Trojaner-Board - Umleitung auf searchcompletion.com

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Umleitung auf searchcompletion.com (https://www.trojaner-board.de/111711-umleitung-searchcompletion-com.html)

Umleitung auf searchcompletion.com

Hallo,
heute habe ich bei einem Setup (SUMo) leider nicht aufgepasst und dann war es auch schon zu spät...
Meine Startseite und meine Standard-Suchmaschine wurden geändert.
Ich habe danach natürlich versucht, so gut es geht alles rückgängig zu machen.
Zuerst habe ich in FF die Startseite auf standard gestellt (about:home), danach habe ich im Suchfenster (rechts neben der URL-Leiste) den Suchanbieter wieder auf Google gestellt. Danach habe ich MBAM gestartet und die Funde entfernt (Log unten). Danach habe ich regedit.exe geöffnet und die Registry nach "searchcompletion" durchsucht und die entsprechenden Einträge durch "google.de" ersetzt. Dann habe ich Hijackthis genommen und es wurden einige Einträge mit "searchcompletion" gefunden, diese habe ich gefixt. Dann habe ich auch noch Spybot laufen lassen und die Funde entfernt. Ein weiterer Scan mit SAS brachte keine Ergenbisse. Wenn ich von der Startseite (about:home) suchen möchte, werde ich trotzdem immernoch auf searchcompletion weitergeleitet, sonst ist alles normal
Aber hier erstmal die Logs:
MBAM:

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.17.04
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Matthias :: ***-FPGDH9 [Administrator]
 

17.03.2012 11:11:11

mbam-log-2012-03-17 (11-11-11).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P

Deaktivierte Suchlaufeinstellungen: 

Durchsuchte Objekte: 260472

Laufzeit: 1 Stunde(n), 7 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\temp\CSM2B.tmp (Adware.RelevantKnowledge) -> Löschen bei Neustart.

C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Ein weiterer Scan brachte keine Ergebnisse.
OTL:

Code:

OTL logfile created on: 17.03.2012 15:41:27 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Matthias\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,49 Gb Total Physical Memory | 0,37 Gb Available Physical Memory | 24,75% Memory free

3,59 Gb Paging File | 2,82 Gb Available in Paging File | 78,44% Paging File free

Paging file location(s): C:\pagefile.sys 2300 3064 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 74,52 Gb Total Space | 22,75 Gb Free Space | 30,53% Space Free | Partition Type: NTFS

Drive F: | 2328,76 Gb Total Space | 1899,48 Gb Free Space | 81,57% Space Free | Partition Type: NTFS

Drive N: | 3,82 Gb Total Space | 3,78 Gb Free Space | 98,85% Space Free | Partition Type: FAT32

 

Computer Name: MUHAHAHA-FPGDH9 | User Name: Matthias | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\IObit\Game Booster\gbtray.exe (IObit)

PRC - C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)

PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)

PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)

PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()

PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

PRC - C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\temp\CSM2B.tmp ()

MOD - C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll ()

MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\858316efc815bdff25c4fc66a0d80448\System.Management.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\554211ea9870563ab6a2544faa234d48\System.Runtime.Remoting.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d1a4e5284f73c0426fdbe8fa4dea3db\System.Xaml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ba14959449e5c27d9c9f593c55cd7ccf\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\7c2da510ff90361852de55647d791a4e\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\483ca92d1c432c2ab4f45bcdca10e591\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\859f6bb004636fbd0a0e390002aa993c\PresentationFramework.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\acabbdbe75352f8e60be98a285da9f67\PresentationCore.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\0375a0ec40ca6772f909e272784b854c\PresentationFramework.Classic.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\569b4aaba7843810942abc04dfa400e4\System.Core.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\54ad69352f06b426ec621752b0a7bc8a\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d03a9a44a9482c0932beb1e3eabb11c3\WindowsBase.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\245a2d9be605b96e0f1a0ef79ae3a28b\System.ni.dll ()

MOD - C:\Programme\VMware\VMware Player\libxml2.dll ()

MOD - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

MOD - C:\Programme\Hotspot Shield\bin\hsswd.exe ()

MOD - C:\Programme\IObit\Game Booster\sqlite3.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()

MOD - C:\Programme\Hotspot Shield\bin\libidn-11.dll ()

MOD - C:\Programme\Hotspot Shield\bin\libssl32.dll ()

MOD - C:\Programme\Hotspot Shield\bin\libeay32.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)

SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)

SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()

SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

SRV - (VMUSBArbService) -- C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()

SRV - (AVerScheduleService) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe ()

SRV - (AVerRemote) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe (AVerMedia)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()

DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)

DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)

DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)

DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)

DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)

DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)

DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\WINDOWS\system32\drivers\ssceserd.sys (MCCI Corporation)

DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)

DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)

DRV - (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)

DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)

DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation)

DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)

DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)

DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)

DRV - (vmusb) -- C:\WINDOWS\system32\drivers\vmusb.sys (VMware, Inc.)

DRV - (vmci) -- C:\WINDOWS\system32\DRIVERS\vmci.sys (VMware, Inc.)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\HssDrv.sys (AnchorFree Inc.)

DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)

DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)

DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (AVerAF35) -- C:\WINDOWS\system32\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.de/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.de/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.de/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.de/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.de/

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.startup.homepage: "http://www.searchcompletion.com?si=10188&home=true"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..browser.search.defaultengine: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.useDBForOrder: false

FF - prefs.js..keyword.URL: "http://search.searchcompletion.com?si=10188&bs=true&q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.17 10:58:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.24 09:35:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.10.29 18:45:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

 

[2011.02.16 20:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Extensions

[2011.02.16 20:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.01.17 20:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\g2l788se.Standard-Benutzer\extensions

[2012.02.16 21:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions

[2011.02.17 16:06:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.11.19 00:58:44 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011.12.24 00:20:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.11.22 20:44:47 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

[2011.12.27 22:32:40 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

[2011.11.24 19:20:53 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\maps@ovi.com

[2012.03.02 21:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions

[2012.03.02 21:49:39 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.02.18 00:08:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\searchplugins\Web Search.xml

[2012.02.04 12:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.07.19 22:04:03 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MATTHIAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HV5G430I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MATTHIAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HV5G430I.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI

[2012.03.17 10:58:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.02.16 19:21:48 | 000,002,046 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml

[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Web Search.xml

[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.30.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Programme\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: Click to activate/deactivate ProxTube = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.5_0\

 

O1 HOSTS File: ([2011.11.19 14:59:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1521F33A-179E-4A62-A9EF-877725B62DDE}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1521F33A-179E-4A62-A9EF-877725B62DDE}: NameServer = 85.88.19.10,94.75.228.28

O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found

O18 - Protocol\Handler\AutorunsDisabled\ms-help - No CLSID value found

O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.02.15 20:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | -H-- | M] () - N:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | ---- | M] () - N:\AUTORUN_.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 1 Day ==========

 

[2012.03.17 12:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\SUPERAntiSpyware.com

[2012.03.17 12:39:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

[2012.03.17 12:39:34 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware

[2012.03.17 12:39:10 | 014,309,640 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Matthias\Desktop\SUPERAntiSpyware5.exe

[2012.03.17 12:37:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe

[2012.03.17 12:34:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\SpybotPortable

[2012.03.17 12:34:04 | 020,395,368 | ---- | C] (PortableApps.com) -- C:\Dokumente und Einstellungen\Matthias\Desktop\SpybotPortable_1.6.2_Rev_2.paf.exe

[2012.03.17 12:28:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\backups

[2012.03.17 12:26:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Matthias\Desktop\HiJackThis204.exe

[2012.03.17 12:22:12 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Matthias\Desktop\TDSSKiller.exe

[2012.03.17 11:42:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes

[2012.03.17 11:41:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2012.03.17 11:40:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2012.03.17 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012.03.17 10:52:21 | 003,486,284 | ---- | C] (KC Softwares                                                ) -- C:\Dokumente und Einstellungen\Matthias\Desktop\sumo.exe

[2012.03.17 10:17:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Matthias\Recent

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 1 Day ==========

 

[2012.03.17 12:39:59 | 000,001,649 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.03.17 12:34:14 | 020,395,368 | ---- | M] (PortableApps.com) -- C:\Dokumente und Einstellungen\Matthias\Desktop\SpybotPortable_1.6.2_Rev_2.paf.exe

[2012.03.17 12:19:15 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\shdsp.sys

[2012.03.17 12:11:54 | 000,225,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.17 11:42:18 | 000,001,529 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2012.03.17 11:11:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaodyqmm.sys

[2012.03.17 10:58:44 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job

[2012.03.17 10:52:21 | 003,486,284 | ---- | M] (KC Softwares                                                ) -- C:\Dokumente und Einstellungen\Matthias\Desktop\sumo.exe

[2012.03.17 09:33:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.17 09:32:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.16 19:49:52 | 000,163,738 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.JPG

[2012.03.16 19:48:18 | 000,140,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.JPG

[2012.03.16 19:45:13 | 002,979,894 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.bmp

[2012.03.16 19:43:18 | 002,605,734 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.bmp

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.17 12:39:59 | 000,001,649 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.03.17 12:19:15 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\shdsp.sys

[2012.03.17 11:42:18 | 000,001,529 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2012.03.17 11:11:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaodyqmm.sys

[2012.03.16 19:49:52 | 000,163,738 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.JPG

[2012.03.16 19:48:17 | 000,140,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.JPG

[2012.03.16 19:38:28 | 002,979,894 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.bmp

[2012.03.16 19:38:03 | 002,605,734 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.bmp

[2012.03.13 16:34:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2012.03.03 16:58:09 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.backup.dm

[2012.02.15 20:54:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.02.04 13:02:15 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys

[2011.12.05 13:22:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.10.31 18:45:19 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2011.08.31 19:19:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.08.28 11:27:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\oodjobd.INI

[2011.08.05 15:11:33 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys

[2011.08.04 18:21:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2011.07.30 17:23:48 | 000,068,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011.06.28 14:22:24 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011.06.24 14:59:01 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2011.06.19 15:39:28 | 000,001,492 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml

[2011.06.16 18:57:45 | 000,530,168 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.06.16 18:57:42 | 002,775,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1645522239-796845957-839522115-1003-0.dat

[2011.06.16 18:57:42 | 000,266,830 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2011.02.16 18:38:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll

[2011.02.16 18:38:42 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys

[2011.02.16 18:38:30 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll

[2011.02.16 18:38:30 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll

[2011.02.16 18:38:30 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll

[2011.02.16 18:38:30 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll

[2011.02.16 18:38:30 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll

[2011.02.16 18:38:30 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll

[2011.02.16 18:38:30 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll

[2011.02.16 18:28:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2011.02.16 15:37:46 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin

[2011.02.16 15:35:19 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

[2011.02.16 15:34:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011.02.16 14:54:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011.02.16 13:45:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011.02.16 13:44:31 | 000,225,280 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.02.15 20:41:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.02.15 20:37:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.02.15 20:32:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.02.15 20:31:20 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.01.29 17:00:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe

[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll

[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll

[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[2009.10.06 08:16:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.04.06 23:19:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\StickSecuritySafeMode.exe

[2007.08.28 05:58:00 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys

[2007.05.10 00:39:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLdNL.DLL

[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2006.12.31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2003.04.02 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003.04.02 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003.04.02 12:00:00 | 000,518,532 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2003.04.02 12:00:00 | 000,494,050 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003.04.02 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003.04.02 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2003.04.02 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003.04.02 12:00:00 | 000,103,166 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2003.04.02 12:00:00 | 000,085,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003.04.02 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003.04.02 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2003.04.02 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003.04.02 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003.04.02 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003.04.02 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 

< End of report >

Bitte um Hilfe!
MfG

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Nein, das ist der einzige Scan.
MfG

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=51c95c9f2311af4b81cfb4f528d97195

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-03-20 08:37:48

# local_time=2012-03-20 09:37:48 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 3719 3719 0 0

# scanned=88156

# found=2

# cleaned=0

# scan_time=4841

C:\System Volume Information\_restore{2BD77C37-4540-43DB-8D2F-BAC58E7CFEA4}\RP259\A0087625.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

C:\System Volume Information\_restore{2BD77C37-4540-43DB-8D2F-BAC58E7CFEA4}\RP259\A0087642.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I

Die erste Datei gehört zum Setup von CDBurnerXP und die zweite zum Setup von Sumo.
MfG

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 21.03.2012 10:10:32 - Run 4

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Dokumente und Einstellungen\Matthias\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,49 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 70,85% Memory free

3,59 Gb Paging File | 3,26 Gb Available in Paging File | 90,85% Paging File free

Paging file location(s): C:\pagefile.sys 2300 3064 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 74,52 Gb Total Space | 22,63 Gb Free Space | 30,37% Space Free | Partition Type: NTFS

Drive F: | 2328,76 Gb Total Space | 1969,46 Gb Free Space | 84,57% Space Free | Partition Type: NTFS

Drive N: | 3,82 Gb Total Space | 3,78 Gb Free Space | 98,85% Space Free | Partition Type: FAT32

 

Computer Name: MUHAHAHA-FPGDH9 | User Name: Matthias | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)

PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)

PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)

PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()

PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

PRC - C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll ()

MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d1a4e5284f73c0426fdbe8fa4dea3db\System.Xaml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ba14959449e5c27d9c9f593c55cd7ccf\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\7c2da510ff90361852de55647d791a4e\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\483ca92d1c432c2ab4f45bcdca10e591\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\859f6bb004636fbd0a0e390002aa993c\PresentationFramework.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\acabbdbe75352f8e60be98a285da9f67\PresentationCore.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\0375a0ec40ca6772f909e272784b854c\PresentationFramework.Classic.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\569b4aaba7843810942abc04dfa400e4\System.Core.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\54ad69352f06b426ec621752b0a7bc8a\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d03a9a44a9482c0932beb1e3eabb11c3\WindowsBase.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\245a2d9be605b96e0f1a0ef79ae3a28b\System.ni.dll ()

MOD - C:\Programme\VMware\VMware Player\libxml2.dll ()

MOD - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

MOD - C:\Programme\Hotspot Shield\bin\hsswd.exe ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()

MOD - C:\Programme\Hotspot Shield\bin\libidn-11.dll ()

MOD - C:\Programme\Hotspot Shield\bin\libssl32.dll ()

MOD - C:\Programme\Hotspot Shield\bin\libeay32.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)

SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)

SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()

SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

SRV - (VMUSBArbService) -- C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()

SRV - (AVerScheduleService) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe ()

SRV - (AVerRemote) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe (AVerMedia)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (XDva394) -- C:\WINDOWS\system32\XDva394.sys File not found

DRV - (XDva393) -- C:\WINDOWS\system32\XDva393.sys File not found

DRV - (XDva392) -- C:\WINDOWS\system32\XDva392.sys File not found

DRV - (XDva391) -- C:\WINDOWS\system32\XDva391.sys File not found

DRV - (XDva390) -- C:\WINDOWS\system32\XDva390.sys File not found

DRV - (XDva389) -- C:\WINDOWS\system32\XDva389.sys File not found

DRV - (XDva388) -- C:\WINDOWS\system32\XDva388.sys File not found

DRV - (PROCEXP151) -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS File not found

DRV - (PCIDump) --  File not found

DRV - (mcmajcf) -- System32\drivers\alcnxcva.sys File not found

DRV - (cpuz130) -- C:\DOKUME~1\Matthias\LOKALE~1\Temp\cpuz130\cpuz_x32.sys File not found

DRV - (catchme) -- C:\DOKUME~1\Matthias\LOKALE~1\Temp\catchme.sys File not found

DRV - (betoxdl) -- System32\drivers\ldroeopg.sys File not found

DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()

DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)

DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)

DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)

DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)

DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)

DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)

DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\WINDOWS\system32\drivers\ssceserd.sys (MCCI Corporation)

DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)

DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)

DRV - (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)

DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)

DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation)

DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)

DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)

DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)

DRV - (vmusb) -- C:\WINDOWS\system32\drivers\vmusb.sys (VMware, Inc.)

DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\HssDrv.sys (AnchorFree Inc.)

DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)

DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)

DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (AVerAF35) -- C:\WINDOWS\system32\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.de/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.de/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.de/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.de/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.de/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.de/

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.de/

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.de/

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.de/

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.de/

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.de/

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.de/

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/lionskin/{1C3167E1-42C1-42E1-9408-5EFAC7A3BAD3}?q={searchTerms}

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.startup.homepage: "http://www.searchcompletion.com?si=10188&home=true"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..browser.search.defaultengine: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.useDBForOrder: false

FF - prefs.js..keyword.URL: "http://search.searchcompletion.com?si=10188&bs=true&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.17 10:58:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.24 09:35:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.10.29 18:45:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

 

[2011.02.16 20:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Extensions

[2011.02.16 20:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.01.17 20:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\g2l788se.Standard-Benutzer\extensions

[2012.02.16 21:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions

[2011.02.17 16:06:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.11.19 00:58:44 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011.12.24 00:20:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.11.22 20:44:47 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

[2011.12.27 22:32:40 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

[2011.11.24 19:20:53 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\maps@ovi.com

[2012.03.02 21:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions

[2012.03.02 21:49:39 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.02.18 00:08:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\mpuj3mov.pt\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\searchplugins\Web Search.xml

[2012.02.04 12:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.07.19 22:04:03 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MATTHIAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HV5G430I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MATTHIAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HV5G430I.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI

[2012.03.17 10:58:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.02.16 19:21:48 | 000,002,046 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml

[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Web Search.xml

[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.30.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Programme\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: Click to activate/deactivate ProxTube = C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.5_0\

 

O1 HOSTS File: ([2011.11.19 14:59:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)

O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)

O4 - HKU\S-1-5-21-1645522239-796845957-839522115-1003..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKU\S-1-5-21-1645522239-796845957-839522115-1003..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1521F33A-179E-4A62-A9EF-877725B62DDE}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1521F33A-179E-4A62-A9EF-877725B62DDE}: NameServer = 85.88.19.10,94.75.228.28

O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found

O18 - Protocol\Handler\AutorunsDisabled\ms-help - No CLSID value found

O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.02.15 20:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | -H-- | M] () - N:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | ---- | M] () - N:\AUTORUN_.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe - ()

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe - (AVerMedia TECHNOLOGIES, Inc.)

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Dienst-Manager.lnk - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk -  - File not found

MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= -  File not found

MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig - StartUpReg: DWQueuedReporting - hkey= - key= - C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

MsConfig - StartUpReg: FILSHtray - hkey= - key= - C:\Programme\FILSHtray\FILSHtray.exe (FILSH Media GmbH)

MsConfig - StartUpReg: HDDHealth - hkey= - key= -  File not found

MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found

MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Programme\Samsung\Kies\KiesHelper.exe (Samsung)

MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

MsConfig - StartUpReg: MSConfig - hkey= - key= - C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)

MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found

MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: SlimDrivers - hkey= - key= - C:\Programme\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)

MsConfig - StartUpReg: VMware hqtray - hkey= - key= -  File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

 

SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: hitmanpro35 - Reg Error: Value error.

SafeBootNet: hitmanpro35.sys - Reg Error: Value error.

SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.

SafeBootNet: hitmanpro36 - Reg Error: Value error.

SafeBootNet: hitmanpro36.sys - Reg Error: Value error.

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: AutorunsDisabled - 

ActiveX: Microsoft Base Smart Card Crypto Provider Package - 

 

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.20 21:50:46 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Matthias\Recent

[2012.03.20 16:35:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\id Software

[2012.03.20 16:35:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\id Software

[2012.03.20 16:35:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software

[2012.03.20 14:28:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Eigene Dateien\Neuer Ordner (5)

[2012.03.20 08:15:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012.03.20 08:15:07 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.03.17 12:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\SUPERAntiSpyware.com

[2012.03.17 12:39:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

[2012.03.17 12:39:34 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware

[2012.03.17 12:37:12 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe

[2012.03.17 12:26:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Matthias\Desktop\HiJackThis204.exe

[2012.03.17 12:22:12 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Matthias\Desktop\TDSSKiller.exe

[2012.03.17 11:42:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes

[2012.03.17 11:41:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2012.03.17 11:40:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2012.03.13 16:34:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited

[2012.03.13 16:34:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canneverbe Limited

[2012.03.13 16:34:20 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP

[2012.03.12 19:42:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Startmenü\Programme\Total Commander

[2012.03.12 19:42:55 | 000,000,000 | ---D | C] -- C:\totalcmd

[2012.03.12 19:42:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\GHISLER

[2012.03.11 13:56:06 | 000,000,000 | ---D | C] -- C:\Programme\Nero

[2012.03.11 13:56:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nero

[2012.03.11 13:55:51 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nero

[2012.03.11 13:55:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero

[2012.03.11 13:47:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\IsoBusterPortable

[2012.03.08 19:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\sony vegas

[2012.03.06 17:08:17 | 004,763,456 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Matthias\Desktop\procexp.exe

[2012.03.02 13:15:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Amazon

[2012.03.02 13:15:12 | 000,000,000 | ---D | C] -- C:\Programme\Amazon

[2012.03.02 13:15:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Amazon

[2012.02.29 20:44:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Eigene Dateien\Neuer Ordner (4)

[2012.02.29 20:37:47 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe

[2012.02.29 20:37:43 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe

[2012.02.29 20:37:43 | 000,025,712 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys

[2012.02.29 20:37:36 | 000,783,472 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll

[2012.02.29 20:37:31 | 000,025,584 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys

[2012.02.29 20:37:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VMware

[2012.02.29 20:36:47 | 000,000,000 | ---D | C] -- C:\Programme\VMware

[2012.02.29 20:36:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\VMware

[2012.02.28 21:09:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Rovio

[2012.02.27 21:26:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite

[2012.02.27 21:26:24 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012.02.27 21:26:12 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite

[2012.02.27 21:21:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN

[2012.02.27 21:13:27 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype

[2012.02.27 21:13:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype

[2012.02.27 21:13:26 | 000,000,000 | R--D | C] -- C:\Programme\Skype

[2012.02.27 21:06:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HyperCam 3

[2012.02.27 21:06:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Solveig Multimedia

[2012.02.27 21:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Startmenü\Programme\WinRAR

[2012.02.27 21:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinRAR

[2012.02.27 20:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\bluej

[2012.02.27 20:44:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Startmenü\Programme\BlueJ

[2012.02.27 20:43:58 | 000,000,000 | ---D | C] -- C:\Programme\BlueJ

[2012.02.27 20:40:59 | 000,000,000 | ---D | C] -- C:\Programme\Oracle

[2012.02.27 20:26:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Desktop\inf

[2012.02.24 23:53:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TS3Client

[2012.02.24 23:52:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamSpeak 3 Client

[2012.02.24 23:52:25 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client

[2012.02.24 09:37:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Oracle

[2012.02.24 09:35:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2012.02.23 16:20:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Matthias\Eigene Dateien\Neuer Ordner (3)

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.20 21:39:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Matthias\Desktop\OTL.exe

[2012.03.20 21:31:05 | 117,601,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\908.flv

[2012.03.20 19:20:38 | 022,259,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\vlc-2.0.1-win32.exe

[2012.03.20 16:47:53 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job

[2012.03.20 08:12:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.20 08:11:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.18 19:56:02 | 000,251,067 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2012-03-18_195555.jpg

[2012.03.18 16:29:21 | 000,176,958 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2012-03-18_162919.bmp

[2012.03.17 12:11:54 | 000,225,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.16 19:45:13 | 002,979,894 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.bmp

[2012.03.16 19:43:18 | 002,605,734 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.bmp

[2012.03.12 00:18:06 | 181,859,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\BEATKINGZ_Rmx_Ref.zip

[2012.03.11 10:36:36 | 007,744,129 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\18. Massiv feat. Baba Saad - Hart und Gerecht (Orginal).mp3

[2012.03.11 10:36:32 | 009,777,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\6. Dany feat. Baba Saad & Jonny Chash - Unterschaetzt II (Orginal).mp3

[2012.03.11 10:36:32 | 006,873,859 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2. Baba Saad feat. Bass Sultan Hengzt - Gb 2011 (Orginal).mp3

[2012.03.09 22:35:29 | 006,410,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\Baba Saad - Mein Job (Manuel Charr).mp3

[2012.03.09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Matthias\Desktop\TDSSKiller.exe

[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\UC.PIF

[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\RAR.PIF

[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\PKZIP.PIF

[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\PKUNZIP.PIF

[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\NOCLOSE.PIF

[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\LHA.PIF

[2012.03.09 07:57:10 | 000,000,545 | ---- | M] () -- C:\WINDOWS\ARJ.PIF

[2012.03.08 15:31:03 | 000,518,532 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.03.08 15:31:03 | 000,494,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.03.08 15:31:03 | 000,103,166 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.03.08 15:31:03 | 000,085,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.03.05 22:20:44 | 000,046,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\trollface.jpg

[2012.03.05 22:13:58 | 000,044,837 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\blogspot-andreas-frauentausch.jpg

[2012.03.04 01:07:16 | 001,472,332 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\G0100027590550.jpg

[2012.03.03 16:58:09 | 000,000,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.backup.dm

[2012.03.03 00:42:12 | 000,022,485 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\41pupkrmmxl._sl5.jpg

[2012.02.29 23:28:26 | 003,473,347 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\haftbefehl-nehm_dir_alles_weg.mp3

[2012.02.29 23:28:08 | 010,312,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\kollegah-fanpost.mp3

[2012.02.29 23:27:50 | 000,304,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\Haftbefehl+haft.jpg

[2012.02.29 23:26:17 | 000,471,387 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\kollegah-flex-sluts-rock-n-roll-cover.jpg

[2012.02.29 21:39:05 | 000,200,014 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\ThugLife weiß.jpg

[2012.02.27 21:26:22 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012.02.27 21:16:18 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.20 21:29:24 | 117,601,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\908.flv

[2012.03.20 19:20:27 | 022,259,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\vlc-2.0.1-win32.exe

[2012.03.18 19:56:01 | 000,251,067 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2012-03-18_195555.jpg

[2012.03.18 16:29:21 | 000,176,958 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2012-03-18_162919.bmp

[2012.03.16 19:38:28 | 002,979,894 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\b.bmp

[2012.03.16 19:38:03 | 002,605,734 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\a.bmp

[2012.03.13 16:34:22 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CDBurnerXP.lnk

[2012.03.13 16:34:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2012.03.13 13:05:38 | 007,744,129 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\18. Massiv feat. Baba Saad - Hart und Gerecht (Orginal).mp3

[2012.03.13 13:05:22 | 009,777,917 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\6. Dany feat. Baba Saad & Jonny Chash - Unterschaetzt II (Orginal).mp3

[2012.03.13 13:05:04 | 006,873,859 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\2. Baba Saad feat. Bass Sultan Hengzt - Gb 2011 (Orginal).mp3

[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF

[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF

[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF

[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF

[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF

[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF

[2012.03.12 19:42:55 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF

[2012.03.11 22:37:24 | 181,859,693 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\BEATKINGZ_Rmx_Ref.zip

[2012.03.11 15:50:45 | 000,000,246 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job

[2012.03.09 22:35:16 | 006,410,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\Baba Saad - Mein Job (Manuel Charr).mp3

[2012.03.05 22:20:44 | 000,046,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\trollface.jpg

[2012.03.05 22:13:57 | 000,044,837 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\blogspot-andreas-frauentausch.jpg

[2012.03.04 01:07:15 | 001,472,332 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\G0100027590550.jpg

[2012.03.03 16:58:09 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.backup.dm

[2012.03.03 00:42:12 | 000,022,485 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\41pupkrmmxl._sl5.jpg

[2012.02.29 23:27:50 | 000,304,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\Haftbefehl+haft.jpg

[2012.02.29 23:26:17 | 000,471,387 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\kollegah-flex-sluts-rock-n-roll-cover.jpg

[2012.02.29 23:16:37 | 010,312,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\kollegah-fanpost.mp3

[2012.02.29 23:14:49 | 003,473,347 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\haftbefehl-nehm_dir_alles_weg.mp3

[2012.02.29 21:38:58 | 000,200,014 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Desktop\ThugLife weiß.jpg

[2012.02.15 20:54:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.12.05 13:22:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.10.31 18:45:19 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2011.08.31 19:19:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.08.28 11:27:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\oodjobd.INI

[2011.08.05 15:11:33 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys

[2011.08.04 18:21:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2011.07.30 17:23:48 | 000,068,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011.06.28 14:22:24 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011.06.24 14:59:01 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2011.06.19 15:39:28 | 000,001,492 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml

[2011.06.16 18:57:45 | 000,530,168 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.06.16 18:57:42 | 002,775,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1645522239-796845957-839522115-1003-0.dat

[2011.06.16 18:57:42 | 000,266,830 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2011.02.17 16:08:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011.02.17 16:08:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011.02.17 16:08:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011.02.17 16:08:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011.02.17 16:08:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011.02.16 18:38:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll

[2011.02.16 18:38:42 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys

[2011.02.16 18:38:30 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll

[2011.02.16 18:38:30 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll

[2011.02.16 18:38:30 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll

[2011.02.16 18:38:30 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll

[2011.02.16 18:38:30 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll

[2011.02.16 18:38:30 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll

[2011.02.16 18:38:30 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll

[2011.02.16 18:28:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2011.02.16 15:37:46 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin

[2011.02.16 15:35:19 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

[2011.02.16 15:34:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011.02.16 14:54:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011.02.16 13:45:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011.02.16 13:44:31 | 000,225,280 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.02.15 20:41:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.02.15 20:37:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.02.15 20:32:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.02.15 20:31:20 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.01.29 17:00:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe

[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll

[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll

[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

 
 ========== LOP Check ==========

 

[2011.02.16 18:39:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV

[2012.03.13 16:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited

[2011.06.17 16:09:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2011.11.03 16:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2011.08.12 17:49:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro

[2012.02.04 13:02:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro

[2012.01.07 19:15:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hssff

[2011.06.20 22:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IconTweaker

[2012.03.20 16:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software

[2011.09.06 16:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit

[2011.12.24 14:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX

[2012.01.27 23:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security

[2011.02.16 19:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung

[2011.08.03 19:00:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft

[2011.06.18 20:57:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony

[2011.06.20 21:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2011.02.15 21:04:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011.08.22 19:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.minecraft

[2012.03.02 13:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Amazon

[2011.06.20 12:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Auslogics

[2011.10.16 12:58:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\BANDISOFT

[2012.02.13 18:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Binreader

[2012.03.13 16:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canneverbe Limited

[2011.08.30 20:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canon

[2011.10.20 17:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\CCE

[2012.03.08 16:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DAEMON Tools Lite

[2011.12.12 20:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DVDVideoSoft

[2011.12.12 20:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DVDVideoSoftIEHelpers

[2012.03.12 19:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\GHISLER

[2012.01.22 17:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\gtk-2.0

[2012.03.20 16:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\id Software

[2011.07.15 22:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\JAM Software

[2011.02.17 21:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\KC Softwares

[2011.10.23 13:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\KillSwitch

[2011.12.25 20:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\MAGIX

[2012.03.04 01:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mp3tag

[2011.12.01 16:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Nik Software

[2012.02.24 09:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Oracle

[2012.01.27 23:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Panda Security

[2011.06.18 21:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Publish Providers

[2012.02.28 21:09:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Rovio

[2011.02.16 19:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung

[2012.02.27 21:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Solveig Multimedia

[2011.07.16 23:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Sony

[2011.11.26 22:51:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TERMINAL Studio

[2011.02.16 20:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Thunderbird

[2012.03.20 21:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TS3Client

[2011.06.20 21:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TuneUp Software

[2012.02.05 17:36:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\updatetool

[2012.03.18 11:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\uTorrent

[2011.06.19 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Windows Search

[2011.02.16 19:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\XMedia Recode

[2012.03.20 16:47:53 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.08.22 19:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.minecraft

[2011.02.16 15:46:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Adobe

[2012.03.02 13:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Amazon

[2011.11.16 21:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Apple Computer

[2011.06.20 12:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Auslogics

[2011.10.16 12:58:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\BANDISOFT

[2012.02.13 18:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Binreader

[2012.03.13 16:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canneverbe Limited

[2011.08.30 20:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Canon

[2011.10.20 17:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\CCE

[2012.03.08 16:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DAEMON Tools Lite

[2011.10.29 14:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\dvdcss

[2011.12.12 20:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DVDVideoSoft

[2011.12.12 20:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\DVDVideoSoftIEHelpers

[2011.06.17 18:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\FastStone

[2012.03.12 19:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\GHISLER

[2012.01.22 17:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\gtk-2.0

[2012.03.20 16:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\id Software

[2011.02.15 20:43:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Identities

[2011.07.15 22:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\JAM Software

[2011.02.17 21:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\KC Softwares

[2011.10.23 13:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\KillSwitch

[2011.02.16 15:46:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Macromedia

[2011.12.25 20:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\MAGIX

[2011.02.16 16:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Malwarebytes

[2011.10.26 14:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Media Player Classic

[2012.02.27 20:44:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Microsoft

[2011.02.16 13:45:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla

[2012.03.04 01:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mp3tag

[2011.12.01 16:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Nik Software

[2012.02.24 09:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Oracle

[2012.01.27 23:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Panda Security

[2011.06.18 21:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Publish Providers

[2012.02.28 21:09:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Rovio

[2011.02.16 19:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung

[2012.03.16 20:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Skype

[2012.02.27 21:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Solveig Multimedia

[2011.07.16 23:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Sony

[2011.02.16 19:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Sun

[2012.03.17 12:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\SUPERAntiSpyware.com

[2011.10.29 23:45:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\teamspeak2

[2011.11.26 22:51:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TERMINAL Studio

[2011.02.16 20:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Thunderbird

[2012.03.20 21:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TS3Client

[2011.06.20 21:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TuneUp Software

[2012.02.05 17:36:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\updatetool

[2012.03.18 11:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\uTorrent

[2012.03.20 21:55:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\vlc

[2012.03.20 21:27:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\VMware

[2011.06.19 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Windows Search

[2011.02.16 13:49:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\WinRAR

[2011.02.16 19:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\XMedia Recode

 
 < %APPDATA%\*.exe /s >

[2011.04.16 11:18:52 | 000,647,168 | ---- | M] (IDEVFH) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe

[2012.03.18 20:25:04 | 000,106,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe

[2012.03.18 20:25:04 | 000,101,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe

[2012.03.18 20:25:05 | 000,021,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe

[2011.12.27 15:21:06 | 000,937,360 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\Kies.exe

[2011.12.27 15:21:10 | 000,278,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe

[2011.12.23 13:03:40 | 000,304,640 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe

[2011.12.27 15:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe

[2011.12.23 12:59:48 | 000,284,672 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe

[2011.12.23 12:59:50 | 000,691,712 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe

[2011.12.27 15:21:12 | 000,067,472 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe

[2011.12.23 12:59:20 | 000,106,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe

[2011.12.23 12:59:20 | 000,101,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe

[2011.12.27 15:21:16 | 000,131,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe

[2011.12.27 15:21:18 | 000,021,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe

[2011.12.27 15:21:20 | 003,569,984 | ---- | M] (Freeware) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe

[2011.12.27 15:21:22 | 000,371,088 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe

[2012.02.03 09:50:30 | 000,371,088 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2003.04.02 12:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2003.04.02 12:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2008.12.08 20:47:30 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\SlimWare Utilities Inc\SlimDrivers\Backups\20110805T141725781250\pci\ven_8086&dev_2829&cc_0106\iaStor.sys

[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\drivers\kdrv0\IaStor.sys

[2008.12.08 20:47:30 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\NLDRV\001\iastor.sys

[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OEMDIR\iaStor.sys

[2008.12.08 20:47:30 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2003.04.02 12:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2003.04.02 12:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

[2003.04.02 12:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2003.04.02 12:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2003.04.02 12:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2003.04.02 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2003.04.02 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2011.02.15 21:30:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2011.02.15 21:30:46 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2011.02.15 21:30:46 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[19 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

DRV - (XDva394) -- C:\WINDOWS\system32\XDva394.sys File not found

DRV - (XDva393) -- C:\WINDOWS\system32\XDva393.sys File not found

DRV - (XDva392) -- C:\WINDOWS\system32\XDva392.sys File not found

DRV - (XDva391) -- C:\WINDOWS\system32\XDva391.sys File not found

DRV - (XDva390) -- C:\WINDOWS\system32\XDva390.sys File not found

DRV - (XDva389) -- C:\WINDOWS\system32\XDva389.sys File not found

DRV - (XDva388) -- C:\WINDOWS\system32\XDva388.sys File not found

DRV - (PROCEXP151) -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS File not found

DRV - (PCIDump) --  File not found

DRV - (mcmajcf) -- System32\drivers\alcnxcva.sys File not found

DRV - (betoxdl) -- System32\drivers\ldroeopg.sys File not found

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/lionskin/{1C3167E1-42C1-42E1-9408-5EFAC7A3BAD3}?q={searchTerms}

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

IE - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.startup.homepage: "http://www.searchcompletion.com?si=10188&home=true"

FF - prefs.js..browser.search.defaultengine: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.useDBForOrder: false

FF - prefs.js..keyword.URL: "http://search.searchcompletion.com?si=10188&bs=true&q="

[2011.02.17 16:06:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\searchplugins\Web Search.xml

[2011.02.16 19:21:48 | 000,002,046 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml

[2012.03.17 10:53:14 | 000,003,230 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Web Search.xml

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)

O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.02.15 20:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | -H-- | M] () - N:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2012.01.04 19:35:48 | 000,013,836 | ---- | M] () - N:\AUTORUN_.INF -- [ FAT32 ]

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

Error: Unable to stop service XDva394!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XDva394 deleted successfully.

File  C:\WINDOWS\system32\XDva394.sys File not found not found.

Service XDva393 stopped successfully!

Service XDva393 deleted successfully!

File  C:\WINDOWS\system32\XDva393.sys File not found not found.

Service XDva392 stopped successfully!

Service XDva392 deleted successfully!

File  C:\WINDOWS\system32\XDva392.sys File not found not found.

Service XDva391 stopped successfully!

Service XDva391 deleted successfully!

File  C:\WINDOWS\system32\XDva391.sys File not found not found.

Service XDva390 stopped successfully!

Service XDva390 deleted successfully!

File  C:\WINDOWS\system32\XDva390.sys File not found not found.

Service XDva389 stopped successfully!

Service XDva389 deleted successfully!

File  C:\WINDOWS\system32\XDva389.sys File not found not found.

Service XDva388 stopped successfully!

Service XDva388 deleted successfully!

File  C:\WINDOWS\system32\XDva388.sys File not found not found.

Service PROCEXP151 stopped successfully!

Service PROCEXP151 deleted successfully!

File  C:\WINDOWS\system32\Drivers\PROCEXP151.SYS File not found not found.

Service PCIDump stopped successfully!

Service PCIDump deleted successfully!

File   File not found not found.

Service mcmajcf stopped successfully!

Service mcmajcf deleted successfully!

File  System32\drivers\alcnxcva.sys File not found not found.

Service betoxdl stopped successfully!

Service betoxdl deleted successfully!

File  System32\drivers\ldroeopg.sys File not found not found.

Registry key HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.

Registry key HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-21-1645522239-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "Web Search" removed from browser.search.defaultenginename

Prefs.js: "Web Search" removed from browser.search.selectedEngine

Prefs.js: "http://www.searchcompletion.com?si=10188&home=true" removed from browser.startup.homepage

Prefs.js: "Web Search" removed from browser.search.defaultengine

Prefs.js: "Web Search" removed from browser.search.order.1

Prefs.js: false removed from browser.search.useDBForOrder

Prefs.js: "http://search.searchcompletion.com?si=10188&bs=true&q=" removed from keyword.URL

C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.

C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\searchplugins\Web Search.xml moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\Web Search.xml moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE deleted successfully.

C:\WINDOWS\system32\ctfmon.exe moved successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE not found.

File C:\WINDOWS\system32\ctfmon.exe not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1645522239-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

File N:\autorun.inf not found.

N:\AUTORUN_.INF moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Matthias

->Temp folder emptied: 371632 bytes

->Temporary Internet Files folder emptied: 1103718 bytes

->Java cache emptied: 3482766 bytes

->FireFox cache emptied: 791256980 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1208 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 719293 bytes

 

%systemdrive% .tmp files removed: 219136 bytes

%systemroot% .tmp files removed: 1119649 bytes

%systemroot%\System32 .tmp files removed: 2833287 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17631 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 764,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.1 log created on 03222012_150125
 

Files\Folders moved on Reboot...

C:\WINDOWS\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2980.log moved successfully.
 

Registry entries deleted on Reboot...

Zitat:

[2012.03.17 12:22:12 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Matthias\Desktop\TDSSKiller.exe

Was hast du da schon mit dem TDSS-Killer gemacht?!
Wo ist das Log dazu?

Den TDSS-Killer habe ich einmal benutzt und er hat nichts gefunden. Weil nix gefunden wurde, habe ich den Log, der unter C:\ lag, leider gelöscht, sorry :headbang: Aber da eh nix gefunden wurde, hoffe ich, dass es nicht allzu tragisch ist.
Ich hab eben einen neuen Scan gemacht und alle Haken vorher gesetzt.
Ich hoffe dass es sich dabei um Fehlalarme handelt:

Code:

16:09:52.0390 3240        TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

16:09:52.0453 3240        ============================================================

16:09:52.0453 3240        Current date / time: 2012/03/22 16:09:52.0453

16:09:52.0453 3240        SystemInfo:

16:09:52.0453 3240        

16:09:52.0453 3240        OS Version: 5.1.2600 ServicePack: 3.0

16:09:52.0453 3240        Product type: Workstation

16:09:52.0453 3240        ComputerName: MUHAHAHA-FPGDH9

16:09:52.0453 3240        UserName: Matthias

16:09:52.0453 3240        Windows directory: C:\WINDOWS

16:09:52.0453 3240        System windows directory: C:\WINDOWS

16:09:52.0453 3240        Processor architecture: Intel x86

16:09:52.0453 3240        Number of processors: 1

16:09:52.0453 3240        Page size: 0x1000

16:09:52.0453 3240        Boot type: Normal boot

16:09:52.0453 3240        ============================================================

16:09:53.0187 3240        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:09:53.0187 3240        Drive \Device\Harddisk1\DR2 - Size: 0xF5400000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:09:53.0203 3240        \Device\Harddisk0\DR0:

16:09:53.0203 3240        MBR used

16:09:53.0203 3240        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

16:09:53.0203 3240        \Device\Harddisk1\DR2:

16:09:53.0203 3240        MBR used

16:09:53.0203 3240        \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7A9FE0

16:09:53.0234 3240        Initialize success

16:09:53.0234 3240        ============================================================

16:09:59.0250 2388        ============================================================

16:09:59.0250 2388        Scan started

16:09:59.0250 2388        Mode: Manual; SigCheck; TDLFS; 

16:09:59.0250 2388        ============================================================

16:09:59.0953 2388        !SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE

16:10:00.0125 2388        !SASCORE - ok

16:10:00.0328 2388        Abiosdsk - ok

16:10:00.0375 2388        abp480n5 - ok

16:10:00.0437 2388        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:10:02.0187 2388        ACPI - ok

16:10:02.0328 2388        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:10:02.0500 2388        ACPIEC - ok

16:10:02.0531 2388        adpu160m - ok

16:10:02.0593 2388        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:10:02.0843 2388        aec - ok

16:10:03.0046 2388        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:10:03.0109 2388        AFD - ok

16:10:03.0171 2388        AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Programme\LSI SoftModem\agrsmsvc.exe

16:10:03.0218 2388        AgereModemAudio - ok

16:10:03.0312 2388        AgereSoftModem  (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

16:10:03.0609 2388        AgereSoftModem - ok

16:10:03.0703 2388        Aha154x - ok

16:10:03.0750 2388        aic78u2 - ok

16:10:03.0781 2388        aic78xx - ok

16:10:03.0828 2388        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

16:10:03.0953 2388        Alerter - ok

16:10:04.0046 2388        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

16:10:04.0156 2388        ALG - ok

16:10:04.0203 2388        AliIde - ok

16:10:04.0296 2388        Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

16:10:04.0703 2388        Ambfilt - ok

16:10:04.0875 2388        amsint - ok

16:10:04.0953 2388        androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys

16:10:04.0953 2388        androidusb - ok

16:10:05.0062 2388        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:10:05.0078 2388        Apple Mobile Device - ok

16:10:05.0140 2388        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

16:10:05.0265 2388        AppMgmt - ok

16:10:05.0390 2388        asc - ok

16:10:05.0437 2388        asc3350p - ok

16:10:05.0484 2388        asc3550 - ok

16:10:05.0546 2388        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

16:10:05.0562 2388        aspnet_state - ok

16:10:05.0625 2388        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:10:05.0734 2388        AsyncMac - ok

16:10:05.0828 2388        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:10:05.0953 2388        atapi - ok

16:10:06.0046 2388        Atdisk - ok

16:10:06.0125 2388        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:10:06.0234 2388        Atmarpc - ok

16:10:06.0296 2388        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

16:10:06.0468 2388        AudioSrv - ok

16:10:06.0640 2388        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:10:06.0859 2388        audstub - ok

16:10:06.0968 2388        AVerAF35        (c143c69e089c7a13520eaf06175b3a3b) C:\WINDOWS\system32\Drivers\AVerAF35.sys

16:10:07.0062 2388        AVerAF35 - ok

16:10:07.0140 2388        AVerRemote      (a33c07f7527fc4cbc664c3137eb7d744) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe

16:10:07.0187 2388        AVerRemote ( UnsignedFile.Multi.Generic ) - warning

16:10:07.0187 2388        AVerRemote - detected UnsignedFile.Multi.Generic (1)

16:10:07.0296 2388        AVerScheduleService (9aebb2d487d9bf4c0f354899d842edd0) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe

16:10:07.0406 2388        AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning

16:10:07.0406 2388        AVerScheduleService - detected UnsignedFile.Multi.Generic (1)

16:10:07.0531 2388        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:10:07.0656 2388        Beep - ok

16:10:07.0734 2388        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

16:10:07.0890 2388        BITS - ok

16:10:08.0015 2388        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe

16:10:08.0046 2388        Bonjour Service - ok

16:10:08.0218 2388        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

16:10:08.0328 2388        Browser - ok

16:10:08.0375 2388        BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

16:10:08.0500 2388        BthEnum - ok

16:10:08.0531 2388        BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

16:10:08.0656 2388        BthPan - ok

16:10:08.0718 2388        BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys

16:10:08.0781 2388        BTHPORT - ok

16:10:08.0890 2388        BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll

16:10:09.0234 2388        BthServ - ok

16:10:09.0328 2388        BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

16:10:09.0421 2388        BTHUSB - ok

16:10:09.0593 2388        catchme - ok

16:10:09.0843 2388        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:10:10.0046 2388        cbidf2k - ok

16:10:10.0156 2388        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

16:10:10.0296 2388        CCDECODE - ok

16:10:10.0328 2388        cd20xrnt - ok

16:10:10.0390 2388        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:10:10.0546 2388        Cdaudio - ok

16:10:10.0640 2388        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:10:10.0796 2388        Cdfs - ok

16:10:10.0921 2388        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:10:11.0078 2388        Cdrom - ok

16:10:11.0171 2388        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

16:10:11.0312 2388        CiSvc - ok

16:10:11.0375 2388        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

16:10:11.0531 2388        ClipSrv - ok

16:10:11.0640 2388        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:10:11.0671 2388        clr_optimization_v2.0.50727_32 - ok

16:10:11.0765 2388        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:10:11.0812 2388        clr_optimization_v4.0.30319_32 - ok

16:10:11.0937 2388        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:10:12.0093 2388        CmBatt - ok

16:10:12.0140 2388        CmdIde - ok

16:10:12.0234 2388        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:10:12.0453 2388        Compbatt - ok

16:10:12.0515 2388        COMSysApp - ok

16:10:12.0578 2388        Cpqarray - ok

16:10:12.0828 2388        cpuz130 - ok

16:10:12.0937 2388        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

16:10:13.0093 2388        CryptSvc - ok

16:10:13.0140 2388        dac2w2k - ok

16:10:13.0187 2388        dac960nt - ok

16:10:13.0265 2388        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

16:10:13.0406 2388        DcomLaunch - ok

16:10:13.0500 2388        dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys

16:10:13.0515 2388        dgderdrv - ok

16:10:13.0625 2388        dg_ssudbus      (919f338fd36f47d860775368d0748780) C:\WINDOWS\system32\DRIVERS\ssudbus.sys

16:10:13.0640 2388        dg_ssudbus - ok

16:10:13.0687 2388        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

16:10:13.0843 2388        Dhcp - ok

16:10:14.0000 2388        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:10:14.0203 2388        Disk - ok

16:10:14.0218 2388        dmadmin - ok

16:10:14.0328 2388        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

16:10:14.0656 2388        dmboot - ok

16:10:14.0765 2388        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

16:10:14.0968 2388        dmio - ok

16:10:15.0062 2388        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:10:15.0250 2388        dmload - ok

16:10:15.0359 2388        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

16:10:15.0578 2388        dmserver - ok

16:10:15.0703 2388        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:10:15.0921 2388        DMusic - ok

16:10:16.0078 2388        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

16:10:16.0156 2388        Dnscache - ok

16:10:16.0265 2388        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

16:10:16.0437 2388        Dot3svc - ok

16:10:16.0546 2388        dpti2o - ok

16:10:16.0656 2388        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:10:16.0828 2388        drmkaud - ok

16:10:17.0000 2388        dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

16:10:17.0015 2388        dtsoftbus01 - ok

16:10:17.0140 2388        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

16:10:17.0281 2388        EapHost - ok

16:10:17.0359 2388        ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

16:10:17.0406 2388        ElbyCDFL - ok

16:10:17.0437 2388        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

16:10:17.0437 2388        ElbyCDIO - ok

16:10:17.0546 2388        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

16:10:17.0703 2388        ERSvc - ok

16:10:17.0828 2388        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

16:10:17.0875 2388        Eventlog - ok

16:10:18.0000 2388        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll

16:10:18.0062 2388        EventSystem - ok

16:10:18.0156 2388        Fabs - ok

16:10:18.0312 2388        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:10:18.0531 2388        Fastfat - ok

16:10:18.0593 2388        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

16:10:18.0656 2388        FastUserSwitchingCompatibility - ok

16:10:18.0703 2388        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

16:10:18.0875 2388        Fdc - ok

16:10:18.0937 2388        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

16:10:19.0093 2388        Fips - ok

16:10:19.0406 2388        FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe

16:10:19.0718 2388        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning

16:10:19.0718 2388        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)

16:10:19.0875 2388        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

16:10:20.0062 2388        Flpydisk - ok

16:10:20.0234 2388        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:10:20.0406 2388        FltMgr - ok

16:10:20.0562 2388        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

16:10:20.0578 2388        FontCache3.0.0.0 - ok

16:10:20.0718 2388        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:10:20.0906 2388        Fs_Rec - ok

16:10:20.0968 2388        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:10:21.0171 2388        Ftdisk - ok

16:10:21.0281 2388        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:10:21.0328 2388        GEARAspiWDM - ok

16:10:21.0375 2388        giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

16:10:21.0390 2388        giveio ( UnsignedFile.Multi.Generic ) - warning

16:10:21.0390 2388        giveio - detected UnsignedFile.Multi.Generic (1)

16:10:21.0562 2388        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:10:21.0718 2388        Gpc - ok

16:10:21.0859 2388        gupdate - ok

16:10:21.0859 2388        gupdatem - ok

16:10:21.0968 2388        hcmon           (88a6f2571405b3a4abc4ed2f52136317) C:\WINDOWS\system32\drivers\hcmon.sys

16:10:22.0000 2388        hcmon - ok

16:10:22.0125 2388        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:10:22.0250 2388        HDAudBus - ok

16:10:22.0359 2388        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:10:22.0515 2388        helpsvc - ok

16:10:22.0609 2388        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

16:10:22.0875 2388        HidServ - ok

16:10:23.0000 2388        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:10:23.0125 2388        hidusb - ok

16:10:23.0281 2388        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

16:10:23.0390 2388        hkmsvc - ok

16:10:23.0453 2388        hpn - ok

16:10:23.0546 2388        hshld           (44452f7a09d00573dc6e714874257cc9) C:\Programme\Hotspot Shield\bin\openvpnas.exe

16:10:23.0578 2388        hshld - ok

16:10:23.0734 2388        HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys

16:10:23.0750 2388        HssDrv - ok

16:10:23.0781 2388        HssSrv          (2cfea9c337b699aca38487e8a7438f35) C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe

16:10:23.0828 2388        HssSrv - ok

16:10:23.0859 2388        HssTrayService  (6b1dc08d22231c9e508a715f07fce7fb) C:\Programme\Hotspot Shield\bin\HssTrayService.EXE

16:10:23.0875 2388        HssTrayService - ok

16:10:23.0875 2388        HssWd - ok

16:10:24.0000 2388        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:10:24.0046 2388        HTTP - ok

16:10:24.0156 2388        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

16:10:24.0281 2388        HTTPFilter - ok

16:10:24.0375 2388        i2omp - ok

16:10:24.0437 2388        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:10:24.0578 2388        i8042prt - ok

16:10:24.0796 2388        ialm            (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

16:10:25.0062 2388        ialm - ok

16:10:25.0156 2388        iaStor          (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys

16:10:25.0171 2388        iaStor - ok

16:10:25.0390 2388        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:10:25.0515 2388        idsvc - ok

16:10:25.0656 2388        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:10:25.0796 2388        Imapi - ok

16:10:25.0921 2388        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

16:10:26.0062 2388        ImapiService - ok

16:10:26.0093 2388        ini910u - ok

16:10:26.0359 2388        IntcAzAudAddService (251be5418a9b2f9240079146ae96c4cf) C:\WINDOWS\system32\drivers\RtkHDAud.sys

16:10:26.0765 2388        IntcAzAudAddService - ok

16:10:27.0000 2388        IntelIde - ok

16:10:27.0109 2388        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:10:27.0265 2388        intelppm - ok

16:10:27.0328 2388        ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:10:27.0468 2388        ip6fw - ok

16:10:27.0531 2388        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:10:27.0718 2388        IpFilterDriver - ok

16:10:27.0828 2388        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:10:28.0015 2388        IpInIp - ok

16:10:28.0156 2388        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:10:28.0312 2388        IpNat - ok

16:10:28.0437 2388        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe

16:10:28.0546 2388        iPod Service - ok

16:10:28.0625 2388        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:10:28.0843 2388        IPSec - ok

16:10:28.0968 2388        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:10:29.0109 2388        IRENUM - ok

16:10:29.0218 2388        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:10:29.0406 2388        isapnp - ok

16:10:29.0562 2388        JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Programme\Java\jre7\bin\jqs.exe

16:10:29.0562 2388        JavaQuickStarterService - ok

16:10:29.0734 2388        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:10:29.0921 2388        Kbdclass - ok

16:10:30.0015 2388        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:10:30.0156 2388        kbdhid - ok

16:10:30.0265 2388        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:10:30.0515 2388        kmixer - ok

16:10:30.0765 2388        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:10:30.0906 2388        KSecDD - ok

16:10:30.0984 2388        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

16:10:31.0015 2388        lanmanserver - ok

16:10:31.0140 2388        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

16:10:31.0203 2388        lanmanworkstation - ok

16:10:31.0281 2388        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

16:10:31.0390 2388        LmHosts - ok

16:10:31.0437 2388        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

16:10:31.0546 2388        Messenger - ok

16:10:31.0625 2388        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:10:31.0765 2388        mnmdd - ok

16:10:31.0890 2388        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe

16:10:32.0000 2388        mnmsrvc - ok

16:10:32.0187 2388        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

16:10:32.0312 2388        Modem - ok

16:10:32.0437 2388        Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

16:10:32.0656 2388        Monfilt - ok

16:10:32.0734 2388        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:10:32.0875 2388        Mouclass - ok

16:10:32.0953 2388        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:10:33.0109 2388        mouhid - ok

16:10:33.0265 2388        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:10:33.0375 2388        MountMgr - ok

16:10:33.0468 2388        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

16:10:33.0593 2388        MPE - ok

16:10:33.0671 2388        mraid35x - ok

16:10:33.0718 2388        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:10:33.0875 2388        MRxDAV - ok

16:10:34.0000 2388        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:10:34.0093 2388        MRxSmb - ok

16:10:34.0156 2388        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe

16:10:34.0265 2388        MSDTC - ok

16:10:34.0453 2388        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:10:34.0578 2388        Msfs - ok

16:10:34.0640 2388        MSIServer - ok

16:10:34.0687 2388        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:10:34.0828 2388        MSKSSRV - ok

16:10:34.0859 2388        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:10:35.0015 2388        MSPCLOCK - ok

16:10:35.0203 2388        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:10:35.0328 2388        MSPQM - ok

16:10:35.0421 2388        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:10:35.0531 2388        mssmbios - ok

16:10:35.0625 2388        MSSQL$SONY_MEDIAMGR - ok

16:10:35.0671 2388        MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

16:10:35.0703 2388        MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning

16:10:35.0703 2388        MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)

16:10:35.0796 2388        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

16:10:35.0921 2388        MSTEE - ok

16:10:36.0031 2388        MTsensor        (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys

16:10:36.0078 2388        MTsensor - ok

16:10:36.0203 2388        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:10:36.0250 2388        Mup - ok

16:10:36.0515 2388        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

16:10:36.0640 2388        NABTSFEC - ok

16:10:36.0718 2388        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

16:10:36.0859 2388        napagent - ok

16:10:36.0968 2388        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:10:37.0109 2388        NDIS - ok

16:10:37.0265 2388        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

16:10:37.0359 2388        NdisIP - ok

16:10:37.0437 2388        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:10:37.0500 2388        NdisTapi - ok

16:10:37.0515 2388        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:10:37.0656 2388        Ndisuio - ok

16:10:37.0687 2388        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:10:37.0828 2388        NdisWan - ok

16:10:37.0921 2388        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:10:37.0937 2388        NDProxy - ok

16:10:38.0000 2388        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:10:38.0140 2388        NetBIOS - ok

16:10:38.0203 2388        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:10:38.0343 2388        NetBT - ok

16:10:38.0421 2388        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

16:10:38.0578 2388        NetDDE - ok

16:10:38.0609 2388        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

16:10:38.0718 2388        NetDDEdsdm - ok

16:10:38.0796 2388        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:10:38.0937 2388        Netlogon - ok

16:10:39.0000 2388        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

16:10:39.0171 2388        Netman - ok

16:10:39.0296 2388        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:10:39.0328 2388        NetTcpPortSharing - ok

16:10:39.0406 2388        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

16:10:39.0437 2388        Nla - ok

16:10:39.0500 2388        NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe

16:10:39.0515 2388        NMSAccess - ok

16:10:39.0640 2388        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:10:39.0781 2388        Npfs - ok

16:10:39.0859 2388        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:10:40.0078 2388        Ntfs - ok

16:10:40.0187 2388        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe

16:10:40.0328 2388        NtLmSsp - ok

16:10:40.0437 2388        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

16:10:40.0593 2388        NtmsSvc - ok

16:10:40.0671 2388        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:10:40.0828 2388        Null - ok

16:10:40.0921 2388        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:10:41.0062 2388        NwlnkFlt - ok

16:10:41.0109 2388        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:10:41.0250 2388        NwlnkFwd - ok

16:10:41.0328 2388        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

16:10:41.0343 2388        ose - ok

16:10:41.0453 2388        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

16:10:41.0578 2388        Parport - ok

16:10:41.0625 2388        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:10:41.0750 2388        PartMgr - ok

16:10:41.0828 2388        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

16:10:41.0953 2388        ParVdm - ok

16:10:42.0015 2388        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

16:10:42.0171 2388        PCI - ok

16:10:42.0250 2388        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:10:42.0390 2388        PCIIde - ok

16:10:42.0484 2388        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

16:10:42.0609 2388        Pcmcia - ok

16:10:42.0656 2388        perc2 - ok

16:10:42.0718 2388        perc2hib - ok

16:10:42.0796 2388        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

16:10:42.0828 2388        PlugPlay - ok

16:10:42.0937 2388        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:10:43.0062 2388        PolicyAgent - ok

16:10:43.0156 2388        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:10:43.0281 2388        PptpMiniport - ok

16:10:43.0359 2388        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

16:10:43.0500 2388        Processor - ok

16:10:43.0578 2388        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:10:43.0703 2388        ProtectedStorage - ok

16:10:43.0781 2388        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:10:43.0890 2388        PSched - ok

16:10:43.0984 2388        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:10:44.0171 2388        Ptilink - ok

16:10:44.0187 2388        ql1080 - ok

16:10:44.0218 2388        Ql10wnt - ok

16:10:44.0234 2388        ql12160 - ok

16:10:44.0265 2388        ql1240 - ok

16:10:44.0281 2388        ql1280 - ok

16:10:44.0328 2388        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:10:44.0468 2388        RasAcd - ok

16:10:44.0515 2388        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

16:10:44.0671 2388        RasAuto - ok

16:10:44.0718 2388        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:10:44.0859 2388        Rasl2tp - ok

16:10:44.0968 2388        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

16:10:45.0109 2388        RasMan - ok

16:10:45.0156 2388        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:10:45.0312 2388        RasPppoe - ok

16:10:45.0421 2388        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:10:45.0562 2388        Raspti - ok

16:10:45.0671 2388        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:10:45.0796 2388        Rdbss - ok

16:10:45.0937 2388        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:10:46.0093 2388        RDPCDD - ok

16:10:46.0156 2388        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:10:46.0312 2388        rdpdr - ok

16:10:46.0390 2388        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

16:10:46.0421 2388        RDPWD - ok

16:10:46.0484 2388        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

16:10:46.0640 2388        RDSessMgr - ok

16:10:46.0796 2388        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:10:46.0937 2388        redbook - ok

16:10:47.0031 2388        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

16:10:47.0171 2388        RemoteAccess - ok

16:10:47.0250 2388        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

16:10:47.0390 2388        RemoteRegistry - ok

16:10:47.0484 2388        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

16:10:47.0593 2388        RFCOMM - ok

16:10:47.0687 2388        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe

16:10:47.0812 2388        RpcLocator - ok

16:10:47.0906 2388        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll

16:10:47.0984 2388        RpcSs - ok

16:10:48.0093 2388        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe

16:10:48.0250 2388        RSVP - ok

16:10:48.0406 2388        RTL8023xp       (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

16:10:48.0500 2388        RTL8023xp - ok

16:10:48.0578 2388        rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

16:10:48.0703 2388        rtl8139 - ok

16:10:48.0812 2388        RTL8187B        (2890916eb8ded61cc2d8d057a9778e03) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys

16:10:48.0937 2388        RTL8187B - ok

16:10:49.0093 2388        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:10:49.0203 2388        SamSs - ok

16:10:49.0296 2388        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

16:10:49.0296 2388        SASDIFSV - ok

16:10:49.0312 2388        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

16:10:49.0328 2388        SASKUTIL - ok

16:10:49.0406 2388        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

16:10:49.0546 2388        SCardSvr - ok

16:10:49.0609 2388        SCDEmu          (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys

16:10:49.0609 2388        SCDEmu ( UnsignedFile.Multi.Generic ) - warning

16:10:49.0609 2388        SCDEmu - detected UnsignedFile.Multi.Generic (1)

16:10:49.0718 2388        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

16:10:49.0875 2388        Schedule - ok

16:10:49.0921 2388        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:10:50.0062 2388        Secdrv - ok

16:10:50.0125 2388        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

16:10:50.0265 2388        seclogon - ok

16:10:50.0328 2388        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

16:10:50.0437 2388        SENS - ok

16:10:50.0578 2388        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

16:10:50.0703 2388        Serial - ok

16:10:50.0937 2388        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:10:51.0046 2388        Sfloppy - ok

16:10:51.0125 2388        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

16:10:51.0328 2388        SharedAccess - ok

16:10:51.0421 2388        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

16:10:51.0453 2388        ShellHWDetection - ok

16:10:51.0531 2388        Simbad - ok

16:10:51.0656 2388        SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Programme\Skype\Updater\Updater.exe

16:10:51.0671 2388        SkypeUpdate - ok

16:10:51.0796 2388        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

16:10:51.0953 2388        SLIP - ok

16:10:52.0109 2388        Sparrow - ok

16:10:52.0203 2388        speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys

16:10:52.0203 2388        speedfan - ok

16:10:52.0312 2388        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:10:52.0437 2388        splitter - ok

16:10:52.0531 2388        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

16:10:52.0578 2388        Spooler - ok

16:10:52.0671 2388        SQLAgent$SONY_MEDIAMGR - ok

16:10:52.0843 2388        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

16:10:52.0984 2388        sr - ok

16:10:53.0062 2388        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

16:10:53.0203 2388        srservice - ok

16:10:53.0312 2388        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:10:53.0406 2388        Srv - ok

16:10:53.0562 2388        ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

16:10:53.0578 2388        ssadbus - ok

16:10:53.0671 2388        ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

16:10:53.0671 2388        ssadmdfl - ok

16:10:53.0750 2388        ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

16:10:53.0781 2388        ssadmdm - ok

16:10:53.0859 2388        ssadserd        (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys

16:10:53.0875 2388        ssadserd - ok

16:10:53.0984 2388        sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

16:10:54.0000 2388        sscdbus - ok

16:10:54.0171 2388        sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

16:10:54.0171 2388        sscdmdfl - ok

16:10:54.0281 2388        sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

16:10:54.0296 2388        sscdmdm - ok

16:10:54.0375 2388        sscebus         (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys

16:10:54.0390 2388        sscebus - ok

16:10:54.0437 2388        sscemdfl        (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys

16:10:54.0453 2388        sscemdfl - ok

16:10:54.0562 2388        sscemdm         (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys

16:10:54.0578 2388        sscemdm - ok

16:10:54.0703 2388        ssceserd        (60cd4ad33aa52e58faac3abad18cf8ef) C:\WINDOWS\system32\DRIVERS\ssceserd.sys

16:10:54.0703 2388        ssceserd - ok

16:10:54.0781 2388        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

16:10:54.0906 2388        SSDPSRV - ok

16:10:55.0171 2388        ssudmdm         (8f299012ef58246f1c98de7b7e48dbf0) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys

16:10:55.0203 2388        ssudmdm - ok

16:10:55.0265 2388        ssudserd        (7cc3e2e0bba3dd0b6c5e7c7a150bb5c4) C:\WINDOWS\system32\DRIVERS\ssudserd.sys

16:10:55.0296 2388        ssudserd - ok

16:10:55.0390 2388        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys

16:10:55.0390 2388        StarOpen ( UnsignedFile.Multi.Generic ) - warning

16:10:55.0390 2388        StarOpen - detected UnsignedFile.Multi.Generic (1)

16:10:55.0484 2388        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

16:10:55.0671 2388        stisvc - ok

16:10:55.0781 2388        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

16:10:55.0906 2388        streamip - ok

16:10:56.0000 2388        SWDUMon         (e5f568f412919244ce1b428662b96a18) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys

16:10:56.0015 2388        SWDUMon - ok

16:10:56.0125 2388        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:10:56.0250 2388        swenum - ok

16:10:56.0328 2388        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:10:56.0468 2388        swmidi - ok

16:10:56.0515 2388        SwPrv - ok

16:10:56.0578 2388        symc810 - ok

16:10:56.0625 2388        symc8xx - ok

16:10:56.0671 2388        sym_hi - ok

16:10:56.0703 2388        sym_u3 - ok

16:10:56.0796 2388        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:10:56.0921 2388        sysaudio - ok

16:10:57.0000 2388        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

16:10:57.0171 2388        SysmonLog - ok

16:10:57.0312 2388        tap0901         (98a1e6bc9f766b0b0a5bf00af847ef20) C:\WINDOWS\system32\DRIVERS\tap0901.sys

16:10:57.0343 2388        tap0901 ( UnsignedFile.Multi.Generic ) - warning

16:10:57.0343 2388        tap0901 - detected UnsignedFile.Multi.Generic (1)

16:10:57.0421 2388        taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys

16:10:57.0437 2388        taphss - ok

16:10:57.0531 2388        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

16:10:57.0687 2388        TapiSrv - ok

16:10:57.0812 2388        Tcpip           (d9f19e78f98834cb411d6ad3c68d181a) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:10:57.0843 2388        Tcpip ( UnsignedFile.Multi.Generic ) - warning

16:10:57.0843 2388        Tcpip - detected UnsignedFile.Multi.Generic (1)

16:10:58.0046 2388        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:10:58.0156 2388        TDPIPE - ok

16:10:58.0203 2388        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:10:58.0328 2388        TDTCP - ok

16:10:58.0390 2388        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:10:58.0515 2388        TermDD - ok

16:10:58.0671 2388        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

16:10:58.0828 2388        TermService - ok

16:10:58.0937 2388        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

16:10:58.0953 2388        Themes - ok

16:10:59.0015 2388        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe

16:10:59.0156 2388        TlntSvr - ok

16:10:59.0296 2388        TosIde - ok

16:10:59.0390 2388        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

16:10:59.0531 2388        TrkWks - ok

16:10:59.0625 2388        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:10:59.0781 2388        Udfs - ok

16:10:59.0812 2388        ultra - ok

16:10:59.0968 2388        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:11:00.0156 2388        Update - ok

16:11:00.0250 2388        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

16:11:00.0390 2388        upnphost - ok

16:11:00.0453 2388        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

16:11:00.0578 2388        UPS - ok

16:11:00.0671 2388        USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys

16:11:00.0718 2388        USBAAPL - ok

16:11:00.0828 2388        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:11:00.0984 2388        usbccgp - ok

16:11:01.0046 2388        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:11:01.0187 2388        usbehci - ok

16:11:01.0281 2388        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:11:01.0421 2388        usbhub - ok

16:11:01.0515 2388        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:11:01.0640 2388        usbprint - ok

16:11:01.0750 2388        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:11:01.0906 2388        usbscan - ok

16:11:01.0984 2388        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:11:02.0140 2388        USBSTOR - ok

16:11:02.0250 2388        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:11:02.0359 2388        usbuhci - ok

16:11:02.0437 2388        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

16:11:02.0562 2388        usbvideo - ok

16:11:02.0656 2388        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:11:02.0796 2388        VgaSave - ok

16:11:02.0828 2388        ViaIde - ok

16:11:02.0937 2388        VMAuthdService  (3accf0c817a2bb34efbfb72b57b00252) C:\Programme\VMware\VMware Player\vmware-authd.exe

16:11:02.0984 2388        VMAuthdService ( UnsignedFile.Multi.Generic ) - warning

16:11:02.0984 2388        VMAuthdService - detected UnsignedFile.Multi.Generic (1)

16:11:03.0109 2388        vmci            (15759158f7531853616b2b43af962fcb) C:\WINDOWS\system32\DRIVERS\vmci.sys

16:11:03.0140 2388        vmci - ok

16:11:03.0234 2388        vmkbd           (e5fa574436b840d071dbfe74300741ce) C:\WINDOWS\system32\drivers\VMkbd.sys

16:11:03.0234 2388        vmkbd - ok

16:11:03.0312 2388        VMnetAdapter    (1afa4af55cbea579a4bbe4f90967f720) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys

16:11:03.0328 2388        VMnetAdapter - ok

16:11:03.0468 2388        VMnetBridge     (6b8f26d54b2ee0da1543f08db3a01c8b) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys

16:11:03.0468 2388        VMnetBridge - ok

16:11:03.0531 2388        VMnetDHCP       (6f5fe74a4713290e6309b45904403798) C:\WINDOWS\system32\vmnetdhcp.exe

16:11:03.0562 2388        VMnetDHCP - ok

16:11:03.0687 2388        VMnetuserif     (c88e5f414c567ff10343df18f8c3e3f0) C:\WINDOWS\system32\drivers\vmnetuserif.sys

16:11:03.0687 2388        VMnetuserif - ok

16:11:03.0859 2388        vmusb           (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys

16:11:03.0875 2388        vmusb - ok

16:11:04.0000 2388        VMUSBArbService (af76c6d3f5053459e18e4c519fb496c8) C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe

16:11:04.0062 2388        VMUSBArbService - ok

16:11:04.0234 2388        VMware NAT Service (5cc206036b6648cd3990d77e5117e1d9) C:\WINDOWS\system32\vmnat.exe

16:11:04.0265 2388        VMware NAT Service - ok

16:11:04.0375 2388        vmx86           (847909a1fc0c8eb46ff975747d673a7f) C:\WINDOWS\system32\Drivers\vmx86.sys

16:11:04.0406 2388        vmx86 - ok

16:11:04.0500 2388        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

16:11:04.0625 2388        VolSnap - ok

16:11:04.0703 2388        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

16:11:04.0843 2388        VSS - ok

16:11:04.0968 2388        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

16:11:05.0125 2388        W32Time - ok

16:11:05.0218 2388        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:11:05.0343 2388        Wanarp - ok

16:11:05.0421 2388        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

16:11:05.0468 2388        Wdf01000 - ok

16:11:05.0609 2388        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:11:05.0734 2388        wdmaud - ok

16:11:05.0843 2388        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

16:11:05.0984 2388        WebClient - ok

16:11:06.0140 2388        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

16:11:06.0296 2388        winmgmt - ok

16:11:06.0390 2388        WinRM           (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll

16:11:06.0546 2388        WinRM - ok

16:11:06.0687 2388        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

16:11:06.0812 2388        WmdmPmSN - ok

16:11:06.0890 2388        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

16:11:07.0031 2388        Wmi - ok

16:11:07.0140 2388        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe

16:11:07.0265 2388        WmiApSrv - ok

16:11:07.0437 2388        WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe

16:11:07.0609 2388        WMPNetworkSvc - ok

16:11:07.0734 2388        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

16:11:07.0765 2388        WpdUsb - ok

16:11:07.0906 2388        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:11:07.0984 2388        WPFFontCache_v0400 - ok

16:11:08.0078 2388        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

16:11:08.0234 2388        WS2IFSL - ok

16:11:08.0359 2388        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

16:11:08.0515 2388        wscsvc - ok

16:11:08.0640 2388        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

16:11:08.0765 2388        WSTCODEC - ok

16:11:08.0843 2388        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

16:11:08.0953 2388        wuauserv - ok

16:11:09.0062 2388        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:11:09.0125 2388        WudfPf - ok

16:11:09.0218 2388        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:11:09.0250 2388        WudfRd - ok

16:11:09.0328 2388        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

16:11:09.0375 2388        WudfSvc - ok

16:11:09.0468 2388        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

16:11:09.0625 2388        WZCSVC - ok

16:11:09.0765 2388        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

16:11:09.0906 2388        xmlprov - ok

16:11:09.0953 2388        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

16:11:10.0281 2388        \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:11:10.0281 2388        \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:11:10.0296 2388        MBR (0x1B8)     (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR2

16:11:15.0859 2388        \Device\Harddisk1\DR2 - ok

16:11:15.0875 2388        Boot (0x1200)   (6a3f0f843c929f2ffe9f9266010d90d4) \Device\Harddisk0\DR0\Partition0

16:11:15.0890 2388        \Device\Harddisk0\DR0\Partition0 - ok

16:11:15.0890 2388        Boot (0x1200)   (024f370dc78e5839d03d87823c9acdd8) \Device\Harddisk1\DR2\Partition0

16:11:15.0890 2388        \Device\Harddisk1\DR2\Partition0 - ok

16:11:15.0906 2388        ============================================================

16:11:15.0906 2388        Scan finished

16:11:15.0906 2388        ============================================================

16:11:16.0046 3864        Detected object count: 12

16:11:16.0046 3864        Actual detected object count: 12

16:12:30.0062 3864        AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0062 3864        AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0062 3864        AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0062 3864        AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0078 3864        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0078 3864        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0078 3864        giveio ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0078 3864        giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0093 3864        MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0093 3864        MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0093 3864        SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0093 3864        SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0109 3864        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0109 3864        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0109 3864        tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0109 3864        tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0109 3864        Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0109 3864        Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0125 3864        VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user

16:12:30.0125 3864        VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:12:30.0125 3864        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:12:30.0125 3864        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Zitat:

16:12:30.0125 3864 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:12:30.0125 3864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

Hier der neue Log:

Code:

21:52:39.0640 3860        TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

21:52:39.0906 3860        ============================================================

21:52:39.0906 3860        Current date / time: 2012/03/22 21:52:39.0906

21:52:39.0906 3860        SystemInfo:

21:52:39.0906 3860        

21:52:39.0906 3860        OS Version: 5.1.2600 ServicePack: 3.0

21:52:39.0906 3860        Product type: Workstation

21:52:39.0906 3860        ComputerName: MUHAHAHA-FPGDH9

21:52:39.0906 3860        UserName: Matthias

21:52:39.0906 3860        Windows directory: C:\WINDOWS

21:52:39.0906 3860        System windows directory: C:\WINDOWS

21:52:39.0906 3860        Processor architecture: Intel x86

21:52:39.0906 3860        Number of processors: 1

21:52:39.0906 3860        Page size: 0x1000

21:52:39.0906 3860        Boot type: Normal boot

21:52:39.0906 3860        ============================================================

21:52:40.0359 3860        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:52:40.0359 3860        Drive \Device\Harddisk1\DR2 - Size: 0xF5400000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:52:40.0359 3860        Drive \Device\Harddisk2\DR3 - Size: 0x246312C6000 (2328.77 Gb), SectorSize: 0x1000, Cylinders: 0x9470, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:52:40.0765 3860        Drive \Device\Harddisk3\DR6 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:52:40.0781 3860        \Device\Harddisk0\DR0:

21:52:40.0781 3860        MBR used

21:52:40.0781 3860        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

21:52:40.0781 3860        \Device\Harddisk1\DR2:

21:52:40.0781 3860        MBR used

21:52:40.0781 3860        \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7A9FE0

21:52:40.0781 3860        \Device\Harddisk2\DR3:

21:52:40.0781 3860        MBR used

21:52:40.0781 3860        \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x24630770

21:52:40.0781 3860        \Device\Harddisk3\DR6:

21:52:40.0781 3860        MBR used

21:52:40.0781 3860        \Device\Harddisk3\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682

21:52:40.0906 3860        Initialize success

21:52:40.0906 3860        ============================================================

21:52:47.0468 1148        ============================================================

21:52:47.0468 1148        Scan started

21:52:47.0468 1148        Mode: Manual; SigCheck; TDLFS; 

21:52:47.0468 1148        ============================================================

21:52:47.0625 1148        !SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE

21:52:47.0812 1148        !SASCORE - ok

21:52:48.0000 1148        Abiosdsk - ok

21:52:48.0031 1148        abp480n5 - ok

21:52:48.0093 1148        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:52:49.0500 1148        ACPI - ok

21:52:49.0640 1148        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

21:52:49.0796 1148        ACPIEC - ok

21:52:49.0828 1148        adpu160m - ok

21:52:49.0890 1148        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:52:50.0015 1148        aec - ok

21:52:50.0171 1148        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:52:50.0250 1148        AFD - ok

21:52:50.0312 1148        AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Programme\LSI SoftModem\agrsmsvc.exe

21:52:50.0343 1148        AgereModemAudio - ok

21:52:50.0437 1148        AgereSoftModem  (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

21:52:50.0562 1148        AgereSoftModem - ok

21:52:50.0656 1148        Aha154x - ok

21:52:50.0703 1148        aic78u2 - ok

21:52:50.0718 1148        aic78xx - ok

21:52:50.0781 1148        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

21:52:50.0890 1148        Alerter - ok

21:52:50.0953 1148        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

21:52:51.0062 1148        ALG - ok

21:52:51.0109 1148        AliIde - ok

21:52:51.0203 1148        Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

21:52:51.0562 1148        Ambfilt - ok

21:52:51.0687 1148        amsint - ok

21:52:51.0781 1148        androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys

21:52:51.0781 1148        androidusb - ok

21:52:51.0890 1148        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:52:51.0890 1148        Apple Mobile Device - ok

21:52:51.0953 1148        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

21:52:52.0062 1148        AppMgmt - ok

21:52:52.0187 1148        asc - ok

21:52:52.0218 1148        asc3350p - ok

21:52:52.0250 1148        asc3550 - ok

21:52:52.0312 1148        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:52:52.0312 1148        aspnet_state - ok

21:52:52.0390 1148        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:52:52.0500 1148        AsyncMac - ok

21:52:52.0562 1148        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:52:52.0671 1148        atapi - ok

21:52:52.0781 1148        Atdisk - ok

21:52:52.0843 1148        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:52:52.0953 1148        Atmarpc - ok

21:52:53.0000 1148        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

21:52:53.0109 1148        AudioSrv - ok

21:52:53.0171 1148        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:52:53.0281 1148        audstub - ok

21:52:53.0375 1148        AVerAF35        (c143c69e089c7a13520eaf06175b3a3b) C:\WINDOWS\system32\Drivers\AVerAF35.sys

21:52:53.0453 1148        AVerAF35 - ok

21:52:53.0531 1148        AVerRemote      (a33c07f7527fc4cbc664c3137eb7d744) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe

21:52:53.0593 1148        AVerRemote ( UnsignedFile.Multi.Generic ) - warning

21:52:53.0593 1148        AVerRemote - detected UnsignedFile.Multi.Generic (1)

21:52:53.0625 1148        AVerScheduleService (9aebb2d487d9bf4c0f354899d842edd0) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe

21:52:53.0734 1148        AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning

21:52:53.0734 1148        AVerScheduleService - detected UnsignedFile.Multi.Generic (1)

21:52:53.0859 1148        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:52:53.0968 1148        Beep - ok

21:52:54.0062 1148        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

21:52:54.0203 1148        BITS - ok

21:52:54.0328 1148        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe

21:52:54.0343 1148        Bonjour Service - ok

21:52:54.0500 1148        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

21:52:54.0625 1148        Browser - ok

21:52:54.0687 1148        BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

21:52:54.0812 1148        BthEnum - ok

21:52:54.0843 1148        BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

21:52:54.0968 1148        BthPan - ok

21:52:55.0015 1148        BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys

21:52:55.0078 1148        BTHPORT - ok

21:52:55.0203 1148        BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll

21:52:55.0312 1148        BthServ - ok

21:52:55.0390 1148        BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

21:52:55.0484 1148        BTHUSB - ok

21:52:55.0640 1148        catchme - ok

21:52:55.0703 1148        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:52:55.0796 1148        cbidf2k - ok

21:52:55.0906 1148        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:52:56.0031 1148        CCDECODE - ok

21:52:56.0078 1148        cd20xrnt - ok

21:52:56.0156 1148        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:52:56.0265 1148        Cdaudio - ok

21:52:56.0328 1148        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:52:56.0421 1148        Cdfs - ok

21:52:56.0500 1148        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:52:56.0609 1148        Cdrom - ok

21:52:56.0718 1148        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

21:52:56.0828 1148        CiSvc - ok

21:52:56.0859 1148        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

21:52:56.0953 1148        ClipSrv - ok

21:52:57.0078 1148        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:52:57.0093 1148        clr_optimization_v2.0.50727_32 - ok

21:52:57.0156 1148        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:52:57.0171 1148        clr_optimization_v4.0.30319_32 - ok

21:52:57.0312 1148        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

21:52:57.0421 1148        CmBatt - ok

21:52:57.0453 1148        CmdIde - ok

21:52:57.0500 1148        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:52:57.0640 1148        Compbatt - ok

21:52:57.0671 1148        COMSysApp - ok

21:52:57.0703 1148        Cpqarray - ok

21:52:57.0890 1148        cpuz130 - ok

21:52:58.0015 1148        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

21:52:58.0125 1148        CryptSvc - ok

21:52:58.0156 1148        dac2w2k - ok

21:52:58.0171 1148        dac960nt - ok

21:52:58.0218 1148        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

21:52:58.0296 1148        DcomLaunch - ok

21:52:58.0343 1148        dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys

21:52:58.0343 1148        dgderdrv - ok

21:52:58.0390 1148        dg_ssudbus      (919f338fd36f47d860775368d0748780) C:\WINDOWS\system32\DRIVERS\ssudbus.sys

21:52:58.0390 1148        dg_ssudbus - ok

21:52:58.0515 1148        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

21:52:58.0625 1148        Dhcp - ok

21:52:58.0671 1148        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:52:58.0781 1148        Disk - ok

21:52:58.0796 1148        dmadmin - ok

21:52:58.0843 1148        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

21:52:59.0000 1148        dmboot - ok

21:52:59.0109 1148        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

21:52:59.0203 1148        dmio - ok

21:52:59.0234 1148        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:52:59.0343 1148        dmload - ok

21:52:59.0390 1148        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

21:52:59.0500 1148        dmserver - ok

21:52:59.0562 1148        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:52:59.0671 1148        DMusic - ok

21:52:59.0781 1148        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

21:52:59.0859 1148        Dnscache - ok

21:52:59.0968 1148        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

21:53:00.0078 1148        Dot3svc - ok

21:53:00.0093 1148        dpti2o - ok

21:53:00.0140 1148        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:53:00.0250 1148        drmkaud - ok

21:53:00.0328 1148        dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

21:53:00.0343 1148        dtsoftbus01 - ok

21:53:00.0406 1148        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

21:53:00.0515 1148        EapHost - ok

21:53:00.0562 1148        ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

21:53:00.0578 1148        ElbyCDFL - ok

21:53:00.0609 1148        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

21:53:00.0609 1148        ElbyCDIO - ok

21:53:00.0656 1148        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

21:53:00.0765 1148        ERSvc - ok

21:53:00.0812 1148        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

21:53:00.0843 1148        Eventlog - ok

21:53:00.0906 1148        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll

21:53:00.0968 1148        EventSystem - ok

21:53:01.0031 1148        Fabs - ok

21:53:01.0171 1148        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:53:01.0296 1148        Fastfat - ok

21:53:01.0406 1148        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

21:53:01.0437 1148        FastUserSwitchingCompatibility - ok

21:53:01.0500 1148        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

21:53:01.0593 1148        Fdc - ok

21:53:01.0671 1148        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

21:53:01.0765 1148        Fips - ok

21:53:02.0015 1148        FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe

21:53:02.0281 1148        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning

21:53:02.0281 1148        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)

21:53:02.0406 1148        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

21:53:02.0531 1148        Flpydisk - ok

21:53:02.0625 1148        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:53:02.0734 1148        FltMgr - ok

21:53:02.0843 1148        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

21:53:02.0859 1148        FontCache3.0.0.0 - ok

21:53:02.0984 1148        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:53:03.0109 1148        Fs_Rec - ok

21:53:03.0171 1148        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:53:03.0296 1148        Ftdisk - ok

21:53:03.0359 1148        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:53:03.0359 1148        GEARAspiWDM - ok

21:53:03.0421 1148        giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

21:53:03.0437 1148        giveio ( UnsignedFile.Multi.Generic ) - warning

21:53:03.0437 1148        giveio - detected UnsignedFile.Multi.Generic (1)

21:53:03.0562 1148        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:53:03.0687 1148        Gpc - ok

21:53:03.0750 1148        gupdate - ok

21:53:03.0765 1148        gupdatem - ok

21:53:03.0828 1148        hcmon           (88a6f2571405b3a4abc4ed2f52136317) C:\WINDOWS\system32\drivers\hcmon.sys

21:53:03.0843 1148        hcmon - ok

21:53:03.0906 1148        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:53:04.0031 1148        HDAudBus - ok

21:53:04.0125 1148        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:53:04.0234 1148        helpsvc - ok

21:53:04.0328 1148        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

21:53:04.0437 1148        HidServ - ok

21:53:04.0531 1148        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:53:04.0640 1148        hidusb - ok

21:53:04.0703 1148        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

21:53:04.0796 1148        hkmsvc - ok

21:53:04.0843 1148        hpn - ok

21:53:04.0921 1148        hshld           (44452f7a09d00573dc6e714874257cc9) C:\Programme\Hotspot Shield\bin\openvpnas.exe

21:53:04.0937 1148        hshld - ok

21:53:05.0015 1148        HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys

21:53:05.0015 1148        HssDrv - ok

21:53:05.0046 1148        HssSrv          (2cfea9c337b699aca38487e8a7438f35) C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe

21:53:05.0062 1148        HssSrv - ok

21:53:05.0140 1148        HssTrayService  (6b1dc08d22231c9e508a715f07fce7fb) C:\Programme\Hotspot Shield\bin\HssTrayService.EXE

21:53:05.0156 1148        HssTrayService - ok

21:53:05.0156 1148        HssWd - ok

21:53:05.0250 1148        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:53:05.0296 1148        HTTP - ok

21:53:05.0390 1148        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

21:53:05.0500 1148        HTTPFilter - ok

21:53:05.0546 1148        i2omp - ok

21:53:05.0593 1148        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:53:05.0703 1148        i8042prt - ok

21:53:05.0843 1148        ialm            (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

21:53:06.0046 1148        ialm - ok

21:53:06.0171 1148        iaStor          (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys

21:53:06.0187 1148        iaStor - ok

21:53:06.0343 1148        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:53:06.0421 1148        idsvc - ok

21:53:06.0562 1148        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:53:06.0687 1148        Imapi - ok

21:53:06.0765 1148        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

21:53:06.0875 1148        ImapiService - ok

21:53:06.0921 1148        ini910u - ok

21:53:07.0171 1148        IntcAzAudAddService (251be5418a9b2f9240079146ae96c4cf) C:\WINDOWS\system32\drivers\RtkHDAud.sys

21:53:07.0515 1148        IntcAzAudAddService - ok

21:53:07.0640 1148        IntelIde - ok

21:53:07.0718 1148        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:53:07.0828 1148        intelppm - ok

21:53:07.0890 1148        ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:53:07.0968 1148        ip6fw - ok

21:53:08.0015 1148        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:53:08.0125 1148        IpFilterDriver - ok

21:53:08.0234 1148        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:53:08.0328 1148        IpInIp - ok

21:53:08.0406 1148        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:53:08.0515 1148        IpNat - ok

21:53:08.0671 1148        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe

21:53:08.0734 1148        iPod Service - ok

21:53:08.0890 1148        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:53:09.0015 1148        IPSec - ok

21:53:09.0078 1148        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:53:09.0187 1148        IRENUM - ok

21:53:09.0250 1148        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:53:09.0359 1148        isapnp - ok

21:53:09.0468 1148        JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Programme\Java\jre7\bin\jqs.exe

21:53:09.0468 1148        JavaQuickStarterService - ok

21:53:09.0609 1148        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:53:09.0718 1148        Kbdclass - ok

21:53:09.0796 1148        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:53:09.0906 1148        kbdhid - ok

21:53:09.0968 1148        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:53:10.0078 1148        kmixer - ok

21:53:10.0218 1148        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:53:10.0281 1148        KSecDD - ok

21:53:10.0359 1148        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

21:53:10.0390 1148        lanmanserver - ok

21:53:10.0453 1148        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

21:53:10.0484 1148        lanmanworkstation - ok

21:53:10.0609 1148        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

21:53:10.0703 1148        LmHosts - ok

21:53:10.0765 1148        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

21:53:10.0875 1148        Messenger - ok

21:53:10.0953 1148        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:53:11.0078 1148        mnmdd - ok

21:53:11.0171 1148        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe

21:53:11.0265 1148        mnmsrvc - ok

21:53:11.0343 1148        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

21:53:11.0453 1148        Modem - ok

21:53:11.0562 1148        Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

21:53:11.0703 1148        Monfilt - ok

21:53:11.0796 1148        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:53:11.0906 1148        Mouclass - ok

21:53:12.0015 1148        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:53:12.0140 1148        mouhid - ok

21:53:12.0250 1148        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:53:12.0343 1148        MountMgr - ok

21:53:12.0390 1148        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

21:53:12.0500 1148        MPE - ok

21:53:12.0578 1148        mraid35x - ok

21:53:12.0593 1148        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:53:12.0703 1148        MRxDAV - ok

21:53:12.0765 1148        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:53:12.0875 1148        MRxSmb - ok

21:53:12.0921 1148        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe

21:53:13.0015 1148        MSDTC - ok

21:53:13.0171 1148        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:53:13.0281 1148        Msfs - ok

21:53:13.0312 1148        MSIServer - ok

21:53:13.0375 1148        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:53:13.0484 1148        MSKSSRV - ok

21:53:13.0515 1148        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:53:13.0625 1148        MSPCLOCK - ok

21:53:13.0671 1148        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:53:13.0781 1148        MSPQM - ok

21:53:13.0937 1148        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:53:14.0031 1148        mssmbios - ok

21:53:14.0125 1148        MSSQL$SONY_MEDIAMGR - ok

21:53:14.0187 1148        MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

21:53:14.0218 1148        MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning

21:53:14.0218 1148        MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)

21:53:14.0312 1148        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:53:14.0421 1148        MSTEE - ok

21:53:14.0515 1148        MTsensor        (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys

21:53:14.0562 1148        MTsensor - ok

21:53:14.0625 1148        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:53:14.0656 1148        Mup - ok

21:53:14.0765 1148        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:53:14.0875 1148        NABTSFEC - ok

21:53:14.0953 1148        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

21:53:15.0062 1148        napagent - ok

21:53:15.0156 1148        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:53:15.0265 1148        NDIS - ok

21:53:15.0328 1148        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:53:15.0421 1148        NdisIP - ok

21:53:15.0500 1148        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:53:15.0546 1148        NdisTapi - ok

21:53:15.0609 1148        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:53:15.0734 1148        Ndisuio - ok

21:53:15.0812 1148        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:53:15.0921 1148        NdisWan - ok

21:53:16.0000 1148        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:53:16.0046 1148        NDProxy - ok

21:53:16.0093 1148        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:53:16.0203 1148        NetBIOS - ok

21:53:16.0281 1148        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:53:16.0390 1148        NetBT - ok

21:53:16.0437 1148        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

21:53:16.0546 1148        NetDDE - ok

21:53:16.0578 1148        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

21:53:16.0671 1148        NetDDEdsdm - ok

21:53:16.0750 1148        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

21:53:16.0843 1148        Netlogon - ok

21:53:16.0906 1148        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

21:53:17.0015 1148        Netman - ok

21:53:17.0140 1148        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:53:17.0156 1148        NetTcpPortSharing - ok

21:53:17.0203 1148        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

21:53:17.0234 1148        Nla - ok

21:53:17.0296 1148        NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe

21:53:17.0312 1148        NMSAccess - ok

21:53:17.0421 1148        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:53:17.0531 1148        Npfs - ok

21:53:17.0609 1148        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:53:17.0781 1148        Ntfs - ok

21:53:17.0843 1148        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe

21:53:17.0937 1148        NtLmSsp - ok

21:53:18.0031 1148        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

21:53:18.0218 1148        NtmsSvc - ok

21:53:18.0312 1148        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:53:18.0437 1148        Null - ok

21:53:18.0500 1148        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:53:18.0609 1148        NwlnkFlt - ok

21:53:18.0640 1148        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:53:18.0781 1148        NwlnkFwd - ok

21:53:18.0859 1148        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

21:53:18.0875 1148        ose - ok

21:53:18.0968 1148        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

21:53:19.0078 1148        Parport - ok

21:53:19.0125 1148        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:53:19.0234 1148        PartMgr - ok

21:53:19.0265 1148        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

21:53:19.0390 1148        ParVdm - ok

21:53:19.0421 1148        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

21:53:19.0531 1148        PCI - ok

21:53:19.0562 1148        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:53:19.0687 1148        PCIIde - ok

21:53:19.0781 1148        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:53:19.0890 1148        Pcmcia - ok

21:53:19.0953 1148        perc2 - ok

21:53:19.0968 1148        perc2hib - ok

21:53:20.0015 1148        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

21:53:20.0046 1148        PlugPlay - ok

21:53:20.0062 1148        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

21:53:20.0156 1148        PolicyAgent - ok

21:53:20.0187 1148        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:53:20.0296 1148        PptpMiniport - ok

21:53:20.0328 1148        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

21:53:20.0437 1148        Processor - ok

21:53:20.0515 1148        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

21:53:20.0593 1148        ProtectedStorage - ok

21:53:20.0687 1148        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:53:20.0765 1148        PSched - ok

21:53:20.0828 1148        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:53:20.0953 1148        Ptilink - ok

21:53:20.0984 1148        ql1080 - ok

21:53:21.0015 1148        Ql10wnt - ok

21:53:21.0031 1148        ql12160 - ok

21:53:21.0062 1148        ql1240 - ok

21:53:21.0078 1148        ql1280 - ok

21:53:21.0125 1148        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:53:21.0234 1148        RasAcd - ok

21:53:21.0296 1148        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

21:53:21.0406 1148        RasAuto - ok

21:53:21.0484 1148        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:53:21.0593 1148        Rasl2tp - ok

21:53:21.0656 1148        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

21:53:21.0781 1148        RasMan - ok

21:53:21.0843 1148        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:53:21.0984 1148        RasPppoe - ok

21:53:22.0046 1148        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:53:22.0156 1148        Raspti - ok

21:53:22.0234 1148        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:53:22.0343 1148        Rdbss - ok

21:53:22.0421 1148        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:53:22.0531 1148        RDPCDD - ok

21:53:22.0593 1148        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:53:22.0703 1148        rdpdr - ok

21:53:22.0812 1148        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

21:53:22.0843 1148        RDPWD - ok

21:53:22.0906 1148        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

21:53:23.0015 1148        RDSessMgr - ok

21:53:23.0078 1148        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:53:23.0187 1148        redbook - ok

21:53:23.0281 1148        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

21:53:23.0375 1148        RemoteAccess - ok

21:53:23.0468 1148        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

21:53:23.0578 1148        RemoteRegistry - ok

21:53:23.0671 1148        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

21:53:23.0765 1148        RFCOMM - ok

21:53:23.0828 1148        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe

21:53:23.0937 1148        RpcLocator - ok

21:53:24.0031 1148        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll

21:53:24.0078 1148        RpcSs - ok

21:53:24.0171 1148        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe

21:53:24.0296 1148        RSVP - ok

21:53:24.0375 1148        RTL8023xp       (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

21:53:24.0437 1148        RTL8023xp - ok

21:53:24.0515 1148        rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

21:53:24.0625 1148        rtl8139 - ok

21:53:24.0703 1148        RTL8187B        (2890916eb8ded61cc2d8d057a9778e03) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys

21:53:24.0828 1148        RTL8187B - ok

21:53:24.0906 1148        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

21:53:25.0000 1148        SamSs - ok

21:53:25.0125 1148        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

21:53:25.0125 1148        SASDIFSV - ok

21:53:25.0140 1148        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

21:53:25.0156 1148        SASKUTIL - ok

21:53:25.0265 1148        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

21:53:25.0375 1148        SCardSvr - ok

21:53:25.0437 1148        SCDEmu          (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys

21:53:25.0437 1148        SCDEmu ( UnsignedFile.Multi.Generic ) - warning

21:53:25.0437 1148        SCDEmu - detected UnsignedFile.Multi.Generic (1)

21:53:25.0484 1148        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

21:53:25.0593 1148        Schedule - ok

21:53:25.0625 1148        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:53:25.0718 1148        Secdrv - ok

21:53:25.0812 1148        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

21:53:25.0921 1148        seclogon - ok

21:53:25.0984 1148        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

21:53:26.0078 1148        SENS - ok

21:53:26.0171 1148        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

21:53:26.0281 1148        Serial - ok

21:53:26.0390 1148        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:53:26.0484 1148        Sfloppy - ok

21:53:26.0578 1148        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

21:53:26.0718 1148        SharedAccess - ok

21:53:26.0859 1148        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

21:53:26.0875 1148        ShellHWDetection - ok

21:53:26.0906 1148        Simbad - ok

21:53:27.0015 1148        SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Programme\Skype\Updater\Updater.exe

21:53:27.0031 1148        SkypeUpdate - ok

21:53:27.0062 1148        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:53:27.0171 1148        SLIP - ok

21:53:27.0296 1148        Sparrow - ok

21:53:27.0343 1148        speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys

21:53:27.0359 1148        speedfan - ok

21:53:27.0453 1148        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:53:27.0562 1148        splitter - ok

21:53:27.0625 1148        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

21:53:27.0656 1148        Spooler - ok

21:53:27.0750 1148        SQLAgent$SONY_MEDIAMGR - ok

21:53:27.0890 1148        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

21:53:28.0000 1148        sr - ok

21:53:28.0093 1148        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

21:53:28.0187 1148        srservice - ok

21:53:28.0265 1148        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:53:28.0375 1148        Srv - ok

21:53:28.0531 1148        ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

21:53:28.0531 1148        ssadbus - ok

21:53:28.0625 1148        ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

21:53:28.0625 1148        ssadmdfl - ok

21:53:28.0687 1148        ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

21:53:28.0687 1148        ssadmdm - ok

21:53:28.0750 1148        ssadserd        (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys

21:53:28.0765 1148        ssadserd - ok

21:53:28.0843 1148        sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

21:53:28.0859 1148        sscdbus - ok

21:53:28.0984 1148        sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

21:53:28.0984 1148        sscdmdfl - ok

21:53:29.0046 1148        sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

21:53:29.0062 1148        sscdmdm - ok

21:53:29.0140 1148        sscebus         (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys

21:53:29.0156 1148        sscebus - ok

21:53:29.0203 1148        sscemdfl        (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys

21:53:29.0203 1148        sscemdfl - ok

21:53:29.0296 1148        sscemdm         (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys

21:53:29.0312 1148        sscemdm - ok

21:53:29.0437 1148        ssceserd        (60cd4ad33aa52e58faac3abad18cf8ef) C:\WINDOWS\system32\DRIVERS\ssceserd.sys

21:53:29.0437 1148        ssceserd - ok

21:53:29.0515 1148        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

21:53:29.0609 1148        SSDPSRV - ok

21:53:29.0734 1148        ssudmdm         (8f299012ef58246f1c98de7b7e48dbf0) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys

21:53:29.0750 1148        ssudmdm - ok

21:53:29.0843 1148        ssudserd        (7cc3e2e0bba3dd0b6c5e7c7a150bb5c4) C:\WINDOWS\system32\DRIVERS\ssudserd.sys

21:53:29.0859 1148        ssudserd - ok

21:53:29.0968 1148        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys

21:53:29.0968 1148        StarOpen ( UnsignedFile.Multi.Generic ) - warning

21:53:29.0968 1148        StarOpen - detected UnsignedFile.Multi.Generic (1)

21:53:30.0062 1148        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

21:53:30.0203 1148        stisvc - ok

21:53:30.0312 1148        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:53:30.0406 1148        streamip - ok

21:53:30.0562 1148        SWDUMon         (e5f568f412919244ce1b428662b96a18) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys

21:53:30.0562 1148        SWDUMon - ok

21:53:30.0640 1148        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:53:30.0750 1148        swenum - ok

21:53:30.0812 1148        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:53:30.0921 1148        swmidi - ok

21:53:31.0031 1148        SwPrv - ok

21:53:31.0125 1148        symc810 - ok

21:53:31.0156 1148        symc8xx - ok

21:53:31.0187 1148        sym_hi - ok

21:53:31.0203 1148        sym_u3 - ok

21:53:31.0265 1148        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:53:31.0375 1148        sysaudio - ok

21:53:31.0437 1148        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

21:53:31.0546 1148        SysmonLog - ok

21:53:31.0625 1148        tap0901         (98a1e6bc9f766b0b0a5bf00af847ef20) C:\WINDOWS\system32\DRIVERS\tap0901.sys

21:53:31.0656 1148        tap0901 ( UnsignedFile.Multi.Generic ) - warning

21:53:31.0656 1148        tap0901 - detected UnsignedFile.Multi.Generic (1)

21:53:31.0796 1148        taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys

21:53:31.0812 1148        taphss - ok

21:53:31.0875 1148        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

21:53:31.0968 1148        TapiSrv - ok

21:53:32.0062 1148        Tcpip           (d9f19e78f98834cb411d6ad3c68d181a) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:53:32.0078 1148        Tcpip ( UnsignedFile.Multi.Generic ) - warning

21:53:32.0078 1148        Tcpip - detected UnsignedFile.Multi.Generic (1)

21:53:32.0140 1148        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:53:32.0234 1148        TDPIPE - ok

21:53:32.0296 1148        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:53:32.0406 1148        TDTCP - ok

21:53:32.0500 1148        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:53:32.0593 1148        TermDD - ok

21:53:32.0718 1148        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

21:53:32.0859 1148        TermService - ok

21:53:32.0921 1148        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

21:53:32.0937 1148        Themes - ok

21:53:33.0000 1148        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe

21:53:33.0109 1148        TlntSvr - ok

21:53:33.0218 1148        TosIde - ok

21:53:33.0296 1148        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

21:53:33.0406 1148        TrkWks - ok

21:53:33.0484 1148        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:53:33.0578 1148        Udfs - ok

21:53:33.0609 1148        ultra - ok

21:53:33.0671 1148        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:53:33.0828 1148        Update - ok

21:53:33.0953 1148        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

21:53:34.0062 1148        upnphost - ok

21:53:34.0125 1148        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

21:53:34.0218 1148        UPS - ok

21:53:34.0328 1148        USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys

21:53:34.0375 1148        USBAAPL - ok

21:53:34.0437 1148        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:53:34.0546 1148        usbccgp - ok

21:53:34.0656 1148        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:53:34.0750 1148        usbehci - ok

21:53:34.0812 1148        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:53:34.0921 1148        usbhub - ok

21:53:34.0984 1148        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:53:35.0078 1148        usbprint - ok

21:53:35.0140 1148        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:53:35.0250 1148        usbscan - ok

21:53:35.0343 1148        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:53:35.0453 1148        USBSTOR - ok

21:53:35.0562 1148        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:53:35.0640 1148        usbuhci - ok

21:53:35.0718 1148        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:53:35.0828 1148        usbvideo - ok

21:53:35.0890 1148        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:53:35.0984 1148        VgaSave - ok

21:53:36.0000 1148        ViaIde - ok

21:53:36.0109 1148        VMAuthdService  (3accf0c817a2bb34efbfb72b57b00252) C:\Programme\VMware\VMware Player\vmware-authd.exe

21:53:36.0140 1148        VMAuthdService ( UnsignedFile.Multi.Generic ) - warning

21:53:36.0140 1148        VMAuthdService - detected UnsignedFile.Multi.Generic (1)

21:53:36.0187 1148        vmci            (15759158f7531853616b2b43af962fcb) C:\WINDOWS\system32\DRIVERS\vmci.sys

21:53:36.0203 1148        vmci - ok

21:53:36.0234 1148        vmkbd           (e5fa574436b840d071dbfe74300741ce) C:\WINDOWS\system32\drivers\VMkbd.sys

21:53:36.0234 1148        vmkbd - ok

21:53:36.0296 1148        VMnetAdapter    (1afa4af55cbea579a4bbe4f90967f720) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys

21:53:36.0312 1148        VMnetAdapter - ok

21:53:36.0406 1148        VMnetBridge     (6b8f26d54b2ee0da1543f08db3a01c8b) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys

21:53:36.0421 1148        VMnetBridge - ok

21:53:36.0484 1148        VMnetDHCP       (6f5fe74a4713290e6309b45904403798) C:\WINDOWS\system32\vmnetdhcp.exe

21:53:36.0515 1148        VMnetDHCP - ok

21:53:36.0625 1148        VMnetuserif     (c88e5f414c567ff10343df18f8c3e3f0) C:\WINDOWS\system32\drivers\vmnetuserif.sys

21:53:36.0625 1148        VMnetuserif - ok

21:53:36.0734 1148        vmusb           (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys

21:53:36.0750 1148        vmusb - ok

21:53:36.0843 1148        VMUSBArbService (af76c6d3f5053459e18e4c519fb496c8) C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe

21:53:36.0890 1148        VMUSBArbService - ok

21:53:37.0078 1148        VMware NAT Service (5cc206036b6648cd3990d77e5117e1d9) C:\WINDOWS\system32\vmnat.exe

21:53:37.0109 1148        VMware NAT Service - ok

21:53:37.0312 1148        vmx86           (847909a1fc0c8eb46ff975747d673a7f) C:\WINDOWS\system32\Drivers\vmx86.sys

21:53:37.0328 1148        vmx86 - ok

21:53:37.0390 1148        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

21:53:37.0515 1148        VolSnap - ok

21:53:37.0656 1148        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

21:53:37.0750 1148        VSS - ok

21:53:37.0812 1148        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

21:53:37.0921 1148        W32Time - ok

21:53:38.0015 1148        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:53:38.0109 1148        Wanarp - ok

21:53:38.0203 1148        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

21:53:38.0234 1148        Wdf01000 - ok

21:53:38.0375 1148        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:53:38.0484 1148        wdmaud - ok

21:53:38.0562 1148        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

21:53:38.0671 1148        WebClient - ok

21:53:38.0765 1148        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

21:53:38.0875 1148        winmgmt - ok

21:53:38.0984 1148        WinRM           (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll

21:53:39.0109 1148        WinRM - ok

21:53:39.0218 1148        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

21:53:39.0234 1148        WmdmPmSN - ok

21:53:39.0328 1148        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

21:53:39.0390 1148        Wmi - ok

21:53:39.0484 1148        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe

21:53:39.0593 1148        WmiApSrv - ok

21:53:39.0734 1148        WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe

21:53:39.0843 1148        WMPNetworkSvc - ok

21:53:40.0062 1148        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

21:53:40.0078 1148        WpdUsb - ok

21:53:40.0218 1148        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

21:53:40.0265 1148        WPFFontCache_v0400 - ok

21:53:40.0421 1148        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:53:40.0546 1148        WS2IFSL - ok

21:53:40.0625 1148        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

21:53:40.0734 1148        wscsvc - ok

21:53:40.0796 1148        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:53:40.0906 1148        WSTCODEC - ok

21:53:40.0968 1148        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

21:53:41.0062 1148        wuauserv - ok

21:53:41.0203 1148        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:53:41.0234 1148        WudfPf - ok

21:53:41.0265 1148        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:53:41.0296 1148        WudfRd - ok

21:53:41.0359 1148        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

21:53:41.0390 1148        WudfSvc - ok

21:53:41.0468 1148        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

21:53:41.0625 1148        WZCSVC - ok

21:53:41.0703 1148        XDva394 - ok

21:53:41.0765 1148        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

21:53:41.0859 1148        xmlprov - ok

21:53:41.0921 1148        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:53:42.0203 1148        \Device\Harddisk0\DR0 - ok

21:53:42.0218 1148        MBR (0x1B8)     (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR2

21:53:46.0406 1148        \Device\Harddisk1\DR2 - ok

21:53:46.0421 1148        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR3

21:53:46.0968 1148        \Device\Harddisk2\DR3 - ok

21:53:46.0968 1148        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR6

21:53:47.0062 1148        \Device\Harddisk3\DR6 - ok

21:53:47.0078 1148        Boot (0x1200)   (6a3f0f843c929f2ffe9f9266010d90d4) \Device\Harddisk0\DR0\Partition0

21:53:47.0078 1148        \Device\Harddisk0\DR0\Partition0 - ok

21:53:47.0078 1148        Boot (0x1200)   (024f370dc78e5839d03d87823c9acdd8) \Device\Harddisk1\DR2\Partition0

21:53:47.0078 1148        \Device\Harddisk1\DR2\Partition0 - ok

21:53:47.0093 1148        Boot (0x1200)   (b7e1151473711f7ebb360749df755929) \Device\Harddisk2\DR3\Partition0

21:53:47.0093 1148        \Device\Harddisk2\DR3\Partition0 - ok

21:53:47.0093 1148        Boot (0x1200)   (b28f0da2e578fff9441cee436b622d76) \Device\Harddisk3\DR6\Partition0

21:53:47.0093 1148        \Device\Harddisk3\DR6\Partition0 - ok

21:53:47.0093 1148        ============================================================

21:53:47.0093 1148        Scan finished

21:53:47.0093 1148        ============================================================

21:53:47.0234 0548        Detected object count: 10

21:53:47.0234 0548        Actual detected object count: 10

21:53:58.0906 0548        AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0906 0548        AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:53:58.0906 0548        AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0906 0548        AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:53:58.0906 0548        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0906 0548        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:53:58.0906 0548        giveio ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0906 0548        giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:53:58.0906 0548        MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0906 0548        MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:53:58.0906 0548        SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0906 0548        SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:53:58.0921 0548        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0921 0548        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:53:58.0921 0548        tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0921 0548        tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:53:58.0921 0548        Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0921 0548        Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:53:58.0921 0548        VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:58.0921 0548        VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:54:00.0843 1296        Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Log ist zu groß um es zu posten, deshalb im Anhang.
MfG