Trojaner-Board - BKA Virus 1.09 - OTL Logfile Auswertung

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - BKA Virus 1.09 - OTL Logfile Auswertung (https://www.trojaner-board.de/112789-bka-virus-1-09-otl-logfile-auswertung.html)

BKA Virus 1.09 - OTL Logfile Auswertung

hallo zusammen!

heute hat es einen rechner bei mir erwischt - bka virus, meiner recherche nach version 1.09.

betroffener pc: win xp sp3, alle updates installiert

der "bka-lockscreen" kam und ich musste den rechner manuell runterfahren, neustart lief problemlos im normalen modus, norton internet security hat eine datei isoliert bzw gelöscht deren name leider nicht mehr eruierbar ist...

autostart geprüft, keine neuen / verdächtigen einträge

einzige auffälligkeit war ein versteckter ordner im verzeichnis "Dokumente und Einstellungen....Anwendungsdateien" mit dem namen "gizza" - inhalt war eine txt file mit meiner ip adresse und ein bmp des locksreen.

diverse recherchen und online test, komplettscan mit norton internet security - aktuelleste version brachte keine auffälligkeiten, ksapersky notfall-cd ausgeführt, leider war der festplattenscan der systemplatte nicht vollständig möglich da der scan nach 3% abgebrochen ist, bootsektorentest unauffällig, cc cleaner registry gereinigt - keine auffälligen einträge

ich möchte euch nun meine otl logflies posten um ggf einen check zu erbitten ob es auffälligkeiten gibt oder ich mein system als sicher bzw sauber betrachten kann - vielen dank im voraus:

zusatzinfo:

konnte heute mit dem microsoft bitdefender offline Tool den win32.gamarue.f im Verzeichnis "system volume Information" identifizieren und entfernen......

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

hallo!

danke für die rückmeldung.

anbei der log von malewarebytes von gestern nachmittag

eset scan brachte keine ergebnisse

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.04.01.01
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Faber :: CENTER [Administrator]
 

Schutz: Aktiviert
 

01.04.2012 15:24:36

mbam-log-2012-04-01 (19-06-30).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 326149

Laufzeit: 3 Stunde(n), 38 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 4

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

habe die software erst im zuge der aktion vom samstag dann installiert, daher gibts auch keine weiteren scans

logdateien kann ich anbieten - eben seit samstag

Code:

2012/03/31 15:00:15 +0200        CENTER        Faber        MESSAGE        Starting protection

2012/03/31 15:00:20 +0200        CENTER        Faber        MESSAGE        Protection started successfully

2012/03/31 15:00:23 +0200        CENTER        Faber        MESSAGE        Starting IP protection

2012/03/31 15:00:30 +0200        CENTER        Faber        MESSAGE        IP Protection started successfully

2012/03/31 17:11:06 +0200        CENTER        Faber        MESSAGE        Stopping IP protection

2012/03/31 17:11:07 +0200        CENTER        Faber        MESSAGE        IP Protection stopped

2012/03/31 19:05:35 +0200        CENTER        Faber        MESSAGE        Executing scheduled update:  Daily

2012/03/31 19:05:35 +0200        CENTER        Faber        ERROR        Scheduled update failed:  Config missing or corrupt, please reinstall failed with error code 2

Code:

2012/04/01 15:24:17 +0200        CENTER        Faber        MESSAGE        Starting protection

2012/04/01 15:24:22 +0200        CENTER        Faber        MESSAGE        Protection started successfully

2012/04/01 15:24:25 +0200        CENTER        Faber        MESSAGE        Starting IP protection

2012/04/01 15:24:29 +0200        CENTER        Faber        MESSAGE        IP Protection started successfully

2012/04/01 16:12:36 +0200        CENTER        Faber        IP-BLOCK        188.130.251.85 (Type: outgoing)

2012/04/01 16:12:39 +0200        CENTER        Faber        IP-BLOCK        188.130.251.85 (Type: outgoing)

2012/04/01 16:12:45 +0200        CENTER        Faber        IP-BLOCK        188.130.251.85 (Type: outgoing)

2012/04/01 16:12:59 +0200        CENTER        Faber        IP-BLOCK        188.130.251.85 (Type: outgoing)

2012/04/01 16:13:02 +0200        CENTER        Faber        IP-BLOCK        188.130.251.85 (Type: outgoing)

2012/04/01 16:13:08 +0200        CENTER        Faber        IP-BLOCK        188.130.251.85 (Type: outgoing)

2012/04/01 19:05:26 +0200        CENTER        Faber        MESSAGE        Executing scheduled update:  Daily

2012/04/01 19:05:33 +0200        CENTER        Faber        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.04.01.01 to version v2012.04.01.03

2012/04/01 19:05:33 +0200        CENTER        Faber        MESSAGE        Starting database refresh

2012/04/01 19:05:33 +0200        CENTER        Faber        MESSAGE        Stopping IP protection

2012/04/01 19:05:33 +0200        CENTER        Faber        MESSAGE        IP Protection stopped

2012/04/01 19:05:37 +0200        CENTER        Faber        MESSAGE        Database refreshed successfully

2012/04/01 19:05:37 +0200        CENTER        Faber        MESSAGE        Starting IP protection

2012/04/01 19:05:50 +0200        CENTER        Faber        MESSAGE        IP Protection started successfully

Code:

2012/04/02 14:50:11 +0200        CENTER        Faber        MESSAGE        Starting protection

2012/04/02 14:50:17 +0200        CENTER        Faber        MESSAGE        Protection started successfully

2012/04/02 14:50:20 +0200        CENTER        Faber        MESSAGE        Starting IP protection

2012/04/02 14:50:25 +0200        CENTER        Faber        MESSAGE        IP Protection started successfully

2012/04/02 14:50:43 +0200        CENTER        Faber        MESSAGE        Starting database refresh

2012/04/02 14:50:43 +0200        CENTER        Faber        MESSAGE        Stopping IP protection

2012/04/02 14:50:43 +0200        CENTER        Faber        MESSAGE        IP Protection stopped

2012/04/02 14:50:46 +0200        CENTER        Faber        MESSAGE        Database refreshed successfully

2012/04/02 14:50:46 +0200        CENTER        Faber        MESSAGE        Starting IP protection

2012/04/02 14:50:53 +0200        CENTER        Faber        MESSAGE        IP Protection started successfully

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

ad1) normaler modus geht problemlos und uneingeschränkt . konnte bisher keine fehler erkennen

ad2) vermisse auch nix im startmenü, keine leeren ordner oder fehlende proigramme soweit ich es bisher festellen konnte

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

bitteschön - hier der log - in 2 teilen da um ein paar zeichen zu gross...

Code:

OTL logfile created on: 02.04.2012 17:07:22 - Run 4

OTL by OldTimer - Version 3.2.39.2     Folder = H:\Dokumente und Einstellungen\Faber\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,81% Memory free

5,09 Gb Paging File | 4,16 Gb Available in Paging File | 81,81% Paging File free

Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = H: | %SystemRoot% = H:\windows | %ProgramFiles% = H:\Programme

Drive E: | 232,88 Gb Total Space | 129,72 Gb Free Space | 55,70% Space Free | Partition Type: NTFS

Drive H: | 232,88 Gb Total Space | 208,76 Gb Free Space | 89,65% Space Free | Partition Type: NTFS

Drive I: | 149,05 Gb Total Space | 105,64 Gb Free Space | 70,88% Space Free | Partition Type: NTFS

Drive N: | 915,91 Gb Total Space | 483,86 Gb Free Space | 52,83% Space Free | Partition Type: NTFS

Drive O: | 1832,80 Gb Total Space | 1223,90 Gb Free Space | 66,78% Space Free | Partition Type: NTFS

 

Computer Name: CENTER | User Name: Faber | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.31 14:52:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Faber\Desktop\OTL.exe

PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2012.01.17 08:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- H:\Programme\Norton Management\Engine\2.1.2.13\ccsvchst.exe

PRC - [2012.01.17 07:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- H:\Programme\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- H:\Programme\PC Connectivity Solution\ServiceLayer.exe

PRC - [2012.01.04 14:32:18 | 000,173,096 | ---- | M] (Nokia) -- H:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2012.01.04 14:32:02 | 000,142,376 | ---- | M] (Nokia) -- H:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe

PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011.10.07 11:40:08 | 000,055,064 | ---- | M] (Logitech, Inc.) -- H:\Programme\Logitech\SetPointP\LBTWiz.exe

PRC - [2011.03.04 12:38:48 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

PRC - [2010.08.18 02:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- H:\WINDOWS\V0700Mon.exe

PRC - [2010.07.07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- H:\WINDOWS\system32\Ctxfihlp.exe

PRC - [2010.07.07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- H:\WINDOWS\system32\CTxfispi.exe

PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- H:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe

PRC - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2009.06.12 00:10:18 | 000,503,808 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe

PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- H:\Programme\Creative\Shared Files\CTAudSvc.exe

PRC - [2008.05.05 09:53:00 | 000,221,300 | ---- | M] (Creative Technology Ltd) -- H:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

PRC - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2008.04.21 23:00:36 | 000,911,168 | ---- | M] (Acronis) -- H:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2008.04.21 22:54:38 | 002,622,296 | ---- | M] (Acronis) -- H:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2008.04.21 00:07:26 | 000,136,472 | ---- | M] (Acronis) -- H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe

PRC - [2008.04.21 00:07:18 | 000,431,384 | ---- | M] (Acronis) -- H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

PRC - [2008.04.15 19:55:02 | 001,449,984 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe

PRC - [2008.01.31 19:12:04 | 000,634,880 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe

PRC - [2008.01.31 19:06:40 | 001,060,864 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe

PRC - [2008.01.31 18:04:54 | 000,925,696 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe

PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- H:\Programme\Canon\CAL\CALMAIN.exe

PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe

PRC - [2005.10.27 17:01:16 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- H:\Programme\Multimedia Card Reader\shwicon2k.exe

PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- H:\WINDOWS\system32\LVCOMSX.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.16 16:44:26 | 011,817,472 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll

MOD - [2012.02.16 15:22:17 | 000,971,264 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll

MOD - [2012.02.15 15:18:01 | 005,450,752 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll

MOD - [2012.02.15 15:17:57 | 012,430,848 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll

MOD - [2012.02.15 15:17:48 | 001,587,200 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll

MOD - [2012.02.15 15:14:18 | 007,953,408 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll

MOD - [2012.02.15 15:12:48 | 000,303,104 | ---- | M] () -- H:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2012.01.03 15:10:46 | 000,301,056 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2011.10.12 15:10:14 | 000,025,600 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll

MOD - [2011.10.12 13:35:36 | 011,490,816 | ---- | M] () -- H:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll

MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- H:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2011.07.28 17:22:00 | 000,270,336 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- H:\Programme\WinRAR\RarExt.dll

MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll

MOD - [2009.07.13 17:37:04 | 000,152,112 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\CAntiVirusCOM.dll

MOD - [2009.07.13 17:37:04 | 000,098,304 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\CFirewallCOM.dll

MOD - [2009.06.19 21:56:39 | 000,315,392 | ---- | M] () -- H:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.06.19 21:56:37 | 000,434,176 | ---- | M] () -- H:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.06.12 00:10:18 | 000,503,808 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe

MOD - [2008.06.26 20:46:08 | 001,384,520 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\SSOle.dll

MOD - [2008.06.26 20:45:14 | 000,367,104 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\NetModule.dll

MOD - [2008.06.26 20:45:06 | 000,155,648 | ---- | M] () -- H:\WINDOWS\twain_32\Samsung\CLX3170\IMFilter.dll

MOD - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe

MOD - [2008.04.21 22:43:20 | 001,336,600 | ---- | M] () -- H:\Programme\Acronis\TrueImageHome\fox.dll

MOD - [2008.04.15 19:55:02 | 001,449,984 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

MOD - [2008.04.15 19:48:54 | 000,073,728 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\zlib1.dll

MOD - [2008.04.15 19:48:42 | 004,976,640 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\qt-mt333.dll

MOD - [2008.04.15 19:48:42 | 000,118,784 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\slp.dll

MOD - [2008.04.15 19:48:42 | 000,024,064 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\XalanMessages_1_9.dll

MOD - [2008.04.15 19:48:40 | 000,057,344 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\boost_thread-vc71-mt-1_32.dll

MOD - [2008.01.31 19:12:04 | 000,634,880 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe

MOD - [2008.01.31 19:06:40 | 001,060,864 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe

MOD - [2008.01.31 18:52:36 | 000,352,256 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\QtSql4.dll

MOD - [2008.01.31 18:52:36 | 000,352,256 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\QtSql4.dll

MOD - [2008.01.31 18:52:34 | 000,221,184 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\QtNetwork4.dll

MOD - [2008.01.31 18:52:34 | 000,221,184 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\QtNetwork4.dll

MOD - [2008.01.31 18:52:34 | 000,221,184 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\QtNetwork4.dll

MOD - [2008.01.31 18:52:32 | 001,069,056 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\QtCore4.dll

MOD - [2008.01.31 18:52:32 | 001,069,056 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\QtCore4.dll

MOD - [2008.01.31 18:52:32 | 001,069,056 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\QtCore4.dll

MOD - [2008.01.31 18:04:54 | 000,925,696 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe

MOD - [2008.01.31 17:52:36 | 000,025,600 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\XalanMessages_1_10.dll

MOD - [2008.01.31 17:52:36 | 000,025,600 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\XalanMessages_1_10.dll

MOD - [2008.01.31 17:52:36 | 000,025,600 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\XalanMessages_1_10.dll

MOD - [2008.01.31 17:52:34 | 000,106,496 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\boost_log-vc80-mt-1_33_1.dll

MOD - [2008.01.31 17:52:34 | 000,106,496 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\boost_log-vc80-mt-1_33_1.dll

MOD - [2008.01.31 17:52:34 | 000,106,496 | ---- | M] () -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\boost_log-vc80-mt-1_33_1.dll

MOD - [2007.12.27 16:38:58 | 000,094,208 | ---- | M] () -- H:\WINDOWS\system32\SamFaxPort.dll

MOD - [2007.09.13 18:05:22 | 000,002,560 | ---- | M] () -- H:\WINDOWS\CTXFIGER.DLL

MOD - [2007.08.14 03:01:17 | 000,022,723 | ---- | M] () -- H:\WINDOWS\system32\sst1cl3.dll

MOD - [2002.01.11 15:59:06 | 000,094,274 | ---- | M] () -- H:\WINDOWS\system32\HPBHEALR.DLL

MOD - [2001.10.28 18:43:08 | 000,116,736 | ---- | M] () -- H:\WINDOWS\system32\redmonnt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- H:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.01.17 08:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- H:\Programme\Norton Management\Engine\2.1.2.13\ccSvcHst.exe -- (MCLIENT)

SRV - [2012.01.17 07:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- H:\Programme\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS)

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- H:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2011.03.04 12:38:48 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2010.11.18 15:35:50 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- H:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_D3D96EB9)

SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.10.24 15:09:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)

SRV - [2009.10.24 15:03:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)

SRV - [2009.10.24 15:02:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)

SRV - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- H:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2008.04.21 00:07:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2008.04.15 19:55:02 | 001,449,984 | ---- | M] () [Auto | Running] -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe -- (SWAS_Core)

SRV - [2008.01.31 19:12:04 | 000,634,880 | ---- | M] () [Auto | Running] -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe -- (SWAS_Srv_LDD)

SRV - [2008.01.31 19:06:40 | 001,060,864 | ---- | M] () [Auto | Running] -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe -- (SWAS_Srv_DriverManagement)

SRV - [2008.01.31 18:04:54 | 000,925,696 | ---- | M] () [Auto | Running] -- H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe -- (SWAS_Report_Plugin)

SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- H:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)

SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- H:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)

DRV - File not found [Kernel | Auto | Stopped] -- H:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB)

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)

DRV - [2012.03.29 10:27:31 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012.03.19 20:28:24 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120401.016\NAVEX15.SYS -- (NAVEX15)

DRV - [2012.03.19 20:28:24 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012.03.19 20:28:24 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120401.016\NAVENG.SYS -- (NAVENG)

DRV - [2012.03.06 17:04:10 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSXpx86.sys -- (IDSxpx86)

DRV - [2012.03.02 20:58:02 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012.02.04 12:25:51 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012.01.18 00:46:01 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\symtdi.sys -- (SYMTDI)

DRV - [2012.01.18 00:45:57 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\symefa.sys -- (SymEFA)

DRV - [2012.01.18 00:35:24 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\ironx86.sys -- (SymIRON)

DRV - [2012.01.18 00:33:51 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\srtsp.sys -- (SRTSP)

DRV - [2012.01.18 00:33:51 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.11.30 01:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\MCLIENT\0201020.00D\ccsetx86.sys -- (ccSet_MCLIENT)

DRV - [2011.11.30 00:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\ccsetx86.sys -- (ccSet_NIS)

DRV - [2011.11.24 04:23:20 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2011.11.24 04:23:20 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)

DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2011.09.26 17:17:34 | 000,025,344 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\csrbcxp.sys -- (CSRBC)

DRV - [2011.09.06 18:00:02 | 000,322,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\V0700Vid.sys -- (V0700Vid)

DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2011.09.02 08:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV - [2011.09.02 08:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)

DRV - [2011.09.02 08:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2011.07.29 14:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)

DRV - [2011.07.29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011.07.29 00:20:10 | 007,084,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2011.07.25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\NIS\1306020.00A\symds.sys -- (SymDS)

DRV - [2011.03.24 14:28:36 | 000,150,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)

DRV - [2010.10.20 07:24:22 | 000,302,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\V0700Afx.sys -- (V0700Afx)

DRV - [2010.07.09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- H:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)

DRV - [2010.07.07 14:15:42 | 001,811,288 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ct20xflt.sys -- (ct20xflt)

DRV - [2010.07.07 14:15:22 | 001,227,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)

DRV - [2010.07.07 14:15:10 | 001,184,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2010.07.07 14:15:00 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2010.07.07 14:14:52 | 000,159,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2010.07.07 14:14:44 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2010.07.07 14:14:36 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2010.07.07 14:14:20 | 000,537,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2010.07.07 14:14:00 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2010.07.07 14:13:52 | 001,353,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV - [2010.07.07 14:13:52 | 001,353,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV - [2010.07.07 14:13:42 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV - [2010.07.07 14:13:42 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV - [2010.07.07 14:13:34 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV - [2010.07.07 14:13:34 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)

DRV - [2010.05.10 10:09:34 | 000,627,288 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\SkyNET.sys -- (SKYNET)

DRV - [2009.11.09 19:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)

DRV - [2009.10.30 14:40:56 | 000,039,488 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nc06_wdm.sys -- (NUMARK_NC06_WDM)

DRV - [2009.10.30 14:40:56 | 000,026,688 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nc06midi.sys -- (NUMARK_NC06_MIDI)

DRV - [2009.10.07 15:48:58 | 000,163,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- H:\windows\System32\drivers\CLBUDF.sys -- (CLBUDF)

DRV - [2009.10.07 15:48:58 | 000,015,784 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- H:\windows\System32\drivers\CLBStor.sys -- (CLBStor)

DRV - [2009.10.02 10:59:16 | 000,489,952 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)

DRV - [2009.08.10 12:07:32 | 000,089,600 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\GemCCID.sys -- (GemCCID)

DRV - [2009.08.05 06:16:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)

DRV - [2009.07.15 13:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)

DRV - [2009.07.07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2009.07.07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2009.07.06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2009.06.20 14:01:26 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2009.06.20 14:01:26 | 001,086,208 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2009.06.20 12:52:41 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\timntr.sys -- (timounter)

DRV - [2009.06.20 12:52:41 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- H:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009.06.20 12:52:38 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\snapman.sys -- (snapman)

DRV - [2009.06.20 12:52:36 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)

DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008.10.31 20:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2008.09.09 05:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008.03.05 11:27:34 | 000,026,656 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\PLCND532.sys -- (PLCND532)

DRV - [2007.12.17 17:14:04 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2007.10.22 08:55:46 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- H:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)

DRV - [2007.10.12 03:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\amdide.sys -- (amdide)

DRV - [2007.06.15 10:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\P17.sys -- (P17)

DRV - [2007.04.16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2007.02.09 12:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)

DRV - [2007.02.09 12:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)

DRV - [2007.01.23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2006.03.16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)

DRV - [2006.03.15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)

DRV - [2006.02.24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2006.02.10 11:17:46 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)

DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)

DRV - [2006.02.02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)

DRV - [2005.10.27 17:01:06 | 000,038,468 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)

DRV - [2005.10.05 12:00:06 | 000,047,104 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\vserial.sys -- (vserial)

DRV - [2005.10.05 12:00:06 | 000,018,167 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)

DRV - [2005.09.01 11:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)

DRV - [2005.09.01 11:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)

DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- H:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)

DRV - [2005.05.27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)

DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- H:\windows\System32\drivers\aspi32.sys -- (Aspi32)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/

IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\..\SearchScopes,DefaultScope = {701DD555-C500-4EBB-86BA-0E4CC604397A}

IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\..\SearchScopes\{701DD555-C500-4EBB-86BA-0E4CC604397A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=

IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-861567501-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: H:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: H:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: H:\Dokumente und Einstellungen\Faber\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: H:\Dokumente und Einstellungen\Faber\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.02 15:14:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.04.02 14:28:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_9.0@nokia.com: H:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.18 17:54:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: H:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.18 17:54:09 | 000,000,000 | ---D | M]

 

[2010.04.13 17:27:04 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Mozilla\Extensions

[2010.04.13 17:27:04 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Mozilla\Extensions\MediaCoder-MCEX

[2010.04.13 17:23:02 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Mozilla\Extensions\MediaCoder-Setup-Wizard

[2011.03.27 10:32:31 | 000,002,046 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml

 

O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Programme\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Programme\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - H:\Programme\Samsung AnyWeb Print\W2PBrowser.dll ()

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Programme\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - H:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)

O3 - HKU\S-1-5-21-861567501-299502267-839522115-1003\..\Toolbar\WebBrowser: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - H:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)

O4 - HKLM..\Run: [3170 Scan2PC] H:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()

O4 - HKLM..\Run: [Acronis Scheduler2 Service] H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] H:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe ARM] H:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] H:\windows\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [CTxfiHlp] H:\windows\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Live! Central 3] H:\Programme\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [nmctxth] H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [Samsung PanelMgr] H:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [StartCCC] H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Sunkist2k] H:\Programme\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] H:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [UpdReg] H:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [V0700Mon.exe] H:\WINDOWS\V0700Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [VolPanel] H:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-21-861567501-299502267-839522115-1003..\Run: [NokiaSuite.exe] H:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Button Manager v5.099.lnk = H:\Programme\INITIO\v5.099\INIHID.EXE ()

O4 - Startup: H:\Dokumente und Einstellungen\Faber\Startmenü\Programme\Autostart\batch.cmd ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run:  = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-861567501-299502267-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-861567501-299502267-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O8 - Extra context menu item: An OneNote s&enden - H:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - H:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: SmarThru4 Als HTML speichern - H:\Programme\SmarThru 4\WEBCapture.dll1.htm ()

O8 - Extra context menu item: SmarThru4 Auswahl erfassen - H:\Programme\SmarThru 4\WEBCapture.dll2.htm ()

O8 - Extra context menu item: SmarThru4 Capture Selection - H:\Programme\SmarThru 4\WEBCapture.dll2.htm ()

O8 - Extra context menu item: SmarThru4 Markierten Text speichern - H:\Programme\SmarThru 4\WEBCapture.dll.htm ()

O8 - Extra context menu item: SmarThru4 Save as HTML - H:\Programme\SmarThru 4\WEBCapture.dll1.htm ()

O8 - Extra context menu item: SmarThru4 Save Selected Text - H:\Programme\SmarThru 4\WEBCapture.dll.htm ()

O8 - Extra context menu item: SmarThru4 Web Capture - H:\Programme\SmarThru 4\WebCapture.dll ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - H:\Programme\Samsung AnyWeb Print\W2PBrowser.dll ()

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} hxxp://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab (PrinterHelpEtcActiveX Control)

O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245435584890 (WUWebControl Class)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} hxxp://www.facebook.com/controls/contactx.dll (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245445290437 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner)

O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player Version 1.x)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)

O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} hxxp://www.nero.com/doc/NeroVersionChecker.cab (Reg Error: Key error.)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74253CA6-1631-410E-AFFF-201D1C7D9FDB}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\LBTWlgn: DllName - (h:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - h:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: H:\Dokumente und Einstellungen\Faber\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: H:\Dokumente und Einstellungen\Faber\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - H:\windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{423606c5-ee43-11de-9754-00248cfc6054}\Shell - "" = AutoRun

O33 - MountPoints2\{423606c5-ee43-11de-9754-00248cfc6054}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{423606c5-ee43-11de-9754-00248cfc6054}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Code:

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: WdfLoadGroup - 

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: UploadMgr - Service

SafeBootNet: vga.sys - Driver

SafeBootNet: WdfLoadGroup - 

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "H:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5C3BFCCD-B621-615D-F98E-B13583C24057} - Browseranpassungen

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - H:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - h:\WINDOWS\system32\Rundll32.exe h:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A21001A2-5CC6-FB3C-0C30-1B7A810F81A3} - DirectX

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: {FE78F135-129E-9C20-477D-A810D3C768AD} - DirectAnimation

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - H:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - H:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - H:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package - 

 

Drivers32: msacm.l3acm - H:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - H:\windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - H:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - H:\windows\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - H:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - H:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - H:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - H:\windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.ffds - H:\windows\System32\ffdshow.ax ()

Drivers32: VIDC.I420 - H:\windows\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.iv31 - H:\windows\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - H:\windows\System32\ir32_32.dll ()

Drivers32: vidc.XVID - H:\windows\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - H:\windows\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.02 16:32:59 | 000,000,000 | RH-D | C] -- H:\Dokumente und Einstellungen\Faber\Recent

[2012.04.01 22:07:22 | 000,000,000 | ---D | C] -- H:\windows\Microsoft Antimalware

[2012.04.01 15:22:52 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.04.01 15:22:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- H:\windows\System32\drivers\mbam.sys

[2012.04.01 15:22:51 | 000,000,000 | ---D | C] -- H:\Programme\Malwarebytes' Anti-Malware

[2012.04.01 11:17:23 | 000,000,000 | ---D | C] -- H:\Programme\Gemeinsame Dateien\Java

[2012.03.31 18:26:53 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\QuickScan

[2012.03.31 16:48:42 | 000,000,000 | ---D | C] -- H:\Programme\ESET

[2012.03.31 14:59:39 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Malwarebytes

[2012.03.31 14:59:29 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.03.31 14:52:29 | 000,593,920 | ---- | C] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Faber\Desktop\OTL.exe

[2012.03.31 14:05:58 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SUPERAntiSpyware.com

[2012.03.31 13:43:43 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton Management

[2012.03.31 12:30:09 | 000,000,000 | ---D | C] -- H:\Programme\Trend Micro

[2012.03.31 12:30:09 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Faber\Startmenü\Programme\HiJackThis

[2012.03.31 11:18:13 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Local Settings

[2012.03.29 11:36:19 | 000,000,000 | ---D | C] -- H:\Programme\Dude

[2012.03.19 19:46:37 | 000,000,000 | ---D | C] -- H:\windows\usb-audio.deNumarkNS6

[2012.03.19 19:46:33 | 000,000,000 | ---D | C] -- H:\windows\usb-audio.deNumarkV7

[2012.03.19 19:46:29 | 000,000,000 | ---D | C] -- H:\windows\usb-audio.deNumarkNS7

[2012.03.19 19:46:24 | 000,000,000 | ---D | C] -- H:\Programme\Serato

[2012.03.19 17:27:37 | 000,000,000 | ---D | C] -- H:\Programme\PC Inspector File Recovery

[2012.03.12 15:05:43 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Amazon

[7 H:\windows\System32\*.tmp files -> H:\windows\System32\*.tmp -> ]

[4 H:\windows\*.tmp files -> H:\windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.02 17:10:33 | 000,000,418 | -H-- | M] () -- H:\windows\tasks\User_Feed_Synchronization-{E5E6C224-3146-4AF6-9F3A-3EA9B758CA42}.job

[2012.04.02 16:23:00 | 000,001,090 | ---- | M] () -- H:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.02 14:30:23 | 000,013,646 | ---- | M] () -- H:\windows\System32\wpa.dbl

[2012.04.02 14:30:21 | 000,001,086 | ---- | M] () -- H:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.02 14:28:06 | 000,002,048 | --S- | M] () -- H:\windows\bootstat.dat

[2012.04.01 21:53:01 | 000,055,480 | ---- | M] () -- H:\windows\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012.04.01 21:53:01 | 000,055,480 | ---- | M] () -- H:\windows\System32\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012.04.01 21:53:01 | 000,000,820 | ---- | M] () -- H:\windows\System32\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012.04.01 15:22:54 | 000,000,762 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.01 14:49:37 | 000,521,428 | ---- | M] () -- H:\windows\System32\perfh007.dat

[2012.04.01 14:49:37 | 000,497,086 | ---- | M] () -- H:\windows\System32\perfh009.dat

[2012.04.01 14:49:37 | 000,085,570 | ---- | M] () -- H:\windows\System32\perfc009.dat

[2012.04.01 14:49:36 | 000,102,550 | ---- | M] () -- H:\windows\System32\perfc007.dat

[2012.04.01 11:50:46 | 000,696,562 | ---- | M] () -- H:\windows\System32\drivers\NIS\1306020.00A\Cat.DB

[2012.03.31 14:52:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Faber\Desktop\OTL.exe

[2012.03.30 19:41:06 | 000,000,573 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Desktop\Gemeinsame Dokumente.lnk

[2012.03.30 18:52:29 | 002,359,767 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Desktop\IMG_7679.jpg

[2012.03.30 18:09:44 | 000,000,691 | ---- | M] () -- H:\dude.conf

[2012.03.30 07:43:56 | 000,008,727 | ---- | M] () -- H:\windows\System32\drivers\NIS\1306020.00A\VT20120301.009

[2012.03.29 23:57:26 | 000,001,080 | ---- | M] () -- H:\windows\System32\settingsbkup.sfm

[2012.03.29 23:57:26 | 000,001,080 | ---- | M] () -- H:\windows\System32\settings.sfm

[2012.03.29 10:27:31 | 000,141,944 | ---- | M] (Symantec Corporation) -- H:\windows\System32\drivers\SYMEVENT.SYS

[2012.03.29 10:27:31 | 000,060,872 | ---- | M] (Symantec Corporation) -- H:\windows\System32\S32EVNT1.DLL

[2012.03.29 10:27:31 | 000,007,468 | ---- | M] () -- H:\windows\System32\drivers\SYMEVENT.CAT

[2012.03.29 10:27:31 | 000,000,805 | ---- | M] () -- H:\windows\System32\drivers\SYMEVENT.INF

[2012.03.24 08:36:15 | 000,000,172 | ---- | M] () -- H:\windows\System32\drivers\MCLIENT\0201020.00D\isolate.ini

[2012.03.22 20:55:09 | 000,000,050 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\tigersetting.dll

[2012.03.20 06:26:35 | 000,000,172 | ---- | M] () -- H:\windows\System32\drivers\NIS\1306020.00A\isolate.ini

[2012.03.19 19:46:38 | 000,000,647 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Desktop\ITCH.lnk

[2012.03.14 16:06:28 | 000,321,136 | ---- | M] () -- H:\windows\System32\FNTCACHE.DAT

[2012.03.11 10:00:02 | 000,015,364 | -H-- | M] () -- E:\Eigene Dateien\.DS_Store

[2012.03.05 16:08:20 | 000,000,842 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\Handy Safe Desktop Professional 3.00.lnk

[7 H:\windows\System32\*.tmp files -> H:\windows\System32\*.tmp -> ]

[4 H:\windows\*.tmp files -> H:\windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.01 15:22:53 | 000,000,762 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.30 18:52:29 | 002,359,767 | ---- | C] () -- H:\Dokumente und Einstellungen\Faber\Desktop\IMG_7679.jpg

[2012.03.29 11:36:40 | 000,000,691 | ---- | C] () -- H:\dude.conf

[2012.03.19 19:46:38 | 000,000,647 | ---- | C] () -- H:\Dokumente und Einstellungen\Faber\Desktop\ITCH.lnk

[2012.03.19 17:27:37 | 000,006,200 | ---- | C] () -- H:\windows\System32\INT13EXT.VXD

[2012.03.05 16:08:19 | 000,000,842 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Desktop\Handy Safe Desktop Professional 3.00.lnk

[2012.02.26 12:42:30 | 000,107,520 | RHS- | C] () -- H:\windows\System32\TAKDSDecoder.dll

[2012.02.15 15:09:01 | 000,003,072 | ---- | C] () -- H:\windows\System32\iacenc.dll

[2011.11.28 20:07:11 | 000,067,904 | -H-- | C] () -- H:\windows\System32\mlfcache.dat

[2011.11.07 14:51:46 | 000,019,840 | ---- | C] () -- H:\windows\System32\EuEpmGdi.dll

[2011.11.07 14:51:45 | 002,469,760 | ---- | C] () -- H:\windows\System32\BootMan.exe

[2011.11.07 14:51:45 | 000,086,408 | ---- | C] () -- H:\windows\System32\setupempdrv03.exe

[2011.11.07 14:51:45 | 000,013,192 | ---- | C] () -- H:\windows\System32\epmntdrv.sys

[2011.11.07 14:51:45 | 000,008,456 | ---- | C] () -- H:\windows\System32\EuGdiDrv.sys

[2011.11.04 08:17:11 | 000,000,040 | -HS- | C] () -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2011.11.03 15:40:53 | 000,000,056 | ---- | C] () -- H:\windows\DVDFab.INI

[2011.08.22 21:51:47 | 000,328,882 | ---- | C] () -- H:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2011.08.22 21:51:47 | 000,328,882 | ---- | C] () -- H:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-861567501-299502267-839522115-1003-0.dat

[2011.07.10 12:12:05 | 000,015,871 | ---- | C] () -- H:\windows\Ascd_tmp.ini

[2011.02.08 17:48:11 | 000,887,724 | ---- | C] () -- H:\windows\System32\ativva6x.dat

[2011.02.08 17:48:11 | 000,000,003 | ---- | C] () -- H:\windows\System32\ativva5x.dat

[2011.02.08 17:36:20 | 000,234,855 | ---- | C] () -- H:\windows\System32\atiicdxx.dat

[2010.11.11 16:32:56 | 000,000,760 | ---- | C] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\setup_ldm.iss

[2010.08.14 09:58:28 | 000,000,000 | ---- | C] () -- H:\windows\SetPointInstall.ini

 
 ========== LOP Check ==========

 

[2011.08.07 10:45:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\A-Trust GmbH

[2009.07.12 01:26:38 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

[2011.07.24 10:47:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt

[2011.03.17 16:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMUV

[2010.03.20 11:23:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hagel Technologies

[2009.06.20 11:19:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ID3-TagIT 3

[2010.09.16 14:41:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations

[2010.04.08 20:01:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Jabra

[2009.06.20 13:30:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe

[2010.01.17 19:37:49 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX

[2009.06.20 09:52:17 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir

[2010.11.11 17:44:37 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments

[2009.09.14 17:03:55 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound

[2011.11.06 01:09:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia

[2011.05.26 10:00:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaAccount

[2012.03.13 15:15:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache

[2009.06.20 11:46:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2011.11.04 08:23:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft

[2011.03.17 16:03:54 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Technisat

[2011.11.03 15:09:12 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp

[2010.06.06 09:48:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec

[2009.09.14 17:01:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk

[2012.02.06 15:45:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader

[2011.11.28 20:05:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.07.07 20:05:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\A-Trust GmbH

[2010.05.31 17:22:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Acronis

[2011.12.14 17:00:40 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Amazon

[2010.03.25 18:18:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\AnvSoft

[2012.01.09 20:32:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1

[2010.04.13 17:29:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Broad Intelligence

[2011.07.24 10:47:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Canon

[2010.02.20 16:41:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DisplayTune

[2012.03.25 01:44:01 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Dropbox

[2011.11.03 17:34:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DVDFab

[2011.01.19 14:43:09 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DVDVideoSoft

[2010.11.11 17:20:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ElevatedDiagnostics

[2011.03.27 10:34:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\facemoods.com

[2012.02.04 23:36:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\FileZilla

[2009.10.06 22:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\FreeFLVConverter

[2011.02.25 20:49:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\GetRightToGo

[2009.06.20 11:20:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ID3-TagIT 3

[2010.02.17 16:27:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\JustWrite Office

[2012.02.17 19:05:55 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Leadertech

[2009.06.20 10:55:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\MAGIX

[2011.07.14 15:22:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\mkvtoolnix

[2010.03.27 13:20:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Moyea

[2012.01.18 17:54:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia

[2010.09.17 13:46:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia Ovi Suite

[2011.11.09 16:47:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia Suite

[2011.12.07 20:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\PC Suite

[2010.10.05 20:03:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\PDF-OVER

[2012.03.31 18:27:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\QuickScan

[2011.08.22 17:47:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Samsung

[2010.07.24 12:37:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SignaturUmgebung

[2009.09.02 17:47:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SmarThru4

[2010.01.07 17:22:31 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TeamViewer

[2010.07.03 15:28:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TerraTec

[2010.08.25 14:12:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Tific

[2012.03.25 19:58:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TV-Browser

[2011.01.19 15:27:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Vso

[2010.02.26 19:17:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\WTouch

[2010.08.06 13:09:05 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\XMedia Recode

[2009.12.12 22:51:46 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\YCanPDF

[2009.06.20 13:30:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Acronis

[2011.08.22 17:42:24 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Samsung

[2012.04.02 17:10:33 | 000,000,418 | -H-- | M] () -- H:\windows\Tasks\User_Feed_Synchronization-{E5E6C224-3146-4AF6-9F3A-3EA9B758CA42}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

[2009.08.26 16:38:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.07.07 20:05:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\A-Trust GmbH

[2010.05.31 17:22:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Acronis

[2012.01.31 19:08:57 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Adobe

[2011.03.16 17:59:25 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Ahead

[2011.12.14 17:00:40 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Amazon

[2010.03.25 18:18:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\AnvSoft

[2011.12.13 20:35:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Apple Computer

[2009.06.19 20:14:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ATI

[2010.05.22 08:08:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\AVS4YOU

[2012.01.09 20:32:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1

[2010.04.13 17:29:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Broad Intelligence

[2009.06.19 23:34:23 | 000,000,000 | R--D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Brother

[2012.02.12 12:31:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\CameraWindowDC

[2011.07.24 10:47:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Canon

[2012.02.12 12:31:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\CANON INC

[2011.08.07 08:50:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Creative

[2011.11.03 15:20:25 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\CyberLink

[2010.02.20 16:41:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DisplayTune

[2009.10.26 17:45:11 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DivX

[2012.03.25 01:44:01 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Dropbox

[2011.03.14 18:25:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\dvdcss

[2011.11.03 17:34:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DVDFab

[2011.01.19 14:43:09 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\DVDVideoSoft

[2010.11.11 17:20:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ElevatedDiagnostics

[2011.03.27 10:34:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\facemoods.com

[2012.02.04 23:36:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\FileZilla

[2009.10.06 22:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\FreeFLVConverter

[2011.02.25 20:49:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\GetRightToGo

[2009.08.10 18:12:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Google

[2009.10.26 17:45:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Help

[2009.06.20 11:20:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ID3-TagIT 3

[2009.06.19 19:25:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Identities

[2009.06.19 21:23:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\InstallShield

[2010.02.17 16:27:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\JustWrite Office

[2012.02.17 19:05:55 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Leadertech

[2012.02.17 20:34:47 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Logishrd

[2012.02.18 11:38:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Logitech

[2009.07.04 14:52:22 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Macromedia

[2009.06.20 10:55:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\MAGIX

[2012.03.31 14:59:39 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Malwarebytes

[2012.01.31 19:08:57 | 000,000,000 | --SD | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft

[2009.06.19 22:25:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft Web Folders

[2011.04.03 08:47:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\MixMeister Technology

[2011.07.14 15:22:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\mkvtoolnix

[2010.03.27 13:20:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Moyea

[2010.04.13 17:23:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Mozilla

[2010.03.29 16:56:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\NCH Software

[2012.01.18 17:54:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia

[2010.09.17 13:46:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia Ovi Suite

[2011.11.09 16:47:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Nokia Suite

[2011.12.07 20:35:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\PC Suite

[2010.10.05 20:03:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\PDF-OVER

[2012.03.31 18:27:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\QuickScan

[2011.06.03 16:23:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Real

[2011.08.22 17:47:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Samsung

[2010.07.24 12:37:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SignaturUmgebung

[2012.04.02 16:58:14 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Skype

[2009.09.02 17:47:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SmarThru4

[2009.06.19 21:01:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Sun

[2012.03.31 14:05:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\SUPERAntiSpyware.com

[2010.01.07 17:22:31 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TeamViewer

[2010.07.03 15:28:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TerraTec

[2010.08.25 14:12:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Tific

[2012.03.25 19:58:44 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\TV-Browser

[2010.05.02 17:02:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\U3

[2012.03.29 19:51:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\vlc

[2011.01.19 15:27:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Vso

[2011.09.14 22:06:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\WinRAR

[2010.02.17 16:28:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\WTablet

[2010.02.26 19:17:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\WTouch

[2010.08.06 13:09:05 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\XMedia Recode

[2009.12.12 22:51:46 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\YCanPDF

[2009.06.20 15:57:50 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\ZoomBrowser EX

 
 < %APPDATA%\*.exe /s >

[2011.01.19 15:27:34 | 000,087,608 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\inst.exe

[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Dropbox\bin\Dropbox.exe

[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Dropbox\bin\Uninstall.exe

[2012.01.09 20:32:13 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012.01.09 20:32:06 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe

[2009.12.13 19:18:07 | 000,010,134 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{20820A45-02A1-144C-21A3-A1812C5DDE23}\ARPPRODUCTICON.exe

[2010.07.06 15:39:39 | 000,010,134 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\ARPPRODUCTICON.exe

[2010.07.06 15:39:39 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\easyFit.exe1_FB6AD838DF3A4509972E809922B4BACD.exe

[2010.07.06 15:39:39 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\easyFit.exe_FB6AD838DF3A4509972E809922B4BACD_1.exe

[2010.08.16 18:44:30 | 000,010,134 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe

[2012.02.18 14:54:52 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2012.03.31 12:30:10 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2011.04.06 14:21:39 | 000,015,086 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}\ARPPRODUCTICON.exe

[2012.03.19 19:46:39 | 000,010,134 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ARPPRODUCTICON.exe

[2012.03.19 19:46:39 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe

[2011.04.03 08:48:00 | 000,000,766 | R--- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe

[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\U3\temp\cleanup.exe

[2008.02.25 13:47:34 | 003,489,792 | -H-- | M] (SanDisk Corporation) -- H:\Dokumente und Einstellungen\Faber\Anwendungsdaten\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\system32\drivers\agp440.sys

[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- H:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2003.04.02 14:00:00 | 010,180,476 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\WINDOWS\system32\eventlog.dll

[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- H:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- H:\Programme\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\WINDOWS\system32\netlogon.dll

[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- H:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\WINDOWS\system32\scecli.dll

[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- H:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- H:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\system32\userinit.exe

[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- H:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- H:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2009.06.19 21:15:56 | 000,094,208 | ---- | M] () -- H:\windows\System32\config\default.sav

[2009.06.19 21:15:56 | 000,630,784 | ---- | M] () -- H:\windows\System32\config\software.sav

[2009.06.19 21:15:56 | 000,438,272 | ---- | M] () -- H:\windows\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[7 H:\windows\system32\*.tmp files -> H:\windows\system32\*.tmp -> ]

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 60 bytes -> E:\Gemeinsame Dokumente\.DS_Store:AFP_AfpInfo

@Alternate Data Stream - 60 bytes -> E:\Eigene Dateien\.DS_Store:AFP_AfpInfo
 

< End of report >

Zitat:

O4 - Startup: H:\Dokumente und Einstellungen\Faber\Startmenü\Programme\Autostart\batch.cmd ()

Hast du da eine "batch.cmd" abgelegt?

ja, diese batch.cmd ist eine von mir erstellte und so gewollte

Ok, sonst war alles unauffällig. Ich würde aber noch eine Rootkitprüfung empfehlen

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

hier der tdsskiller log:

Code:

12:06:19.0187 5108        TDSS rootkit removing tool 2.7.24.0 Apr  2 2012 10:31:48

12:06:19.0312 5108        ============================================================

12:06:19.0312 5108        Current date / time: 2012/04/03 12:06:19.0312

12:06:19.0312 5108        SystemInfo:

12:06:19.0312 5108        

12:06:19.0312 5108        OS Version: 5.1.2600 ServicePack: 3.0

12:06:19.0312 5108        Product type: Workstation

12:06:19.0312 5108        ComputerName: CENTER

12:06:19.0312 5108        UserName: Faber

12:06:19.0312 5108        Windows directory: H:\windows

12:06:19.0312 5108        System windows directory: H:\windows

12:06:19.0312 5108        Processor architecture: Intel x86

12:06:19.0312 5108        Number of processors: 2

12:06:19.0312 5108        Page size: 0x1000

12:06:19.0312 5108        Boot type: Normal boot

12:06:19.0312 5108        ============================================================

12:06:21.0140 5108        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:06:21.0156 5108        Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:06:21.0171 5108        Drive \Device\Harddisk2\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:06:21.0187 5108        \Device\Harddisk0\DR0:

12:06:21.0187 5108        MBR used

12:06:21.0187 5108        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681

12:06:21.0187 5108        \Device\Harddisk1\DR1:

12:06:21.0187 5108        MBR used

12:06:21.0187 5108        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542

12:06:21.0187 5108        \Device\Harddisk2\DR2:

12:06:21.0187 5108        MBR used

12:06:21.0187 5108        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82

12:06:21.0281 5108        Initialize success

12:06:21.0281 5108        ============================================================

12:06:30.0921 5748        ============================================================

12:06:30.0921 5748        Scan started

12:06:30.0921 5748        Mode: Manual; SigCheck; TDLFS; 

12:06:30.0921 5748        ============================================================

12:06:31.0265 5748        Abiosdsk - ok

12:06:31.0265 5748        abp480n5 - ok

12:06:31.0312 5748        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) H:\windows\system32\DRIVERS\ACPI.sys

12:06:32.0390 5748        ACPI - ok

12:06:32.0484 5748        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) H:\windows\system32\drivers\ACPIEC.sys

12:06:32.0578 5748        ACPIEC - ok

12:06:32.0625 5748        AcrSch2Svc      (849201bfb643fc6eea0b5531b22aaa57) H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

12:06:32.0640 5748        AcrSch2Svc - ok

12:06:32.0640 5748        adpu160m - ok

12:06:32.0687 5748        aec             (8bed39e3c35d6a489438b8141717a557) H:\windows\system32\drivers\aec.sys

12:06:32.0750 5748        aec - ok

12:06:32.0781 5748        AF15BDA         (5b1ef06f0cdcf7ed33bd5d99e9421f02) H:\windows\system32\DRIVERS\AF15BDA.sys

12:06:32.0812 5748        AF15BDA - ok

12:06:32.0859 5748        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) H:\windows\System32\drivers\afd.sys

12:06:32.0921 5748        AFD - ok

12:06:32.0921 5748        Aha154x - ok

12:06:32.0937 5748        aic78u2 - ok

12:06:32.0937 5748        aic78xx - ok

12:06:32.0968 5748        Alerter         (738d80cc01d7bc7584be917b7f544394) H:\windows\system32\alrsvc.dll

12:06:33.0046 5748        Alerter - ok

12:06:33.0062 5748        ALG             (190cd73d4984f94d823f9444980513e5) H:\windows\System32\alg.exe

12:06:33.0125 5748        ALG - ok

12:06:33.0125 5748        AliIde - ok

12:06:33.0171 5748        amdide          (6e58654cb25730b2579e45e1fd116a47) H:\windows\system32\DRIVERS\amdide.sys

12:06:33.0171 5748        amdide - ok

12:06:33.0203 5748        AmdPPM          (033448d435e65c4bd72e70521fd05c76) H:\windows\system32\DRIVERS\AmdPPM.sys

12:06:33.0250 5748        AmdPPM - ok

12:06:33.0265 5748        amsint - ok

12:06:33.0390 5748        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:06:33.0390 5748        Apple Mobile Device - ok

12:06:33.0437 5748        AppMgmt         (d45960be52c3c610d361977057f98c54) H:\windows\System32\appmgmts.dll

12:06:33.0500 5748        AppMgmt - ok

12:06:33.0531 5748        Arp1394         (b5b8a80875c1dededa8b02765642c32f) H:\windows\system32\DRIVERS\arp1394.sys

12:06:33.0593 5748        Arp1394 - ok

12:06:33.0593 5748        asc - ok

12:06:33.0593 5748        asc3350p - ok

12:06:33.0609 5748        asc3550 - ok

12:06:33.0640 5748        AsIO            (2b4e66fac6503494a2c6f32bb6ab3826) H:\windows\system32\drivers\AsIO.sys

12:06:33.0640 5748        AsIO - ok

12:06:33.0687 5748        Aspi32          (b979979ab8027f7f53fb16ec4229b7db) H:\windows\system32\drivers\Aspi32.sys

12:06:33.0687 5748        Aspi32 ( UnsignedFile.Multi.Generic ) - warning

12:06:33.0687 5748        Aspi32 - detected UnsignedFile.Multi.Generic (1)

12:06:33.0781 5748        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) H:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

12:06:33.0812 5748        aspnet_state - ok

12:06:33.0843 5748        AsUpIO          (e67493490466b5f04b58c22d2590e8ca) H:\windows\system32\drivers\AsUpIO.sys

12:06:33.0843 5748        AsUpIO - ok

12:06:33.0875 5748        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) H:\windows\system32\DRIVERS\asyncmac.sys

12:06:33.0937 5748        AsyncMac - ok

12:06:33.0953 5748        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) H:\windows\system32\DRIVERS\atapi.sys

12:06:34.0015 5748        atapi - ok

12:06:34.0015 5748        Atdisk - ok

12:06:34.0062 5748        Ati HotKey Poller (288e9f9cb529b4f7c6b58fc53940fb46) H:\windows\system32\Ati2evxx.exe

12:06:34.0187 5748        Ati HotKey Poller - ok

12:06:34.0328 5748        ati2mtag        (913da327ad22c6fa44c41d36fd8cc570) H:\windows\system32\DRIVERS\ati2mtag.sys

12:06:34.0562 5748        ati2mtag - ok

12:06:34.0593 5748        AtiHdmiService  (d9bc8892b9440a2551b8148c57aa039e) H:\windows\system32\drivers\AtiHdmi.sys

12:06:34.0609 5748        AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning

12:06:34.0609 5748        AtiHdmiService - detected UnsignedFile.Multi.Generic (1)

12:06:34.0625 5748        Atmarpc         (9916c1225104ba14794209cfa8012159) H:\windows\system32\DRIVERS\atmarpc.sys

12:06:34.0703 5748        Atmarpc - ok

12:06:34.0718 5748        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) H:\windows\System32\audiosrv.dll

12:06:34.0781 5748        AudioSrv - ok

12:06:34.0828 5748        audstub         (d9f724aa26c010a217c97606b160ed68) H:\windows\system32\DRIVERS\audstub.sys

12:06:34.0890 5748        audstub - ok

12:06:34.0921 5748        Beep            (da1f27d85e0d1525f6621372e7b685e9) H:\windows\system32\drivers\Beep.sys

12:06:35.0000 5748        Beep - ok

12:06:35.0171 5748        BHDrvx86        (eb7f1f1dfa95c25d762c22d3cf13d4e0) H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys

12:06:35.0187 5748        BHDrvx86 - ok

12:06:35.0218 5748        BITS            (d6f603772a789bb3228f310d650b8bd1) H:\WINDOWS\system32\qmgr.dll

12:06:35.0312 5748        BITS - ok

12:06:35.0359 5748        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) H:\Programme\Bonjour\mDNSResponder.exe

12:06:35.0375 5748        Bonjour Service - ok

12:06:35.0421 5748        Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) H:\WINDOWS\system32\brsvc01a.exe

12:06:35.0421 5748        Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning

12:06:35.0421 5748        Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)

12:06:35.0437 5748        Browser         (b42057f06bbb98b31876c0b3f2b54e33) H:\windows\System32\browser.dll

12:06:35.0515 5748        Browser - ok

12:06:35.0515 5748        btaudio - ok

12:06:35.0515 5748        BTDriver - ok

12:06:35.0546 5748        BthEnum         (b279426e3c0c344893ed78a613a73bde) H:\windows\system32\DRIVERS\BthEnum.sys

12:06:35.0609 5748        BthEnum - ok

12:06:35.0609 5748        BTHMODEM        (fca6f069597b62d42495191ace3fc6c1) H:\windows\system32\DRIVERS\bthmodem.sys

12:06:35.0671 5748        BTHMODEM - ok

12:06:35.0687 5748        BthPan          (80602b8746d3738f5886ce3d67ef06b6) H:\windows\system32\DRIVERS\bthpan.sys

12:06:35.0734 5748        BthPan - ok

12:06:35.0812 5748        BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) H:\windows\system32\Drivers\BTHport.sys

12:06:35.0859 5748        BTHPORT - ok

12:06:35.0906 5748        BthServ         (26c601ef7525e31379744abfc6f35a1b) H:\windows\System32\bthserv.dll

12:06:35.0968 5748        BthServ - ok

12:06:35.0984 5748        BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) H:\windows\system32\Drivers\BTHUSB.sys

12:06:36.0046 5748        BTHUSB - ok

12:06:36.0062 5748        btwhid - ok

12:06:36.0062 5748        BTWUSB - ok

12:06:36.0093 5748        BulkUsb         (a0b8cf9deb1184fbdd20784a58fa75d4) H:\windows\system32\Drivers\usbscan.sys

12:06:36.0218 5748        BulkUsb - ok

12:06:36.0250 5748        BVRPMPR5        (248dfa5762dde38dfddbbd44149e9d7a) H:\WINDOWS\system32\drivers\BVRPMPR5.SYS

12:06:36.0265 5748        BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning

12:06:36.0265 5748        BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)

12:06:36.0296 5748        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) H:\windows\system32\drivers\cbidf2k.sys

12:06:36.0359 5748        cbidf2k - ok

12:06:36.0406 5748        CCALib8         (8ef654045e518ac00e52e7a1e2d3ad70) H:\Programme\Canon\CAL\CALMAIN.exe

12:06:36.0421 5748        CCALib8 ( UnsignedFile.Multi.Generic ) - warning

12:06:36.0421 5748        CCALib8 - detected UnsignedFile.Multi.Generic (1)

12:06:36.0437 5748        CCDECODE        (0be5aef125be881c4f854c554f2b025c) H:\windows\system32\DRIVERS\CCDECODE.sys

12:06:36.0500 5748        CCDECODE - ok

12:06:36.0531 5748        ccSet_MCLIENT   (599e7f6259a127c174c49938d2aa6a60) H:\windows\system32\drivers\MCLIENT\0201020.00D\ccSetx86.sys

12:06:36.0546 5748        ccSet_MCLIENT - ok

12:06:36.0578 5748        ccSet_NIS       (599e7f6259a127c174c49938d2aa6a60) H:\windows\system32\drivers\NIS\1306020.00A\ccSetx86.sys

12:06:36.0578 5748        ccSet_NIS - ok

12:06:36.0578 5748        cd20xrnt - ok

12:06:36.0609 5748        Cdaudio         (c1b486a7658353d33a10cc15211a873b) H:\windows\system32\drivers\Cdaudio.sys

12:06:36.0671 5748        Cdaudio - ok

12:06:36.0687 5748        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) H:\windows\system32\drivers\Cdfs.sys

12:06:36.0750 5748        Cdfs - ok

12:06:36.0781 5748        Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) H:\windows\system32\DRIVERS\cdrom.sys

12:06:36.0828 5748        Cdrom - ok

12:06:36.0828 5748        Changer - ok

12:06:36.0937 5748        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) H:\windows\system32\cisvc.exe

12:06:37.0015 5748        CiSvc - ok

12:06:37.0031 5748        CLBStor         (f5c8f7a7d1a3f569bf77574a795cc19e) H:\windows\system32\drivers\CLBStor.sys

12:06:37.0046 5748        CLBStor - ok

12:06:37.0062 5748        CLBUDF          (07b3e4fc5d4943ba802607ddf8f5d418) H:\windows\system32\drivers\CLBUDF.sys

12:06:37.0062 5748        CLBUDF - ok

12:06:37.0078 5748        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) H:\windows\system32\clipsrv.exe

12:06:37.0140 5748        ClipSrv - ok

12:06:37.0234 5748        CLKMSVC10_D3D96EB9 (4642b5a3e0d2e61d08163de95fc5b949) H:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe

12:06:37.0234 5748        CLKMSVC10_D3D96EB9 - ok

12:06:37.0296 5748        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:06:37.0343 5748        clr_optimization_v2.0.50727_32 - ok

12:06:37.0390 5748        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:06:37.0453 5748        clr_optimization_v4.0.30319_32 - ok

12:06:37.0453 5748        CmdIde - ok

12:06:37.0468 5748        COMSysApp - ok

12:06:37.0468 5748        Cpqarray - ok

12:06:37.0546 5748        cpuz134         (75fa19142531cbf490770c2988a7db64) H:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys

12:06:37.0546 5748        cpuz134 - ok

12:06:37.0578 5748        cpuz135         (c2eb4539a4f6ab6edd01bdc191619975) H:\WINDOWS\system32\drivers\cpuz135_x32.sys

12:06:37.0593 5748        cpuz135 - ok

12:06:37.0640 5748        Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe

12:06:37.0656 5748        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning

12:06:37.0656 5748        Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)

12:06:37.0687 5748        Creative Dolby Digital Live Pack Licensing Service (80f3d3a4c202cda7ca886d126f9a39d9) H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\DDLLicensing.exe

12:06:37.0703 5748        Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - warning

12:06:37.0703 5748        Creative Dolby Digital Live Pack Licensing Service - detected UnsignedFile.Multi.Generic (1)

12:06:37.0734 5748        Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe

12:06:37.0750 5748        Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning

12:06:37.0750 5748        Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)

12:06:37.0765 5748        Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) H:\WINDOWS\system32\CTsvcCDA.exe

12:06:37.0781 5748        Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning

12:06:37.0781 5748        Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)

12:06:37.0812 5748        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) H:\windows\System32\cryptsvc.dll

12:06:37.0890 5748        CryptSvc - ok

12:06:37.0890 5748        CrystalSysInfo - ok

12:06:37.0921 5748        CSRBC           (81d67e29a9bb6c399b2517fc0763a17b) H:\windows\system32\Drivers\csrbcxp.sys

12:06:37.0937 5748        CSRBC ( UnsignedFile.Multi.Generic ) - warning

12:06:37.0937 5748        CSRBC - detected UnsignedFile.Multi.Generic (1)

12:06:38.0000 5748        ct20xflt        (3c8f74423c50e39972d92f8dd04efa89) H:\windows\system32\drivers\ct20xflt.sys

12:06:38.0046 5748        ct20xflt - ok

12:06:38.0109 5748        CT20XUT         (444117d74af76d4bc0b5fd3398fc0cf8) H:\windows\system32\drivers\CT20XUT.SYS

12:06:38.0125 5748        CT20XUT - ok

12:06:38.0140 5748        CT20XUT.SYS     (444117d74af76d4bc0b5fd3398fc0cf8) H:\windows\System32\drivers\CT20XUT.SYS

12:06:38.0140 5748        CT20XUT.SYS - ok

12:06:38.0203 5748        ctac32k         (3854ae2d02880ed877e9b4dfda15e0e1) H:\windows\system32\drivers\ctac32k.sys

12:06:38.0218 5748        ctac32k - ok

12:06:38.0250 5748        ctaud2k         (c365234b800a70afa95ded3c6bfeeaef) H:\windows\system32\drivers\ctaud2k.sys

12:06:38.0265 5748        ctaud2k - ok

12:06:38.0359 5748        CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) H:\Programme\Creative\Shared Files\CTAudSvc.exe

12:06:38.0359 5748        CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning

12:06:38.0359 5748        CTAudSvcService - detected UnsignedFile.Multi.Generic (1)

12:06:38.0406 5748        CtClsFlt        (61429774ad6162250c3ade7311f235d6) H:\windows\system32\DRIVERS\CtClsFlt.sys

12:06:38.0468 5748        CtClsFlt - ok

12:06:38.0515 5748        CTEXFIFX        (7cc5e7224125a29ec0ca45fb437c953e) H:\windows\system32\drivers\CTEXFIFX.SYS

12:06:38.0546 5748        CTEXFIFX - ok

12:06:38.0578 5748        CTEXFIFX.SYS    (7cc5e7224125a29ec0ca45fb437c953e) H:\windows\System32\drivers\CTEXFIFX.SYS

12:06:38.0609 5748        CTEXFIFX.SYS - ok

12:06:38.0625 5748        CTHWIUT         (2941bdb22acc6a1be9d6128a1afeae2d) H:\windows\system32\drivers\CTHWIUT.SYS

12:06:38.0625 5748        CTHWIUT - ok

12:06:38.0640 5748        CTHWIUT.SYS     (2941bdb22acc6a1be9d6128a1afeae2d) H:\windows\System32\drivers\CTHWIUT.SYS

12:06:38.0640 5748        CTHWIUT.SYS - ok

12:06:38.0640 5748        ctprxy2k        (ffa0e7da970749e0bf92822e82f94a1c) H:\windows\system32\drivers\ctprxy2k.sys

12:06:38.0656 5748        ctprxy2k - ok

12:06:38.0671 5748        ctsfm2k         (3487c97492dcfa3b1aa474f3d1024b94) H:\windows\system32\DRIVERS\ctsfm2k.sys

12:06:38.0687 5748        ctsfm2k - ok

12:06:38.0687 5748        dac2w2k - ok

12:06:38.0687 5748        dac960nt - ok

12:06:38.0734 5748        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\windows\system32\rpcss.dll

12:06:38.0796 5748        DcomLaunch - ok

12:06:38.0796 5748        DFUBTUSB - ok

12:06:38.0828 5748        DgiVecp         (770471de2550820feeb7e5d24bf2e273) H:\WINDOWS\system32\Drivers\DgiVecp.sys

12:06:38.0828 5748        DgiVecp ( UnsignedFile.Multi.Generic ) - warning

12:06:38.0828 5748        DgiVecp - detected UnsignedFile.Multi.Generic (1)

12:06:38.0875 5748        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) H:\windows\System32\dhcpcsvc.dll

12:06:38.0937 5748        Dhcp - ok

12:06:38.0968 5748        Disk            (044452051f3e02e7963599fc8f4f3e25) H:\windows\system32\DRIVERS\disk.sys

12:06:39.0031 5748        Disk - ok

12:06:39.0031 5748        dmadmin - ok

12:06:39.0078 5748        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) H:\windows\system32\drivers\dmboot.sys

12:06:39.0187 5748        dmboot - ok

12:06:39.0250 5748        dmio            (53720ab12b48719d00e327da470a619a) H:\windows\system32\drivers\dmio.sys

12:06:39.0312 5748        dmio - ok

12:06:39.0328 5748        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) H:\windows\system32\drivers\dmload.sys

12:06:39.0406 5748        dmload - ok

12:06:39.0437 5748        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) H:\windows\System32\dmserver.dll

12:06:39.0500 5748        dmserver - ok

12:06:39.0515 5748        DMusic          (8a208dfcf89792a484e76c40e5f50b45) H:\windows\system32\drivers\DMusic.sys

12:06:39.0578 5748        DMusic - ok

12:06:39.0609 5748        Dnscache        (407f3227ac618fd1ca54b335b083de07) H:\windows\System32\dnsrslvr.dll

12:06:39.0671 5748        Dnscache - ok

12:06:39.0687 5748        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) H:\windows\System32\dot3svc.dll

12:06:39.0765 5748        Dot3svc - ok

12:06:39.0765 5748        dpti2o - ok

12:06:39.0781 5748        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) H:\windows\system32\drivers\drmkaud.sys

12:06:39.0828 5748        drmkaud - ok

12:06:39.0859 5748        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) H:\windows\System32\eapsvc.dll

12:06:39.0921 5748        EapHost - ok

12:06:40.0015 5748        eeCtrl          (579a6b6135d32b857faf0e3a974535d8) H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys

12:06:40.0015 5748        eeCtrl - ok

12:06:40.0062 5748        emupia          (dd5bbc069d01082d0273e03053c34c38) H:\windows\system32\drivers\emupia2k.sys

12:06:40.0078 5748        emupia - ok

12:06:40.0093 5748        epmntdrv        (f07ba56b0235f15eff8f10dc6389c42e) H:\windows\system32\epmntdrv.sys

12:06:40.0109 5748        epmntdrv ( UnsignedFile.Multi.Generic ) - warning

12:06:40.0109 5748        epmntdrv - detected UnsignedFile.Multi.Generic (1)

12:06:40.0125 5748        EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:06:40.0140 5748        EraserUtilRebootDrv - ok

12:06:40.0156 5748        ERSvc           (877c18558d70587aa7823a1a308ac96b) H:\windows\System32\ersvc.dll

12:06:40.0234 5748        ERSvc - ok

12:06:40.0265 5748        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) H:\windows\system32\EuGdiDrv.sys

12:06:40.0359 5748        EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning

12:06:40.0359 5748        EuGdiDrv - detected UnsignedFile.Multi.Generic (1)

12:06:40.0500 5748        Eventlog        (a3edbe9053889fb24ab22492472b39dc) H:\windows\system32\services.exe

12:06:40.0546 5748        Eventlog - ok

12:06:40.0593 5748        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) H:\WINDOWS\System32\es.dll

12:06:40.0609 5748        EventSystem - ok

12:06:40.0640 5748        Fastfat         (38d332a6d56af32635675f132548343e) H:\windows\system32\drivers\Fastfat.sys

12:06:40.0703 5748        Fastfat - ok

12:06:40.0734 5748        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) H:\windows\System32\shsvcs.dll

12:06:40.0781 5748        FastUserSwitchingCompatibility - ok

12:06:40.0796 5748        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\windows\system32\DRIVERS\fdc.sys

12:06:40.0843 5748        Fdc - ok

12:06:40.0859 5748        Fips            (b0678a548587c5f1967b0d70bacad6c1) H:\windows\system32\drivers\Fips.sys

12:06:40.0937 5748        Fips - ok

12:06:41.0046 5748        FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) H:\Programme\MAGIX\Common\Database\bin\fbserver.exe

12:06:41.0125 5748        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning

12:06:41.0125 5748        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)

12:06:41.0140 5748        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\windows\system32\drivers\Flpydisk.sys

12:06:41.0218 5748        Flpydisk - ok

12:06:41.0250 5748        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\windows\system32\drivers\fltmgr.sys

12:06:41.0312 5748        FltMgr - ok

12:06:41.0375 5748        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

12:06:41.0390 5748        FontCache3.0.0.0 - ok

12:06:41.0484 5748        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\windows\system32\drivers\Fs_Rec.sys

12:06:41.0562 5748        Fs_Rec - ok

12:06:41.0562 5748        Ftdisk          (8f1955ce42e1484714b542f341647778) H:\windows\system32\DRIVERS\ftdisk.sys

12:06:41.0640 5748        Ftdisk - ok

12:06:41.0656 5748        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) H:\windows\system32\Drivers\GEARAspiWDM.sys

12:06:41.0687 5748        GEARAspiWDM - ok

12:06:41.0703 5748        GemCCID         (86d3d834d35ebe920d85ffedcef79faf) H:\windows\system32\Drivers\GemCCID.sys

12:06:41.0750 5748        GemCCID - ok

12:06:41.0765 5748        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) H:\windows\system32\DRIVERS\msgpc.sys

12:06:41.0843 5748        Gpc - ok

12:06:41.0906 5748        gupdate1ca19d523fc2adc (626a24ed1228580b9518c01930936df9) H:\Programme\Google\Update\GoogleUpdate.exe

12:06:41.0906 5748        gupdate1ca19d523fc2adc - ok

12:06:41.0921 5748        gupdatem        (626a24ed1228580b9518c01930936df9) H:\Programme\Google\Update\GoogleUpdate.exe

12:06:41.0921 5748        gupdatem - ok

12:06:41.0968 5748        ha20x22k        (e9eed44cf043a23a1a74544c5fe9e927) H:\windows\system32\drivers\ha20x22k.sys

12:06:42.0000 5748        ha20x22k - ok

12:06:42.0046 5748        ha20x2k         (b10ca02f917ddff5abc6c9408c691fc6) H:\windows\system32\drivers\ha20x2k.sys

12:06:42.0109 5748        ha20x2k - ok

12:06:42.0140 5748        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) H:\windows\system32\DRIVERS\HDAudBus.sys

12:06:42.0203 5748        HDAudBus - ok

12:06:42.0484 5748        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) H:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:06:42.0546 5748        helpsvc - ok

12:06:42.0609 5748        HidBth          (a5aecf10be62459533a06ed7ebf5770b) H:\windows\system32\DRIVERS\hidbth.sys

12:06:42.0671 5748        HidBth - ok

12:06:42.0703 5748        HidServ         (b35da85e60c0103f2e4104532da2f12b) H:\windows\System32\hidserv.dll

12:06:42.0765 5748        HidServ - ok

12:06:42.0781 5748        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) H:\windows\system32\DRIVERS\hidusb.sys

12:06:42.0843 5748        hidusb - ok

12:06:42.0890 5748        hkmsvc          (ed29f14101523a6e0e808107405d452c) H:\windows\System32\kmsvc.dll

12:06:43.0046 5748        hkmsvc - ok

12:06:43.0046 5748        hpn - ok

12:06:43.0078 5748        HTTP            (f80a415ef82cd06ffaf0d971528ead38) H:\windows\system32\Drivers\HTTP.sys

12:06:43.0125 5748        HTTP - ok

12:06:43.0171 5748        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) H:\windows\System32\w3ssl.dll

12:06:43.0250 5748        HTTPFilter - ok

12:06:43.0250 5748        i2omgmt - ok

12:06:43.0250 5748        i2omp - ok

12:06:43.0281 5748        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) H:\windows\system32\DRIVERS\i8042prt.sys

12:06:43.0359 5748        i8042prt - ok

12:06:43.0468 5748        IDriverT        (6f95324909b502e2651442c1548ab12f) H:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

12:06:43.0468 5748        IDriverT ( UnsignedFile.Multi.Generic ) - warning

12:06:43.0468 5748        IDriverT - detected UnsignedFile.Multi.Generic (1)

12:06:43.0578 5748        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:06:43.0625 5748        idsvc - ok

12:06:43.0843 5748        IDSxpx86        (cfbc1ce72e5353d428704659199147b1) H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSxpx86.sys

12:06:43.0859 5748        IDSxpx86 - ok

12:06:43.0906 5748        imagedrv        (25edd75e23c5ef6b33d0fbcce125a601) H:\windows\system32\Drivers\imagedrv.sys

12:06:43.0921 5748        imagedrv ( UnsignedFile.Multi.Generic ) - warning

12:06:43.0921 5748        imagedrv - detected UnsignedFile.Multi.Generic (1)

12:06:43.0921 5748        imagesrv        (9c4bbacf4e9b9543c3ce23f1fe556941) H:\windows\system32\DRIVERS\imagesrv.sys

12:06:43.0921 5748        imagesrv ( UnsignedFile.Multi.Generic ) - warning

12:06:43.0921 5748        imagesrv - detected UnsignedFile.Multi.Generic (1)

12:06:43.0968 5748        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) H:\windows\system32\DRIVERS\imapi.sys

12:06:44.0046 5748        Imapi - ok

12:06:44.0093 5748        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) H:\WINDOWS\System32\imapi.exe

12:06:44.0171 5748        ImapiService - ok

12:06:44.0187 5748        ini910u - ok

12:06:44.0187 5748        IntelIde - ok

12:06:44.0234 5748        ip6fw           (3bb22519a194418d5fec05d800a19ad0) H:\windows\system32\drivers\ip6fw.sys

12:06:44.0281 5748        ip6fw - ok

12:06:44.0312 5748        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) H:\windows\system32\DRIVERS\ipfltdrv.sys

12:06:44.0390 5748        IpFilterDriver - ok

12:06:44.0406 5748        IpInIp          (b87ab476dcf76e72010632b5550955f5) H:\windows\system32\DRIVERS\ipinip.sys

12:06:44.0468 5748        IpInIp - ok

12:06:44.0484 5748        IpNat           (cc748ea12c6effde940ee98098bf96bb) H:\windows\system32\DRIVERS\ipnat.sys

12:06:44.0562 5748        IpNat - ok

12:06:44.0625 5748        iPod Service    (49918803b661367023bf325cf602afdc) H:\Programme\iPod\bin\iPodService.exe

12:06:44.0656 5748        iPod Service - ok

12:06:44.0687 5748        IPSec           (23c74d75e36e7158768dd63d92789a91) H:\windows\system32\DRIVERS\ipsec.sys

12:06:44.0750 5748        IPSec - ok

12:06:44.0812 5748        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) H:\windows\system32\DRIVERS\irenum.sys

12:06:44.0859 5748        IRENUM - ok

12:06:44.0875 5748        isapnp          (6dfb88f64135c525433e87648bda30de) H:\windows\system32\DRIVERS\isapnp.sys

12:06:44.0953 5748        isapnp - ok

12:06:45.0015 5748        JavaQuickStarterService (0a5709543986843d37a92290b7838340) H:\Programme\Java\jre6\bin\jqs.exe

12:06:45.0031 5748        JavaQuickStarterService - ok

12:06:45.0062 5748        Kbdclass        (1704d8c4c8807b889e43c649b478a452) H:\windows\system32\DRIVERS\kbdclass.sys

12:06:45.0109 5748        Kbdclass - ok

12:06:45.0140 5748        kbdhid          (b6d6c117d771c98130497265f26d1882) H:\windows\system32\DRIVERS\kbdhid.sys

12:06:45.0203 5748        kbdhid - ok

12:06:45.0234 5748        kmixer          (692bcf44383d056aed41b045a323d378) H:\windows\system32\drivers\kmixer.sys

12:06:45.0296 5748        kmixer - ok

12:06:45.0312 5748        KSecDD          (b467646c54cc746128904e1654c750c1) H:\windows\system32\drivers\KSecDD.sys

12:06:45.0390 5748        KSecDD - ok

12:06:45.0421 5748        L1e             (080cf8720a306a64f7a09d1226491791) H:\windows\system32\DRIVERS\l1e51x86.sys

12:06:45.0468 5748        L1e - ok

12:06:45.0500 5748        L8042Kbd        (58759156a6918913edd368f995be3e53) H:\windows\system32\DRIVERS\L8042Kbd.sys

12:06:45.0515 5748        L8042Kbd - ok

12:06:45.0546 5748        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) H:\windows\System32\srvsvc.dll

12:06:45.0578 5748        lanmanserver - ok

12:06:45.0609 5748        LanmanWorkstation (1869b14b06b44b44af70548e1ea3303f) H:\windows\System32\wkssvc.dll

12:06:45.0656 5748        LanmanWorkstation - ok

12:06:45.0671 5748        LBeepKE         (be2dc24d403643a2d1d98f33c7087b38) H:\windows\system32\Drivers\LBeepKE.sys

12:06:45.0671 5748        LBeepKE - ok

12:06:45.0687 5748        lbrtfdc - ok

12:06:45.0750 5748        LBTServ         (910344e2a984010435ae84783b25e5eb) H:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe

12:06:45.0765 5748        LBTServ - ok

12:06:45.0796 5748        LEqdUsb         (717e6714bca808f2a372e636aff3d15a) H:\windows\system32\Drivers\LEqdUsb.Sys

12:06:45.0796 5748        LEqdUsb - ok

12:06:45.0812 5748        LHidEqd         (2786f7b4003adff88ce28bc1800b5407) H:\windows\system32\Drivers\LHidEqd.Sys

12:06:45.0812 5748        LHidEqd - ok

12:06:45.0937 5748        LHidFilt        (01cc7fb6e790ef044b411377f3a1ff41) H:\windows\system32\DRIVERS\LHidFilt.Sys

12:06:45.0937 5748        LHidFilt - ok

12:06:45.0984 5748        LightScribeService (c34411a244029f1c08687f7c752c4563) H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

12:06:46.0000 5748        LightScribeService ( UnsignedFile.Multi.Generic ) - warning

12:06:46.0000 5748        LightScribeService - detected UnsignedFile.Multi.Generic (1)

12:06:46.0046 5748        LmHosts         (636714b7d43c8d0c80449123fd266920) H:\windows\System32\lmhsvc.dll

12:06:46.0109 5748        LmHosts - ok

12:06:46.0109 5748        LMouFilt        (a2e7eae8898d7b4b8c302b8f4e836bb5) H:\windows\system32\DRIVERS\LMouFilt.Sys

12:06:46.0109 5748        LMouFilt - ok

12:06:46.0140 5748        LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) H:\windows\system32\Drivers\LUsbFilt.Sys

12:06:46.0156 5748        LUsbFilt - ok

12:06:46.0156 5748        LVUSBSta - ok

12:06:46.0171 5748        MagicTune - ok

12:06:46.0187 5748        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) H:\windows\system32\drivers\mbam.sys

12:06:46.0203 5748        MBAMProtector - ok

12:06:46.0234 5748        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

12:06:46.0265 5748        MBAMService - ok

12:06:46.0343 5748        MCLIENT         (7a02f128a454bb22e300f3f80bc1bd22) H:\Programme\Norton Management\Engine\2.1.2.13\ccSvcHst.exe

12:06:46.0359 5748        MCLIENT - ok

12:06:46.0390 5748        MDM             (7cf1b716372b89568ae4c0fe769f5869) H:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe

12:06:46.0406 5748        MDM ( UnsignedFile.Multi.Generic ) - warning

12:06:46.0406 5748        MDM - detected UnsignedFile.Multi.Generic (1)

12:06:46.0453 5748        Messenger       (b7550a7107281d170ce85524b1488c98) H:\windows\System32\msgsvc.dll

12:06:46.0500 5748        Messenger - ok

12:06:46.0578 5748        Microsoft SharePoint Workspace Audit Service - ok

12:06:46.0609 5748        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) H:\windows\system32\drivers\mnmdd.sys

12:06:46.0687 5748        mnmdd - ok

12:06:46.0718 5748        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) H:\WINDOWS\System32\mnmsrvc.exe

12:06:46.0781 5748        mnmsrvc - ok

12:06:46.0828 5748        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) H:\windows\system32\drivers\Modem.sys

12:06:46.0875 5748        Modem - ok

12:06:46.0937 5748        monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) H:\windows\system32\drivers\monfilt.sys

12:06:47.0109 5748        monfilt - ok

12:06:47.0218 5748        Mouclass        (b24ce8005deab254c0251e15cb71d802) H:\windows\system32\DRIVERS\mouclass.sys

12:06:47.0281 5748        Mouclass - ok

12:06:47.0312 5748        mouhid          (66a6f73c74e1791464160a7065ce711a) H:\windows\system32\DRIVERS\mouhid.sys

12:06:47.0390 5748        mouhid - ok

12:06:47.0406 5748        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) H:\windows\system32\drivers\MountMgr.sys

12:06:47.0468 5748        MountMgr - ok

12:06:47.0500 5748        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) H:\windows\system32\DRIVERS\MPE.sys

12:06:47.0578 5748        MPE - ok

12:06:47.0578 5748        mraid35x - ok

12:06:47.0593 5748        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) H:\windows\system32\DRIVERS\mrxdav.sys

12:06:47.0640 5748        MRxDAV - ok

12:06:47.0687 5748        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\windows\system32\DRIVERS\mrxsmb.sys

12:06:47.0750 5748        MRxSmb - ok

12:06:47.0781 5748        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) H:\WINDOWS\System32\msdtc.exe

12:06:47.0859 5748        MSDTC - ok

12:06:47.0875 5748        Msfs            (c941ea2454ba8350021d774daf0f1027) H:\windows\system32\drivers\Msfs.sys

12:06:47.0937 5748        Msfs - ok

12:06:47.0937 5748        MSIServer - ok

12:06:47.0953 5748        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) H:\windows\system32\drivers\MSKSSRV.sys

12:06:48.0015 5748        MSKSSRV - ok

12:06:48.0031 5748        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) H:\windows\system32\drivers\MSPCLOCK.sys

12:06:48.0078 5748        MSPCLOCK - ok

12:06:48.0187 5748        MSPQM           (bad59648ba099da4a17680b39730cb3d) H:\windows\system32\drivers\MSPQM.sys

12:06:48.0250 5748        MSPQM - ok

12:06:48.0281 5748        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) H:\windows\system32\DRIVERS\mssmbios.sys

12:06:48.0328 5748        mssmbios - ok

12:06:48.0343 5748        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) H:\windows\system32\drivers\MSTEE.sys

12:06:48.0406 5748        MSTEE - ok

12:06:48.0437 5748        MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) H:\windows\system32\DRIVERS\ASACPI.sys

12:06:48.0453 5748        MTsensor - ok

12:06:48.0468 5748        Mup             (de6a75f5c270e756c5508d94b6cf68f5) H:\windows\system32\drivers\Mup.sys

12:06:48.0484 5748        Mup - ok

12:06:48.0515 5748        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) H:\windows\system32\DRIVERS\NABTSFEC.sys

12:06:48.0562 5748        NABTSFEC - ok

12:06:48.0593 5748        napagent        (46bb15ae2ac7d025d6d2567b876817bd) H:\windows\System32\qagentrt.dll

12:06:48.0671 5748        napagent - ok

12:06:48.0843 5748        NAVENG          (862f55824ac81295837b0ab63f91071f) H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120402.002\NAVENG.SYS

12:06:48.0843 5748        NAVENG - ok

12:06:48.0890 5748        NAVEX15         (529d571b551cb9da44237389b936f1ae) H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120402.002\NAVEX15.SYS

12:06:48.0921 5748        NAVEX15 - ok

12:06:48.0953 5748        NDIS            (1df7f42665c94b825322fae71721130d) H:\windows\system32\drivers\NDIS.sys

12:06:49.0015 5748        NDIS - ok

12:06:49.0046 5748        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) H:\windows\system32\DRIVERS\NdisIP.sys

12:06:49.0109 5748        NdisIP - ok

12:06:49.0156 5748        NdisTapi        (0109c4f3850dfbab279542515386ae22) H:\windows\system32\DRIVERS\ndistapi.sys

12:06:49.0187 5748        NdisTapi - ok

12:06:49.0218 5748        Ndisuio         (f927a4434c5028758a842943ef1a3849) H:\windows\system32\DRIVERS\ndisuio.sys

12:06:49.0375 5748        Ndisuio - ok

12:06:49.0375 5748        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) H:\windows\system32\DRIVERS\ndiswan.sys

12:06:49.0453 5748        NdisWan - ok

12:06:49.0484 5748        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) H:\windows\system32\drivers\NDProxy.sys

12:06:49.0515 5748        NDProxy - ok

12:06:49.0531 5748        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) H:\windows\system32\DRIVERS\netbios.sys

12:06:49.0593 5748        NetBIOS - ok

12:06:49.0609 5748        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) H:\windows\system32\DRIVERS\netbt.sys

12:06:49.0687 5748        NetBT - ok

12:06:49.0734 5748        NetDDE          (8ace4251bffd09ce75679fe940e996cc) H:\windows\system32\netdde.exe

12:06:49.0859 5748        NetDDE - ok

12:06:49.0859 5748        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) H:\windows\system32\netdde.exe

12:06:49.0921 5748        NetDDEdsdm - ok

12:06:49.0937 5748        Netlogon        (afb8261b56cba0d86aeb6df682af9785) H:\windows\system32\lsass.exe

12:06:50.0000 5748        Netlogon - ok

12:06:50.0046 5748        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) H:\windows\System32\netman.dll

12:06:50.0109 5748        Netman - ok

12:06:50.0203 5748        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:06:50.0234 5748        NetTcpPortSharing - ok

12:06:50.0265 5748        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) H:\windows\system32\DRIVERS\nic1394.sys

12:06:50.0328 5748        NIC1394 - ok

12:06:50.0468 5748        NIS             (7a02f128a454bb22e300f3f80bc1bd22) H:\Programme\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

12:06:50.0484 5748        NIS - ok

12:06:50.0515 5748        Nla             (f1b67b6b0751ae0e6e964b02821206a3) H:\windows\System32\mswsock.dll

12:06:50.0531 5748        Nla - ok

12:06:50.0578 5748        nmservice       (cd569fa91ec6f59d045c19d0d3850f44) H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe

12:06:50.0609 5748        nmservice - ok

12:06:50.0640 5748        nmwcd           (f6c40e0a565ee3ce5aeeb325e10054f2) H:\windows\system32\drivers\ccdcmb.sys

12:06:50.0765 5748        nmwcd - ok

12:06:50.0765 5748        nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) H:\windows\system32\drivers\ccdcmbo.sys

12:06:50.0828 5748        nmwcdc - ok

12:06:50.0859 5748        nmwcdnsu        (99b224f8026cb534724aa3c408561e45) H:\windows\system32\drivers\nmwcdnsu.sys

12:06:50.0890 5748        nmwcdnsu - ok

12:06:50.0937 5748        nmwcdnsuc       (d23257682d349a5e2e4507ed33decc16) H:\windows\system32\drivers\nmwcdnsuc.sys

12:06:50.0968 5748        nmwcdnsuc - ok

12:06:51.0015 5748        Npfs            (3182d64ae053d6fb034f44b6def8034a) H:\windows\system32\drivers\Npfs.sys

12:06:51.0078 5748        Npfs - ok

12:06:51.0093 5748        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) H:\windows\system32\drivers\Ntfs.sys

12:06:51.0171 5748        Ntfs - ok

12:06:51.0203 5748        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) H:\windows\system32\lsass.exe

12:06:51.0265 5748        NtLmSsp - ok

12:06:51.0296 5748        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) H:\windows\system32\ntmssvc.dll

12:06:51.0375 5748        NtmsSvc - ok

12:06:51.0390 5748        Null            (73c1e1f395918bc2c6dd67af7591a3ad) H:\windows\system32\drivers\Null.sys

12:06:51.0453 5748        Null - ok

12:06:51.0578 5748        NUMARK_NC06_MIDI (d23ca629b95599eb06010a135375b47c) H:\windows\system32\drivers\nc06midi.sys

12:06:51.0578 5748        NUMARK_NC06_MIDI - ok

12:06:51.0609 5748        NUMARK_NC06_WDM (26195452e898bdf0f75dd1b00876321b) H:\windows\system32\drivers\nc06_wdm.sys

12:06:51.0609 5748        NUMARK_NC06_WDM - ok

12:06:51.0640 5748        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) H:\windows\system32\DRIVERS\nwlnkflt.sys

12:06:51.0703 5748        NwlnkFlt - ok

12:06:51.0718 5748        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) H:\windows\system32\DRIVERS\nwlnkfwd.sys

12:06:51.0796 5748        NwlnkFwd - ok

12:06:51.0828 5748        ohci1394        (ca33832df41afb202ee7aeb05145922f) H:\windows\system32\DRIVERS\ohci1394.sys

12:06:51.0890 5748        ohci1394 - ok

12:06:51.0968 5748        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

12:06:51.0984 5748        ose - ok

12:06:52.0109 5748        osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) H:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:06:52.0234 5748        osppsvc - ok

12:06:52.0265 5748        ossrv           (54c4bcfd5336ea6ceafcb0d4b6978408) H:\windows\system32\DRIVERS\ctoss2k.sys

12:06:52.0281 5748        ossrv - ok

12:06:52.0328 5748        P17             (df886ffed69aead0cf608b89b18c3f6f) H:\windows\system32\drivers\P17.sys

12:06:52.0484 5748        P17 - ok

12:06:52.0500 5748        Parport         (f84785660305b9b903fb3bca8ba29837) H:\windows\system32\drivers\Parport.sys

12:06:52.0562 5748        Parport - ok

12:06:52.0593 5748        PartMgr         (beb3ba25197665d82ec7065b724171c6) H:\windows\system32\drivers\PartMgr.sys

12:06:52.0734 5748        PartMgr - ok

12:06:52.0765 5748        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) H:\windows\system32\drivers\ParVdm.sys

12:06:52.0843 5748        ParVdm - ok

12:06:52.0875 5748        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) H:\windows\system32\DRIVERS\pccsmcfd.sys

12:06:52.0921 5748        pccsmcfd - ok

12:06:52.0937 5748        PCI             (387e8dedc343aa2d1efbc30580273acd) H:\windows\system32\DRIVERS\pci.sys

12:06:53.0000 5748        PCI - ok

12:06:53.0015 5748        PCIDump - ok

12:06:53.0031 5748        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) H:\windows\system32\DRIVERS\pciide.sys

12:06:53.0109 5748        PCIIde - ok

12:06:53.0125 5748        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) H:\windows\system32\drivers\Pcmcia.sys

12:06:53.0187 5748        Pcmcia - ok

12:06:53.0187 5748        PDCOMP - ok

12:06:53.0203 5748        PDFRAME - ok

12:06:53.0218 5748        PdiPorts        (3b2f443b8e23d17d46f0e43e2fc42cfe) H:\windows\system32\Drivers\PdiPorts.sys

12:06:53.0234 5748        PdiPorts - ok

12:06:53.0312 5748        PdiService      (fed28c565de5f73b7c5b32841229e496) H:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe

12:06:53.0328 5748        PdiService - ok

12:06:53.0328 5748        PDRELI - ok

12:06:53.0343 5748        PDRFRAME - ok

12:06:53.0343 5748        perc2 - ok

12:06:53.0343 5748        perc2hib - ok

12:06:53.0390 5748        Pivot           (943f840611d33832308ec5310b616b57) H:\windows\system32\drivers\pivot.sys

12:06:53.0406 5748        Pivot ( UnsignedFile.Multi.Generic ) - warning

12:06:53.0406 5748        Pivot - detected UnsignedFile.Multi.Generic (1)

12:06:53.0421 5748        pivotmou        (998c58295288eedfbfe95e7f6cc94df4) H:\WINDOWS\system32\drivers\pivotmou.sys

12:06:53.0421 5748        pivotmou ( UnsignedFile.Multi.Generic ) - warning

12:06:53.0421 5748        pivotmou - detected UnsignedFile.Multi.Generic (1)

12:06:53.0468 5748        PLCND532        (cf5aa091b8ba5aee3f3adb310b9f73cb) H:\windows\system32\Drivers\PLCND532.sys

12:06:53.0468 5748        PLCND532 - ok

12:06:53.0500 5748        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) H:\windows\system32\services.exe

12:06:53.0500 5748        PlugPlay - ok

12:06:53.0531 5748        pnarp           (36fcac4fa28b462ca867742dea59b0d0) H:\windows\system32\DRIVERS\pnarp.sys

12:06:53.0531 5748        pnarp - ok

12:06:53.0578 5748        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) H:\windows\System32\lsass.exe

12:06:53.0625 5748        PolicyAgent - ok

12:06:53.0671 5748        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\windows\system32\DRIVERS\raspptp.sys

12:06:53.0718 5748        PptpMiniport - ok

12:06:53.0812 5748        Processor       (2cb55427c58679f49ad600fccba76360) H:\windows\system32\DRIVERS\processr.sys

12:06:53.0875 5748        Processor - ok

12:06:53.0875 5748        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) H:\windows\system32\lsass.exe

12:06:53.0937 5748        ProtectedStorage - ok

12:06:53.0937 5748        PSched          (09298ec810b07e5d582cb3a3f9255424) H:\windows\system32\DRIVERS\psched.sys

12:06:54.0000 5748        PSched - ok

12:06:54.0000 5748        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\windows\system32\DRIVERS\ptilink.sys

12:06:54.0062 5748        Ptilink - ok

12:06:54.0078 5748        purendis        (d8ac00388262b1a4878a7ee12f31d376) H:\windows\system32\DRIVERS\purendis.sys

12:06:54.0078 5748        purendis - ok

12:06:54.0125 5748        QCMerced        (9a155d31b8e52f41b258282092cc93a7) H:\windows\system32\DRIVERS\LVCM.sys

12:06:54.0296 5748        QCMerced - ok

12:06:54.0296 5748        ql1080 - ok

12:06:54.0312 5748        Ql10wnt - ok

12:06:54.0312 5748        ql12160 - ok

12:06:54.0312 5748        ql1240 - ok

12:06:54.0328 5748        ql1280 - ok

12:06:54.0343 5748        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) H:\windows\system32\DRIVERS\rasacd.sys

12:06:54.0421 5748        RasAcd - ok

12:06:54.0453 5748        RasAuto         (f5ba6caccdb66c8f048e867563203246) H:\windows\System32\rasauto.dll

12:06:54.0531 5748        RasAuto - ok

12:06:54.0531 5748        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) H:\windows\system32\DRIVERS\rasl2tp.sys

12:06:54.0593 5748        Rasl2tp - ok

12:06:54.0640 5748        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) H:\windows\System32\rasmans.dll

12:06:54.0703 5748        RasMan - ok

12:06:54.0703 5748        RasPppoe        (5bc962f2654137c9909c3d4603587dee) H:\windows\system32\DRIVERS\raspppoe.sys

12:06:54.0765 5748        RasPppoe - ok

12:06:54.0781 5748        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) H:\windows\system32\DRIVERS\raspti.sys

12:06:54.0843 5748        Raspti - ok

12:06:54.0921 5748        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) H:\windows\system32\DRIVERS\rdbss.sys

12:06:54.0984 5748        Rdbss - ok

12:06:54.0984 5748        RDPCDD          (4912d5b403614ce99c28420f75353332) H:\windows\system32\DRIVERS\RDPCDD.sys

12:06:55.0062 5748        RDPCDD - ok

12:06:55.0078 5748        rdpdr           (15cabd0f7c00c47c70124907916af3f1) H:\windows\system32\DRIVERS\rdpdr.sys

12:06:55.0140 5748        rdpdr - ok

12:06:55.0187 5748        RDPWD           (5b3055daa788bd688594d2f5981f2a83) H:\windows\system32\drivers\RDPWD.sys

12:06:55.0218 5748        RDPWD - ok

12:06:55.0250 5748        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) H:\WINDOWS\system32\sessmgr.exe

12:06:55.0312 5748        RDSessMgr - ok

12:06:55.0343 5748        redbook         (ed761d453856f795a7fe056e42c36365) H:\windows\system32\DRIVERS\redbook.sys

12:06:55.0406 5748        redbook - ok

12:06:55.0437 5748        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) H:\windows\System32\mprdim.dll

12:06:55.0484 5748        RemoteAccess - ok

12:06:55.0515 5748        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) H:\windows\system32\regsvc.dll

12:06:55.0578 5748        RemoteRegistry - ok

12:06:55.0578 5748        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) H:\windows\system32\DRIVERS\rfcomm.sys

12:06:55.0640 5748        RFCOMM - ok

12:06:55.0750 5748        RichVideo       (805ae1f90c64758d19aaa001cf8cba12) H:\Programme\CyberLink\Shared files\RichVideo.exe

12:06:55.0765 5748        RichVideo ( UnsignedFile.Multi.Generic ) - warning

12:06:55.0765 5748        RichVideo - detected UnsignedFile.Multi.Generic (1)

12:06:55.0796 5748        ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) H:\windows\system32\Drivers\RootMdm.sys

12:06:55.0875 5748        ROOTMODEM - ok

12:06:55.0890 5748        RpcLocator      (2a02e21867497df20b8fc95631395169) H:\windows\system32\locator.exe

12:06:55.0953 5748        RpcLocator - ok

12:06:55.0984 5748        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\windows\system32\rpcss.dll

12:06:56.0000 5748        RpcSs - ok

12:06:56.0000 5748        RSVP            (4bdd71b4b521521499dfd14735c4f398) H:\windows\System32\rsvp.exe

12:06:56.0109 5748        RSVP - ok

12:06:56.0125 5748        SamSs           (afb8261b56cba0d86aeb6df682af9785) H:\windows\system32\lsass.exe

12:06:56.0187 5748        SamSs - ok

12:06:56.0203 5748        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) H:\windows\System32\SCardSvr.exe

12:06:56.0265 5748        SCardSvr - ok

12:06:56.0281 5748        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) H:\windows\system32\schedsvc.dll

12:06:56.0343 5748        Schedule - ok

12:06:56.0375 5748        Secdrv          (90a3935d05b494a5a39d37e71f09a677) H:\windows\system32\DRIVERS\secdrv.sys

12:06:56.0421 5748        Secdrv - ok

12:06:56.0453 5748        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) H:\windows\System32\seclogon.dll

12:06:56.0515 5748        seclogon - ok

12:06:56.0531 5748        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) H:\windows\system32\sens.dll

12:06:56.0593 5748        SENS - ok

12:06:56.0609 5748        serenum         (0f29512ccd6bead730039fb4bd2c85ce) H:\windows\system32\DRIVERS\serenum.sys

12:06:56.0671 5748        serenum - ok

12:06:56.0671 5748        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) H:\windows\system32\DRIVERS\serial.sys

12:06:56.0734 5748        Serial - ok

12:06:56.0796 5748        ServiceLayer    (f31e9531af225ca25350d5e87e999b31) H:\Programme\PC Connectivity Solution\ServiceLayer.exe

12:06:56.0812 5748        ServiceLayer - ok

12:06:56.0843 5748        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) H:\windows\system32\drivers\Sfloppy.sys

12:06:56.0906 5748        Sfloppy - ok

12:06:56.0921 5748        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) H:\windows\System32\ipnathlp.dll

12:06:57.0000 5748        SharedAccess - ok

12:06:57.0031 5748        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) H:\windows\System32\shsvcs.dll

12:06:57.0046 5748        ShellHWDetection - ok

12:06:57.0046 5748        Simbad - ok

12:06:57.0078 5748        SimpTcp         (7a1a532f14fde28489dc349c6e404a67) H:\windows\System32\tcpsvcs.exe

12:06:57.0156 5748        SimpTcp - ok

12:06:57.0218 5748        SKYNET          (1497fae9446f13023c32fef3ebde22bc) H:\windows\system32\DRIVERS\SkyNET.SYS

12:06:57.0234 5748        SKYNET - ok

12:06:57.0281 5748        SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) H:\Programme\Skype\Updater\Updater.exe

12:06:57.0281 5748        SkypeUpdate - ok

12:06:57.0296 5748        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) H:\windows\system32\DRIVERS\SLIP.sys

12:06:57.0359 5748        SLIP - ok

12:06:57.0406 5748        snapman         (c3bf55189aa92b8f919108ef9e4accae) H:\windows\system32\DRIVERS\snapman.sys

12:06:57.0421 5748        snapman - ok

12:06:57.0453 5748        SNMP            (708a1b41e7e850b2b1309073551cbd53) H:\windows\System32\snmp.exe

12:06:57.0515 5748        SNMP - ok

12:06:57.0562 5748        SNMPTRAP        (0702e1d16b7003049918595057f3904f) H:\windows\System32\snmptrap.exe

12:06:57.0609 5748        SNMPTRAP - ok

12:06:57.0625 5748        Sparrow - ok

12:06:57.0640 5748        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\windows\system32\drivers\splitter.sys

12:06:57.0703 5748        splitter - ok

12:06:57.0734 5748        Spooler         (60784f891563fb1b767f70117fc2428f) H:\windows\system32\spoolsv.exe

12:06:57.0750 5748        Spooler - ok

12:06:57.0750 5748        sr              (50fa898f8c032796d3b1b9951bb5a90f) H:\windows\system32\DRIVERS\sr.sys

12:06:57.0828 5748        sr - ok

12:06:57.0859 5748        srservice       (fe77a85495065f3ad59c5c65b6c54182) H:\WINDOWS\System32\srsvc.dll

12:06:57.0921 5748        srservice - ok

12:06:58.0000 5748        SRTSP           (c16d048faf2978d2121f9f40594a6bdc) H:\windows\System32\Drivers\NIS\1306020.00A\SRTSP.SYS

12:06:58.0015 5748        SRTSP - ok

12:06:58.0031 5748        SRTSPX          (f0d02c2e25970c9c72a5cd278c17cdb6) H:\windows\system32\drivers\NIS\1306020.00A\SRTSPX.SYS

12:06:58.0046 5748        SRTSPX - ok

12:06:58.0062 5748        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) H:\windows\system32\DRIVERS\srv.sys

12:06:58.0078 5748        Srv - ok

12:06:58.0125 5748        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) H:\windows\System32\ssdpsrv.dll

12:06:58.0187 5748        SSDPSRV - ok

12:06:58.0203 5748        SSPORT - ok

12:06:58.0218 5748        StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) H:\windows\system32\DRIVERS\serscan.sys

12:06:58.0296 5748        StillCam - ok

12:06:58.0328 5748        stisvc          (bc2c5985611c5356b24aeb370953ded9) H:\windows\system32\wiaservc.dll

12:06:58.0390 5748        stisvc - ok

12:06:58.0406 5748        streamip        (77813007ba6265c4b6098187e6ed79d2) H:\windows\system32\DRIVERS\StreamIP.sys

12:06:58.0468 5748        streamip - ok

12:06:58.0515 5748        SunkFilt        (09dfd0f2199704a27b4953233c23a036) H:\WINDOWS\System32\Drivers\sunkfilt.sys

12:06:58.0515 5748        SunkFilt ( UnsignedFile.Multi.Generic ) - warning

12:06:58.0515 5748        SunkFilt - detected UnsignedFile.Multi.Generic (1)

12:06:58.0640 5748        SWAS_Core       (8734cf72f1c80c59085a3377b5497d38) H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

12:06:58.0687 5748        SWAS_Core ( UnsignedFile.Multi.Generic ) - warning

12:06:58.0687 5748        SWAS_Core - detected UnsignedFile.Multi.Generic (1)

12:06:58.0718 5748        SWAS_Report_Plugin (4eaada085bd573870912c1f2e25ffbfd) H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe

12:06:58.0765 5748        SWAS_Report_Plugin ( UnsignedFile.Multi.Generic ) - warning

12:06:58.0765 5748        SWAS_Report_Plugin - detected UnsignedFile.Multi.Generic (1)

12:06:58.0828 5748        SWAS_Srv_DriverManagement (bb026466c2edf5d4bcfd337fc739c738) H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe

12:06:58.0875 5748        SWAS_Srv_DriverManagement ( UnsignedFile.Multi.Generic ) - warning

12:06:58.0875 5748        SWAS_Srv_DriverManagement - detected UnsignedFile.Multi.Generic (1)

12:06:58.0921 5748        SWAS_Srv_LDD    (ba0830d4c799be735ef8c224b07ca0e8) H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe

12:06:58.0968 5748        SWAS_Srv_LDD ( UnsignedFile.Multi.Generic ) - warning

12:06:58.0968 5748        SWAS_Srv_LDD - detected UnsignedFile.Multi.Generic (1)

12:06:58.0984 5748        swenum          (3941d127aef12e93addf6fe6ee027e0f) H:\windows\system32\DRIVERS\swenum.sys

12:06:59.0031 5748        swenum - ok

12:06:59.0062 5748        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\windows\system32\drivers\swmidi.sys

12:06:59.0125 5748        swmidi - ok

12:06:59.0140 5748        SwPrv - ok

12:06:59.0156 5748        sxuptp - ok

12:06:59.0171 5748        symc810 - ok

12:06:59.0171 5748        symc8xx - ok

12:06:59.0234 5748        SymDS           (690fa0e61b90084c4d9a721bd4f3d779) H:\windows\system32\drivers\NIS\1306020.00A\SYMDS.SYS

12:06:59.0250 5748        SymDS - ok

12:06:59.0296 5748        SymEFA          (4e55148a2e044d02245cbcdbb266b98c) H:\windows\system32\drivers\NIS\1306020.00A\SYMEFA.SYS

12:06:59.0328 5748        SymEFA - ok

12:06:59.0390 5748        SymEvent        (555fb450fe6908600310e990738b41d6) H:\WINDOWS\system32\Drivers\SYMEVENT.SYS

12:06:59.0390 5748        SymEvent - ok

12:06:59.0421 5748        SymIM           (a7100ea17ed9eaf365362a05bf430e77) H:\windows\system32\DRIVERS\SymIM.sys

12:06:59.0437 5748        SymIM - ok

12:06:59.0437 5748        SymIMMP         (a7100ea17ed9eaf365362a05bf430e77) H:\windows\system32\DRIVERS\SymIM.sys

12:06:59.0437 5748        SymIMMP - ok

12:06:59.0484 5748        SymIRON         (2c356cca706505cf63cbe39d532b9236) H:\windows\system32\drivers\NIS\1306020.00A\Ironx86.SYS

12:06:59.0484 5748        SymIRON - ok

12:06:59.0531 5748        SYMTDI          (508bd882040f9cb12319e3a4fc78edb9) H:\windows\System32\Drivers\NIS\1306020.00A\SYMTDI.SYS

12:06:59.0531 5748        SYMTDI - ok

12:06:59.0546 5748        sym_hi - ok

12:06:59.0546 5748        sym_u3 - ok

12:06:59.0578 5748        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) H:\windows\system32\drivers\sysaudio.sys

12:06:59.0625 5748        sysaudio - ok

12:06:59.0671 5748        SysmonLog       (2903fffa2523926d6219428040dce6b9) H:\windows\system32\smlogsvc.exe

12:06:59.0734 5748        SysmonLog - ok

12:06:59.0781 5748        TapiSrv         (05903cac4b98908d55ea5774775b382e) H:\windows\System32\tapisrv.dll

12:06:59.0828 5748        TapiSrv - ok

12:06:59.0890 5748        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) H:\windows\system32\DRIVERS\tcpip.sys

12:06:59.0906 5748        Tcpip - ok

12:06:59.0921 5748        TDPIPE          (6471a66807f5e104e4885f5b67349397) H:\windows\system32\drivers\TDPIPE.sys

12:06:59.0984 5748        TDPIPE - ok

12:07:00.0015 5748        tdrpman         (3b7b6779eb231f731bba8f9fe67aadfc) H:\windows\system32\DRIVERS\tdrpman.sys

12:07:00.0031 5748        tdrpman - ok

12:07:00.0062 5748        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) H:\windows\system32\drivers\TDTCP.sys

12:07:00.0140 5748        TDTCP - ok

12:07:00.0171 5748        teamviewervpn   (9101fffcfccd1a30e870a5b8a9091b10) H:\windows\system32\DRIVERS\teamviewervpn.sys

12:07:00.0203 5748        teamviewervpn - ok

12:07:00.0218 5748        TermDD          (88155247177638048422893737429d9e) H:\windows\system32\DRIVERS\termdd.sys

12:07:00.0281 5748        TermDD - ok

12:07:00.0328 5748        TermService     (b7de02c863d8f5a005a7bf375375a6a4) H:\windows\System32\termsrv.dll

12:07:00.0390 5748        TermService - ok

12:07:00.0421 5748        Themes          (2db7d303c36ddd055215052f118e8e75) H:\windows\System32\shsvcs.dll

12:07:00.0421 5748        Themes - ok

12:07:00.0437 5748        tifsfilter      (b0b3122bff3910e0ba97014045467778) H:\windows\system32\DRIVERS\tifsfilt.sys

12:07:00.0437 5748        tifsfilter - ok

12:07:00.0453 5748        timounter       (13bfe330880ac0ce8672d00aa5aff738) H:\windows\system32\DRIVERS\timntr.sys

12:07:00.0468 5748        timounter - ok

12:07:00.0500 5748        TlntSvr         (03681a1ce77f51586903869a5ab1deab) H:\WINDOWS\System32\tlntsvr.exe

12:07:00.0578 5748        TlntSvr - ok

12:07:00.0609 5748        toshidpt        (e362d54fd394999c4178936396664e57) H:\windows\system32\drivers\Toshidpt.sys

12:07:00.0609 5748        toshidpt ( UnsignedFile.Multi.Generic ) - warning

12:07:00.0609 5748        toshidpt - detected UnsignedFile.Multi.Generic (1)

12:07:00.0609 5748        TosIde - ok

12:07:00.0625 5748        tosporte        (b2842672056ca33f0a4aab3e5cbbf181) H:\windows\system32\DRIVERS\tosporte.sys

12:07:00.0640 5748        tosporte ( UnsignedFile.Multi.Generic ) - warning

12:07:00.0640 5748        tosporte - detected UnsignedFile.Multi.Generic (1)

12:07:00.0671 5748        Tosrfbd         (0ec5206059d97a8dc785be73fb457ec7) H:\windows\system32\Drivers\tosrfbd.sys

12:07:00.0687 5748        Tosrfbd ( UnsignedFile.Multi.Generic ) - warning

12:07:00.0687 5748        Tosrfbd - detected UnsignedFile.Multi.Generic (1)

12:07:00.0718 5748        Tosrfbnp        (1ae2ba74b2a4f5a358b13fcd35258c30) H:\windows\system32\Drivers\tosrfbnp.sys

12:07:00.0718 5748        Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning

12:07:00.0718 5748        Tosrfbnp - detected UnsignedFile.Multi.Generic (1)

12:07:00.0734 5748        Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) H:\windows\system32\Drivers\tosrfcom.sys

12:07:00.0734 5748        Tosrfcom ( UnsignedFile.Multi.Generic ) - warning

12:07:00.0734 5748        Tosrfcom - detected UnsignedFile.Multi.Generic (1)

12:07:00.0765 5748        Tosrfhid        (5dbf390aab62dd0d4d43a9278614e001) H:\windows\system32\DRIVERS\Tosrfhid.sys

12:07:00.0765 5748        Tosrfhid ( UnsignedFile.Multi.Generic ) - warning

12:07:00.0765 5748        Tosrfhid - detected UnsignedFile.Multi.Generic (1)

12:07:00.0781 5748        tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) H:\windows\system32\DRIVERS\tosrfnds.sys

12:07:00.0781 5748        tosrfnds ( UnsignedFile.Multi.Generic ) - warning

12:07:00.0781 5748        tosrfnds - detected UnsignedFile.Multi.Generic (1)

12:07:00.0828 5748        TosRfSnd        (ab6fd13d7efa2634fa6bdf84c7ef0696) H:\windows\system32\drivers\TosRfSnd.sys

12:07:00.0828 5748        TosRfSnd ( UnsignedFile.Multi.Generic ) - warning

12:07:00.0828 5748        TosRfSnd - detected UnsignedFile.Multi.Generic (1)

12:07:00.0859 5748        Tosrfusb        (d870fd6ce9060b73289f47e88630ee0e) H:\windows\system32\Drivers\tosrfusb.sys

12:07:00.0859 5748        Tosrfusb ( UnsignedFile.Multi.Generic ) - warning

12:07:00.0859 5748        Tosrfusb - detected UnsignedFile.Multi.Generic (1)

12:07:00.0906 5748        TrkWks          (626504572b175867f30f3215c04b3e2f) H:\windows\system32\trkwks.dll

12:07:00.0968 5748        TrkWks - ok

12:07:01.0046 5748        TryAndDecideService (484d4d0ca6c346248a4b14d807fb28a9) H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe

12:07:01.0062 5748        TryAndDecideService - ok

12:07:01.0078 5748        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\windows\system32\drivers\Udfs.sys

12:07:01.0156 5748        Udfs - ok

12:07:01.0156 5748        ultra - ok

12:07:01.0187 5748        Update          (402ddc88356b1bac0ee3dd1580c76a31) H:\windows\system32\DRIVERS\update.sys

12:07:01.0250 5748        Update - ok

12:07:01.0265 5748        upnphost        (1dfd8975d8c89214b98d9387c1125b49) H:\windows\System32\upnphost.dll

12:07:01.0343 5748        upnphost - ok

12:07:01.0421 5748        UPnPService     (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) H:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

12:07:01.0468 5748        UPnPService ( UnsignedFile.Multi.Generic ) - warning

12:07:01.0468 5748        UPnPService - detected UnsignedFile.Multi.Generic (1)

12:07:01.0500 5748        upperdev        (47f5f9d837d80ffd5882a14db9da0a67) H:\windows\system32\DRIVERS\usbser_lowerflt.sys

12:07:01.0531 5748        upperdev - ok

12:07:01.0531 5748        UPS             (9b11e6118958e63e1fef129466e2bda7) H:\windows\System32\ups.exe

12:07:01.0609 5748        UPS - ok

12:07:01.0656 5748        usbaudio        (e919708db44ed8543a7c017953148330) H:\windows\system32\drivers\usbaudio.sys

12:07:01.0718 5748        usbaudio - ok

12:07:01.0734 5748        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) H:\windows\system32\DRIVERS\usbccgp.sys

12:07:01.0796 5748        usbccgp - ok

12:07:01.0812 5748        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\windows\system32\DRIVERS\usbehci.sys

12:07:01.0875 5748        usbehci - ok

12:07:01.0906 5748        usbhub          (1ab3cdde553b6e064d2e754efe20285c) H:\windows\system32\DRIVERS\usbhub.sys

12:07:01.0953 5748        usbhub - ok

12:07:01.0968 5748        usbohci         (0daecce65366ea32b162f85f07c6753b) H:\windows\system32\DRIVERS\usbohci.sys

12:07:02.0031 5748        usbohci - ok

12:07:02.0062 5748        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) H:\windows\system32\DRIVERS\usbscan.sys

12:07:02.0125 5748        usbscan - ok

12:07:02.0187 5748        usbser          (1c888b000c2f9492f4b15b5b6b84873e) H:\windows\system32\drivers\usbser.sys

12:07:02.0250 5748        usbser - ok

12:07:02.0281 5748        UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) H:\windows\system32\DRIVERS\usbser_lowerfltj.sys

12:07:02.0312 5748        UsbserFilt - ok

12:07:02.0328 5748        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) H:\windows\system32\DRIVERS\USBSTOR.SYS

12:07:02.0406 5748        USBSTOR - ok

12:07:02.0421 5748        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) H:\windows\system32\DRIVERS\usbuhci.sys

12:07:02.0484 5748        usbuhci - ok

12:07:02.0500 5748        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) H:\windows\system32\Drivers\usbvideo.sys

12:07:02.0562 5748        usbvideo - ok

12:07:02.0578 5748        V0700Afx        (c51cdb764c274a5ad997c03b0dbe8aec) H:\windows\system32\DRIVERS\V0700Afx.sys

12:07:02.0625 5748        V0700Afx - ok

12:07:02.0640 5748        V0700Vid        (e81f311e5e586f27aa1fae034f10c839) H:\windows\system32\DRIVERS\V0700Vid.sys

12:07:02.0703 5748        V0700Vid - ok

12:07:02.0718 5748        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) H:\windows\System32\drivers\vga.sys

12:07:02.0781 5748        VgaSave - ok

12:07:02.0843 5748        VIAHdAudAddService (ac3d98797520265b333dc54c327aa390) H:\windows\system32\drivers\viahduaa.sys

12:07:02.0890 5748        VIAHdAudAddService - ok

12:07:02.0906 5748        ViaIde - ok

12:07:02.0953 5748        VolSnap         (a5a712f4e880874a477af790b5186e1d) H:\windows\system32\drivers\VolSnap.sys

12:07:03.0015 5748        VolSnap - ok

12:07:03.0046 5748        vsbus           (3995d1e95f3c621467da4bce868cdc90) H:\windows\system32\DRIVERS\vsb.sys

12:07:03.0046 5748        vsbus ( UnsignedFile.Multi.Generic ) - warning

12:07:03.0046 5748        vsbus - detected UnsignedFile.Multi.Generic (1)

12:07:03.0078 5748        vserial         (3feb02f2eebaa3f099e279c258ef786e) H:\windows\system32\DRIVERS\vserial.sys

12:07:03.0078 5748        vserial ( UnsignedFile.Multi.Generic ) - warning

12:07:03.0078 5748        vserial - detected UnsignedFile.Multi.Generic (1)

12:07:03.0125 5748        VSS             (68f106273be29e7b7ef8266977268e78) H:\windows\System32\vssvc.exe

12:07:03.0187 5748        VSS - ok

12:07:03.0218 5748        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) H:\WINDOWS\System32\w32time.dll

12:07:03.0265 5748        W32Time - ok

12:07:03.0296 5748        Wanarp          (e20b95baedb550f32dd489265c1da1f6) H:\windows\system32\DRIVERS\wanarp.sys

12:07:03.0343 5748        Wanarp - ok

12:07:03.0390 5748        Wdf01000        (d918617b46457b9ac28027722e30f647) H:\windows\system32\DRIVERS\Wdf01000.sys

12:07:03.0406 5748        Wdf01000 - ok

12:07:03.0406 5748        WDICA - ok

12:07:03.0421 5748        wdmaud          (6768acf64b18196494413695f0c3a00f) H:\windows\system32\drivers\wdmaud.sys

12:07:03.0484 5748        wdmaud - ok

12:07:03.0500 5748        WebClient       (81727c9873e3905a2ffc1ebd07265002) H:\windows\System32\webclnt.dll

12:07:03.0562 5748        WebClient - ok

12:07:03.0609 5748        winmgmt         (6f3f3973d97714cc5f906a19fe883729) H:\windows\system32\wbem\WMIsvc.dll

12:07:03.0687 5748        winmgmt - ok

12:07:03.0718 5748        WinRM           (f10075c2ec96d2eb118012e78ece2fc2) H:\windows\system32\WsmSvc.dll

12:07:03.0812 5748        WinRM - ok

12:07:03.0906 5748        wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:07:03.0968 5748        wlidsvc - ok

12:07:04.0015 5748        WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) H:\WINDOWS\system32\MsPMSPSv.exe

12:07:04.0015 5748        WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning

12:07:04.0015 5748        WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)

12:07:04.0046 5748        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) H:\WINDOWS\system32\MsPMSNSv.dll

12:07:04.0062 5748        WmdmPmSN - ok

12:07:04.0109 5748        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) H:\windows\System32\advapi32.dll

12:07:04.0156 5748        Wmi - ok

12:07:04.0203 5748        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) H:\windows\system32\DRIVERS\wmiacpi.sys

12:07:04.0265 5748        WmiAcpi - ok

12:07:04.0281 5748        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) H:\WINDOWS\System32\wbem\wmiapsrv.exe

12:07:04.0343 5748        WmiApSrv - ok

12:07:04.0390 5748        WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) H:\Programme\Windows Media Player\WMPNetwk.exe

12:07:04.0468 5748        WMPNetworkSvc - ok

12:07:04.0484 5748        WpdUsb          (cf4def1bf66f06964dc0d91844239104) H:\windows\system32\DRIVERS\wpdusb.sys

12:07:04.0515 5748        WpdUsb - ok

12:07:04.0625 5748        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:07:04.0656 5748        WPFFontCache_v0400 - ok

12:07:04.0687 5748        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) H:\windows\system32\wscsvc.dll

12:07:04.0750 5748        wscsvc - ok

12:07:04.0781 5748        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) H:\windows\system32\DRIVERS\WSTCODEC.SYS

12:07:04.0843 5748        WSTCODEC - ok

12:07:04.0859 5748        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) H:\WINDOWS\system32\wuauserv.dll

12:07:04.0937 5748        wuauserv - ok

12:07:04.0968 5748        WudfPf          (eaa6324f51214d2f6718977ec9ce0def) H:\windows\system32\DRIVERS\WudfPf.sys

12:07:04.0984 5748        WudfPf - ok

12:07:05.0015 5748        WudfRd          (f91ff1e51fca30b3c3981db7d5924252) H:\windows\system32\DRIVERS\wudfrd.sys

12:07:05.0015 5748        WudfRd - ok

12:07:05.0031 5748        WudfSvc         (ddee3682fe97037c45f4d7ab467cb8b6) H:\windows\System32\WUDFSvc.dll

12:07:05.0046 5748        WudfSvc - ok

12:07:05.0093 5748        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) H:\windows\System32\wzcsvc.dll

12:07:05.0218 5748        WZCSVC - ok

12:07:05.0281 5748        xmlprov         (0ada34871a2e1cd2caafed1237a47750) H:\windows\System32\xmlprov.dll

12:07:05.0343 5748        xmlprov - ok

12:07:05.0375 5748        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

12:07:05.0578 5748        \Device\Harddisk0\DR0 - ok

12:07:05.0593 5748        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

12:07:05.0640 5748        \Device\Harddisk1\DR1 - ok

12:07:05.0656 5748        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk2\DR2

12:07:05.0718 5748        \Device\Harddisk2\DR2 - ok

12:07:05.0718 5748        Boot (0x1200)   (016ece64f77f370ba431ef2fb8854cac) \Device\Harddisk0\DR0\Partition0

12:07:05.0734 5748        \Device\Harddisk0\DR0\Partition0 - ok

12:07:05.0734 5748        Boot (0x1200)   (833153dc2395a4f4ba96460f6b995434) \Device\Harddisk1\DR1\Partition0

12:07:05.0734 5748        \Device\Harddisk1\DR1\Partition0 - ok

12:07:05.0734 5748        Boot (0x1200)   (414c8de7aa3ebcf05f4696d92377de3e) \Device\Harddisk2\DR2\Partition0

12:07:05.0734 5748        \Device\Harddisk2\DR2\Partition0 - ok

12:07:05.0734 5748        ============================================================

12:07:05.0734 5748        Scan finished

12:07:05.0734 5748        ============================================================

12:07:05.0843 4232        Detected object count: 41

12:07:05.0843 4232        Actual detected object count: 41

12:07:21.0312 4232        Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0312 4232        Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0312 4232        AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0312 4232        AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0312 4232        Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0312 4232        Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0312 4232        BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0312 4232        BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0312 4232        CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0312 4232        CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0312 4232        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0312 4232        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0312 4232        Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0312 4232        Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0312 4232        Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0312 4232        Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0312 4232        Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0312 4232        Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0312 4232        CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        imagedrv ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        imagedrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        imagesrv ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        imagesrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        MDM ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        Pivot ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        Pivot ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        pivotmou ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        pivotmou ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0328 4232        RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0328 4232        RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        SWAS_Core ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        SWAS_Core ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        SWAS_Report_Plugin ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        SWAS_Report_Plugin ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        SWAS_Srv_DriverManagement ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        SWAS_Srv_DriverManagement ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        SWAS_Srv_LDD ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        SWAS_Srv_LDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        tosporte ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0343 4232        Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0343 4232        Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0359 4232        UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0359 4232        UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0359 4232        vsbus ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0359 4232        vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0359 4232        vserial ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0359 4232        vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:07:21.0359 4232        WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user

12:07:21.0359 4232        WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).