Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Aus Sicherheitsgründen wurde Ihr Windows-System blockiert... (https://www.trojaner-board.de/106356-sicherheitsgruenden-wurde-windows-system-blockiert.html)

mamt1982 16.12.2011 18:08
Aus Sicherheitsgründen wurde Ihr Windows-System blockiert...
 
Hallo und ein Riesendank im voraus an alle für das Lesen und die Mühe,

auch mein Laptop hat sich seit gestern mit diesem Problem rumzuschlagen.

Da ich immer wieder gelesen habe, dass solche Probleme individuell gelöst werden, zeige ich euch erstmal alles, was ich ohne erste Aalysen machen durfte bzw wie das ganze begann.

So lief das ganze ab:

Beim Surfen gab es ganz plötzlich die inzwischen vielen bekannte Meldung.
Alles wurde blockiert. Man konnte zwar hören, dass das Video im Hintergrund lief, konnte aber sonst nichts ausrichten, außer den Rechner auszumachen und nochmal zu booten.

Nach dem Booten konnte man ganz normal surfen und so weiter und nach einer Weile kam die Meldung aber wieder.

Um das Verhalten der Infektion zu testen, bin ich mehrmals im normalen Modus mit dem Laptop hochgefahren. Man konnte eine Zeit lang surfen bzw mit dem Laptop in einer Verbindung mit dem Internet stehen, bis die Meldung kam. So gesehen, wurde das ganze Sytem nicht direkt ab dem Anfang geblockt, sodass man unbedingt im abgesicherten Modus hochfahren musste.

Auf eurer Seite bin ich dann auf die Ratschläge und Anleitungen gestoßen.

Dann habe ich den ersten Scan mit Malwarebytes getätigt (im normalen Modus). Allerdings kam mitten im Scan die Meldung wieder. Somit musste ich den Scan im Abgesichreten Modus mit Netzwerktreibern durchführen und habe die Funde entfernen lassen.

Danach bin ich wieder im normalen Modus hochgefahren und die Meldung kam nicht mehr. Habe dennoch einen ESET-Scan (unter Berücksichtigung der Anleitungspunkte) durchgeführt. Es werden noch zwei Infektionen angezeigt.

Die Meldung kommt aber nicht mehr und man kann ganz normal surfen und den Laptop benutzen, ohne jeglichen Schwierigkeiten zu begegnen.

Soviel zu den Anzeichen.

Und hier sind die Log-Files

Anhang 25798

Anhang 25799

Vielen Dank und mit besten Grüßen

cosinus 18.12.2011 13:47
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

mamt1982 19.12.2011 17:28
Hallo Arne,

danke für die Antwort.
Nein. Es gibt keine weiteren Logs. Ich habe das Programm erst nachdem ich beim Recherchieren auf diese Seite gestoßen bin, installiert und das System gescannt.

Viele Grüße

cosinus 19.12.2011 19:23
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

mamt1982 19.12.2011 19:40
hallo nochmal,

wie schaut es mit internetverbindung und antivirus-programm aus..sollen alle deaktiviert werden?

mamt1982 19.12.2011 20:01
Habe erstmal einen Scan ohne Internetverbindung und bei deaktiviertem Antivirusprogramm durchgeführt:



OTL Logfile:
Code:
OTL logfile created on: 19.12.2011 19:42:00 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Kiss\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,04 Mb Total Physical Memory | 578,45 Mb Available Physical Memory | 56,60% Memory free
2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,20 Gb Total Space | 10,85 Gb Free Space | 20,39% Space Free | Partition Type: FAT32
Drive D: | 53,70 Gb Total Space | 14,77 Gb Free Space | 27,50% Space Free | Partition Type: NTFS
 
Computer Name: JK | User Name: Kiss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.19 19:38:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kiss\Desktop\OTL.exe
PRC - [2011.11.22 14:20:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.22 14:20:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.11.22 14:20:06 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.11.22 14:20:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006.05.09 11:54:26 | 000,352,256 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.02.17 15:26:32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.01.24 18:00:08 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005.11.02 00:11:00 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2003.09.26 01:45:44 | 000,500,224 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Temp\RtkBtMnt.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.08 21:32:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_db202c66\mscorlib.dll
MOD - [2011.12.08 21:31:56 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_bf0e143b\system.drawing.dll
MOD - [2011.12.08 21:31:16 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_0cb47c7c\system.windows.forms.dll
MOD - [2011.12.08 21:30:38 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f6eff8d4\system.dll
MOD - [2011.12.08 21:30:26 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011.11.22 14:20:20 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.02.04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.04.03 16:18:26 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2007.03.06 16:40:04 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006.01.20 15:56:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2006.01.20 15:56:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005.10.19 10:17:58 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2005.09.05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005.08.03 22:32:08 | 000,125,440 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2003.06.14 19:40:18 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2003.06.14 19:40:18 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2003.06.14 19:39:36 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (AviraUpgradeService)
SRV - [2011.11.22 14:20:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.11.22 14:20:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.02.08 16:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.11.23 16:45:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006.02.17 15:26:32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2004.01.05 11:47:48 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.22 14:20:34 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.22 14:20:34 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.11.22 14:20:34 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.06.17 14:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.11 13:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.10.07 10:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009.10.07 10:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009.10.07 10:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.04.13 19:56:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.02.28 21:44:56 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.06.02 18:07:58 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2007.04.27 04:01:34 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.04.03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.02.21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.02.08 12:56:20 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1unic.sys -- (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)
DRV - [2007.02.08 12:56:06 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1obex.sys -- (sea1obex)
DRV - [2007.02.08 12:56:02 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1nd5.sys -- (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)
DRV - [2007.02.08 12:56:00 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mgmt.sys -- (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)
DRV - [2007.02.08 12:55:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdm.sys -- (sea1mdm)
DRV - [2007.02.08 12:55:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdfl.sys -- (sea1mdfl)
DRV - [2007.02.08 12:55:40 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1bus.sys -- (sea1bus) Sony Ericsson Device 0A1 driver (WDM)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007.01.14 01:01:10 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006.05.03 21:50:54 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.04.05 23:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.01.23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006.01.23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005.12.12 20:12:02 | 000,049,664 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2005.12.06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005.11.30 05:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005.11.30 05:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.11.26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.11.08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.11.08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.11.03 15:40:08 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.10.15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005.09.13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005.08.25 20:10:02 | 000,509,312 | ---- | M] (AVerMedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerE506.sys -- (AVerE506)
DRV - [2005.08.24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005.08.10 13:44:06 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.06.30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.06.22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.05.16 14:20:40 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.05.02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005.04.05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005.02.11 11:24:24 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005.02.11 11:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.02.11 11:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.02.11 11:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.02.11 11:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005.01.26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.12.09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004.08.10 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.10 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.lycos.de/search/msie40.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.1&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2007.01.14 13:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2007.01.14 13:04:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Programme\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008.08.10 00:10:04 | 000,000,000 | ---D | M]
 
[2008.06.30 08:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Extensions
[2007.01.14 13:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\extensions
[2011.12.13 21:58:46 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-10.xml
[2011.12.19 17:25:06 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\11-suche.xml
[2011.12.19 17:25:06 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\webde-suche.xml
[2011.08.17 21:38:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-9.xml
[2011.06.30 15:35:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-11.xml
[2011.06.30 15:45:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-12.xml
[2011.12.19 17:25:06 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\gmx-suche.xml
[2011.09.07 15:42:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-13.xml
[2011.09.30 22:14:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-17.xml
[2011.09.08 19:04:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-16.xml
[2011.10.09 17:58:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-18.xml
[2011.12.19 17:25:06 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\lastminute.xml
[2011.12.19 17:25:06 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\englische-ergebnisse.xml
[2011.03.02 15:08:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-5.xml
[2011.03.02 15:18:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-2.xml
[2011.03.05 19:27:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-6.xml
[2011.03.22 08:37:34 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin.xml
[2011.03.25 11:42:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-7.xml
[2011.03.25 15:32:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-1.xml
[2011.03.27 19:33:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-8.xml
[2011.04.27 15:15:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-4.xml
[2011.05.07 23:53:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-3.xml
[2007.01.14 13:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.11 12:53:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.08 18:26:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KISS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OV2D0EU9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KISS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OV2D0EU9.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KISS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OV2D0EU9.DEFAULT\EXTENSIONS\UNPLUG@COMPUNACH.XPI
[2011.03.23 16:11:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.12.08 17:39:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.09 22:41:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 11:50:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2011.10.06 11:50:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 11:50:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 11:50:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 11:50:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.06 11:50:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
 
O1 HOSTS File: ([2008.01.05 15:59:58 | 000,223,306 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        babe.the-killer.bz
O1 - Hosts: 127.0.0.1        www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1        babe.k-lined.com
O1 - Hosts: 127.0.0.1        www.babe.k-lined.com
O1 - Hosts: 127.0.0.1        did.i-used.cc
O1 - Hosts: 127.0.0.1        www.did.i-used.cc
O1 - Hosts: 127.0.0.1        coolwwwsearch.com
O1 - Hosts: 127.0.0.1        www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1        coolwebsearch.com
O1 - Hosts: 127.0.0.1        www.coolwebsearch.com
O1 - Hosts: 127.0.0.1        hi.studioaperto.net
O1 - Hosts: 127.0.0.1        www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1        webbrowser.tv
O1 - Hosts: 127.0.0.1        www.webbrowser.tv
O1 - Hosts: 127.0.0.1        wazzupnet.com
O1 - Hosts: 127.0.0.1        www.wazzupnet.com
O1 - Hosts: 127.0.0.1        gueb.com
O1 - Hosts: 127.0.0.1        www.gueb.com
O1 - Hosts: 127.0.0.1        kabex.com
O1 - Hosts: 127.0.0.1        www.kabex.com
O1 - Hosts: 127.0.0.1        hityou.com
O1 - Hosts: 127.0.0.1        www.hityou.com
O1 - Hosts: 127.0.0.1        miosearch.com
O1 - Hosts: 127.0.0.1        www.miosearch.com
O1 - Hosts: 7836 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Programme\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A43C6FA-536F-4D6B-9BF4-3F137FEF8627}: NameServer = 134.245.1.36,134.245.10.7
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.09.26 00:54:28 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{44873280-c759-11dc-bb6b-001636b56b7b}\Shell\AutoRun\command - "" = K:\setupSNK.exe
O33 - MountPoints2\{93ce8702-f578-11e0-85cf-0018de307b4f}\Shell\AutoRun\command - "" = K:\RunClubSanDisk.exe
O33 - MountPoints2\{ba7d37d4-5d01-11de-bf09-001636b56b7b}\Shell\AutoRun\command - "" = FIREWALL\fix.exe
O33 - MountPoints2\{ba7d37d4-5d01-11de-bf09-001636b56b7b}\Shell\open\command - "" = FIREWALL\fix.exe
O33 - MountPoints2\{ff46310b-6881-11dd-bcc4-001636b56b7b}\Shell\Setup\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "wuauserv"
MsConfig - Services: "SharedAccess"
MsConfig - Services: "wscsvc"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Kiss^Startmenü^Programme^Autostart^PowerReg Scheduler.exe -  - File not found
MsConfig - StartUpReg: Acer ePower Management - hkey= - key= - C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
MsConfig - StartUpReg: ADMTray.exe - hkey= - key= - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= -  File not found
MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
MsConfig - StartUpReg: eRecoveryService - hkey= - key= - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: ntiMUI - hkey= - key= - C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.19 19:38:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kiss\Desktop\OTL.exe
[2011.12.15 20:28:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.15 19:40:20 | 000,000,000 | -HSD | C] -- C:\FOUND.033
[2011.12.15 19:29:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.12.15 19:29:30 | 000,000,000 | -HSD | C] -- C:\FOUND.032
[2011.12.15 18:42:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Malwarebytes
[2011.12.15 18:39:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.15 18:39:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.15 18:39:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.15 18:38:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.15 17:34:34 | 000,000,000 | -HSD | C] -- C:\FOUND.031
[2011.12.11 16:11:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.11 15:21:42 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2011.12.11 15:21:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CPUID
[2011.12.11 15:21:41 | 000,000,000 | ---D | C] -- C:\Programme\CPUID
[2011.12.08 20:39:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Avira
[2011.12.08 20:28:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.12.08 20:27:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.12.08 20:27:51 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.08 20:27:51 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.08 20:27:51 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.08 20:27:50 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.12.08 20:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.12.08 19:30:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.12.08 18:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011.12.08 18:08:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.08 18:08:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.08 18:08:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.08 18:01:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.12.08 17:54:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.08 17:36:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011.12.08 17:36:43 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2011.12.08 17:36:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011.12.08 17:36:29 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2011.12.08 17:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.08 17:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011.12.08 17:01:00 | 000,000,000 | -HSD | C] -- C:\FOUND.030
[2011.12.08 16:47:43 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 6.0
[2011.12.08 16:41:44 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2011.12.01 00:32:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kiss\Desktop\nightchords
[2011.11.21 12:11:58 | 000,000,000 | -HSD | C] -- C:\FOUND.029
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.19 19:38:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kiss\Desktop\OTL.exe
[2011.12.19 19:32:34 | 000,000,665 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011.12.19 19:31:24 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.12.19 19:31:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.19 19:31:12 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 10:37:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.15 20:15:06 | 000,465,722 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.15 20:15:06 | 000,446,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.15 20:15:06 | 000,087,530 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.15 20:15:06 | 000,073,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.15 17:34:42 | 000,372,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.15 12:02:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.14 22:49:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.10 21:32:04 | 000,011,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\max 05.03. 2011.jpg
[2011.12.10 09:32:36 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2011.12.09 17:19:40 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.12.09 14:25:44 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011.12.08 18:00:46 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011.12.06 17:48:06 | 000,116,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.29 01:04:48 | 000,014,599 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\12.Texto_9._Ejercicio_6.pdf
[2011.11.29 01:04:00 | 000,012,839 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\13._DEBERES_-_Texto_10.pdf
[2011.11.22 14:20:34 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.11.22 14:20:34 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.11.22 14:20:34 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.15 20:10:26 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.10 21:32:03 | 000,011,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\max 05.03. 2011.jpg
[2011.12.08 17:44:11 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2011.12.08 17:43:43 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011.12.08 17:43:39 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011.12.08 17:43:39 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011.11.29 01:04:46 | 000,014,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\12.Texto_9._Ejercicio_6.pdf
[2011.11.29 01:03:53 | 000,012,839 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\13._DEBERES_-_Texto_10.pdf
[2011.01.10 13:46:18 | 000,081,876 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.09.16 20:53:38 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008.09.07 16:20:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008.08.10 21:47:39 | 000,038,879 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2008.08.10 21:47:39 | 000,029,432 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2008.07.14 19:17:40 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Sampler.INI
[2008.07.14 19:17:39 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2008.07.14 19:17:38 | 000,000,316 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2008.07.13 01:12:52 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008.07.13 01:12:52 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008.07.13 01:12:52 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008.07.13 01:12:52 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008.07.13 01:12:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.06.15 16:55:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.05.23 00:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.03.26 19:43:46 | 000,000,075 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.03.24 17:21:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.03.11 15:27:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008.03.10 19:53:37 | 000,000,551 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.02.28 22:49:34 | 000,000,540 | ---- | C] () -- C:\WINDOWS\Tcsofla.ini
[2008.02.28 21:48:47 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.02.28 02:17:51 | 000,245,112 | ---- | C] () -- C:\WINDOWS\System32\iimds.dll
[2008.02.28 02:17:51 | 000,232,824 | ---- | C] () -- C:\WINDOWS\System32\IMImage.dll
[2008.02.28 02:17:51 | 000,056,696 | ---- | C] () -- C:\WINDOWS\System32\imsys.dll
[2007.12.23 14:50:39 | 001,355,903 | ---- | C] () -- C:\WINDOWS\UnInstallSiemensAdsl.dll
[2007.12.02 15:42:24 | 000,347,410 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\wijzblbeoe_nav.dat
[2007.12.02 15:41:53 | 000,002,403 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\wijzblbeoe_navps.dat
[2007.12.02 15:41:52 | 000,004,731 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\wijzblbeoe.dat
[2007.11.27 14:56:06 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.11.11 14:57:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007.10.24 13:05:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.08.23 14:01:41 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.08.23 13:34:39 | 000,002,890 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.07.19 13:27:24 | 000,029,432 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007.07.19 13:27:18 | 000,038,879 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007.07.11 17:44:00 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2007.06.15 21:31:58 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007.06.02 18:12:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicStudio.INI
[2007.06.02 18:03:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2007.05.26 14:47:50 | 000,000,197 | ---- | C] () -- C:\WINDOWS\musicmaker.INI
[2007.05.26 14:36:15 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2007.05.10 22:45:16 | 000,000,102 | ---- | C] () -- C:\WINDOWS\muma7dlx.INI
[2007.05.10 22:44:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.05.10 22:43:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\magix.ini
[2007.05.10 22:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hiphopmaker.INI
[2007.05.10 22:29:48 | 000,001,188 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.04.03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.03.05 19:20:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.02.25 12:23:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.02.23 17:02:18 | 000,000,122 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2007.02.23 17:02:18 | 000,000,055 | ---- | C] () -- C:\WINDOWS\comundo.dat
[2007.01.30 22:32:00 | 000,002,064 | ---- | C] () -- C:\WINDOWS\LNL_DEV.bin
[2007.01.30 22:32:00 | 000,000,419 | ---- | C] () -- C:\WINDOWS\hardware.ini
[2007.01.27 19:11:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007.01.27 18:59:21 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.01.14 15:15:35 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.01.14 13:04:42 | 000,003,826 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.01.14 06:33:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007.01.14 01:01:08 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2007.01.14 00:49:11 | 000,116,736 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.01.14 00:06:11 | 000,000,665 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2007.01.14 00:00:33 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.01.13 23:59:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MCE.INI
[2007.01.13 23:50:48 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.01.12 16:48:16 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007.01.05 22:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.01.05 22:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.01.05 22:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.01.05 22:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006.11.26 03:05:27 | 000,159,821 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.EXE
[2006.11.26 03:05:27 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI
[2005.12.22 02:44:30 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.12.14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.11.30 04:48:46 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.10.31 03:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.10.25 23:59:46 | 000,037,774 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.08.05 14:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005.07.15 01:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005.03.28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2004.12.17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.08.10 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.10 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.10 20:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.10 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.10 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.10 20:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.10 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.10 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.10 20:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.10 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.01.13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004.01.05 11:47:52 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003.09.26 01:58:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003.09.26 01:49:20 | 000,465,722 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003.09.26 01:49:20 | 000,446,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.09.26 01:49:20 | 000,087,530 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003.09.26 01:49:20 | 000,073,808 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.09.26 00:54:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2003.09.26 00:53:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2003.09.26 00:53:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2003.09.26 00:53:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2003.09.26 00:53:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2003.06.14 21:06:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003.06.14 19:53:46 | 000,372,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003.06.14 04:46:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.06.14 03:58:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003.06.14 03:55:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003.02.26 19:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2003.02.20 14:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.08.26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2003.06.14 21:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2003.09.26 00:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2007.02.21 21:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007.06.02 18:05:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2007.12.31 02:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Insight Software
[2007.12.31 02:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Insight Software Solutions
[2008.01.04 03:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2008.02.07 19:18:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008.02.07 19:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2008.02.26 23:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2008.03.14 12:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS
[2008.08.05 20:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3Find
[2009.08.10 18:45:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.01.10 13:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.05.29 05:18:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2003.09.26 00:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Acer
[2007.01.14 13:41:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Leadertech
[2007.01.21 07:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\My Battle for Middle-earth Files
[2007.01.27 20:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\LimeWire
[2007.02.21 21:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\TuneUp Software
[2007.02.23 16:54:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\ICQLite
[2007.05.10 22:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\MAGIX
[2007.08.13 14:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\TMNT
[2007.11.20 17:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Participatory Culture Foundation
[2007.11.24 14:37:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\BitTorrent
[2008.01.02 03:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\.ABC
[2008.02.07 19:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\PC Suite
[2008.02.07 19:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Nokia
[2008.02.07 19:35:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\NSeries
[2008.02.07 19:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Nokia Multimedia Player
[2008.02.26 23:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Azureus
[2008.02.28 21:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\DAEMON Tools Pro
[2008.03.09 23:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\OtakuSoftware
[2008.03.10 14:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Teleca
[2008.03.10 21:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Soldat
[2008.03.24 17:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\concept design
[2008.06.15 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\rondomedia
[2008.07.04 17:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\QIP
[2011.05.29 05:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\go
[2011.09.22 19:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Aqvulu
[2011.09.22 19:33:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Emwo
[2011.09.27 22:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xkfqmkxkdjxxbomcbpm2c3dvjr2hguwh2
[2011.10.09 16:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xfuvfy3f2clwirqnkjrpc3znva2nawrg2
[2011.10.27 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xrqtchp1xzzrbfxmujwkteuc1esstwbj2
[2011.12.09 17:19:40 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2008.02.28 21:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\DAEMON Tools Pro
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2003.06.14 04:09:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Identities
[2003.06.14 21:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\You've Got Pictures Screensaver
[2003.06.14 21:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\AOL
[2003.09.26 00:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Acer
[2003.06.14 03:47:10 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Microsoft
[2007.01.13 23:51:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Macromedia
[2007.01.13 23:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\ATI
[2007.01.14 00:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\CyberLink
[2007.01.14 13:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla
[2007.01.14 13:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Talkback
[2007.01.14 13:41:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Leadertech
[2007.01.14 15:32:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Adobe
[2007.01.14 18:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\AdobeUM
[2007.01.14 19:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\DivX
[2007.01.21 07:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\My Battle for Middle-earth Files
[2007.01.24 17:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\dvdcss
[2007.01.27 20:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\LimeWire
[2007.02.12 21:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\DVD Shrink
[2007.02.15 22:32:46 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\SecuROM
[2007.02.21 21:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\TuneUp Software
[2007.02.23 16:54:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\ICQLite
[2007.03.03 16:06:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Ahead
[2007.03.20 19:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\teamspeak2
[2007.05.10 22:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\MAGIX
[2007.08.13 14:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\TMNT
[2007.08.27 18:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Sun
[2007.10.24 13:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Real
[2007.10.31 13:18:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Google
[2007.11.06 14:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Intel
[2007.11.20 17:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Participatory Culture Foundation
[2007.11.24 14:37:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\BitTorrent
[2007.11.27 14:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\skypePM
[2008.01.02 03:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\.ABC
[2008.02.07 19:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\PC Suite
[2008.02.07 19:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Nokia
[2008.02.07 19:35:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\NSeries
[2008.02.07 19:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Nokia Multimedia Player
[2008.02.26 23:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Azureus
[2008.02.28 21:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\DAEMON Tools Pro
[2008.03.03 16:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\ABBYY
[2008.03.09 23:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\OtakuSoftware
[2008.03.10 14:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Sony Ericsson
[2008.03.10 14:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Teleca
[2008.03.10 21:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Soldat
[2008.03.24 16:40:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\WinRAR
[2008.03.24 17:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\concept design
[2008.06.15 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\rondomedia
[2008.07.04 17:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\QIP
[2008.09.23 17:34:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\InstallShield
[2010.09.16 20:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Skype
[2011.01.10 13:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Apple Computer
[2011.03.22 10:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\vlc
[2011.05.29 05:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\go
[2011.09.22 19:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Aqvulu
[2011.09.22 19:33:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Emwo
[2011.09.27 22:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xkfqmkxkdjxxbomcbpm2c3dvjr2hguwh2
[2011.10.09 16:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xfuvfy3f2clwirqnkjrpc3znva2nawrg2
[2011.10.27 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xrqtchp1xzzrbfxmujwkteuc1esstwbj2
[2011.12.08 20:39:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Avira
[2011.12.15 18:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Malwarebytes
 
< %APPDATA%\*.exe /s >
[2008.02.26 23:53:30 | 005,456,862 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Azureus\plugins\azemp\azmplay.exe
[2007.12.14 19:04:24 | 003,381,280 | ---- | M] (Lime Wire LLC) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\LimeWire\.NetworkShare\Incomplete\T-3381280-LimeWireWin4.14.12.exe
[2011.05.26 18:59:08 | 003,119,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011.02.11 18:51:18 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2008.02.21 08:41:50 | 000,329,264 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Real\RealPlayer\Update\RealPlayer11GOLD.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.10 20:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004.08.10 20:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.10 20:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004.08.10 20:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.10 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.10 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 20:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.10 20:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 20:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.10 20:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.10 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.10 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.02.28 21:44:56 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2007.01.14 01:01:10 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dtscsi.sys
 
< %systemroot%\System32\config\*.sav >
[2003.06.14 03:46:28 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2003.06.14 03:46:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003.06.14 03:46:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >
--- --- ---

cosinus 19.12.2011 20:25
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - [2005.01.26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.lycos.de/search/msie40.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de
IE - HKCU\..\URLSearchHook:  - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.1&q="
[2011.12.13 21:58:46 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-10.xml
[2011.12.19 17:25:06 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\11-suche.xml
[2011.12.19 17:25:06 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\webde-suche.xml
[2011.08.17 21:38:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-9.xml
[2011.06.30 15:35:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-11.xml
[2011.06.30 15:45:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-12.xml
[2011.12.19 17:25:06 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\gmx-suche.xml
[2011.09.07 15:42:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-13.xml
[2011.09.30 22:14:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-17.xml
[2011.09.08 19:04:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-16.xml
[2011.10.09 17:58:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-18.xml
[2011.12.19 17:25:06 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\lastminute.xml
[2011.12.19 17:25:06 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\englische-ergebnisse.xml
[2011.03.02 15:08:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-5.xml
[2011.03.02 15:18:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-2.xml
[2011.03.05 19:27:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-6.xml
[2011.03.22 08:37:34 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin.xml
[2011.03.25 11:42:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-7.xml
[2011.03.25 15:32:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-1.xml
[2011.03.27 19:33:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-8.xml
[2011.04.27 15:15:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-4.xml
[2011.05.07 23:53:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-3.xml
[2009.08.11 12:53:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.09.26 00:54:28 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{44873280-c759-11dc-bb6b-001636b56b7b}\Shell\AutoRun\command - "" = K:\setupSNK.exe
O33 - MountPoints2\{93ce8702-f578-11e0-85cf-0018de307b4f}\Shell\AutoRun\command - "" = K:\RunClubSanDisk.exe
O33 - MountPoints2\{ba7d37d4-5d01-11de-bf09-001636b56b7b}\Shell\AutoRun\command - "" = FIREWALL\fix.exe
O33 - MountPoints2\{ba7d37d4-5d01-11de-bf09-001636b56b7b}\Shell\open\command - "" = FIREWALL\fix.exe
O33 - MountPoints2\{ff46310b-6881-11dd-bcc4-001636b56b7b}\Shell\Setup\command - "" = K:\setup.exe
[2011.09.22 19:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Aqvulu
[2011.09.22 19:33:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Emwo
[2011.09.27 22:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xkfqmkxkdjxxbomcbpm2c3dvjr2hguwh2
[2011.10.09 16:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xfuvfy3f2clwirqnkjrpc3znva2nawrg2
[2011.10.27 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xrqtchp1xzzrbfxmujwkteuc1esstwbj2
:Files
C:\FOUND.*
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mamt1982 19.12.2011 20:39
Bitteschön:


All processes killed
========== OTL ==========
Service vsdatant stopped successfully!
Service vsdatant deleted successfully!
C:\WINDOWS\system32\vsdatant.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.1&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\11-suche.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\webde-suche.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\gmx-suche.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\lastminute.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44873280-c759-11dc-bb6b-001636b56b7b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44873280-c759-11dc-bb6b-001636b56b7b}\ not found.
File K:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93ce8702-f578-11e0-85cf-0018de307b4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93ce8702-f578-11e0-85cf-0018de307b4f}\ not found.
File K:\RunClubSanDisk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba7d37d4-5d01-11de-bf09-001636b56b7b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba7d37d4-5d01-11de-bf09-001636b56b7b}\ not found.
File FIREWALL\fix.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba7d37d4-5d01-11de-bf09-001636b56b7b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba7d37d4-5d01-11de-bf09-001636b56b7b}\ not found.
File FIREWALL\fix.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff46310b-6881-11dd-bcc4-001636b56b7b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff46310b-6881-11dd-bcc4-001636b56b7b}\ not found.
File K:\setup.exe not found.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Aqvulu folder moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Emwo folder moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xkfqmkxkdjxxbomcbpm2c3dvjr2hguwh2 folder moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xfuvfy3f2clwirqnkjrpc3znva2nawrg2 folder moved successfully.
C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\xrqtchp1xzzrbfxmujwkteuc1esstwbj2 folder moved successfully.
========== FILES ==========
C:\FOUND.000 folder moved successfully.
C:\FOUND.001 folder moved successfully.
C:\FOUND.009 folder moved successfully.
C:\FOUND.002 folder moved successfully.
C:\FOUND.003 folder moved successfully.
C:\FOUND.004 folder moved successfully.
C:\FOUND.010 folder moved successfully.
C:\FOUND.011 folder moved successfully.
C:\FOUND.033 folder moved successfully.
C:\FOUND.012 folder moved successfully.
C:\FOUND.013 folder moved successfully.
C:\FOUND.014 folder moved successfully.
C:\FOUND.015 folder moved successfully.
C:\FOUND.016 folder moved successfully.
C:\FOUND.017 folder moved successfully.
C:\FOUND.018 folder moved successfully.
C:\FOUND.019 folder moved successfully.
C:\FOUND.020 folder moved successfully.
C:\FOUND.021 folder moved successfully.
C:\FOUND.022 folder moved successfully.
C:\FOUND.023 folder moved successfully.
C:\FOUND.005 folder moved successfully.
C:\FOUND.006 folder moved successfully.
C:\FOUND.007 folder moved successfully.
C:\FOUND.008 folder moved successfully.
C:\FOUND.024 folder moved successfully.
C:\FOUND.025 folder moved successfully.
C:\FOUND.026 folder moved successfully.
C:\FOUND.027 folder moved successfully.
C:\FOUND.028 folder moved successfully.
C:\FOUND.029 folder moved successfully.
C:\FOUND.030 folder moved successfully.
C:\FOUND.031 folder moved successfully.
C:\FOUND.032 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 500224 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Administrator
->Temp folder emptied: 500224 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Kiss
->Temp folder emptied: 314488006 bytes
->Temporary Internet Files folder emptied: 392393683 bytes
->Java cache emptied: 14832894 bytes
->FireFox cache emptied: 119991821 bytes
->Flash cache emptied: 5969763 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5014407 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34305015 bytes
RecycleBin emptied: 49013867 bytes

Total Files Cleaned = 894,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12192011_203112

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 19.12.2011 20:49
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

mamt1982 19.12.2011 21:08
21:00:14.0218 2276 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:00:14.0312 2276 ============================================================
21:00:14.0312 2276 Current date / time: 2011/12/19 21:00:14.0312
21:00:14.0312 2276 SystemInfo:
21:00:14.0312 2276
21:00:14.0312 2276 OS Version: 5.1.2600 ServicePack: 3.0
21:00:14.0312 2276 Product type: Workstation
21:00:14.0312 2276 ComputerName: JK
21:00:14.0312 2276 UserName: Kiss
21:00:14.0312 2276 Windows directory: C:\WINDOWS
21:00:14.0312 2276 System windows directory: C:\WINDOWS
21:00:14.0312 2276 Processor architecture: Intel x86
21:00:14.0312 2276 Number of processors: 2
21:00:14.0312 2276 Page size: 0x1000
21:00:14.0312 2276 Boot type: Normal boot
21:00:14.0312 2276 ============================================================
21:00:15.0484 2276 Initialize success
21:01:01.0687 3356 ============================================================
21:01:01.0687 3356 Scan started
21:01:01.0687 3356 Mode: Manual; SigCheck; TDLFS;
21:01:01.0687 3356 ============================================================
21:01:02.0765 3356 Abiosdsk - ok
21:01:02.0968 3356 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:01:04.0781 3356 abp480n5 - ok
21:01:05.0093 3356 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\WINDOWS\system32\drivers\ACEDRV07.sys
21:01:05.0140 3356 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
21:01:05.0140 3356 ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
21:01:05.0281 3356 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:01:05.0437 3356 ACPI - ok
21:01:05.0531 3356 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:01:05.0671 3356 ACPIEC - ok
21:01:05.0781 3356 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:01:05.0906 3356 adpu160m - ok
21:01:06.0046 3356 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:01:06.0171 3356 aec - ok
21:01:06.0406 3356 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:01:06.0437 3356 AegisP ( UnsignedFile.Multi.Generic ) - warning
21:01:06.0437 3356 AegisP - detected UnsignedFile.Multi.Generic (1)
21:01:06.0671 3356 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:01:06.0703 3356 AFD - ok
21:01:06.0875 3356 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:01:07.0015 3356 agp440 - ok
21:01:07.0156 3356 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:01:07.0265 3356 agpCPQ - ok
21:01:07.0437 3356 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:01:07.0515 3356 Aha154x - ok
21:01:07.0671 3356 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:01:07.0796 3356 aic78u2 - ok
21:01:07.0953 3356 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:01:08.0078 3356 aic78xx - ok
21:01:08.0250 3356 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:01:08.0390 3356 AliIde - ok
21:01:08.0562 3356 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:01:08.0687 3356 alim1541 - ok
21:01:08.0765 3356 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:01:08.0890 3356 amdagp - ok
21:01:09.0078 3356 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:01:09.0140 3356 amsint - ok
21:01:09.0265 3356 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:01:09.0375 3356 Arp1394 - ok
21:01:09.0531 3356 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:01:09.0656 3356 asc - ok
21:01:09.0828 3356 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:01:09.0890 3356 asc3350p - ok
21:01:10.0062 3356 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:01:10.0171 3356 asc3550 - ok
21:01:10.0328 3356 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:01:10.0437 3356 AsyncMac - ok
21:01:10.0515 3356 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:01:10.0625 3356 atapi - ok
21:01:10.0937 3356 Atdisk - ok
21:01:11.0484 3356 ati2mtag (86eed6c186ecd6c518d016b2a2ad7148) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:01:11.0953 3356 ati2mtag - ok
21:01:12.0062 3356 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:01:12.0187 3356 Atmarpc - ok
21:01:12.0328 3356 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:01:12.0453 3356 audstub - ok
21:01:12.0625 3356 AVerE506 (e7d0f6194d80c749bc36489344f3a5d9) C:\WINDOWS\system32\DRIVERS\AVerE506.sys
21:01:12.0703 3356 AVerE506 - ok
21:01:12.0859 3356 AVerM115 (118804bbfddf42c45db3c3d410f6a256) C:\WINDOWS\system32\DRIVERS\AVerM115.sys
21:01:12.0968 3356 AVerM115 - ok
21:01:13.0078 3356 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:01:13.0125 3356 avgntflt - ok
21:01:13.0250 3356 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:01:13.0265 3356 avipbb - ok
21:01:13.0359 3356 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:01:13.0375 3356 avkmgr - ok
21:01:13.0531 3356 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:01:13.0562 3356 b57w2k - ok
21:01:13.0593 3356 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:01:13.0718 3356 Beep - ok
21:01:14.0031 3356 btaudio - ok
21:01:14.0328 3356 BTDriver - ok
21:01:14.0625 3356 BTKRNL - ok
21:01:14.0921 3356 BTWDNDIS - ok
21:01:14.0968 3356 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:01:15.0109 3356 cbidf - ok
21:01:15.0125 3356 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:01:15.0250 3356 cbidf2k - ok
21:01:15.0343 3356 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:01:15.0468 3356 CCDECODE - ok
21:01:15.0625 3356 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:01:15.0687 3356 cd20xrnt - ok
21:01:15.0718 3356 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:01:15.0843 3356 Cdaudio - ok
21:01:15.0937 3356 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:01:16.0062 3356 Cdfs - ok
21:01:16.0109 3356 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:01:16.0234 3356 Cdrom - ok
21:01:16.0531 3356 Changer - ok
21:01:16.0656 3356 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:01:16.0781 3356 CmBatt - ok
21:01:16.0968 3356 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:01:17.0109 3356 CmdIde - ok
21:01:17.0203 3356 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:01:17.0328 3356 Compbatt - ok
21:01:17.0484 3356 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:01:17.0609 3356 Cpqarray - ok
21:01:17.0828 3356 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
21:01:17.0843 3356 cpuz135 - ok
21:01:18.0140 3356 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:01:18.0171 3356 CVirtA - ok
21:01:18.0484 3356 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
21:01:18.0515 3356 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:01:18.0515 3356 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:01:18.0750 3356 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:01:18.0875 3356 dac2w2k - ok
21:01:19.0046 3356 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:01:19.0156 3356 dac960nt - ok
21:01:19.0265 3356 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:01:19.0375 3356 Disk - ok
21:01:19.0468 3356 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:01:19.0671 3356 dmboot - ok
21:01:19.0781 3356 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:01:19.0906 3356 dmio - ok
21:01:19.0921 3356 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:01:20.0031 3356 dmload - ok
21:01:20.0140 3356 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:01:20.0265 3356 DMusic - ok
21:01:20.0593 3356 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:01:20.0609 3356 DNE - ok
21:01:20.0765 3356 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:01:20.0890 3356 dpti2o - ok
21:01:21.0000 3356 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:01:21.0109 3356 drmkaud - ok
21:01:21.0328 3356 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
21:01:21.0328 3356 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
21:01:21.0328 3356 dtscsi ( LockedFile.Multi.Generic ) - warning
21:01:21.0328 3356 dtscsi - detected LockedFile.Multi.Generic (1)
21:01:21.0640 3356 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
21:01:21.0671 3356 ENTECH - ok
21:01:21.0890 3356 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
21:01:21.0906 3356 EpmPsd ( UnsignedFile.Multi.Generic ) - warning
21:01:21.0906 3356 EpmPsd - detected UnsignedFile.Multi.Generic (1)
21:01:22.0125 3356 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys
21:01:22.0140 3356 EpmShd ( UnsignedFile.Multi.Generic ) - warning
21:01:22.0140 3356 EpmShd - detected UnsignedFile.Multi.Generic (1)
21:01:22.0250 3356 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:01:22.0375 3356 Fastfat - ok
21:01:22.0421 3356 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:01:22.0531 3356 Fdc - ok
21:01:22.0843 3356 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
21:01:22.0843 3356 FilterService - ok
21:01:22.0953 3356 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:01:23.0062 3356 Fips - ok
21:01:23.0156 3356 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:01:23.0281 3356 Flpydisk - ok
21:01:23.0437 3356 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:01:23.0562 3356 FltMgr - ok
21:01:23.0609 3356 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:01:23.0734 3356 Fs_Rec - ok
21:01:23.0890 3356 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:01:24.0000 3356 Ftdisk - ok
21:01:24.0062 3356 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:01:24.0171 3356 Gpc - ok
21:01:24.0328 3356 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:01:24.0437 3356 HDAudBus - ok
21:01:24.0531 3356 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:01:24.0656 3356 HidUsb - ok
21:01:24.0843 3356 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:01:24.0968 3356 hpn - ok
21:01:25.0203 3356 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:01:25.0250 3356 HPZid412 - ok
21:01:25.0468 3356 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:01:25.0484 3356 HPZipr12 - ok
21:01:25.0687 3356 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:01:25.0750 3356 HPZius12 - ok
21:01:25.0906 3356 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:01:25.0953 3356 HSFHWAZL - ok
21:01:26.0140 3356 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:01:26.0234 3356 HSF_DPV - ok
21:01:26.0312 3356 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:01:26.0359 3356 HTTP - ok
21:01:26.0468 3356 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:01:26.0593 3356 i2omgmt - ok
21:01:26.0687 3356 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:01:26.0796 3356 i2omp - ok
21:01:26.0875 3356 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:01:26.0984 3356 i8042prt - ok
21:01:27.0203 3356 ialm (81efe1c5542afb2570758f39ae3b1151) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:01:27.0343 3356 ialm - ok
21:01:27.0468 3356 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:01:27.0593 3356 Imapi - ok
21:01:27.0906 3356 InCDFs - ok
21:01:28.0218 3356 InCDPass - ok
21:01:28.0531 3356 InCDRm - ok
21:01:28.0734 3356 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:01:28.0859 3356 ini910u - ok
21:01:28.0859 3356 int15.sys - ok
21:01:29.0234 3356 IntcAzAudAddService (2389f12f0ed506176b7c29c8144cea09) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:01:29.0515 3356 IntcAzAudAddService - ok
21:01:29.0625 3356 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:01:29.0750 3356 IntelIde - ok
21:01:29.0859 3356 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:01:29.0968 3356 intelppm - ok
21:01:30.0093 3356 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:01:30.0218 3356 Ip6Fw - ok
21:01:30.0265 3356 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:01:30.0406 3356 IpFilterDriver - ok
21:01:30.0515 3356 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:01:30.0625 3356 IpInIp - ok
21:01:30.0703 3356 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:01:30.0812 3356 IpNat - ok
21:01:30.0921 3356 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:01:31.0031 3356 IPSec - ok
21:01:31.0140 3356 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:01:31.0265 3356 irda - ok
21:01:31.0343 3356 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:01:31.0468 3356 IRENUM - ok
21:01:31.0531 3356 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:01:31.0656 3356 isapnp - ok
21:01:31.0906 3356 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
21:01:31.0921 3356 k750bus ( UnsignedFile.Multi.Generic ) - warning
21:01:31.0921 3356 k750bus - detected UnsignedFile.Multi.Generic (1)
21:01:32.0156 3356 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
21:01:32.0171 3356 k750mdfl ( UnsignedFile.Multi.Generic ) - warning
21:01:32.0171 3356 k750mdfl - detected UnsignedFile.Multi.Generic (1)
21:01:32.0406 3356 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
21:01:32.0421 3356 k750mdm ( UnsignedFile.Multi.Generic ) - warning
21:01:32.0421 3356 k750mdm - detected UnsignedFile.Multi.Generic (1)
21:01:32.0656 3356 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
21:01:32.0671 3356 k750mgmt ( UnsignedFile.Multi.Generic ) - warning
21:01:32.0671 3356 k750mgmt - detected UnsignedFile.Multi.Generic (1)
21:01:32.0921 3356 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
21:01:32.0937 3356 k750obex ( UnsignedFile.Multi.Generic ) - warning
21:01:32.0937 3356 k750obex - detected UnsignedFile.Multi.Generic (1)
21:01:33.0062 3356 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:01:33.0187 3356 Kbdclass - ok
21:01:33.0265 3356 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:01:33.0390 3356 kbdhid - ok
21:01:33.0500 3356 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:01:33.0625 3356 kmixer - ok
21:01:33.0796 3356 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:01:33.0843 3356 KSecDD - ok
21:01:34.0156 3356 lbrtfdc - ok
21:01:34.0359 3356 lv321av (8e983f827edab91baa424977c6efddee) C:\WINDOWS\system32\Drivers\lv321av.sys
21:01:34.0453 3356 lv321av - ok
21:01:34.0765 3356 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
21:01:34.0781 3356 LVPr2Mon - ok
21:01:35.0109 3356 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:01:35.0125 3356 LVRS - ok
21:01:35.0296 3356 LVUSBSta (2a3a8361192de05de7d51d1f04f58b28) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
21:01:35.0312 3356 LVUSBSta - ok
21:01:35.0875 3356 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:01:36.0390 3356 LVUVC - ok
21:01:36.0734 3356 MBAMSwissArmy - ok
21:01:36.0906 3356 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:01:36.0937 3356 mdmxsdk - ok
21:01:37.0078 3356 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:01:37.0093 3356 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
21:01:37.0093 3356 MHNDRV - detected UnsignedFile.Multi.Generic (1)
21:01:37.0156 3356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:01:37.0281 3356 mnmdd - ok
21:01:37.0406 3356 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:01:37.0531 3356 Modem - ok
21:01:37.0593 3356 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:01:37.0703 3356 Mouclass - ok
21:01:37.0921 3356 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:01:38.0046 3356 mouhid - ok
21:01:38.0156 3356 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:01:38.0265 3356 MountMgr - ok
21:01:38.0312 3356 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
21:01:38.0437 3356 MPE - ok
21:01:38.0625 3356 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:01:38.0734 3356 mraid35x - ok
21:01:38.0812 3356 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:01:38.0921 3356 MRxDAV - ok
21:01:39.0000 3356 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:01:39.0078 3356 MRxSmb - ok
21:01:39.0156 3356 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:01:39.0281 3356 Msfs - ok
21:01:39.0375 3356 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:01:39.0484 3356 MSKSSRV - ok
21:01:39.0546 3356 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:01:39.0671 3356 MSPCLOCK - ok
21:01:39.0750 3356 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:01:39.0843 3356 MSPQM - ok
21:01:39.0984 3356 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:01:40.0109 3356 mssmbios - ok
21:01:40.0171 3356 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:01:40.0281 3356 MSTEE - ok
21:01:40.0453 3356 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:01:40.0500 3356 Mup - ok
21:01:40.0578 3356 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:01:40.0703 3356 NABTSFEC - ok
21:01:40.0734 3356 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:01:40.0859 3356 NDIS - ok
21:01:41.0062 3356 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
21:01:41.0078 3356 NdisFilt ( UnsignedFile.Multi.Generic ) - warning
21:01:41.0078 3356 NdisFilt - detected UnsignedFile.Multi.Generic (1)
21:01:41.0187 3356 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:01:41.0312 3356 NdisIP - ok
21:01:41.0406 3356 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:01:41.0437 3356 NdisTapi - ok
21:01:41.0531 3356 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:01:41.0656 3356 Ndisuio - ok
21:01:41.0671 3356 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:01:41.0781 3356 NdisWan - ok
21:01:42.0015 3356 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:01:42.0062 3356 NDProxy - ok
21:01:42.0140 3356 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:01:42.0250 3356 NetBIOS - ok
21:01:42.0328 3356 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:01:42.0437 3356 NetBT - ok
21:01:42.0640 3356 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
21:01:42.0656 3356 NETMNT ( UnsignedFile.Multi.Generic ) - warning
21:01:42.0656 3356 NETMNT - detected UnsignedFile.Multi.Generic (1)
21:01:43.0000 3356 NETw4x32 (e9d78fdf7ed53bc789cfeed1d3f15ef2) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
21:01:43.0171 3356 NETw4x32 - ok
21:01:43.0281 3356 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:01:43.0406 3356 NIC1394 - ok
21:01:43.0468 3356 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:01:43.0593 3356 Npfs - ok
21:01:43.0687 3356 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:01:43.0859 3356 Ntfs - ok
21:01:44.0046 3356 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
21:01:44.0062 3356 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
21:01:44.0062 3356 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
21:01:44.0109 3356 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:01:44.0234 3356 Null - ok
21:01:44.0281 3356 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:01:44.0390 3356 NwlnkFlt - ok
21:01:44.0421 3356 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:01:44.0546 3356 NwlnkFwd - ok
21:01:44.0640 3356 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:01:44.0765 3356 NwlnkIpx - ok
21:01:44.0828 3356 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:01:44.0953 3356 NwlnkNb - ok
21:01:45.0000 3356 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:01:45.0125 3356 NwlnkSpx - ok
21:01:45.0218 3356 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:01:45.0328 3356 ohci1394 - ok
21:01:45.0515 3356 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
21:01:45.0546 3356 OsaFsLoc ( UnsignedFile.Multi.Generic ) - warning
21:01:45.0546 3356 OsaFsLoc - detected UnsignedFile.Multi.Generic (1)
21:01:45.0734 3356 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
21:01:45.0750 3356 osaio ( UnsignedFile.Multi.Generic ) - warning
21:01:45.0765 3356 osaio - detected UnsignedFile.Multi.Generic (1)
21:01:45.0953 3356 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
21:01:45.0968 3356 osanbm ( UnsignedFile.Multi.Generic ) - warning
21:01:45.0968 3356 osanbm - detected UnsignedFile.Multi.Generic (1)
21:01:46.0015 3356 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
21:01:46.0140 3356 Parport - ok
21:01:46.0171 3356 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:01:46.0281 3356 PartMgr - ok
21:01:46.0328 3356 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:01:46.0437 3356 ParVdm - ok
21:01:46.0500 3356 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:01:46.0625 3356 PCI - ok
21:01:46.0921 3356 PCIDump - ok
21:01:47.0109 3356 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:01:47.0234 3356 PCIIde - ok
21:01:47.0312 3356 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:01:47.0406 3356 Pcmcia - ok
21:01:47.0718 3356 PDCOMP - ok
21:01:48.0015 3356 PDFRAME - ok
21:01:48.0312 3356 PDRELI - ok
21:01:48.0625 3356 PDRFRAME - ok
21:01:48.0781 3356 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:01:48.0906 3356 perc2 - ok
21:01:49.0000 3356 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:01:49.0125 3356 perc2hib - ok
21:01:49.0234 3356 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:01:49.0343 3356 PptpMiniport - ok
21:01:49.0406 3356 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:01:49.0531 3356 PSched - ok
21:01:49.0578 3356 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:01:49.0687 3356 Ptilink - ok
21:01:49.0828 3356 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:01:49.0843 3356 PxHelp20 - ok
21:01:50.0000 3356 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:01:50.0125 3356 ql1080 - ok
21:01:50.0281 3356 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:01:50.0406 3356 Ql10wnt - ok
21:01:50.0562 3356 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:01:50.0687 3356 ql12160 - ok
21:01:50.0843 3356 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:01:50.0953 3356 ql1240 - ok
21:01:51.0109 3356 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:01:51.0234 3356 ql1280 - ok
21:01:51.0265 3356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:01:51.0375 3356 RasAcd - ok
21:01:51.0531 3356 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:01:51.0593 3356 Rasirda - ok
21:01:51.0687 3356 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:01:51.0812 3356 Rasl2tp - ok
21:01:51.0875 3356 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:01:52.0000 3356 RasPppoe - ok
21:01:52.0031 3356 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:01:52.0140 3356 Raspti - ok
21:01:52.0218 3356 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:01:52.0328 3356 Rdbss - ok
21:01:52.0375 3356 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:01:52.0500 3356 RDPCDD - ok
21:01:52.0578 3356 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:01:52.0687 3356 rdpdr - ok
21:01:52.0796 3356 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:01:52.0843 3356 RDPWD - ok
21:01:52.0921 3356 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:01:53.0046 3356 redbook - ok
21:01:53.0312 3356 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:01:53.0328 3356 s24trans ( UnsignedFile.Multi.Generic ) - warning
21:01:53.0328 3356 s24trans - detected UnsignedFile.Multi.Generic (1)
21:01:53.0640 3356 sea1bus (d2654321192037bae90204e2fa6697ce) C:\WINDOWS\system32\DRIVERS\sea1bus.sys
21:01:53.0656 3356 sea1bus ( UnsignedFile.Multi.Generic ) - warning
21:01:53.0656 3356 sea1bus - detected UnsignedFile.Multi.Generic (1)
21:01:53.0937 3356 sea1mdfl (8146d9ec5142bd364956d3807f09ca9a) C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys
21:01:53.0953 3356 sea1mdfl ( UnsignedFile.Multi.Generic ) - warning
21:01:53.0953 3356 sea1mdfl - detected UnsignedFile.Multi.Generic (1)
21:01:54.0234 3356 sea1mdm (afe065da777dc4408c64df5c87472bb9) C:\WINDOWS\system32\DRIVERS\sea1mdm.sys
21:01:54.0265 3356 sea1mdm ( UnsignedFile.Multi.Generic ) - warning
21:01:54.0265 3356 sea1mdm - detected UnsignedFile.Multi.Generic (1)
21:01:54.0578 3356 sea1mgmt (a0bbd60222ad053d52f3a5c4f79904c7) C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys
21:01:54.0593 3356 sea1mgmt ( UnsignedFile.Multi.Generic ) - warning
21:01:54.0593 3356 sea1mgmt - detected UnsignedFile.Multi.Generic (1)
21:01:54.0875 3356 sea1nd5 (6549babfc3362f1621a8c0eff288fb14) C:\WINDOWS\system32\DRIVERS\sea1nd5.sys
21:01:54.0890 3356 sea1nd5 ( UnsignedFile.Multi.Generic ) - warning
21:01:54.0890 3356 sea1nd5 - detected UnsignedFile.Multi.Generic (1)
21:01:55.0171 3356 sea1obex (957510ab44e84497733f53322351f6e8) C:\WINDOWS\system32\DRIVERS\sea1obex.sys
21:01:55.0187 3356 sea1obex ( UnsignedFile.Multi.Generic ) - warning
21:01:55.0187 3356 sea1obex - detected UnsignedFile.Multi.Generic (1)
21:01:55.0484 3356 sea1unic (c1517e6a7ce1191ab076472bdf1b0e6e) C:\WINDOWS\system32\DRIVERS\sea1unic.sys
21:01:55.0500 3356 sea1unic ( UnsignedFile.Multi.Generic ) - warning
21:01:55.0500 3356 sea1unic - detected UnsignedFile.Multi.Generic (1)
21:01:55.0843 3356 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:01:55.0968 3356 Secdrv - ok
21:01:56.0281 3356 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
21:01:56.0390 3356 Serial - ok
21:01:56.0640 3356 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
21:01:56.0656 3356 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
21:01:56.0656 3356 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
21:01:56.0875 3356 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
21:01:56.0890 3356 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
21:01:56.0890 3356 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
21:01:57.0234 3356 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:01:57.0343 3356 Sfloppy - ok
21:01:57.0593 3356 sfsync04 (21a4c510ab071a10bcb638fe4254d101) C:\WINDOWS\system32\drivers\sfsync04.sys
21:01:57.0609 3356 sfsync04 ( UnsignedFile.Multi.Generic ) - warning
21:01:57.0609 3356 sfsync04 - detected UnsignedFile.Multi.Generic (1)
21:01:57.0828 3356 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
21:01:57.0828 3356 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
21:01:57.0828 3356 sfvfs02 - detected UnsignedFile.Multi.Generic (1)
21:01:58.0156 3356 Simbad - ok
21:01:58.0296 3356 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:01:58.0406 3356 sisagp - ok
21:01:58.0734 3356 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:01:58.0828 3356 SLIP - ok
21:01:59.0000 3356 SMCB000 (56642f0391ca5176f8cc1432e559ad00) C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
21:01:59.0015 3356 SMCB000 - ok
21:01:59.0171 3356 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
21:01:59.0203 3356 SMCIRDA - ok
21:01:59.0343 3356 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:01:59.0421 3356 Sparrow - ok
21:01:59.0734 3356 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:01:59.0859 3356 splitter - ok
21:02:00.0078 3356 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
21:02:00.0078 3356 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
21:02:00.0093 3356 sptd ( LockedFile.Multi.Generic ) - warning
21:02:00.0093 3356 sptd - detected LockedFile.Multi.Generic (1)
21:02:00.0390 3356 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:02:00.0500 3356 sr - ok
21:02:00.0593 3356 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:02:00.0656 3356 Srv - ok
21:02:00.0781 3356 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:02:00.0796 3356 ssmdrv - ok
21:02:01.0125 3356 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:02:01.0250 3356 streamip - ok
21:02:01.0437 3356 STYLEXPHELPER - ok
21:02:01.0828 3356 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:02:01.0937 3356 swenum - ok
21:02:02.0250 3356 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:02:02.0359 3356 swmidi - ok
21:02:02.0546 3356 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:02:02.0671 3356 symc810 - ok
21:02:02.0843 3356 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:02:02.0953 3356 symc8xx - ok
21:02:03.0015 3356 SYMIDSCO - ok
21:02:03.0187 3356 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:02:03.0312 3356 sym_hi - ok
21:02:03.0468 3356 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:02:03.0593 3356 sym_u3 - ok
21:02:03.0750 3356 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:02:03.0781 3356 SynTP - ok
21:02:04.0109 3356 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:02:04.0234 3356 sysaudio - ok
21:02:04.0484 3356 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:02:04.0593 3356 Tcpip - ok
21:02:04.0687 3356 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
21:02:04.0734 3356 Tcpip6 - ok
21:02:05.0062 3356 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:02:05.0187 3356 TDPIPE - ok
21:02:05.0500 3356 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:02:05.0609 3356 TDTCP - ok
21:02:05.0937 3356 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:02:06.0046 3356 TermDD - ok
21:02:06.0250 3356 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
21:02:06.0281 3356 tifm21 - ok
21:02:06.0468 3356 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
21:02:06.0593 3356 TosIde - ok
21:02:06.0734 3356 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:02:06.0843 3356 tunmp - ok
21:02:07.0015 3356 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
21:02:07.0031 3356 UBHelper ( UnsignedFile.Multi.Generic ) - warning
21:02:07.0031 3356 UBHelper - detected UnsignedFile.Multi.Generic (1)
21:02:07.0359 3356 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:02:07.0484 3356 Udfs - ok
21:02:07.0656 3356 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:02:07.0703 3356 ultra - ok
21:02:07.0843 3356 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:02:08.0000 3356 Update - ok
21:02:08.0328 3356 USBAAPL - ok
21:02:08.0656 3356 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:02:08.0765 3356 usbaudio - ok
21:02:09.0093 3356 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:02:09.0203 3356 usbccgp - ok
21:02:09.0312 3356 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:02:09.0437 3356 usbehci - ok
21:02:09.0734 3356 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:02:09.0843 3356 usbhub - ok
21:02:10.0156 3356 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:02:10.0281 3356 usbprint - ok
21:02:10.0593 3356 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:02:10.0703 3356 usbscan - ok
21:02:11.0031 3356 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
21:02:11.0140 3356 usbser - ok
21:02:11.0437 3356 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:02:11.0546 3356 USBSTOR - ok
21:02:11.0859 3356 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:02:11.0984 3356 usbuhci - ok
21:02:12.0109 3356 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:02:12.0234 3356 usbvideo - ok
21:02:12.0546 3356 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
21:02:12.0671 3356 USB_RNDIS - ok
21:02:12.0984 3356 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:02:13.0093 3356 VgaSave - ok
21:02:13.0203 3356 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:02:13.0328 3356 viaagp - ok
21:02:13.0625 3356 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:02:13.0718 3356 ViaIde - ok
21:02:14.0015 3356 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:02:14.0125 3356 VolSnap - ok
21:02:14.0328 3356 w39n51 (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys
21:02:14.0468 3356 w39n51 - ok
21:02:14.0796 3356 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:02:14.0921 3356 Wanarp - ok
21:02:15.0234 3356 wanatw - ok
21:02:15.0546 3356 WDICA - ok
21:02:15.0859 3356 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:02:15.0984 3356 wdmaud - ok
21:02:16.0171 3356 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:02:16.0265 3356 winachsf - ok
21:02:16.0609 3356 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:02:16.0734 3356 WmiAcpi - ok
21:02:17.0000 3356 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:02:17.0031 3356 WpdUsb - ok
21:02:17.0328 3356 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:02:17.0437 3356 WSTCODEC - ok
21:02:17.0703 3356 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:02:17.0781 3356 WudfPf - ok
21:02:18.0031 3356 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:02:18.0062 3356 WudfRd - ok
21:02:18.0187 3356 zlportio - ok
21:02:18.0234 3356 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
21:02:19.0265 3356 \Device\Harddisk0\DR0 - ok
21:02:19.0296 3356 Boot (0x1200) (1bc39c46c2788f199c8e41d9cd44b478) \Device\Harddisk0\DR0\Partition0
21:02:19.0312 3356 \Device\Harddisk0\DR0\Partition0 - ok
21:02:19.0328 3356 Boot (0x1200) (0587253fc35d71eb1d37a0ac1f7c6901) \Device\Harddisk0\DR0\Partition1
21:02:19.0328 3356 \Device\Harddisk0\DR0\Partition1 - ok
21:02:19.0328 3356 ============================================================
21:02:19.0328 3356 Scan finished
21:02:19.0328 3356 ============================================================
21:02:19.0437 2612 Detected object count: 32
21:02:19.0437 2612 Actual detected object count: 32
21:02:41.0921 2612 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0921 2612 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0921 2612 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0921 2612 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0921 2612 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0921 2612 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0937 2612 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
21:02:41.0937 2612 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
21:02:41.0937 2612 EpmPsd ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0937 2612 EpmPsd ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0937 2612 EpmShd ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0937 2612 EpmShd ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0937 2612 k750bus ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0937 2612 k750bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0937 2612 k750mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0937 2612 k750mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0937 2612 k750mdm ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0937 2612 k750mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0937 2612 k750mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0937 2612 k750mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0953 2612 k750obex ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0953 2612 k750obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0953 2612 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0953 2612 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0953 2612 NdisFilt ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0953 2612 NdisFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0953 2612 NETMNT ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0953 2612 NETMNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0953 2612 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0953 2612 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0953 2612 OsaFsLoc ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0953 2612 OsaFsLoc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0953 2612 osaio ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0953 2612 osaio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0953 2612 osanbm ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0953 2612 osanbm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0968 2612 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0968 2612 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0968 2612 sea1bus ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0968 2612 sea1bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0968 2612 sea1mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0968 2612 sea1mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0968 2612 sea1mdm ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0968 2612 sea1mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0968 2612 sea1mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0968 2612 sea1mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0968 2612 sea1nd5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0968 2612 sea1nd5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0968 2612 sea1obex ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0968 2612 sea1obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0968 2612 sea1unic ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0968 2612 sea1unic ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0968 2612 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0968 2612 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0984 2612 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0984 2612 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0984 2612 sfsync04 ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0984 2612 sfsync04 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0984 2612 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0984 2612 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:41.0984 2612 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:02:41.0984 2612 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:02:41.0984 2612 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:41.0984 2612 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 19.12.2011 21:13
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

mamt1982 21.12.2011 16:30
Combofix Logfile:
Code:
ComboFix 11-12-21.02 - Kiss 21.12.2011  16:10:32.1.2 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.495 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Kiss\Eigene Dateien\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\wijzblbeoe.dat
c:\dokumente und einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\wijzblbeoe_nav.dat
c:\dokumente und einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\wijzblbeoe_navps.dat
c:\dokumente und einstellungen\Kiss\WINDOWS
c:\programme\WinPCap
c:\programme\WinPCap\daemon_mgm.exe
c:\programme\WinPCap\npf_mgm.exe
c:\programme\WinPCap\rpcapd.exe
c:\windows\IsUn0407.exe
c:\windows\kb913800.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\npf.sys
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WindowsUpdate.log
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-21 bis 2011-12-21  ))))))))))))))))))))))))))))))
.
.
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin6.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin5.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin4.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin3.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin2.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin.dll
2011-12-19 19:48 . 2011-12-19 19:48        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2011-12-19 19:48 . 2011-12-19 19:48        --------        d-----w-        c:\programme\Apple Software Update
2011-12-19 19:31 . 2011-12-19 19:31        --------        d-----w-        C:\_OTL
2011-12-15 19:28 . 2011-12-15 19:28        --------        d-----w-        c:\programme\ESET
2011-12-15 17:42 . 2011-12-15 17:42        --------        d-----w-        c:\dokumente und einstellungen\Kiss\Anwendungsdaten\Malwarebytes
2011-12-15 17:39 . 2011-12-15 17:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-15 17:39 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-15 17:38 . 2011-12-15 17:39        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-12-11 14:21 . 2011-09-21 09:25        21992        ----a-w-        c:\windows\system32\drivers\cpuz135_x32.sys
2011-12-11 14:21 . 2011-12-11 14:21        --------        d-----w-        c:\programme\CPUID
2011-12-08 20:06 . 2011-06-24 14:10        139656        ------w-        c:\windows\system32\dllcache\rdpwd.sys
2011-12-08 20:06 . 2011-07-08 14:02        10496        ------w-        c:\windows\system32\dllcache\ndistapi.sys
2011-12-08 20:05 . 2011-04-21 13:37        105472        ------w-        c:\windows\system32\dllcache\mup.sys
2011-12-08 20:03 . 2010-11-02 15:17        40960        ------w-        c:\windows\system32\dllcache\ndproxy.sys
2011-12-08 20:02 . 2010-10-11 14:59        45568        ------w-        c:\windows\system32\dllcache\wab.exe
2011-12-08 20:02 . 2011-02-08 13:33        978944        ------w-        c:\windows\system32\dllcache\mfc42.dll
2011-12-08 20:02 . 2010-09-18 06:52        953856        ------w-        c:\windows\system32\dllcache\mfc40u.dll
2011-12-08 20:01 . 2010-08-23 16:11        617472        ------w-        c:\windows\system32\dllcache\comctl32.dll
2011-12-08 19:39 . 2011-12-08 19:39        --------        d-----w-        c:\dokumente und einstellungen\Kiss\Anwendungsdaten\Avira
2011-12-08 19:27 . 2011-11-22 13:20        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-12-08 19:27 . 2011-11-22 13:20        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2011-12-08 19:27 . 2011-11-22 13:20        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-12-08 19:27 . 2011-12-08 19:27        --------        d-----w-        c:\programme\Avira
2011-12-08 19:27 . 2011-12-08 19:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2011-12-08 17:46 . 2011-12-08 17:46        --------        d-----w-        c:\windows\system32\CatRoot_bak
2011-12-08 17:08 . 2011-12-08 17:08        --------        d-----w-        c:\windows\l2schemas
2011-12-08 17:08 . 2011-12-08 17:08        --------        d-----w-        c:\windows\system32\de
2011-12-08 17:08 . 2011-12-08 17:08        --------        d-----w-        c:\windows\system32\bits
2011-12-08 16:45 . 2008-04-14 02:22        37376        ------w-        c:\windows\system32\l2gpstore.dll
2011-12-08 16:44 . 2008-04-14 02:22        188508        ------w-        c:\windows\system32\slgen.dll
2011-12-08 16:43 . 2004-08-03 21:41        220032        ------w-        c:\windows\system32\drivers\hsfbs2s2.sys
2011-12-08 16:36 . 2011-12-08 16:36        --------        d-----w-        c:\windows\system32\XPSViewer
2011-12-08 16:36 . 2011-12-08 16:36        --------        d-----w-        c:\programme\MSBuild
2011-12-08 16:36 . 2011-12-08 16:36        --------        d-----w-        c:\programme\Reference Assemblies
2011-12-08 16:35 . 2008-07-06 12:06        89088        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-12-08 16:34 . 2008-07-06 12:06        89088        ------w-        c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-12-08 16:34 . 2008-07-06 12:06        117760        ------w-        c:\windows\system32\prntvpt.dll
2011-12-08 16:34 . 2008-07-06 12:06        575488        ------w-        c:\windows\system32\xpsshhdr.dll
2011-12-08 16:34 . 2008-07-06 12:06        575488        ------w-        c:\windows\system32\dllcache\xpsshhdr.dll
2011-12-08 16:34 . 2008-07-06 10:50        597504        ------w-        c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-12-08 16:34 . 2008-07-06 10:50        597504        ------w-        c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-12-08 16:34 . 2008-07-06 12:06        1676288        ------w-        c:\windows\system32\xpssvcs.dll
2011-12-08 16:34 . 2008-07-06 12:06        1676288        ------w-        c:\windows\system32\dllcache\xpssvcs.dll
2011-12-08 16:15 . 2011-12-08 16:15        --------        d-----w-        c:\windows\ie8updates
2011-12-08 16:14 . 2011-12-08 16:14        --------        d-----w-        c:\windows\ServicePackFiles
2011-12-08 15:47 . 2011-12-08 15:47        --------        d-----w-        c:\programme\MSXML 6.0
2011-12-08 15:41 . 2011-12-08 15:41        --------        d-----w-        c:\programme\MSXML 4.0
2011-12-08 15:01 . 2008-06-14 17:32        273024        ------w-        c:\windows\system32\dllcache\bthport.sys
2011-12-08 15:01 . 2008-06-14 17:32        273024        ------w-        c:\windows\system32\drivers\bthport.sys
2011-12-08 15:00 . 2011-02-17 13:18        357888        ------w-        c:\windows\system32\dllcache\srv.sys
2011-12-08 15:00 . 2011-07-15 13:29        456320        ------w-        c:\windows\system32\dllcache\mrxsmb.sys
2011-12-08 15:00 . 2009-11-21 15:54        471552        ------w-        c:\windows\system32\dllcache\aclayers.dll
2011-12-08 15:00 . 2010-06-14 14:31        744448        ------w-        c:\windows\system32\dllcache\helpsvc.exe
2011-12-08 15:00 . 2010-08-27 08:01        119808        ------w-        c:\windows\system32\dllcache\t2embed.dll
2011-12-08 15:00 . 2009-10-15 16:28        81920        ------w-        c:\windows\system32\dllcache\fontsub.dll
2011-12-08 15:00 . 2011-10-26 10:49        2195072        ------w-        c:\windows\system32\dllcache\ntoskrnl.exe
2011-12-08 15:00 . 2009-02-06 10:10        227840        ------w-        c:\windows\system32\dllcache\wmiprvse.exe
2011-12-08 15:00 . 2009-03-06 14:19        286720        ------w-        c:\windows\system32\dllcache\pdh.dll
2011-12-08 15:00 . 2009-02-09 11:21        111104        ------w-        c:\windows\system32\dllcache\services.exe
2011-12-08 15:00 . 2009-02-09 10:51        401408        ------w-        c:\windows\system32\dllcache\rpcss.dll
2011-12-08 15:00 . 2009-02-09 10:51        473600        ------w-        c:\windows\system32\dllcache\fastprox.dll
2011-12-08 14:59 . 2010-12-09 15:15        743936        ------w-        c:\windows\system32\dllcache\ntdll.dll
2011-12-08 14:59 . 2009-02-09 10:51        678400        ------w-        c:\windows\system32\dllcache\advapi32.dll
2011-12-08 14:59 . 2009-02-09 10:51        453120        ------w-        c:\windows\system32\dllcache\wmiprvsd.dll
2011-12-08 14:59 . 2011-10-26 10:49        2151424        ------w-        c:\windows\system32\dllcache\ntkrnlmp.exe
2011-12-08 14:59 . 2011-10-26 10:49        2029568        ------w-        c:\windows\system32\dllcache\ntkrpamp.exe
2011-12-08 14:58 . 2008-05-08 14:02        203136        ------w-        c:\windows\system32\dllcache\rmcast.sys
2011-12-08 14:58 . 2011-11-04 19:13        602112        ------w-        c:\windows\system32\dllcache\msfeeds.dll
2011-12-08 14:58 . 2011-11-04 19:13        55296        ------w-        c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-08 14:58 . 2011-11-04 19:13        12800        ------w-        c:\windows\system32\dllcache\xpshims.dll
2011-12-08 14:58 . 2011-11-04 19:13        247808        ------w-        c:\windows\system32\dllcache\ieproxy.dll
2011-12-08 14:58 . 2011-11-04 19:13        743424        ------w-        c:\windows\system32\dllcache\iedvtool.dll
2011-12-08 14:58 . 2011-11-04 19:13        2000384        ------w-        c:\windows\system32\dllcache\iertutil.dll
2011-12-08 14:58 . 2011-11-04 19:13        11081728        ------w-        c:\windows\system32\dllcache\ieframe.dll
2011-12-08 14:58 . 2010-02-12 10:03        293376        ------w-        c:\windows\system32\browserchoice.exe
2011-12-08 14:56 . 2008-10-15 16:35        337408        ------w-        c:\windows\system32\dllcache\netapi32.dll
2011-12-08 14:55 . 2010-07-16 12:01        220160        ------w-        c:\windows\system32\dllcache\wordpad.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 15:35 . 2011-05-26 17:59        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2004-08-10 19:00        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2006-01-09 19:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-10 19:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-10 19:00        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2004-08-10 19:00        385024        ----a-w-        c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 19:00        1288704        ----a-w-        c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 19:00        33280        ----a-w-        c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2005-09-29 19:28        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2005-09-29 19:27        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2011-10-14 16:38 . 2005-08-05 13:26        456192        ----a-w-        c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-10 19:00        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2011-03-23 15:11        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2008-07-26 10:55        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-10 19:00        604160        ----a-w-        c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59        614912        ----a-w-        c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-10 19:00        23040        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-09-26 10:41 . 2004-08-10 19:00        220160        ----a-w-        c:\windows\system32\oleacc.dll
2011-11-09 21:41 . 2011-05-08 19:34        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-11-19 6144]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Kiss^Startmenü^Programme^Autostart^PowerReg Scheduler.exe]
path=c:\dokumente und einstellungen\Kiss\Startmenü\Programme\Autostart\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2006-05-08 17:41        3080704        ----a-w-        c:\acer\Empowering Technology\ePower\Acer ePower Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
2005-10-24 15:45        2462208        ----a-w-        c:\acer\Empowering Technology\admtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 18:51        39792        ----a-w-        c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22        59240        ----a-w-        c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 16:41        45056        ----a-w-        c:\programme\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-11-22 13:20        258512        ----a-w-        c:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-24 22:21        53248        ------w-        c:\programme\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08        136136        ----a-w-        c:\programme\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2006-05-09 10:54        352256        ----a-w-        c:\acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-01-24 17:00        397312        ----a-w-        c:\acer\Empowering Technology\eRecovery\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36        2793304        ----a-w-        c:\programme\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 16:15        45056        ----a-w-        c:\programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06        254696        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-01 23:11        692315        ----a-w-        c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-11-01 23:11        102491        ----a-w-        c:\programme\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"SharedAccess"=2 (0x2)
"wscsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe"
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe"
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\update.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avcenter.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7558:TCP"= 7558:TCP:BitComet 7558 TCP
"7558:UDP"= 7558:UDP:BitComet 7558 UDP
"13138:UDP"= 13138:UDP:UDP 13138
"14034:UDP"= 14034:UDP:UDP 14034
"22543:TCP"= 22543:TCP:TCP 22543
"27328:TCP"= 27328:TCP:TCP 27328
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.01.2007 00:58 685816]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [08.12.2011 20:27 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.12.2011 20:27 86224]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [11.12.2011 15:21 21992]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4ee10b84\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4ee10b84\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_4ee10b84\avupgsvc.exe [?]
S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [25.08.2005 20:10 509312]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24.08.2005 07:07 692992]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30.11.2005 05:28 1088896]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [10.03.2008 16:14 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [10.03.2008 16:14 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [10.03.2008 16:14 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [10.03.2008 16:19 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [10.03.2008 19:24 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [10.03.2008 16:18 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [10.03.2008 19:24 90800]
S3 zlportio;zlportio;\??\d:\ultrastar\SingStar\SingStar\ultrastar-dx-100\zlportio.sys --> d:\ultrastar\SingStar\SingStar\ultrastar-dx-100\zlportio.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - INT15.SYS
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-09 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 15:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1A43C6FA-536F-4D6B-9BF4-3F137FEF8627}: NameServer = 134.245.1.36,134.245.10.7
FF - ProfilePath - c:\dokumente und einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-eDataSecurity Loader - c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
MSConfigStartUp-iTunesHelper - c:\programme\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-21 16:24
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-453502440-1443580863-3819272463-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:02,af,d5,82,8f,c9,26,cc,a2,35,dd,51,42,1f,95,fa,53,ff,ec,be,f9,45,8a,
  a6,ee,3c,04,d4,e8,ad,42,a9,9d,6a,7f,67,f5,ef,43,16,c0,57,79,e6,fa,da,b9,24,\
"??"=hex:59,1e,17,7b,7a,4a,c3,15,50,76,89,56,55,66,3f,9b
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1664)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2011-12-21  16:28:02
ComboFix-quarantined-files.txt  2011-12-21 15:27
.
Vor Suchlauf: 19 Verzeichnis(se), 11.749.588.992 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 11.695.521.792 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6590D4B9E7D46828B6CB67F4B7B134B6
--- --- ---

cosinus 21.12.2011 17:22
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7558:TCP"=-
"7558:UDP"=-
"13138:UDP"=-
"14034:UDP"=-
"22543:TCP"=-
"27328:TCP"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mamt1982 21.12.2011 18:02
nach neustart hat er nicht gefragt...

Combofix Logfile:
Code:
ComboFix 11-12-21.02 - Kiss 21.12.2011  17:41:30.2.2 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.446 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Kiss\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Kiss\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-21 bis 2011-12-21  ))))))))))))))))))))))))))))))
.
.
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin6.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin5.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin4.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin3.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin2.dll
2011-12-19 19:49 . 2011-12-19 19:49        159744        ----a-w-        c:\programme\Mozilla Firefox\plugins\npqtplugin.dll
2011-12-19 19:48 . 2011-12-19 19:48        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2011-12-19 19:48 . 2011-12-19 19:48        --------        d-----w-        c:\programme\Apple Software Update
2011-12-19 19:31 . 2011-12-19 19:31        --------        d-----w-        C:\_OTL
2011-12-15 19:28 . 2011-12-15 19:28        --------        d-----w-        c:\programme\ESET
2011-12-15 17:42 . 2011-12-15 17:42        --------        d-----w-        c:\dokumente und einstellungen\Kiss\Anwendungsdaten\Malwarebytes
2011-12-15 17:39 . 2011-12-15 17:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-15 17:39 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-15 17:38 . 2011-12-15 17:39        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-12-11 14:21 . 2011-09-21 09:25        21992        ----a-w-        c:\windows\system32\drivers\cpuz135_x32.sys
2011-12-11 14:21 . 2011-12-11 14:21        --------        d-----w-        c:\programme\CPUID
2011-12-08 20:06 . 2011-06-24 14:10        139656        ------w-        c:\windows\system32\dllcache\rdpwd.sys
2011-12-08 20:06 . 2011-07-08 14:02        10496        ------w-        c:\windows\system32\dllcache\ndistapi.sys
2011-12-08 20:05 . 2011-04-21 13:37        105472        ------w-        c:\windows\system32\dllcache\mup.sys
2011-12-08 20:03 . 2010-11-02 15:17        40960        ------w-        c:\windows\system32\dllcache\ndproxy.sys
2011-12-08 20:02 . 2010-10-11 14:59        45568        ------w-        c:\windows\system32\dllcache\wab.exe
2011-12-08 20:02 . 2011-02-08 13:33        978944        ------w-        c:\windows\system32\dllcache\mfc42.dll
2011-12-08 20:02 . 2010-09-18 06:52        953856        ------w-        c:\windows\system32\dllcache\mfc40u.dll
2011-12-08 20:01 . 2010-08-23 16:11        617472        ------w-        c:\windows\system32\dllcache\comctl32.dll
2011-12-08 19:39 . 2011-12-08 19:39        --------        d-----w-        c:\dokumente und einstellungen\Kiss\Anwendungsdaten\Avira
2011-12-08 19:27 . 2011-11-22 13:20        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-12-08 19:27 . 2011-11-22 13:20        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2011-12-08 19:27 . 2011-11-22 13:20        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-12-08 19:27 . 2011-12-08 19:27        --------        d-----w-        c:\programme\Avira
2011-12-08 19:27 . 2011-12-08 19:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2011-12-08 17:46 . 2011-12-08 17:46        --------        d-----w-        c:\windows\system32\CatRoot_bak
2011-12-08 17:08 . 2011-12-08 17:08        --------        d-----w-        c:\windows\l2schemas
2011-12-08 17:08 . 2011-12-08 17:08        --------        d-----w-        c:\windows\system32\de
2011-12-08 17:08 . 2011-12-08 17:08        --------        d-----w-        c:\windows\system32\bits
2011-12-08 16:45 . 2008-04-14 02:22        37376        ------w-        c:\windows\system32\l2gpstore.dll
2011-12-08 16:44 . 2008-04-14 02:22        188508        ------w-        c:\windows\system32\slgen.dll
2011-12-08 16:43 . 2004-08-03 21:41        220032        ------w-        c:\windows\system32\drivers\hsfbs2s2.sys
2011-12-08 16:36 . 2011-12-08 16:36        --------        d-----w-        c:\windows\system32\XPSViewer
2011-12-08 16:36 . 2011-12-08 16:36        --------        d-----w-        c:\programme\MSBuild
2011-12-08 16:36 . 2011-12-08 16:36        --------        d-----w-        c:\programme\Reference Assemblies
2011-12-08 16:35 . 2008-07-06 12:06        89088        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-12-08 16:34 . 2008-07-06 12:06        89088        ------w-        c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-12-08 16:34 . 2008-07-06 12:06        117760        ------w-        c:\windows\system32\prntvpt.dll
2011-12-08 16:34 . 2008-07-06 12:06        575488        ------w-        c:\windows\system32\xpsshhdr.dll
2011-12-08 16:34 . 2008-07-06 12:06        575488        ------w-        c:\windows\system32\dllcache\xpsshhdr.dll
2011-12-08 16:34 . 2008-07-06 10:50        597504        ------w-        c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-12-08 16:34 . 2008-07-06 10:50        597504        ------w-        c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-12-08 16:34 . 2008-07-06 12:06        1676288        ------w-        c:\windows\system32\xpssvcs.dll
2011-12-08 16:34 . 2008-07-06 12:06        1676288        ------w-        c:\windows\system32\dllcache\xpssvcs.dll
2011-12-08 16:15 . 2011-12-08 16:15        --------        d-----w-        c:\windows\ie8updates
2011-12-08 16:14 . 2011-12-08 16:14        --------        d-----w-        c:\windows\ServicePackFiles
2011-12-08 15:47 . 2011-12-08 15:47        --------        d-----w-        c:\programme\MSXML 6.0
2011-12-08 15:41 . 2011-12-08 15:41        --------        d-----w-        c:\programme\MSXML 4.0
2011-12-08 15:01 . 2008-06-14 17:32        273024        ------w-        c:\windows\system32\dllcache\bthport.sys
2011-12-08 15:01 . 2008-06-14 17:32        273024        ------w-        c:\windows\system32\drivers\bthport.sys
2011-12-08 15:00 . 2011-02-17 13:18        357888        ------w-        c:\windows\system32\dllcache\srv.sys
2011-12-08 15:00 . 2011-07-15 13:29        456320        ------w-        c:\windows\system32\dllcache\mrxsmb.sys
2011-12-08 15:00 . 2009-11-21 15:54        471552        ------w-        c:\windows\system32\dllcache\aclayers.dll
2011-12-08 15:00 . 2010-06-14 14:31        744448        ------w-        c:\windows\system32\dllcache\helpsvc.exe
2011-12-08 15:00 . 2010-08-27 08:01        119808        ------w-        c:\windows\system32\dllcache\t2embed.dll
2011-12-08 15:00 . 2009-10-15 16:28        81920        ------w-        c:\windows\system32\dllcache\fontsub.dll
2011-12-08 15:00 . 2011-10-26 10:49        2195072        ------w-        c:\windows\system32\dllcache\ntoskrnl.exe
2011-12-08 15:00 . 2009-02-06 10:10        227840        ------w-        c:\windows\system32\dllcache\wmiprvse.exe
2011-12-08 15:00 . 2009-03-06 14:19        286720        ------w-        c:\windows\system32\dllcache\pdh.dll
2011-12-08 15:00 . 2009-02-09 11:21        111104        ------w-        c:\windows\system32\dllcache\services.exe
2011-12-08 15:00 . 2009-02-09 10:51        401408        ------w-        c:\windows\system32\dllcache\rpcss.dll
2011-12-08 15:00 . 2009-02-09 10:51        473600        ------w-        c:\windows\system32\dllcache\fastprox.dll
2011-12-08 14:59 . 2010-12-09 15:15        743936        ------w-        c:\windows\system32\dllcache\ntdll.dll
2011-12-08 14:59 . 2009-02-09 10:51        678400        ------w-        c:\windows\system32\dllcache\advapi32.dll
2011-12-08 14:59 . 2009-02-09 10:51        453120        ------w-        c:\windows\system32\dllcache\wmiprvsd.dll
2011-12-08 14:59 . 2011-10-26 10:49        2151424        ------w-        c:\windows\system32\dllcache\ntkrnlmp.exe
2011-12-08 14:59 . 2011-10-26 10:49        2029568        ------w-        c:\windows\system32\dllcache\ntkrpamp.exe
2011-12-08 14:58 . 2008-05-08 14:02        203136        ------w-        c:\windows\system32\dllcache\rmcast.sys
2011-12-08 14:58 . 2011-11-04 19:13        602112        ------w-        c:\windows\system32\dllcache\msfeeds.dll
2011-12-08 14:58 . 2011-11-04 19:13        55296        ------w-        c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-08 14:58 . 2011-11-04 19:13        12800        ------w-        c:\windows\system32\dllcache\xpshims.dll
2011-12-08 14:58 . 2011-11-04 19:13        247808        ------w-        c:\windows\system32\dllcache\ieproxy.dll
2011-12-08 14:58 . 2011-11-04 19:13        743424        ------w-        c:\windows\system32\dllcache\iedvtool.dll
2011-12-08 14:58 . 2011-11-04 19:13        2000384        ------w-        c:\windows\system32\dllcache\iertutil.dll
2011-12-08 14:58 . 2011-11-04 19:13        11081728        ------w-        c:\windows\system32\dllcache\ieframe.dll
2011-12-08 14:58 . 2010-02-12 10:03        293376        ------w-        c:\windows\system32\browserchoice.exe
2011-12-08 14:56 . 2008-10-15 16:35        337408        ------w-        c:\windows\system32\dllcache\netapi32.dll
2011-12-08 14:55 . 2010-07-16 12:01        220160        ------w-        c:\windows\system32\dllcache\wordpad.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 15:35 . 2011-05-26 17:59        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2004-08-10 19:00        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2006-01-09 19:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-10 19:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-10 19:00        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2004-08-10 19:00        385024        ----a-w-        c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 19:00        1288704        ----a-w-        c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 19:00        33280        ----a-w-        c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2005-09-29 19:28        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2005-09-29 19:27        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2011-10-14 16:38 . 2005-08-05 13:26        456192        ----a-w-        c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-10 19:00        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2011-03-23 15:11        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2008-07-26 10:55        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-10 19:00        604160        ----a-w-        c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59        614912        ----a-w-        c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-10 19:00        23040        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-09-26 10:41 . 2004-08-10 19:00        220160        ----a-w-        c:\windows\system32\oleacc.dll
2011-11-09 21:41 . 2011-05-08 19:34        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-11-19 6144]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Kiss^Startmenü^Programme^Autostart^PowerReg Scheduler.exe]
path=c:\dokumente und einstellungen\Kiss\Startmenü\Programme\Autostart\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2006-05-08 17:41        3080704        ----a-w-        c:\acer\Empowering Technology\ePower\Acer ePower Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
2005-10-24 15:45        2462208        ----a-w-        c:\acer\Empowering Technology\admtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22        59240        ----a-w-        c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 16:41        45056        ----a-w-        c:\programme\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-11-22 13:20        258512        ----a-w-        c:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-24 22:21        53248        ------w-        c:\programme\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08        136136        ----a-w-        c:\programme\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2006-05-09 10:54        352256        ----a-w-        c:\acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-01-24 17:00        397312        ----a-w-        c:\acer\Empowering Technology\eRecovery\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36        2793304        ----a-w-        c:\programme\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 16:15        45056        ----a-w-        c:\programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06        254696        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-01 23:11        692315        ----a-w-        c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-11-01 23:11        102491        ----a-w-        c:\programme\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"SharedAccess"=2 (0x2)
"wscsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe"
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe"
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\update.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avcenter.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.01.2007 00:58 685816]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [08.12.2011 20:27 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.12.2011 20:27 86224]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [11.12.2011 15:21 21992]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4ee10b84\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4ee10b84\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_4ee10b84\avupgsvc.exe [?]
S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [25.08.2005 20:10 509312]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24.08.2005 07:07 692992]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30.11.2005 05:28 1088896]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [10.03.2008 16:14 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [10.03.2008 16:14 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [10.03.2008 16:14 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [10.03.2008 16:19 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [10.03.2008 19:24 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [10.03.2008 16:18 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [10.03.2008 19:24 90800]
S3 zlportio;zlportio;\??\d:\ultrastar\SingStar\SingStar\ultrastar-dx-100\zlportio.sys --> d:\ultrastar\SingStar\SingStar\ultrastar-dx-100\zlportio.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - INT15.SYS
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-09 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 15:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1A43C6FA-536F-4D6B-9BF4-3F137FEF8627}: NameServer = 134.245.1.36,134.245.10.7
FF - ProfilePath - c:\dokumente und einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-21 17:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-453502440-1443580863-3819272463-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:02,af,d5,82,8f,c9,26,cc,a2,35,dd,51,42,1f,95,fa,53,ff,ec,be,f9,45,8a,
  a6,ee,3c,04,d4,e8,ad,42,a9,9d,6a,7f,67,f5,ef,43,16,c0,57,79,e6,fa,da,b9,24,\
"??"=hex:59,1e,17,7b,7a,4a,c3,15,50,76,89,56,55,66,3f,9b
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1664)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2011-12-21  18:00:25
ComboFix-quarantined-files.txt  2011-12-21 17:00
ComboFix2.txt  2011-12-21 15:28
.
Vor Suchlauf: 19 Verzeichnis(se), 11.642.601.472 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 11.627.462.656 Bytes frei
.
- - End Of File - - 731749DD6D4BD3655E3C8C823F6B3C7B
--- --- ---

cosinus 21.12.2011 19:32
Partitionen nach NTFS konvertieren:
1) Start, Ausführen, cmd eintippen und ok
2) Befehl convert c: /fs:ntfs eintippen bestätigen mit Return oder Enter
3) Die aktuelle Bezeichnung von C: eintippen (siehst Du im Arbeitsplatz auf D: - wenn "Lokaler Datenträger" da nur steht hat C: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung) - notfalls einen einfachen Namen für diese Partition vergeben im Arbeitsplatz über Rechtsklick=>Eigenschaften
4) Ggf. Bestätigen, dass das Laufwerk für den exklusiven Zugriff gesperrt werden muss mit J
5) Abwarten bis convert durch ist

mamt1982 21.12.2011 22:13
Sorry...den dritten schritt verstehe ich nicht ganz.kannst du ihn mit bitte nochmal erklären.

Würde dich gern darum bitten,mir zu sagen,auf welchem stand wir uns gerade befinden und was die Konvertierung nun bringen soll.

Viele Grüße

cosinus 21.12.2011 22:21
Zitat:
kannst du ihn mit bitte nochmal erklären.
Was ist denn daran nicht zu verstehen? convert will die Bezeichnung vom Laufwerk wissen und die sieht man im Arbeitsplatz!

Zitat:
und was die Konvertierung nun bringen soll.
FAT32 ist ein Uralt-DOS Dateisystem und hat auf einer Systempartition (auf der wo Windows installiert ist) NICHTS verloren

mamt1982 21.12.2011 22:27
Super..alles klar.danke!

mamt1982 22.12.2011 00:04
so..erledigt.

warte auf weitere instruktionen ;)

danke

cosinus 22.12.2011 10:37
Mach ein neues OTL Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

mamt1982 22.12.2011 21:14
OTL Logfile:
Code:
OTL logfile created on: 22.12.2011 20:59:21 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Kiss\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,04 Mb Total Physical Memory | 531,23 Mb Available Physical Memory | 51,98% Memory free
2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,50% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,21 Gb Total Space | 13,20 Gb Free Space | 24,81% Space Free | Partition Type: NTFS
Drive D: | 53,70 Gb Total Space | 14,77 Gb Free Space | 27,50% Space Free | Partition Type: NTFS
 
Computer Name: JK | User Name: Kiss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.22 20:56:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kiss\Desktop\OTL.exe
PRC - [2011.12.21 18:06:14 | 000,500,224 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\temp\RtkBtMnt.exe
PRC - [2011.11.22 14:20:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.22 14:20:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.11.22 14:20:06 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.11.22 14:20:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006.05.09 11:54:26 | 000,352,256 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.02.17 15:26:32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.01.24 18:00:08 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.08 21:32:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_db202c66\mscorlib.dll
MOD - [2011.12.08 21:31:56 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_bf0e143b\system.drawing.dll
MOD - [2011.12.08 21:31:16 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_0cb47c7c\system.windows.forms.dll
MOD - [2011.12.08 21:30:38 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f6eff8d4\system.dll
MOD - [2011.12.08 21:30:26 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011.11.22 14:20:20 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.02.04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.04.03 16:18:26 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2007.03.06 16:40:04 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006.01.20 15:56:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2006.01.20 15:56:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005.10.19 10:17:58 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2005.09.05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005.08.03 22:32:08 | 000,125,440 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2003.06.14 19:40:18 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2003.06.14 19:40:18 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2003.06.14 19:39:36 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (AviraUpgradeService)
SRV - [2011.11.22 14:20:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.11.22 14:20:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.02.08 16:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.11.23 16:45:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006.02.17 15:26:32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2004.01.05 11:47:48 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.22 14:20:34 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.22 14:20:34 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.11.22 14:20:34 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.06.17 14:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.11 13:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.10.07 10:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009.10.07 10:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009.10.07 10:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.04.13 19:56:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.02.28 21:44:56 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.06.02 18:07:58 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2007.04.27 04:01:34 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.04.03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.02.21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.02.08 12:56:20 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1unic.sys -- (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)
DRV - [2007.02.08 12:56:06 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1obex.sys -- (sea1obex)
DRV - [2007.02.08 12:56:02 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1nd5.sys -- (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)
DRV - [2007.02.08 12:56:00 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mgmt.sys -- (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)
DRV - [2007.02.08 12:55:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdm.sys -- (sea1mdm)
DRV - [2007.02.08 12:55:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdfl.sys -- (sea1mdfl)
DRV - [2007.02.08 12:55:40 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1bus.sys -- (sea1bus) Sony Ericsson Device 0A1 driver (WDM)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007.01.14 01:01:10 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006.05.03 21:50:54 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.04.05 23:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.01.23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006.01.23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005.12.12 20:12:02 | 000,049,664 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2005.12.06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005.11.30 05:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005.11.30 05:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.11.26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.11.08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.11.08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.11.03 15:40:08 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.10.15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005.09.13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005.08.25 20:10:02 | 000,509,312 | ---- | M] (AVerMedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerE506.sys -- (AVerE506)
DRV - [2005.08.24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005.08.10 13:44:06 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.06.30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.06.22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.05.16 14:20:40 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.05.02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005.04.05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005.02.11 11:24:24 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005.02.11 11:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.02.11 11:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.02.11 11:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.02.11 11:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.12.09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004.08.10 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.10 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 E0 BB 44 03 C0 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2007.01.14 13:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2007.01.14 13:04:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Programme\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008.08.10 00:10:04 | 000,000,000 | ---D | M]
 
[2008.06.30 08:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Extensions
[2007.01.14 13:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla\Firefox\Profiles\ov2d0eu9.default\extensions
[2007.01.14 13:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.08 18:26:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KISS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OV2D0EU9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KISS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OV2D0EU9.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KISS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OV2D0EU9.DEFAULT\EXTENSIONS\UNPLUG@COMPUNACH.XPI
[2011.03.23 16:11:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.12.08 17:39:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.09 22:41:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 11:50:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 11:50:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.06 11:50:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 11:50:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 11:50:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 11:50:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.19 20:32:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Programme\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A43C6FA-536F-4D6B-9BF4-3F137FEF8627}: NameServer = 134.245.1.36,134.245.10.7
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "wuauserv"
MsConfig - Services: "SharedAccess"
MsConfig - Services: "wscsvc"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Kiss^Startmenü^Programme^Autostart^PowerReg Scheduler.exe -  - File not found
MsConfig - StartUpReg: Acer ePower Management - hkey= - key= - C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
MsConfig - StartUpReg: ADMTray.exe - hkey= - key= - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - StartUpReg: AzMixerSel - hkey= - key= - C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
MsConfig - StartUpReg: eRecoveryService - hkey= - key= - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: ntiMUI - hkey= - key= - C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.22 20:56:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kiss\Desktop\OTL.exe
[2011.12.22 20:51:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.12.21 18:08:56 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011.12.21 17:39:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.12.21 16:07:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.12.21 16:05:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.12.21 16:05:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.12.21 16:05:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.12.21 16:05:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.12.20 16:30:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.12.20 16:27:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.19 20:49:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2011.12.19 20:48:52 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2011.12.19 20:48:38 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.12.19 20:31:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.15 20:28:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.15 19:29:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.12.15 18:42:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Malwarebytes
[2011.12.15 18:39:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.15 18:39:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.15 18:39:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.15 18:38:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.11 15:21:42 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2011.12.11 15:21:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CPUID
[2011.12.11 15:21:41 | 000,000,000 | ---D | C] -- C:\Programme\CPUID
[2011.12.08 20:39:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Avira
[2011.12.08 20:28:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.12.08 20:27:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.12.08 20:27:51 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.08 20:27:51 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.08 20:27:51 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.08 20:27:50 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.12.08 20:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.12.08 19:30:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.12.08 18:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011.12.08 18:08:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.08 18:08:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.08 18:08:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.08 18:01:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.12.08 17:54:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.08 17:36:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011.12.08 17:36:43 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2011.12.08 17:36:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011.12.08 17:36:29 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2011.12.08 17:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.08 17:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011.12.08 16:47:43 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 6.0
[2011.12.08 16:41:44 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2011.12.01 00:32:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kiss\Desktop\nightchords
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.22 20:56:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kiss\Desktop\OTL.exe
[2011.12.22 20:52:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011.12.22 20:51:20 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.12.22 20:50:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.22 20:50:23 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 18:03:38 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011.12.21 16:51:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.21 15:59:12 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011.12.20 22:40:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.15 20:15:06 | 000,465,722 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.15 20:15:06 | 000,446,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.15 20:15:06 | 000,087,530 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.15 20:15:06 | 000,073,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.15 17:34:42 | 000,372,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.15 12:02:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.10 21:32:04 | 000,011,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\max 05.03. 2011.jpg
[2011.12.10 09:32:36 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2011.12.09 17:19:40 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.12.08 18:00:46 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011.12.06 17:48:06 | 000,116,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.29 01:04:48 | 000,014,599 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\12.Texto_9._Ejercicio_6.pdf
[2011.11.29 01:04:00 | 000,012,839 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\13._DEBERES_-_Texto_10.pdf
 
========== Files Created - No Company Name ==========
 
[2011.12.21 16:07:38 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011.12.21 16:07:35 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2011.12.21 16:05:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.12.21 16:05:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.12.21 16:05:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.12.21 16:05:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.12.21 16:05:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.12.19 20:48:41 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk
[2011.12.15 20:10:26 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.10 21:32:03 | 000,011,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\max 05.03. 2011.jpg
[2011.12.08 17:44:11 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2011.12.08 17:43:43 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011.12.08 17:43:39 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011.12.08 17:43:39 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011.11.29 01:04:46 | 000,014,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\12.Texto_9._Ejercicio_6.pdf
[2011.11.29 01:03:53 | 000,012,839 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Desktop\13._DEBERES_-_Texto_10.pdf
[2011.01.10 13:46:18 | 000,081,876 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.09.16 20:53:38 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008.09.07 16:20:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008.08.10 21:47:39 | 000,038,879 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2008.08.10 21:47:39 | 000,029,432 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2008.07.14 19:17:40 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Sampler.INI
[2008.07.14 19:17:39 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2008.07.14 19:17:38 | 000,000,316 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2008.07.13 01:12:52 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008.07.13 01:12:52 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008.07.13 01:12:52 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008.07.13 01:12:52 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008.07.13 01:12:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.06.15 16:55:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.05.23 00:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.03.26 19:43:46 | 000,000,075 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.03.24 17:21:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.03.11 15:27:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008.03.10 19:53:37 | 000,000,551 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.02.28 22:49:34 | 000,000,540 | ---- | C] () -- C:\WINDOWS\Tcsofla.ini
[2008.02.28 21:48:47 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.02.28 02:17:51 | 000,245,112 | ---- | C] () -- C:\WINDOWS\System32\iimds.dll
[2008.02.28 02:17:51 | 000,232,824 | ---- | C] () -- C:\WINDOWS\System32\IMImage.dll
[2008.02.28 02:17:51 | 000,056,696 | ---- | C] () -- C:\WINDOWS\System32\imsys.dll
[2007.12.23 14:50:39 | 001,355,903 | ---- | C] () -- C:\WINDOWS\UnInstallSiemensAdsl.dll
[2007.11.27 14:56:06 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.11.11 14:57:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007.10.24 13:05:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.08.23 14:01:41 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.08.23 13:34:39 | 000,002,890 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.07.19 13:27:24 | 000,029,432 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007.07.19 13:27:18 | 000,038,879 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007.07.11 17:44:00 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2007.06.15 21:31:58 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007.06.02 18:12:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicStudio.INI
[2007.06.02 18:03:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2007.05.26 14:47:50 | 000,000,197 | ---- | C] () -- C:\WINDOWS\musicmaker.INI
[2007.05.26 14:36:15 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2007.05.10 22:45:16 | 000,000,102 | ---- | C] () -- C:\WINDOWS\muma7dlx.INI
[2007.05.10 22:44:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.05.10 22:43:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\magix.ini
[2007.05.10 22:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hiphopmaker.INI
[2007.05.10 22:29:48 | 000,001,188 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.04.03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.03.05 19:20:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.02.25 12:23:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.02.23 17:02:18 | 000,000,122 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2007.02.23 17:02:18 | 000,000,055 | ---- | C] () -- C:\WINDOWS\comundo.dat
[2007.01.30 22:32:00 | 000,002,064 | ---- | C] () -- C:\WINDOWS\LNL_DEV.bin
[2007.01.30 22:32:00 | 000,000,419 | ---- | C] () -- C:\WINDOWS\hardware.ini
[2007.01.27 19:11:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007.01.27 18:59:21 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.01.14 15:15:35 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.01.14 13:04:42 | 000,003,826 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.01.14 06:33:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007.01.14 01:01:08 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2007.01.14 00:49:11 | 000,116,736 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.01.14 00:06:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2007.01.13 23:59:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MCE.INI
[2007.01.13 23:50:48 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Kiss\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.01.12 16:48:16 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007.01.05 22:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.01.05 22:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.01.05 22:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.01.05 22:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.01.05 22:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006.11.26 03:05:27 | 000,159,821 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.EXE
[2006.11.26 03:05:27 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI
[2005.12.22 02:44:30 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.12.14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.11.30 04:48:46 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.10.31 03:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.10.25 23:59:46 | 000,037,774 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.08.05 14:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005.07.15 01:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005.03.28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2004.12.17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.08.10 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.10 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.10 20:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.10 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.10 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.10 20:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.10 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.10 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.10 20:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.10 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.01.13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004.01.05 11:47:52 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003.09.26 01:58:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003.09.26 01:49:20 | 000,465,722 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003.09.26 01:49:20 | 000,446,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.09.26 01:49:20 | 000,087,530 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003.09.26 01:49:20 | 000,073,808 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.09.26 00:54:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2003.09.26 00:53:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2003.09.26 00:53:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2003.09.26 00:53:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2003.09.26 00:53:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2003.06.14 21:06:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003.06.14 19:53:46 | 000,372,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003.06.14 04:46:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.06.14 03:58:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003.06.14 03:55:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003.02.26 19:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2003.02.20 14:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.08.26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2003.09.26 00:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2008.02.26 23:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2011.05.29 05:18:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2009.08.10 18:45:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2007.12.31 02:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Insight Software
[2007.12.31 02:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Insight Software Solutions
[2007.06.02 18:05:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2008.01.04 03:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2008.08.05 20:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3Find
[2008.03.14 12:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS
[2008.02.07 19:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2008.02.07 19:18:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2007.02.21 21:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2003.06.14 21:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2011.01.10 13:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.01.02 03:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\.ABC
[2003.09.26 00:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Acer
[2008.02.26 23:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Azureus
[2007.11.24 14:37:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\BitTorrent
[2008.03.24 17:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\concept design
[2008.02.28 21:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\DAEMON Tools Pro
[2011.05.29 05:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\go
[2007.02.23 16:54:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\ICQLite
[2007.01.14 13:41:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Leadertech
[2007.01.27 20:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\LimeWire
[2007.05.10 22:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\MAGIX
[2007.01.21 07:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\My Battle for Middle-earth Files
[2008.02.07 19:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Nokia
[2008.02.07 19:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Nokia Multimedia Player
[2008.02.07 19:35:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\NSeries
[2008.03.09 23:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\OtakuSoftware
[2007.11.20 17:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Participatory Culture Foundation
[2008.02.07 19:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\PC Suite
[2008.07.04 17:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\QIP
[2008.06.15 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\rondomedia
[2008.03.10 21:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Soldat
[2008.03.10 14:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Teleca
[2007.08.13 14:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\TMNT
[2007.02.21 21:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\TuneUp Software
[2011.12.09 17:19:40 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2008.02.28 21:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\DAEMON Tools Pro
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.01.02 03:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\.ABC
[2008.03.03 16:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\ABBYY
[2003.09.26 00:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Acer
[2007.01.14 15:32:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Adobe
[2007.01.14 18:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\AdobeUM
[2007.03.03 16:06:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Ahead
[2003.06.14 21:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\AOL
[2011.01.10 13:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Apple Computer
[2007.01.13 23:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\ATI
[2011.12.08 20:39:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Avira
[2008.02.26 23:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Azureus
[2007.11.24 14:37:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\BitTorrent
[2008.03.24 17:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\concept design
[2007.01.14 00:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\CyberLink
[2008.02.28 21:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\DAEMON Tools Pro
[2007.01.14 19:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\DivX
[2007.02.12 21:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\DVD Shrink
[2007.01.24 17:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\dvdcss
[2011.05.29 05:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\go
[2007.10.31 13:18:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Google
[2007.02.23 16:54:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\ICQLite
[2003.06.14 04:09:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Identities
[2008.09.23 17:34:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\InstallShield
[2007.11.06 14:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Intel
[2007.01.14 13:41:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Leadertech
[2007.01.27 20:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\LimeWire
[2007.01.13 23:51:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Macromedia
[2007.05.10 22:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\MAGIX
[2011.12.15 18:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Malwarebytes
[2003.06.14 03:47:10 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Microsoft
[2007.01.14 13:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Mozilla
[2007.01.21 07:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\My Battle for Middle-earth Files
[2008.02.07 19:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Nokia
[2008.02.07 19:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Nokia Multimedia Player
[2008.02.07 19:35:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\NSeries
[2008.03.09 23:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\OtakuSoftware
[2007.11.20 17:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Participatory Culture Foundation
[2008.02.07 19:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\PC Suite
[2008.07.04 17:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\QIP
[2007.10.24 13:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Real
[2008.06.15 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\rondomedia
[2007.02.15 22:32:46 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\SecuROM
[2010.09.16 20:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Skype
[2007.11.27 14:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\skypePM
[2008.03.10 21:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Soldat
[2008.03.10 14:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Sony Ericsson
[2007.08.27 18:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Sun
[2007.01.14 13:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Talkback
[2007.03.20 19:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\teamspeak2
[2008.03.10 14:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Teleca
[2007.08.13 14:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\TMNT
[2007.02.21 21:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\TuneUp Software
[2011.03.22 10:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\vlc
[2008.03.24 16:40:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\WinRAR
[2003.06.14 21:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\You've Got Pictures Screensaver
 
< %APPDATA%\*.exe /s >
[2008.02.26 23:53:30 | 005,456,862 | ---- | M] () -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Azureus\plugins\azemp\azmplay.exe
[2007.12.14 19:04:24 | 003,381,280 | ---- | M] (Lime Wire LLC) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\LimeWire\.NetworkShare\Incomplete\T-3381280-LimeWireWin4.14.12.exe
[2008.02.21 08:41:50 | 000,329,264 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Kiss\Anwendungsdaten\Real\RealPlayer\Update\RealPlayer11GOLD.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.10 20:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004.08.10 20:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.10 20:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004.08.10 20:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011.12.08 17:54:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.10 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.10 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 20:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.10 20:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 20:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.10 20:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.10 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.10 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007.01.14 01:01:10 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dtscsi.sys
[2008.02.28 21:44:56 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2003.06.14 03:46:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003.06.14 03:46:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003.06.14 03:46:28 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 22.12.2011 22:23
Ok. Alles NTFS nun :)

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

mamt1982 23.12.2011 12:44
gmer:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-23 00:01:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120821AS rev.3.06
Running: edsj8bod.exe; Driver: C:\DOKUME~1\Kiss\LOKALE~1\Temp\ugldypob.sys


---- System - GMER 1.0.15 ----

SSDT                                                                      F7C506FC                                                                                                            ZwClose
SSDT                                                                      F7C506B6                                                                                                            ZwCreateKey
SSDT                                                                      F7C50706                                                                                                            ZwCreateSection
SSDT                                                                      F7C506AC                                                                                                            ZwCreateThread
SSDT                                                                      F7C506BB                                                                                                            ZwDeleteKey
SSDT                                                                      F7C506C5                                                                                                            ZwDeleteValueKey
SSDT                                                                      F7C506F7                                                                                                            ZwDuplicateObject
SSDT                                                                      sptd.sys                                                                                                            ZwEnumerateKey [0xF73ADFB2]
SSDT                                                                      sptd.sys                                                                                                            ZwEnumerateValueKey [0xF73AE340]
SSDT                                                                      F7C506CA                                                                                                            ZwLoadKey
SSDT                                                                      sptd.sys                                                                                                            ZwOpenKey [0xF73A80B0]
SSDT                                                                      F7C50698                                                                                                            ZwOpenProcess
SSDT                                                                      F7C5069D                                                                                                            ZwOpenThread
SSDT                                                                      sptd.sys                                                                                                            ZwQueryKey [0xF73AE418]
SSDT                                                                      F7C5071F                                                                                                            ZwQueryValueKey
SSDT                                                                      F7C506D4                                                                                                            ZwReplaceKey
SSDT                                                                      F7C50710                                                                                                            ZwRequestWaitReplyPort
SSDT                                                                      F7C506CF                                                                                                            ZwRestoreKey
SSDT                                                                      F7C5070B                                                                                                            ZwSetContextThread
SSDT                                                                      F7C50715                                                                                                            ZwSetSecurityObject
SSDT                                                                      F7C506C0                                                                                                            ZwSetValueKey
SSDT                                                                      F7C5071A                                                                                                            ZwSystemDebugControl
SSDT                                                                      F7C506A7                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?                                                                        C:\WINDOWS\system32\drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.sfrelocÿÿÿÿsfsync04unknown last section [0xF734E000, 0xBC8, 0x40000040]  C:\WINDOWS\system32\drivers\sfsync04.sys                                                                            unknown last section [0xF734E000, 0xBC8, 0x40000040]
.text                                                                    USBPORT.SYS!DllUnload                                                                                                F6BD78AC 5 Bytes  JMP 86F833F0
init                                                                      C:\WINDOWS\system32\drivers\tifm21.sys                                                                              entry point in "init" section [0xF6BBBDBF]
?                                                                        System32\Drivers\akurztyh.SYS                                                                                        Das System kann den angegebenen Pfad nicht finden. !
.text                                                                    dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7                                                                          F69F44D0 22 Bytes  [5C, 68, 6D, D2, 7A, 6B, 8C, ...]
.text                                                                    dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 17                                                                    F69F44E7 25 Bytes  CALL AEFECC08
?                                                                        C:\WINDOWS\System32\Drivers\dtscsi.sys                                                                              Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text                                                                    C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                            section is writeable [0xEBCFE000, 0x328BA, 0xE8000020]
.pklstb                                                                  C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                            entry point in ".pklstb" section [0xEBD42000]
.relo2                                                                    C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                            unknown last section [0xEBD5E000, 0x8E, 0x42000040]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT                                                                      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F73A8AD4] sptd.sys
IAT                                                                      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F73A8C1A] sptd.sys
IAT                                                                      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F73A8B9C] sptd.sys
IAT                                                                      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F73A9748] sptd.sys
IAT                                                                      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F73A961E] sptd.sys
IAT                                                                      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F73BE29A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT                                                                      C:\WINDOWS\Explorer.EXE[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                            [00F02F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT                                                                      C:\WINDOWS\Explorer.EXE[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                  [00F02C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT                                                                      C:\WINDOWS\Explorer.EXE[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                [00F02CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT                                                                      C:\WINDOWS\Explorer.EXE[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                      [00F02CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device                                                                    \FileSystem\Ntfs \Ntfs                                                                                              871391E8

AttachedDevice                                                            \FileSystem\Ntfs \Ntfs                                                                                              OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

Device                                                                    \FileSystem\Fastfat \FatCdrom                                                                                        8525A1E8
Device                                                                    \Driver\PCI_NTPNP1352 \Device\0000009d                                                                              sptd.sys

AttachedDevice                                                            \Driver\Kbdclass \Device\KeyboardClass0                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device                                                                    \Driver\PCI_NTPNP1352 \Device\0000009e                                                                              sptd.sys

AttachedDevice                                                            \Driver\Kbdclass \Device\KeyboardClass1                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device                                                                    \Driver\NetBT \Device\NetBT_Tcpip_{D862162E-0BE6-47B3-A429-571740C33C85}                                            86A1E1E8
Device                                                                    \Driver\usbuhci \Device\USBPDO-0                                                                                    870D4410
Device                                                                    \Driver\usbuhci \Device\USBPDO-1                                                                                    870D4410
Device                                                                    \Driver\usbuhci \Device\USBPDO-2                                                                                    870D4410
Device                                                                    \Driver\usbuhci \Device\USBPDO-3                                                                                    870D4410
Device                                                                    \Driver\usbehci \Device\USBPDO-4                                                                                    86F735D0
Device                                                                    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              871571E8
Device                                                                    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              871571E8
Device                                                                    \Driver\Cdrom \Device\CdRom0                                                                                        OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device                                                                    \Driver\Cdrom \Device\CdRom0                                                                                        86F72418
Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F72F1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\atapi \Device\Ide\IdePort0                                                                                  [F72F1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device                                                                    \Driver\atapi \Device\Ide\IdePort0                                                                                  sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\atapi \Device\Ide\IdePort1                                                                                  [F72F1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device                                                                    \Driver\atapi \Device\Ide\IdePort1                                                                                  sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                          [F72F1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                          sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\Ftdisk \Device\HarddiskVolume3                                                                              871571E8
Device                                                                    \Driver\Cdrom \Device\CdRom1                                                                                        OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device                                                                    \Driver\Cdrom \Device\CdRom1                                                                                        86F72418
Device                                                                    \Driver\Cdrom \Device\CdRom2                                                                                        OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device                                                                    \Driver\Cdrom \Device\CdRom2                                                                                        86F72418
Device                                                                    \Driver\Cdrom \Device\CdRom3                                                                                        OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device                                                                    \Driver\Cdrom \Device\CdRom3                                                                                        86F72418
Device                                                                    \Driver\Cdrom \Device\CdRom4                                                                                        OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device                                                                    \Driver\Cdrom \Device\CdRom4                                                                                        86F72418
Device                                                                    \Driver\Cdrom \Device\CdRom5                                                                                        OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device                                                                    \Driver\Cdrom \Device\CdRom5                                                                                        86F72418
Device                                                                    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              86A1E1E8
Device                                                                    \Driver\NetBT \Device\NetBT_Tcpip_{1A43C6FA-536F-4D6B-9BF4-3F137FEF8627}                                            86A1E1E8
Device                                                                    \Driver\NetBT \Device\NetbiosSmb                                                                                    86A1E1E8
Device                                                                    \Driver\usbuhci \Device\USBFDO-0                                                                                    870D4410
Device                                                                    \Driver\usbuhci \Device\USBFDO-1                                                                                    870D4410
Device                                                                    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    853351E8
Device                                                                    \Driver\usbuhci \Device\USBFDO-2                                                                                    870D4410
Device                                                                    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          853351E8
Device                                                                    \Driver\usbuhci \Device\USBFDO-3                                                                                    870D4410
Device                                                                    \Driver\Ftdisk \Device\FtControl                                                                                    871571E8
Device                                                                    \Driver\usbehci \Device\USBFDO-4                                                                                    86F735D0
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0                                                            86EF51E8
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0                                                            sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0                                                            86EF51E8
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0                                                            sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\akurztyh \Device\Scsi\akurztyh1Port3Path0Target0Lun0                                                        86F3B790
Device                                                                    \Driver\akurztyh \Device\Scsi\akurztyh1Port3Path0Target0Lun0                                                        sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\akurztyh \Device\Scsi\akurztyh1                                                                              86F3B790
Device                                                                    \Driver\akurztyh \Device\Scsi\akurztyh1                                                                              sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0                                                            86EF51E8
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0                                                            sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1                                                                                  86EF51E8
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1                                                                                  sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0                                                            86EF51E8
Device                                                                    \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0                                                            sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                    \FileSystem\Fastfat \Fat                                                                                            8525A1E8

AttachedDevice                                                            \FileSystem\Fastfat \Fat                                                                                            OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice                                                            \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device                                                                    \FileSystem\Cdfs \Cdfs                                                                                              86A1D1E8

---- Registry - GMER 1.0.15 ----

Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  -1020143404
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  1284206259
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  2
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                  C:\Programme\DAEMON Tools Pro\
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  1
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x9A 0xC6 0x16 0x0C ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                      0x5A 0x73 0x1E 0x4B ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x2D 0x83 0x7C 0x1F ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools\
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0xBC 0x70 0x2A 0xB8 ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xD0 0x5D 0xAE 0x22 ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x70 0x20 0xCA 0xD5 ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                     
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0xAD 0x8C 0x1B 0xC8 ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                     
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0x0B 0xBA 0x28 0xC2 ...
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                     
Reg                                                                      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                0xED 0xA0 0xF5 0x90 ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      C:\Programme\DAEMON Tools Pro\
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      1
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x9A 0xC6 0x16 0x0C ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0x5A 0x73 0x1E 0x4B ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x2D 0x83 0x7C 0x1F ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xBC 0x70 0x2A 0xB8 ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD0 0x5D 0xAE 0x22 ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x70 0x20 0xCA 0xD5 ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xAD 0x8C 0x1B 0xC8 ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x0B 0xBA 0x28 0xC2 ...
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0xED 0xA0 0xF5 0x90 ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      C:\Programme\DAEMON Tools Pro\
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      1
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x9A 0xC6 0x16 0x0C ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0x5A 0x73 0x1E 0x4B ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x2D 0x83 0x7C 0x1F ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xBC 0x70 0x2A 0xB8 ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD0 0x5D 0xAE 0x22 ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x70 0x20 0xCA 0xD5 ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xAD 0x8C 0x1B 0xC8 ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x0B 0xBA 0x28 0xC2 ...
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg                                                                      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0xED 0xA0 0xF5 0x90 ...

---- EOF - GMER 1.0.15 ----
--- --- ---



osam:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:35:02 on 23.12.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Nero BurnRights" - "Ahead Software AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV07.sys
"Acer EPM Power Scheme Driver" (EpmPsd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-psd.sys
"Acer EPM System Hardware Driver" (EpmShd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-shd.sys
"Acer NetMonitor Protocol" (NETMNT) - ? - C:\WINDOWS\System32\DRIVERS\NETMNT.sys  (File found, but it contains no detailed information)
"AEGIS Protocol (IEEE 802.1x) v3.6.0.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"aeswbfwx" (aeswbfwx) - ? - C:\WINDOWS\system32\drivers\aeswbfwx.sys  (Hidden registry entry, rootkit activity | File not found)
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"Bluetooth-Audiogerät" (btaudio) - ? - C:\WINDOWS\System32\drivers\btaudio.sys  (File not found)
"Bluetooth-Bus-Enumerator" (BTKRNL) - ? - C:\WINDOWS\System32\DRIVERS\btkrnl.sys  (File not found)
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - ? - C:\WINDOWS\System32\DRIVERS\btwdndis.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\Kiss\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"cpuz135" (cpuz135) - "CPUID" - C:\WINDOWS\system32\drivers\cpuz135_x32.sys
"dtscsi" (dtscsi) - "DT Soft Ltd." - C:\WINDOWS\System32\Drivers\dtscsi.sys  (File is exclusively opened, access blocked)
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"InCD Reader" (InCDRm) - ? - C:\WINDOWS\System32\drivers\InCDRm.sys  (File not found)
"InCDPass" (InCDPass) - ? - C:\WINDOWS\System32\drivers\InCDPass.sys  (File not found)
"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys  (File not found)
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"OSA NdisFilter Protocol" (NdisFilt) - "OSA Technologies" - C:\WINDOWS\System32\Drivers\NdisFilt.sys
"OsaFsLoc" (OsaFsLoc) - "OSA Technologies" - C:\WINDOWS\system32\drivers\OsaFsLoc.sys
"osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys
"osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sony Ericsson 750 driver (WDM)" (k750bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750bus.sys
"Sony Ericsson 750 USB WMC Device Management Drivers" (k750mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mgmt.sys
"Sony Ericsson 750 USB WMC Modem Drivers" (k750mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mdm.sys
"Sony Ericsson 750 USB WMC Modem Filter" (k750mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mdfl.sys
"Sony Ericsson 750 USB WMC OBEX Interface Drivers" (k750obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750obex.sys
"Sony Ericsson Device 0A1 driver (WDM)" (sea1bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1bus.sys
"Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)" (sea1nd5) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1nd5.sys
"Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)" (sea1unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1unic.sys
"Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)" (sea1mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1mgmt.sys
"Sony Ericsson Device 0A1 USB WMC Modem Driver" (sea1mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1mdm.sys
"Sony Ericsson Device 0A1 USB WMC Modem Filter" (sea1mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1mdfl.sys
"Sony Ericsson Device 0A1 USB WMC OBEX Interface" (sea1obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1obex.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync04.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"STYLEXPHELPER" (STYLEXPHELPER) - ? - C:\Dokumente und Einstellungen\Kiss\Desktop\MyStuff\Progs\StyleXP\STYLEXPHELPER.EXE  (File not found)
"SYMIDSCO" (SYMIDSCO) - ? - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20050901.036\symidsco.sys  (File not found)
"UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys  (File not found)
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
"zlportio" (zlportio) - ? - D:\Ultrastar\SingStar\SingStar\ultrastar-dx-100\zlportio.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? -  (File not found | COM-object registry key not found)
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson File Manager" - ? -  (File not found | COM-object registry key not found)
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\system32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)
{0483894E-2422-45E0-8384-021AFF1AF3CD} "iOpus iMacros" - ? - C:\Programme\iMacros\imacros.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kiss\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ePower_DMC" - "Acer Incorporated" - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
"LaunchApp" - "Acer Inc." - Alaunch
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AdminWorks Agent X6" (AWService) - "Avocent Inc." - C:\Acer\Empowering Technology\admServ.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Avira Upgrade Service" (AviraUpgradeService) - ? - "C:\WINDOWS\TEMP\AVSETUP_4ee10b84\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_4ee10b84\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"  (File not found)
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

mamt1982 23.12.2011 12:44
aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-23 12:02:14
-----------------------------
12:02:14.328 OS Version: Windows 5.1.2600 Service Pack 3
12:02:14.328 Number of processors: 2 586 0xE08
12:02:14.328 ComputerName: JK UserName:
12:02:22.671 Initialize success
12:02:40.328 AVAST engine defs: 11122300
12:02:46.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:02:46.437 Disk 0 Vendor: ST9120821AS 3.06 Size: 114473MB BusType: 3
12:02:48.468 Disk 0 MBR read successfully
12:02:48.484 Disk 0 MBR scan
12:02:48.640 Disk 0 unknown MBR code
12:02:48.656 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 4996 MB offset 63
12:02:48.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 54486 MB offset 10233405
12:02:48.734 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 54988 MB offset 121820895
12:02:48.765 Disk 0 scanning sectors +234436545
12:02:48.968 Disk 0 scanning C:\WINDOWS\system32\drivers
12:03:55.937 Service scanning
12:04:00.500 Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32
12:04:00.687 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:04:01.281 Modules scanning
12:04:45.828 Disk 0 trace - called modules:
12:04:45.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync04.sys atapi.sys sptd.sys >>UNKNOWN [0x871838ac]<<
12:04:45.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fee030]
12:04:45.875 3 CLASSPNP.SYS[f7672fd7] -> nt!IofCallDriver -> \Device\000000d1[0x86fef318]
12:04:45.890 5 ACPI.sys[f7366620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x870b8940]
12:04:45.906 \Driver\atapi[0x87074a38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync04.sys[0xf733ea6c]
12:04:53.515 AVAST engine scan C:\WINDOWS
12:05:51.671 AVAST engine scan C:\WINDOWS\system32
12:17:41.984 AVAST engine scan C:\WINDOWS\system32\drivers
12:19:25.578 AVAST engine scan C:\Dokumente und Einstellungen\Kiss
12:37:51.000 AVAST engine scan C:\Dokumente und Einstellungen\All Users
12:39:46.062 Scan finished successfully
12:40:01.734 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Kiss\Desktop\MBR.dat"
12:40:01.750 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Kiss\Desktop\aswMBR.txt"

mamt1982 23.12.2011 13:01
tut mir leid. habe das mit dem Überspringen der Online-Abfrage beim ersten Mal verplant..
habe noch ein Log ohne Abfrage erstellt:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:59:49 on 23.12.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Nero BurnRights" - "Ahead Software AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV07.sys
"Acer EPM Power Scheme Driver" (EpmPsd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-psd.sys
"Acer EPM System Hardware Driver" (EpmShd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-shd.sys
"Acer NetMonitor Protocol" (NETMNT) - ? - C:\WINDOWS\System32\DRIVERS\NETMNT.sys  (File found, but it contains no detailed information)
"AEGIS Protocol (IEEE 802.1x) v3.6.0.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"aeswbfwx" (aeswbfwx) - ? - C:\WINDOWS\system32\drivers\aeswbfwx.sys  (Hidden registry entry, rootkit activity | File not found)
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"aswMBR" (aswMBR) - ? - C:\DOKUME~1\Kiss\LOKALE~1\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"Bluetooth-Audiogerät" (btaudio) - ? - C:\WINDOWS\System32\drivers\btaudio.sys  (File not found)
"Bluetooth-Bus-Enumerator" (BTKRNL) - ? - C:\WINDOWS\System32\DRIVERS\btkrnl.sys  (File not found)
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - ? - C:\WINDOWS\System32\DRIVERS\btwdndis.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\Kiss\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"cpuz135" (cpuz135) - "CPUID" - C:\WINDOWS\system32\drivers\cpuz135_x32.sys
"dtscsi" (dtscsi) - "DT Soft Ltd." - C:\WINDOWS\System32\Drivers\dtscsi.sys  (File is exclusively opened, access blocked)
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"InCD Reader" (InCDRm) - ? - C:\WINDOWS\System32\drivers\InCDRm.sys  (File not found)
"InCDPass" (InCDPass) - ? - C:\WINDOWS\System32\drivers\InCDPass.sys  (File not found)
"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys  (File not found)
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"OSA NdisFilter Protocol" (NdisFilt) - "OSA Technologies" - C:\WINDOWS\System32\Drivers\NdisFilt.sys
"OsaFsLoc" (OsaFsLoc) - "OSA Technologies" - C:\WINDOWS\system32\drivers\OsaFsLoc.sys
"osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys
"osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sony Ericsson 750 driver (WDM)" (k750bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750bus.sys
"Sony Ericsson 750 USB WMC Device Management Drivers" (k750mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mgmt.sys
"Sony Ericsson 750 USB WMC Modem Drivers" (k750mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mdm.sys
"Sony Ericsson 750 USB WMC Modem Filter" (k750mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mdfl.sys
"Sony Ericsson 750 USB WMC OBEX Interface Drivers" (k750obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750obex.sys
"Sony Ericsson Device 0A1 driver (WDM)" (sea1bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1bus.sys
"Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)" (sea1nd5) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1nd5.sys
"Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)" (sea1unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1unic.sys
"Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)" (sea1mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1mgmt.sys
"Sony Ericsson Device 0A1 USB WMC Modem Driver" (sea1mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1mdm.sys
"Sony Ericsson Device 0A1 USB WMC Modem Filter" (sea1mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1mdfl.sys
"Sony Ericsson Device 0A1 USB WMC OBEX Interface" (sea1obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1obex.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync04.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"STYLEXPHELPER" (STYLEXPHELPER) - ? - C:\Dokumente und Einstellungen\Kiss\Desktop\MyStuff\Progs\StyleXP\STYLEXPHELPER.EXE  (File not found)
"SYMIDSCO" (SYMIDSCO) - ? - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20050901.036\symidsco.sys  (File not found)
"UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys  (File not found)
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
"zlportio" (zlportio) - ? - D:\Ultrastar\SingStar\SingStar\ultrastar-dx-100\zlportio.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? -  (File not found | COM-object registry key not found)
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson File Manager" - ? -  (File not found | COM-object registry key not found)
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\system32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)
{0483894E-2422-45E0-8384-021AFF1AF3CD} "iOpus iMacros" - ? - C:\Programme\iMacros\imacros.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kiss\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ePower_DMC" - "Acer Incorporated" - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
"LaunchApp" - "Acer Inc." - Alaunch
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AdminWorks Agent X6" (AWService) - "Avocent Inc." - C:\Acer\Empowering Technology\admServ.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Avira Upgrade Service" (AviraUpgradeService) - ? - "C:\WINDOWS\TEMP\AVSETUP_4ee10b84\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_4ee10b84\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"  (File not found)
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 23.12.2011 17:30
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

mamt1982 24.12.2011 16:23
So..Frohe Weihnachten erstmal:)

Laptop ist erstmal weg,da meine Freundin verreist ist und ihn mitgenommen hat.

Sie hat vorhin angerufen und meinte,dass sie keine Youtube-Clips mehr abspielen kann bzw sie kriegt sie zum Laufen,aber sie bleiben immer wieder hängen mit einem knarrenden Geräusch,als würde eine CD beim Spielen hängen bleiben.das gilt übrigens auch für mp3-Dateien,die sich auf der Platte befinden.vor der Konvertierung hatten wir das Problem nicht.wüsstest du da vielleicht Rat?

cosinus 24.12.2011 16:31
Wir waren noch nicht durch mit der Bereinigung....wieso nimmt die den einfach so mit wenn wir nich nicht druch waren?

mamt1982 24.12.2011 16:41
Sie muss über die Ferien für eine Präsi recherchieren.ging leider nicht anders.
Hatte gehofft,vor der Abreise alles durchzubekommen,aber die Datensicherung fürs fixen hätte zu lange beansprucht bzw habe ich nur die Hälfte davon geschafft und eine spätere Mitfahrgelegenheit gabs leider nicht:(

mamt1982 24.12.2011 19:16
Die Bereinigung mal beiseite.kann es denn mit der Konvertierung zu tun haben,dass es Probleme mit Flash Player und dem abspielen von mp3 gibt?
Da ja trotz der nicht kompletten Bereinigung vor der Konvertierung keinerlei probs gab.

mamt1982 25.12.2011 14:36
Hast du nun eine Idee?

cosinus 26.12.2011 00:02
Zitat:
Zitat von mamt1982 (Beitrag 741135)
Hast du nun eine Idee?
Ja. Es ist Weihnachten und da ist man üblicherweise auch mal unterwegs und kann nicht sofort antworten, weil man zu Weihnachten idR mit seiner Familie zusammensitzt und nicht rund um die Uhr vorm Computer. Auch mach ich mir dann nicht ständig einen Kopf wegen spinnender Windows-Systeme, die einfach und ungeduldig vom Bestizer wieder im Beschlag genommen werden obwohl wir hier noch nicht durch waren.

Zitat:
.kann es denn mit der Konvertierung zu tun haben,dass es Probleme mit Flash Player und dem abspielen von mp3 gibt?
Nein. Ich hatte noch nie Probleme bei der Konvertierung und erst recht nicht im Zusammenhang mit dem Abspielen von Flashvideos. Aber wie gesagt, wer ungeduldig das Notebook einfach wieder wegnimmt hat Pech gehabt. :crazy:

mamt1982 26.12.2011 02:12
Junge junge..wenn man nur einen Laptop zur Verfügung hat und widerwillig zackig weitermachen muss,weil man das ding auch beruflich und nicht nur privat benutzt, ist es nun mal halt so.ein einfaches:"kein plan!" hätte es auch getan.dass Weihnachten ist,ist mir auch klar Professor.Sorry,dass nicht jeder ein Einwandfrei funktionierendes Windows-System sein eigen nennen darf.
Wenn man sich die Foren-Regeln anschaut und sieht,was hier alles als Bedingung aufgestellt wird,um Hilfe zu bekommen,kann man sich dein unfreundliches Verhalten nur schwer gefallen lassen, denn ob es nun Regeln auch für die Helfer gibt oder nicht,"Freundlichkeit" gehört definitiv nicht dazu.
Ich verzichte um deine Hilfe.vielen Dank für die Tipps bis hierher.
Frohe Weihnachten.Thread geschlossen.

cosinus 26.12.2011 03:51
Frohe Rest-Weihnachten und noch weiterhin viel Glück mit dem Notebook.
Meine Antwort vorhin wat in der Tat etwas direkt, aber wir waren ja auch noch nicht durch und das Notebook wurde ungeduldig wieder "weggenommen"...

Zitat:
Thread geschlossen.
Wenn es so ein soll dann ist es so => http://www.world-of-smilies.com/wos_...eschlossen.gif

Frohe Weihnachten! :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:43 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130