok
14:45:52.0718 0240	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
14:45:52.0828 0240	LmHosts - ok
14:45:52.0875 0240	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
14:45:52.0984 0240	Messenger - ok
14:45:53.0015 0240	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:45:53.0140 0240	mnmdd - ok
14:45:53.0203 0240	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
14:45:53.0312 0240	mnmsrvc - ok
14:45:53.0328 0240	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:45:53.0453 0240	Modem - ok
14:45:53.0468 0240	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:45:53.0593 0240	Mouclass - ok
14:45:53.0625 0240	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:45:53.0734 0240	MountMgr - ok
14:45:53.0796 0240	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:45:53.0812 0240	MozillaMaintenance - ok
14:45:53.0828 0240	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:45:53.0953 0240	mraid35x - ok
14:45:53.0968 0240	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:45:54.0093 0240	MRxDAV - ok
14:45:54.0140 0240	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:45:54.0250 0240	MRxSmb - ok
14:45:54.0343 0240	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
14:45:54.0453 0240	MSDTC - ok
14:45:54.0468 0240	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:45:54.0578 0240	Msfs - ok
14:45:54.0671 0240	MSIServer - ok
14:45:54.0718 0240	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:45:54.0828 0240	MSKSSRV - ok
14:45:54.0859 0240	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:45:54.0953 0240	MSPCLOCK - ok
14:45:54.0968 0240	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:45:55.0093 0240	MSPQM - ok
14:45:55.0109 0240	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:45:55.0203 0240	mssmbios - ok
14:45:55.0218 0240	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:45:55.0265 0240	Mup - ok
14:45:55.0390 0240	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
14:45:55.0500 0240	napagent - ok
14:45:55.0531 0240	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:45:55.0640 0240	NDIS - ok
14:45:55.0656 0240	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:45:55.0671 0240	NdisTapi - ok
14:45:55.0703 0240	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:45:55.0812 0240	Ndisuio - ok
14:45:55.0828 0240	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:45:55.0937 0240	NdisWan - ok
14:45:55.0984 0240	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:45:56.0015 0240	NDProxy - ok
14:45:56.0046 0240	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:45:56.0156 0240	NetBIOS - ok
14:45:56.0218 0240	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:45:56.0328 0240	NetBT - ok
14:45:56.0421 0240	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:45:56.0546 0240	NetDDE - ok
14:45:56.0546 0240	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:45:56.0656 0240	NetDDEdsdm - ok
14:45:56.0703 0240	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:45:56.0828 0240	Netlogon - ok
14:45:56.0875 0240	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
14:45:56.0984 0240	Netman - ok
14:45:57.0031 0240	NetManager - ok
14:45:57.0140 0240	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:45:57.0140 0240	NetTcpPortSharing - ok
14:45:57.0187 0240	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:45:57.0312 0240	NIC1394 - ok
14:45:57.0343 0240	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
14:45:57.0406 0240	Nla - ok
14:45:57.0421 0240	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:45:57.0515 0240	Npfs - ok
14:45:57.0546 0240	NSCIRDA         (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:45:57.0640 0240	NSCIRDA - ok
14:45:57.0750 0240	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:45:57.0859 0240	Ntfs - ok
14:45:57.0906 0240	NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
14:45:57.0937 0240	NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
14:45:57.0937 0240	NTIDrvr - detected UnsignedFile.Multi.Generic (1)
14:45:57.0953 0240	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:45:58.0062 0240	NtLmSsp - ok
14:45:58.0187 0240	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
14:45:58.0359 0240	NtmsSvc - ok
14:45:58.0406 0240	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:45:58.0515 0240	Null - ok
14:45:58.0546 0240	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:45:58.0671 0240	NwlnkFlt - ok
14:45:58.0687 0240	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:45:58.0796 0240	NwlnkFwd - ok
14:45:58.0828 0240	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:45:58.0937 0240	ohci1394 - ok
14:45:58.0953 0240	osaio           (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
14:45:58.0984 0240	osaio ( UnsignedFile.Multi.Generic ) - warning
14:45:58.0984 0240	osaio - detected UnsignedFile.Multi.Generic (1)
14:45:59.0000 0240	osanbm          (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
14:45:59.0000 0240	osanbm ( UnsignedFile.Multi.Generic ) - warning
14:45:59.0000 0240	osanbm - detected UnsignedFile.Multi.Generic (1)
14:45:59.0109 0240	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:45:59.0125 0240	ose - ok
14:45:59.0156 0240	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
14:45:59.0265 0240	Parport - ok
14:45:59.0281 0240	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:45:59.0390 0240	PartMgr - ok
14:45:59.0421 0240	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:45:59.0531 0240	ParVdm - ok
14:45:59.0546 0240	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:45:59.0640 0240	PCI - ok
14:45:59.0656 0240	PCIDump - ok
14:45:59.0671 0240	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:45:59.0812 0240	PCIIde - ok
14:45:59.0843 0240	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:45:59.0953 0240	Pcmcia - ok
14:45:59.0968 0240	PDCOMP - ok
14:45:59.0968 0240	PDFRAME - ok
14:45:59.0984 0240	PDRELI - ok
14:46:00.0000 0240	PDRFRAME - ok
14:46:00.0015 0240	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:46:00.0140 0240	perc2 - ok
14:46:00.0156 0240	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:46:00.0265 0240	perc2hib - ok
14:46:00.0328 0240	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:46:00.0375 0240	PlugPlay - ok
14:46:00.0406 0240	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:46:00.0500 0240	PolicyAgent - ok
14:46:00.0531 0240	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:46:00.0640 0240	PptpMiniport - ok
14:46:00.0656 0240	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:46:00.0765 0240	ProtectedStorage - ok
14:46:00.0781 0240	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:46:00.0890 0240	PSched - ok
14:46:00.0906 0240	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:46:01.0015 0240	Ptilink - ok
14:46:01.0031 0240	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:46:01.0140 0240	ql1080 - ok
14:46:01.0156 0240	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:46:01.0281 0240	Ql10wnt - ok
14:46:01.0281 0240	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:46:01.0406 0240	ql12160 - ok
14:46:01.0421 0240	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:46:01.0531 0240	ql1240 - ok
14:46:01.0546 0240	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:46:01.0671 0240	ql1280 - ok
14:46:01.0687 0240	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:46:01.0812 0240	RasAcd - ok
14:46:01.0875 0240	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
14:46:01.0968 0240	RasAuto - ok
14:46:02.0000 0240	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:46:02.0062 0240	Rasirda - ok
14:46:02.0078 0240	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:46:02.0187 0240	Rasl2tp - ok
14:46:02.0265 0240	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
14:46:02.0359 0240	RasMan - ok
14:46:02.0375 0240	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:46:02.0484 0240	RasPppoe - ok
14:46:02.0500 0240	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:46:02.0625 0240	Raspti - ok
14:46:02.0656 0240	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:46:02.0781 0240	Rdbss - ok
14:46:02.0781 0240	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:46:02.0890 0240	RDPCDD - ok
14:46:02.0968 0240	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:46:03.0078 0240	rdpdr - ok
14:46:03.0109 0240	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:46:03.0125 0240	RDPWD - ok
14:46:03.0171 0240	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
14:46:03.0296 0240	RDSessMgr - ok
14:46:03.0328 0240	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:46:03.0437 0240	redbook - ok
14:46:03.0562 0240	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
14:46:03.0656 0240	RemoteAccess - ok
14:46:04.0546 0240	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
14:46:04.0656 0240	RemoteRegistry - ok
14:46:04.0687 0240	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:46:04.0812 0240	RFCOMM - ok
14:46:04.0859 0240	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
14:46:04.0968 0240	RpcLocator - ok
14:46:05.0046 0240	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
14:46:05.0093 0240	RpcSs - ok
14:46:05.0140 0240	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
14:46:05.0281 0240	RSVP - ok
14:46:05.0312 0240	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:46:05.0406 0240	SamSs - ok
14:46:05.0437 0240	sbp2port        (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
14:46:05.0546 0240	sbp2port - ok
14:46:05.0593 0240	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
14:46:05.0703 0240	SCardSvr - ok
14:46:05.0750 0240	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
14:46:05.0859 0240	Schedule - ok
14:46:05.0906 0240	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:46:06.0015 0240	Secdrv - ok
14:46:06.0093 0240	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
14:46:06.0218 0240	seclogon - ok
14:46:06.0312 0240	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
14:46:06.0406 0240	SENS - ok
14:46:06.0437 0240	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:46:06.0531 0240	serenum - ok
14:46:06.0562 0240	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
14:46:06.0671 0240	Serial - ok
14:46:06.0703 0240	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:46:06.0812 0240	Sfloppy - ok
14:46:06.0937 0240	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
14:46:07.0093 0240	SharedAccess - ok
14:46:07.0140 0240	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:46:07.0171 0240	ShellHWDetection - ok
14:46:07.0187 0240	Simbad - ok
14:46:07.0218 0240	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:46:07.0328 0240	sisagp - ok
14:46:07.0343 0240	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:46:07.0406 0240	Sparrow - ok
14:46:07.0468 0240	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:46:07.0593 0240	splitter - ok
14:46:07.0625 0240	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:46:07.0656 0240	Spooler - ok
14:46:07.0671 0240	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:46:07.0781 0240	sr - ok
14:46:07.0859 0240	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
14:46:07.0968 0240	srservice - ok
14:46:08.0015 0240	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:46:08.0078 0240	Srv - ok
14:46:08.0109 0240	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
14:46:08.0234 0240	SSDPSRV - ok
14:46:08.0281 0240	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:46:08.0281 0240	ssmdrv - ok
14:46:08.0343 0240	STacSV          (f70ab08582e06a8bda3e470592d1a394) C:\WINDOWS\system32\STacSV.exe
14:46:08.0375 0240	STacSV - ok
14:46:08.0562 0240	STHDA           (146fac5d70c235cacebeff21b67651ba) C:\WINDOWS\system32\drivers\sthda.sys
14:46:08.0656 0240	STHDA - ok
14:46:08.0750 0240	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
14:46:08.0937 0240	stisvc - ok
14:46:09.0000 0240	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:46:09.0109 0240	swenum - ok
14:46:09.0156 0240	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:46:09.0265 0240	swmidi - ok
14:46:09.0359 0240	SwPrv - ok
14:46:09.0406 0240	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:46:09.0515 0240	symc810 - ok
14:46:09.0531 0240	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:46:09.0656 0240	symc8xx - ok
14:46:09.0671 0240	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:46:09.0796 0240	sym_hi - ok
14:46:09.0796 0240	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:46:09.0906 0240	sym_u3 - ok
14:46:09.0937 0240	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:46:10.0046 0240	sysaudio - ok
14:46:10.0093 0240	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
14:46:10.0203 0240	SysmonLog - ok
14:46:10.0296 0240	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
14:46:10.0406 0240	TapiSrv - ok
14:46:10.0453 0240	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:46:10.0546 0240	Tcpip - ok
14:46:10.0578 0240	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:46:10.0687 0240	TDPIPE - ok
14:46:10.0703 0240	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:46:10.0812 0240	TDTCP - ok
14:46:10.0875 0240	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:46:10.0984 0240	TermDD - ok
14:46:11.0078 0240	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
14:46:11.0203 0240	TermService - ok
14:46:11.0250 0240	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:46:11.0281 0240	Themes - ok
14:46:11.0312 0240	tifm21          (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
14:46:11.0343 0240	tifm21 - ok
14:46:11.0437 0240	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
14:46:11.0546 0240	TlntSvr - ok
14:46:11.0578 0240	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
14:46:11.0703 0240	TosIde - ok
14:46:11.0765 0240	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
14:46:11.0875 0240	TrkWks - ok
14:46:11.0906 0240	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:46:12.0031 0240	Udfs - ok
14:46:12.0046 0240	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:46:12.0093 0240	ultra - ok
14:46:12.0140 0240	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:46:12.0296 0240	Update - ok
14:46:12.0359 0240	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
14:46:12.0468 0240	upnphost - ok
14:46:12.0531 0240	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
14:46:12.0640 0240	UPS - ok
14:46:12.0656 0240	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:46:12.0765 0240	usbccgp - ok
14:46:12.0796 0240	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:46:12.0906 0240	usbehci - ok
14:46:12.0953 0240	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:46:13.0078 0240	usbhub - ok
14:46:13.0109 0240	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:46:13.0203 0240	usbprint - ok
14:46:13.0218 0240	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:46:13.0328 0240	usbscan - ok
14:46:13.0343 0240	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:46:13.0453 0240	USBSTOR - ok
14:46:13.0484 0240	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:46:13.0593 0240	usbuhci - ok
14:46:13.0609 0240	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:46:13.0718 0240	VgaSave - ok
14:46:13.0750 0240	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:46:13.0859 0240	viaagp - ok
14:46:13.0875 0240	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:46:13.0984 0240	ViaIde - ok
14:46:14.0000 0240	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:46:14.0125 0240	VolSnap - ok
14:46:14.0234 0240	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
14:46:14.0359 0240	VSS - ok
14:46:14.0484 0240	w29n51          (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
14:46:14.0687 0240	w29n51 - ok
14:46:14.0812 0240	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
14:46:14.0937 0240	W32Time - ok
14:46:15.0000 0240	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:46:15.0125 0240	Wanarp - ok
14:46:15.0125 0240	wanatw - ok
14:46:15.0140 0240	WDICA - ok
14:46:15.0218 0240	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:46:15.0328 0240	wdmaud - ok
14:46:15.0390 0240	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
14:46:15.0484 0240	WebClient - ok
14:46:15.0578 0240	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:46:15.0687 0240	winmgmt - ok
14:46:15.0781 0240	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:46:15.0828 0240	WmdmPmSN - ok
14:46:15.0906 0240	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
14:46:16.0015 0240	Wmi - ok
14:46:16.0062 0240	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:46:16.0171 0240	WmiApSrv - ok
14:46:16.0281 0240	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
14:46:16.0390 0240	WMPNetworkSvc - ok
14:46:16.0546 0240	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:46:16.0578 0240	WpdUsb - ok
14:46:16.0625 0240	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:46:16.0750 0240	WS2IFSL - ok
14:46:17.0078 0240	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
14:46:17.0218 0240	wscsvc - ok
14:46:17.0343 0240	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
14:46:17.0453 0240	wuauserv - ok
14:46:17.0625 0240	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:46:17.0750 0240	WudfPf - ok
14:46:17.0890 0240	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:46:17.0984 0240	WudfRd - ok
14:46:18.0140 0240	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:46:18.0203 0240	WudfSvc - ok
14:46:18.0734 0240	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
14:46:19.0203 0240	WZCSVC - ok
14:46:19.0593 0240	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
14:46:19.0734 0240	xmlprov - ok
14:46:19.0765 0240	MBR (0x1B8)     (67d07fa51dcd5a4397248f397bb779ae) \Device\Harddisk0\DR0
14:46:23.0343 0240	\Device\Harddisk0\DR0 - ok
14:46:23.0375 0240	Boot (0x1200)   (5494ca22baa14df0a6617a357d5b006e) \Device\Harddisk0\DR0\Partition0
14:46:23.0390 0240	\Device\Harddisk0\DR0\Partition0 - ok
14:46:23.0406 0240	Boot (0x1200)   (e8c8b62123fae8a469368f9d5e703bc6) \Device\Harddisk0\DR0\Partition1
14:46:23.0406 0240	\Device\Harddisk0\DR0\Partition1 - ok
14:46:23.0406 0240	============================================================
14:46:23.0406 0240	Scan finished
14:46:23.0406 0240	============================================================
14:46:23.0515 2604	Detected object count: 14
14:46:23.0515 2604	Actual detected object count: 14
14:46:31.0937 2604	btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0937 2604	btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0937 2604	BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0937 2604	BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0937 2604	BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0937 2604	BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0937 2604	BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0937 2604	BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0937 2604	BTSLBCSP ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0937 2604	BTSLBCSP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0937 2604	btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0937 2604	btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0953 2604	BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0953 2604	BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0953 2604	BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0953 2604	BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0953 2604	EpmPsd ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0953 2604	EpmPsd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0953 2604	EpmShd ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0953 2604	EpmShd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0953 2604	int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0953 2604	int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0953 2604	NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0953 2604	NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0953 2604	osaio ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0953 2604	osaio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:46:31.0953 2604	osanbm ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:31.0953 2604	osanbm ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Ist es jetzt so ok? Sorry, wegen meiner Blödheit...

Antwort

Themen zu Rocketnews-Trojaner und Spyhunter4 auf dem Rechner
administrator, anti-malware, aufbau, automatisch, autostart, bösartige, dateien, dateisystem, entfernen, explorer, fehler, folge, folgendes, google, guten, heuristiks/extra, heuristiks/shuriken, minute, problem, rechner, registrierung, sauber, seite, service, service pack 3, speicher, trojaner, version



Ähnliche Themen: Rocketnews-Trojaner und Spyhunter4 auf dem Rechner


  1. Hitman oder Spyhunter4
    Antiviren-, Firewall- und andere Schutzprogramme - 07.08.2015 (14)
  2. Spyhunter4
    Plagegeister aller Art und deren Bekämpfung - 02.07.2015 (52)
  3. SpyHunter4 in Windows 8.1
    Log-Analyse und Auswertung - 30.06.2015 (35)
  4. spyhunter4
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (1)
  5. spyhunter4 -Abo löschen
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (3)
  6. SpyHunter4 als Pc-Scanner...
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (62)
  7. Optimizer Pro v3.1 und SpyHunter4
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (19)
  8. Eindringling fastaddressbar.com + Spyhunter4
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (16)
  9. SpyHunter4 entfernen
    Log-Analyse und Auswertung - 12.04.2013 (7)
  10. Spyhunter4 und Snap.do entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (39)
  11. SpyHunter4 loswerden, aber wie?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (13)
  12. Zuerst Polizei/Österreich Trojaner dann SpyHunter4
    Plagegeister aller Art und deren Bekämpfung - 12.02.2013 (13)
  13. Wahrscheinlich Rocketnews Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (14)
  14. Weiterleitung auf rocketnews
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  15. "Rocketnews-Trojaner"
    Log-Analyse und Auswertung - 28.06.2012 (1)
  16. google rocketnews
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (33)
  17. SpyHunter4 und ThinkPoint eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.11.2010 (20)

Zum Thema Rocketnews-Trojaner und Spyhunter4 auf dem Rechner - Guten Abend, ich habe folgendes Problem, welches hier auch schon öfters beschrieben wurde. Wenn ich bei google einen Suchtext eingebe werde ich automatisch mit der rocketnews Seite verbunden, welche sich - Rocketnews-Trojaner und Spyhunter4 auf dem Rechner...
Archiv
Du betrachtest: Rocketnews-Trojaner und Spyhunter4 auf dem Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.