Trojaner-Board - Weißes Fenster mit "Die Webseite kann diese Seite nicht anzeigen" beim ersten Auftreten

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Weißes Fenster mit "Die Webseite kann diese Seite nicht anzeigen" beim ersten Auftreten (https://www.trojaner-board.de/112815-weisses-fenster-webseite-diese-seite-anzeigen-beim-ersten-auftreten.html)

Weißes Fenster mit "Die Webseite kann diese Seite nicht anzeigen" beim ersten Auftreten

Hallo,

beim surfen mit Mozila Firefox mit Benutzer mit eingeschränkten Rechten , kam es zum Abbruch. Die Fenster wurden geschlossen und es erschien ein Fenster "Die Webseite kann diese Seite nicht anzeigen" so wie man den von Internet Explorer kennt. Das Fenster vergrößerte sich nach einigen Sekunden und erstreckte sich über den kompletten Bildschirm. Die Symbole in der Taskleiste wurden ausgeblendet. Taskmanager lies sich nicht starten bzw. war nicht sichtbar.

Nach einem Neustart wechselte ich auf Admin. Hier hat alles wie gewohnt funktioniert. Nach der Systemprüfung mit Antivir wurden 2 Mailware gefunden und in die Quarantäne verschoben. Das Wechseln auf eingeschränkten Benutzer ergab keine Veränderung nach dieser Aktion.

Ich wechselte wieder auf Admin und führte ein Check mit Anit-Mailware durch, entfernte die beiden Funde und probierte es nochmal mit eingeschränktem Benutzer mit Ergebnis: alles wieder in Ordnung. Nochmaliger Antivir Check: keinen Fund gefunden.

Ich bitte die Experten noch mal den Bericht von Anti-Mailware und von OTL zu analysieren ob das Problem jetzt vollständig behoben ist.

Vielen Dank im Voraus

CustomScan mit OTL

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo Cosinus,

anbei die Auswertung:
1. Malwarebytes nach dem Virusangriff
2. Malwarebytes aktuell
3. Eset Online Scaner

Danke für die Unterstützung

Gruß
Kostja

Code:

 
 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.31.08
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

AdminKostja :: KOSTJA [Administrator]
 

31.03.2012 17:49:06

mbam-log-2012-03-31 (17-49-06).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 206774

Laufzeit: 7 Minute(n), 12 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Dokumente und Einstellungen\Kostja und Elina\Lokale Einstellungen\Temp\cgs8h0.exe (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Kostja und Elina\Startmenü\Programme\Autostart\cgs8h0.exe.lnk (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

 
 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.04.03.09
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

AdminKostja :: KOSTJA [Administrator]
 

03.04.2012 18:32:58

mbam-log-2012-04-03 (18-32-58).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 251833

Laufzeit: 1 Stunde(n), 4 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

 
 
 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=63399399a217514e86d77fe2d6060e40

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-03 09:53:12

# local_time=2012-04-03 11:53:12 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777191 100 0 17987873 17987873 0 0

# compatibility_mode=8192 67108863 100 0 354 354 0 0

# scanned=47449

# found=3

# cleaned=0

# scan_time=2425

C:\Dokumente und Einstellungen\AdminKostja\Eigene Dateien\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\Kostja und Elina\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41\1dea8e9-6bb8fa93        a variant of Java/Exploit.CVE-2012-0507.F trojan (unable to clean)        00000000000000000000000000000000        I

C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hallo Cosinus,

1. alles ist wie gehabt.
2. mir fällt nichts auf, die Maske, das Menü und die Programme sind alle vorhanden.

Gruß
Kostja

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo cosinus,

anbei der OTL - Log.

Gruß

Kostja

OTL Logfile:

Code:

OTL logfile created on: 04.04.2012 23:25:45 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\AdminKostja\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,11 Mb Total Physical Memory | 428,31 Mb Available Physical Memory | 41,90% Memory free

2,40 Gb Paging File | 1,78 Gb Available in Paging File | 73,97% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 23,89 Gb Total Space | 13,78 Gb Free Space | 57,66% Space Free | Partition Type: NTFS

Drive E: | 87,90 Gb Total Space | 0,25 Gb Free Space | 0,28% Space Free | Partition Type: NTFS

 

Computer Name: KOSTJA | User Name: AdminKostja | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.04 23:24:07 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\AdminKostja\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.01.03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe

PRC - [2011.12.21 09:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.09.08 18:28:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.09.08 18:28:00 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011.09.08 18:27:58 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.09.08 18:27:53 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe

PRC - [2011.09.08 18:27:51 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.09.08 18:27:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2011.08.12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe

PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe

PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe

PRC - [2005.11.29 16:11:20 | 000,024,848 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\ssonsvr.exe

PRC - [2005.09.16 14:01:02 | 000,557,056 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe

PRC - [2005.08.12 16:38:22 | 001,056,768 | ---- | M] (VIA Technologies) -- C:\Programme\VIA\RAID\raid_tool.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.03.31 21:05:36 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll

MOD - [2012.01.03 15:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2011.12.21 09:42:28 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2011.09.08 18:28:32 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2011.08.22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011.08.12 13:20:56 | 001,260,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\UMVPLMute.dll

MOD - [2011.08.12 13:20:56 | 000,294,424 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\VMSystem.dll

MOD - [2011.08.12 13:20:56 | 000,053,784 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\VMSysPS.dll

MOD - [2011.08.12 13:20:56 | 000,053,784 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\UMVPLMutePS.dll

MOD - [2011.08.12 13:20:48 | 000,054,808 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MRSystemPS.dll

MOD - [2011.08.12 13:20:36 | 001,349,656 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MRSystem.dll

MOD - [2011.08.12 13:20:36 | 001,323,032 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MMSystem.dll

MOD - [2011.08.12 13:20:24 | 000,135,192 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MapTrackData.dll

MOD - [2011.08.12 13:20:24 | 000,053,784 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MMSysPS.dll

MOD - [2011.08.12 13:19:50 | 000,221,208 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\FxPreview.dll

MOD - [2011.08.12 13:19:50 | 000,053,784 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\FxPreviewPS.dll

MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe

MOD - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2005.09.16 14:01:04 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll

MOD - [2005.09.16 14:01:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll

MOD - [2005.09.16 14:01:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll

MOD - [2005.09.16 14:01:02 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll

MOD - [2005.09.16 14:01:02 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll

MOD - [2005.09.16 14:01:02 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll

MOD - [2005.09.16 14:01:02 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll

MOD - [2005.09.16 14:01:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56ger.dll

MOD - [2005.09.16 14:01:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56fra.dll

MOD - [2005.08.19 16:32:08 | 000,184,320 | ---- | M] () -- C:\Programme\VIA\RAID\drvInterface.dll

MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.03.31 21:05:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.09.08 18:28:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.09.08 18:28:00 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)

SRV - [2011.09.08 18:27:53 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2011.09.08 18:27:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2008.04.14 04:22:23 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)

SRV - [2008.04.14 04:22:12 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)

SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Adapter | Unavailable | Unknown] --  -- (PnSson)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2011.09.08 18:28:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.09.08 18:28:59 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2011.09.08 18:28:57 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.09.08 18:27:50 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2011.08.19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)

DRV - [2011.08.19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2006.10.12 09:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006.02.20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)

DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005.09.16 14:09:02 | 000,846,792 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{7095492D-C58E-45BF-9E1E-7EC3F6762046}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C3D43535-CFDA-4374-90F2-8352484D81E0&apn_sauid=823F2015-AB51-4BEF-8159-DA2969AF93D8

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.25 20:50:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2011.09.08 19:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Extensions

[2012.03.31 21:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions

[2012.03.31 21:33:10 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com

[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\searchplugins\askcom.xml

[2012.03.31 21:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.31 21:22:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)

O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)

O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E53DC08-DF5B-491F-A967-E3646A0318E8}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.09.08 14:40:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.03 23:06:54 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.03.31 21:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com

[2012.03.31 21:33:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminKostja\Lokale Einstellungen\Anwendungsdaten\AskToolbar

[2012.03.31 21:23:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2012.03.31 21:23:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask

[2012.03.31 17:44:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Malwarebytes

[2012.03.31 17:44:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.03.31 17:44:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.03.31 17:44:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.03.31 17:44:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.03.28 14:23:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN

[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.04 23:28:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012.04.04 18:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.04.04 18:41:13 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2012.04.04 18:40:30 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.04.04 13:35:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.04.01 00:28:22 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminKostja\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.31 21:22:16 | 000,459,844 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.03.31 21:22:16 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.03.31 21:22:16 | 000,085,170 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.03.31 21:22:16 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.03.31 19:40:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.31 17:44:23 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.28 14:23:46 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk

[2012.03.14 23:20:02 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.03.14 20:45:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.31 21:33:08 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012.03.31 21:05:36 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.03.31 17:44:23 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.28 14:23:46 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk

[2012.02.15 19:54:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.10.05 22:03:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini

[2011.09.30 22:06:36 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminKostja\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.18 16:12:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011.09.09 14:42:28 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011.09.09 14:42:28 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini

[2011.09.09 14:42:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2011.09.09 14:41:34 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2011.09.09 14:41:34 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2011.09.09 14:41:34 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat

[2011.09.09 14:40:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat

[2011.09.09 14:40:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2011.09.09 14:38:20 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2011.09.09 14:22:41 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.09.08 17:32:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011.09.08 17:31:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll

[2011.09.08 17:31:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll

[2011.09.08 17:31:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll

[2011.09.08 17:31:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll

[2011.09.08 17:31:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll

[2011.09.08 17:31:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll

[2011.09.08 17:31:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll

[2011.09.08 17:31:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll

[2011.09.08 17:31:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll

[2011.09.08 15:52:32 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminKostja\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2011.09.08 15:30:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.09.08 15:29:02 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.09.08 14:48:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.09.08 14:43:56 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2011.09.08 14:38:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2010.11.10 04:45:32 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2010.11.10 04:45:30 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2010.11.10 04:45:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2010.11.10 04:31:42 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

 
 ========== LOP Check ==========

 

[2011.10.05 22:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\ICAClient

[2011.09.17 11:12:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Leadertech

[2011.09.30 21:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Panasonic

[2011.09.18 16:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\pdfforge

[2011.10.28 16:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\ScanSoft

[2012.03.31 21:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask

[2011.09.30 21:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic

[2011.09.09 14:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2012.04.04 23:28:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.05 21:49:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Adobe

[2011.09.18 14:36:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\AdobeUM

[2011.09.08 18:39:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Avira

[2011.10.08 19:37:10 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Brother

[2011.10.05 22:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\ICAClient

[2011.09.08 15:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Identities

[2011.09.13 23:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\InstallShield

[2011.09.17 11:12:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Leadertech

[2011.09.08 18:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Macromedia

[2012.03.31 17:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Malwarebytes

[2011.10.05 21:49:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Microsoft

[2011.09.08 19:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla

[2011.09.30 21:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Panasonic

[2011.09.18 16:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\pdfforge

[2011.10.28 16:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\ScanSoft

[2012.04.04 19:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Skype

[2011.09.21 00:10:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Sun

[2012.04.01 02:08:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\vlc

[2011.12.18 20:07:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.09.17 11:12:32 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2011.09.09 14:39:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2011.09.09 14:39:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2011.09.09 14:39:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2011.09.09 14:39:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2009.01.29 19:12:50 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=86C7D345A9D6DA814DBA6F785FE49908 -- C:\Programme\Panasonic\HD Writer AE 1\EventLog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll

 
 < MD5 for: NVATABUS.SYS  >

[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: VIAMRAID.SYS  >

[2005.07.20 14:52:56 | 000,089,088 | ---- | M] (VIA Technologies inc,.ltd) MD5=25700F5D901D8A8F4C7E851788A2707D -- C:\fsc.tmp\driver\raid\1004956_via_5_1_2600_510\drvdisk\i386\NT5\viamraid.sys

[2005.07.20 14:52:56 | 000,089,088 | ---- | M] (VIA Technologies inc,.ltd) MD5=25700F5D901D8A8F4C7E851788A2707D -- C:\fsc.tmp\driver\raid\1004956_via_5_1_2600_510\VIARAID\driver\winxp\viamraid.sys

[2005.07.20 14:52:56 | 000,089,088 | ---- | M] (VIA Technologies inc,.ltd) MD5=25700F5D901D8A8F4C7E851788A2707D -- C:\WINDOWS\system32\drivers\viamraid.sys

[2005.07.19 13:50:28 | 000,103,904 | ---- | M] (VIA Technologies inc,.ltd) MD5=40C58EC8AB5162E03AF51B39842AC20D -- C:\fsc.tmp\driver\raid\1004956_via_5_1_2600_510\drvdisk\i386\NT4\viamraid.sys

[2005.07.19 13:50:28 | 000,103,904 | ---- | M] (VIA Technologies inc,.ltd) MD5=40C58EC8AB5162E03AF51B39842AC20D -- C:\fsc.tmp\driver\raid\1004956_via_5_1_2600_510\VIARAID\driver\winnt40\viamraid.sys

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2011.09.08 16:28:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2011.09.08 16:28:05 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2011.09.08 16:28:05 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

--- --- ---

[/code]

Zitat:

Boot Mode: Normal | Scan Mode: Current user

Du hast vergessen den Haken bei "Scanne alle Benutzer" zu setzen :(

Du hast recht.
Wer lesen kann ist klar im Vorteil.

Gruß

Kostja

OTL Logfile:

Code:

OTL logfile created on: 05.04.2012 22:03:39 - Run 3

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\AdminXXXXX\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,11 Mb Total Physical Memory | 539,30 Mb Available Physical Memory | 52,76% Memory free

2,40 Gb Paging File | 1,81 Gb Available in Paging File | 75,31% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 23,89 Gb Total Space | 13,74 Gb Free Space | 57,51% Space Free | Partition Type: NTFS

Drive E: | 87,90 Gb Total Space | 0,25 Gb Free Space | 0,28% Space Free | Partition Type: NTFS

 

Computer Name: XXXXXX | User Name: AdminXXXXX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\AdminXXXXX\Eigene Dateien\Downloads\OTL(1).exe (OldTimer Tools)

PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe ()

PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

PRC - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()

PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)

PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)

PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Programme\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\UMVPLMute.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\VMSystem.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\VMSysPS.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\UMVPLMutePS.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MRSystemPS.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MRSystem.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MMSystem.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MapTrackData.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\MMSysPS.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\FxPreview.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\FxPreviewPS.dll ()

MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()

MOD - C:\WINDOWS\sm56jpn.dll ()

MOD - C:\WINDOWS\sm56cht.dll ()

MOD - C:\WINDOWS\sm56chs.dll ()

MOD - C:\WINDOWS\sm56spn.dll ()

MOD - C:\WINDOWS\sm56itl.dll ()

MOD - C:\WINDOWS\sm56eng.dll ()

MOD - C:\WINDOWS\sm56brz.dll ()

MOD - C:\WINDOWS\sm56ger.dll ()

MOD - C:\WINDOWS\sm56fra.dll ()

MOD - C:\Programme\VIA\RAID\drvInterface.dll ()

MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)

SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (UMVPFSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)

SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)

SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)

SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PnSson) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (Changer) --  File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1004\..\SearchScopes\{7095492D-C58E-45BF-9E1E-7EC3F6762046}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C3D43535-CFDA-4374-90F2-8352484D81E0&apn_sauid=823F2015-AB51-4BEF-8159-DA2969AF93D8

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 FE BF 1E 65 0F CD 01  [binary data]

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.25 20:50:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2011.09.08 19:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Mozilla\Extensions

[2012.03.31 21:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions

[2012.03.31 21:33:10 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com

[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\searchplugins\askcom.xml

[2012.03.31 21:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.31 21:22:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)

O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)

O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-329068152-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-329068152-1960408961-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E53DC08-DF5B-491F-A967-E3646A0318E8}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.09.08 14:40:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.03 23:06:54 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.03.31 21:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com

[2012.03.31 21:33:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Lokale Einstellungen\Anwendungsdaten\AskToolbar

[2012.03.31 21:23:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2012.03.31 21:23:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask

[2012.03.31 17:44:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Malwarebytes

[2012.03.31 17:44:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.03.31 17:44:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.03.31 17:44:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.03.31 17:44:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.03.28 14:23:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN

[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.05 22:08:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012.04.04 23:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.04.04 18:41:13 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2012.04.04 18:40:30 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.04.04 13:35:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.04.01 00:28:22 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminXXXXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.31 21:22:16 | 000,459,844 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.03.31 21:22:16 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.03.31 21:22:16 | 000,085,170 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.03.31 21:22:16 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.03.31 19:40:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.31 17:44:23 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.28 14:23:46 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk

[2012.03.14 23:20:02 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.03.14 20:45:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.31 21:33:08 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012.03.31 21:05:36 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.03.31 17:44:23 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.28 14:23:46 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk

[2012.02.15 19:54:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.10.05 22:03:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini

[2011.09.30 22:06:36 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminXXXXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.18 16:12:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011.09.09 14:42:28 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011.09.09 14:42:28 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini

[2011.09.09 14:42:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2011.09.09 14:41:34 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2011.09.09 14:41:34 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2011.09.09 14:41:34 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat

[2011.09.09 14:40:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat

[2011.09.09 14:40:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2011.09.09 14:38:20 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2011.09.09 14:22:41 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.09.08 17:32:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011.09.08 17:31:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll

[2011.09.08 17:31:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll

[2011.09.08 17:31:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll

[2011.09.08 17:31:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll

[2011.09.08 17:31:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll

[2011.09.08 17:31:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll

[2011.09.08 17:31:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll

[2011.09.08 17:31:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll

[2011.09.08 17:31:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll

[2011.09.08 15:52:32 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminXXXXXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2011.09.08 15:30:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.09.08 15:29:02 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.09.08 14:48:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.09.08 14:43:56 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2011.09.08 14:38:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2010.11.10 04:45:32 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2010.11.10 04:45:30 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2010.11.10 04:45:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2010.11.10 04:31:42 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

 
 ========== LOP Check ==========

 

[2011.10.05 22:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\ICAClient

[2011.09.17 11:12:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Leadertech

[2011.09.30 21:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Panasonic

[2011.09.18 16:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\pdfforge

[2011.10.28 16:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\ScanSoft

[2012.03.31 21:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask

[2011.09.30 21:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic

[2011.09.09 14:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2011.10.31 00:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kostja und Elina\Anwendungsdaten\ICAClient

[2011.09.17 14:57:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kostja und Elina\Anwendungsdaten\ScanSoft

[2012.04.05 22:08:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.05 21:49:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Adobe

[2011.09.18 14:36:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\AdobeUM

[2011.09.08 18:39:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Avira

[2011.10.08 19:37:10 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Brother

[2011.10.05 22:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\ICAClient

[2011.09.08 15:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Identities

[2011.09.13 23:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\InstallShield

[2011.09.17 11:12:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Leadertech

[2011.09.08 18:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Macromedia

[2012.03.31 17:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Malwarebytes

[2011.10.05 21:49:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Microsoft

[2011.09.08 19:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Mozilla

[2011.09.30 21:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Panasonic

[2011.09.18 16:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\pdfforge

[2011.10.28 16:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\ScanSoft

[2012.04.04 19:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Skype

[2011.09.21 00:10:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\Sun

[2012.04.01 02:08:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\vlc

[2011.12.18 20:07:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXXX\Anwendungsdaten\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.09.17 11:12:32 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Dokumente und Einstellungen\AdminXXXXX\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2011.09.09 14:39:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2011.09.09 14:39:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2011.09.09 14:39:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2011.09.09 14:39:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2009.01.29 19:12:50 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=86C7D345A9D6DA814DBA6F785FE49908 -- C:\Programme\Panasonic\HD Writer AE 1\EventLog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll

 
 < MD5 for: NVATABUS.SYS  >

[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: VIAMRAID.SYS  >

[2005.07.20 14:52:56 | 000,089,088 | ---- | M] (VIA Technologies inc,.ltd) MD5=25700F5D901D8A8F4C7E851788A2707D -- C:\fsc.tmp\driver\raid\1004956_via_5_1_2600_510\drvdisk\i386\NT5\viamraid.sys

[2005.07.20 14:52:56 | 000,089,088 | ---- | M] (VIA Technologies inc,.ltd) MD5=25700F5D901D8A8F4C7E851788A2707D -- C:\fsc.tmp\driver\raid\1004956_via_5_1_2600_510\VIARAID\driver\winxp\viamraid.sys

[2005.07.20 14:52:56 | 000,089,088 | ---- | M] (VIA Technologies inc,.ltd) MD5=25700F5D901D8A8F4C7E851788A2707D -- C:\WINDOWS\system32\drivers\viamraid.sys

[2005.07.19 13:50:28 | 000,103,904 | ---- | M] (VIA Technologies inc,.ltd) MD5=40C58EC8AB5162E03AF51B39842AC20D -- C:\fsc.tmp\driver\raid\1004956_via_5_1_2600_510\drvdisk\i386\NT4\viamraid.sys

[2005.07.19 13:50:28 | 000,103,904 | ---- | M] (VIA Technologies inc,.ltd) MD5=40C58EC8AB5162E03AF51B39842AC20D -- C:\fsc.tmp\driver\raid\1004956_via_5_1_2600_510\VIARAID\driver\winnt40\viamraid.sys

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2011.09.08 16:28:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2011.09.08 16:28:05 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2011.09.08 16:28:05 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

--- --- ---

[/code]

Wieso machst du deinen Namen jetzt unkenntlich? :confused:
Das ist doch nur dann sinnvoll, wenn du vollen Vor- und Nachnamen drin hast, aber den Vornamen allein musst du doch nicht enkenntlich machen (hast du in den vorherigen Logs auch nicht :pfeiff: )

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

O2-1960408961-682003330-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-329068152-1960408961-682003330-1004\..\SearchScopes\{7095492D-C58E-45BF-9E1E-7EC3F6762046}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C3D43535-CFDA-4374-90F2-8352484D81E0&apn_sauid=823F2015-AB51-4BEF-8159-DA2969AF93D8

IE - HKU\S-1-5-21-32906815

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

[2012.03.31 21:33:10 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\AdminXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com

[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\searchplugins\askcom.xml

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.09.08 14:40:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

[2012.03.31 21:33:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminXXXXX\Lokale Einstellungen\Anwendungsdaten\AskToolbar

[2011.09.18 16:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminXXXXX\Anwendungsdaten\pdfforge

[2012.03.31 21:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask

[2012.03.31 21:33:08 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

:Files

C:\Dokumente und Einstellungen\AdminXXXXX\Anwendungsdaten\pdfforge

C:\Programme\Ask.com

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Es war mir klar das ich davor meinen Namen nicht ausgeblendet habe. Ich habe nur geübt mit dem Befehl "Ersetzen" zu arbeiten. :crazy:

Leider hat der Fix auch nach drei Versuchen nicht funktioniert. Der OTL hing immer an der selben Stelle.

Was jetzt? :wtf:

Code:

 

IE - HKU\S-1-5-21-32906815

Gruß

Kostja

Hm, weiß nicht wie diese Zeile da ringekommen ist. Nimm die mal komplett raus aus dem Fix und probier es nochmal

Dieses Mal hat es geklappt.:applaus:

Anbei das Report.

Gruß

Kostja

Code:

All processes killed

========== OTL ==========

HKEY_USERS\S-1-5-21-329068152-1960408961-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-329068152-1960408961-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-329068152-1960408961-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{7095492D-C58E-45BF-9E1E-7EC3F6762046}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7095492D-C58E-45BF-9E1E-7EC3F6762046}\ not found.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "Ask.com" removed from browser.search.selectedEngine

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com\defaults folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com\chrome folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\extensions\toolbar@ask.com folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\Mozilla\Firefox\Profiles\rptafcw4.default\searchplugins\askcom.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Programme\Ask.com\Updater\Updater.exe moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Lokale Einstellungen\Anwendungsdaten\AskToolbar\APNU folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Lokale Einstellungen\Anwendungsdaten\AskToolbar folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\pdfforge\Images2PDF folder moved successfully.

C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\pdfforge folder moved successfully.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask\APN-Stub folder moved successfully.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask folder moved successfully.

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.

========== FILES ==========

File\Folder C:\Dokumente und Einstellungen\AdminKostja\Anwendungsdaten\pdfforge not found.

C:\Programme\Ask.com\Updater folder moved successfully.

C:\Programme\Ask.com\assets\oobe folder moved successfully.

C:\Programme\Ask.com\assets folder moved successfully.

C:\Programme\Ask.com folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: AdminKostja

->Temp folder emptied: 298024870 bytes

->Temporary Internet Files folder emptied: 20292345 bytes

->Java cache emptied: 697667 bytes

->FireFox cache emptied: 51010948 bytes

->Flash cache emptied: 2974 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Kostja und Elina

->Temp folder emptied: 134207913 bytes

->Temporary Internet Files folder emptied: 2534652 bytes

->Java cache emptied: 375296 bytes

->FireFox cache emptied: 99621023 bytes

->Flash cache emptied: 719 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 840015 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 215250288 bytes

%systemroot% .tmp files removed: 2503692 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 59164316 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 844,00 mb

 

 

[EMPTYFLASH]

 

User: AdminKostja

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

 

User: Kostja und Elina

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 04062012_171357
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Anbei die Daten des TDSS

Gruß
Kostja

Code:

17:45:05.0421 0536        TDSS rootkit removing tool 2.7.26.0 Apr  4 2012 19:52:02

17:45:05.0500 0536        ============================================================

17:45:05.0500 0536        Current date / time: 2012/04/06 17:45:05.0500

17:45:05.0500 0536        SystemInfo:

17:45:05.0500 0536        

17:45:05.0500 0536        OS Version: 5.1.2600 ServicePack: 3.0

17:45:05.0500 0536        Product type: Workstation

17:45:05.0500 0536        ComputerName: KOSTJA

17:45:05.0500 0536        UserName: AdminKostja

17:45:05.0500 0536        Windows directory: C:\WINDOWS

17:45:05.0500 0536        System windows directory: C:\WINDOWS

17:45:05.0500 0536        Processor architecture: Intel x86

17:45:05.0500 0536        Number of processors: 2

17:45:05.0500 0536        Page size: 0x1000

17:45:05.0500 0536        Boot type: Normal boot

17:45:05.0500 0536        ============================================================

17:45:06.0625 0536        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

17:45:06.0625 0536        \Device\Harddisk0\DR0:

17:45:06.0640 0536        MBR used

17:45:06.0640 0536        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2FC9130

17:45:06.0640 0536        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2FC916F, BlocksNum 0xAFCA652

17:45:06.0718 0536        Initialize success

17:45:06.0718 0536        ============================================================

17:46:22.0500 1632        ============================================================

17:46:22.0500 1632        Scan started

17:46:22.0500 1632        Mode: Manual; SigCheck; TDLFS; 

17:46:22.0500 1632        ============================================================

17:46:22.0671 1632        6to4            (d5a6658cbfbbf9a0f8827e83c9fde806) C:\WINDOWS\System32\6to4svc.dll

17:46:22.0906 1632        6to4 - ok

17:46:22.0968 1632        Abiosdsk - ok

17:46:22.0984 1632        abp480n5 - ok

17:46:23.0031 1632        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:46:23.0625 1632        ACPI - ok

17:46:23.0703 1632        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

17:46:23.0828 1632        ACPIEC - ok

17:46:23.0921 1632        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:46:23.0937 1632        AdobeFlashPlayerUpdateSvc - ok

17:46:23.0953 1632        adpu160m - ok

17:46:24.0000 1632        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:46:24.0109 1632        aec - ok

17:46:24.0156 1632        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:46:24.0218 1632        AFD - ok

17:46:24.0234 1632        Aha154x - ok

17:46:24.0250 1632        aic78u2 - ok

17:46:24.0265 1632        aic78xx - ok

17:46:24.0312 1632        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

17:46:24.0421 1632        Alerter - ok

17:46:24.0453 1632        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

17:46:24.0546 1632        ALG - ok

17:46:24.0562 1632        AliIde - ok

17:46:24.0578 1632        amsint - ok

17:46:24.0703 1632        AntiVirMailService (d1d8e6ad41a8d948e1c2c1ec2bf8ad20) C:\Programme\Avira\AntiVir Desktop\avmailc.exe

17:46:24.0750 1632        AntiVirMailService - ok

17:46:24.0781 1632        AntiVirSchedulerService (b3e6fde223f21f5d477087f71db27de9) C:\Programme\Avira\AntiVir Desktop\sched.exe

17:46:24.0796 1632        AntiVirSchedulerService - ok

17:46:24.0859 1632        AntiVirService  (ff4d522213d4ee19f166dff157ffd490) C:\Programme\Avira\AntiVir Desktop\avguard.exe

17:46:24.0875 1632        AntiVirService - ok

17:46:24.0921 1632        AntiVirWebService (ebaac0fb8c09ba0b14e9da6822e1bec7) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

17:46:24.0937 1632        AntiVirWebService - ok

17:46:25.0000 1632        AppMgmt - ok

17:46:25.0078 1632        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:46:25.0203 1632        Arp1394 - ok

17:46:25.0234 1632        asc - ok

17:46:25.0250 1632        asc3350p - ok

17:46:25.0265 1632        asc3550 - ok

17:46:25.0328 1632        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:46:25.0343 1632        aspnet_state - ok

17:46:25.0375 1632        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:46:25.0468 1632        AsyncMac - ok

17:46:25.0531 1632        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:46:25.0640 1632        atapi - ok

17:46:25.0656 1632        Atdisk - ok

17:46:25.0687 1632        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:46:25.0781 1632        Atmarpc - ok

17:46:25.0828 1632        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

17:46:25.0921 1632        AudioSrv - ok

17:46:25.0968 1632        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:46:26.0093 1632        audstub - ok

17:46:26.0171 1632        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

17:46:26.0171 1632        avgio - ok

17:46:26.0250 1632        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

17:46:26.0281 1632        avgntflt - ok

17:46:26.0328 1632        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:46:26.0343 1632        avipbb - ok

17:46:26.0375 1632        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:46:26.0484 1632        Beep - ok

17:46:26.0531 1632        bgsvcgen        (acc9c8c560c567fad6f79c977ab2ea09) C:\WINDOWS\system32\bgsvcgen.exe

17:46:26.0546 1632        bgsvcgen - ok

17:46:26.0593 1632        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

17:46:26.0703 1632        BITS - ok

17:46:26.0765 1632        Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe

17:46:26.0828 1632        Brother XP spl Service - ok

17:46:26.0859 1632        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

17:46:26.0968 1632        Browser - ok

17:46:27.0000 1632        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

17:46:27.0062 1632        BrScnUsb - ok

17:46:27.0109 1632        BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

17:46:27.0218 1632        BthEnum - ok

17:46:27.0234 1632        BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

17:46:27.0343 1632        BthPan - ok

17:46:27.0390 1632        BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys

17:46:27.0437 1632        BTHPORT - ok

17:46:27.0468 1632        BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll

17:46:27.0593 1632        BthServ - ok

17:46:27.0640 1632        BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

17:46:27.0734 1632        BTHUSB - ok

17:46:27.0781 1632        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:46:27.0890 1632        cbidf2k - ok

17:46:27.0921 1632        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:46:28.0015 1632        CCDECODE - ok

17:46:28.0031 1632        cd20xrnt - ok

17:46:28.0078 1632        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:46:28.0187 1632        Cdaudio - ok

17:46:28.0250 1632        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:46:28.0359 1632        Cdfs - ok

17:46:28.0406 1632        cdrbsdrv        (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys

17:46:28.0421 1632        cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning

17:46:28.0421 1632        cdrbsdrv - detected UnsignedFile.Multi.Generic (1)

17:46:28.0437 1632        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:46:28.0546 1632        Cdrom - ok

17:46:28.0562 1632        Changer - ok

17:46:28.0593 1632        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

17:46:28.0703 1632        CiSvc - ok

17:46:28.0718 1632        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

17:46:28.0812 1632        ClipSrv - ok

17:46:28.0875 1632        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:46:28.0921 1632        clr_optimization_v2.0.50727_32 - ok

17:46:28.0953 1632        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:46:29.0078 1632        CmBatt - ok

17:46:29.0093 1632        CmdIde - ok

17:46:29.0109 1632        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:46:29.0218 1632        Compbatt - ok

17:46:29.0234 1632        COMSysApp - ok

17:46:29.0250 1632        Cpqarray - ok

17:46:29.0281 1632        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

17:46:29.0375 1632        CryptSvc - ok

17:46:29.0421 1632        dac2w2k - ok

17:46:29.0437 1632        dac960nt - ok

17:46:29.0484 1632        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

17:46:29.0593 1632        DcomLaunch - ok

17:46:29.0625 1632        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

17:46:29.0734 1632        Dhcp - ok

17:46:29.0765 1632        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:46:29.0859 1632        Disk - ok

17:46:29.0875 1632        dmadmin - ok

17:46:29.0921 1632        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

17:46:30.0109 1632        dmboot - ok

17:46:30.0156 1632        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

17:46:30.0265 1632        dmio - ok

17:46:30.0312 1632        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:46:30.0406 1632        dmload - ok

17:46:30.0484 1632        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

17:46:30.0578 1632        dmserver - ok

17:46:30.0609 1632        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:46:30.0718 1632        DMusic - ok

17:46:30.0765 1632        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

17:46:30.0828 1632        Dnscache - ok

17:46:30.0875 1632        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

17:46:30.0984 1632        Dot3svc - ok

17:46:31.0015 1632        dpti2o - ok

17:46:31.0046 1632        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:46:31.0140 1632        drmkaud - ok

17:46:31.0187 1632        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

17:46:31.0296 1632        EapHost - ok

17:46:31.0359 1632        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

17:46:31.0468 1632        ERSvc - ok

17:46:31.0500 1632        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:46:31.0546 1632        Eventlog - ok

17:46:31.0593 1632        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

17:46:31.0640 1632        EventSystem - ok

17:46:31.0656 1632        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:46:31.0765 1632        Fastfat - ok

17:46:31.0812 1632        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

17:46:31.0843 1632        FastUserSwitchingCompatibility - ok

17:46:31.0890 1632        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:46:31.0984 1632        Fdc - ok

17:46:32.0015 1632        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

17:46:32.0109 1632        Fips - ok

17:46:32.0125 1632        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:46:32.0234 1632        Flpydisk - ok

17:46:32.0281 1632        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:46:32.0375 1632        FltMgr - ok

17:46:32.0453 1632        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:46:32.0468 1632        FontCache3.0.0.0 - ok

17:46:32.0484 1632        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:46:32.0593 1632        Fs_Rec - ok

17:46:32.0625 1632        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:46:32.0750 1632        Ftdisk - ok

17:46:32.0781 1632        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:46:32.0906 1632        Gpc - ok

17:46:32.0937 1632        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:46:33.0046 1632        HDAudBus - ok

17:46:33.0078 1632        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:46:33.0171 1632        helpsvc - ok

17:46:33.0218 1632        HidServ - ok

17:46:33.0250 1632        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:46:33.0359 1632        hidusb - ok

17:46:33.0406 1632        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

17:46:33.0500 1632        hkmsvc - ok

17:46:33.0515 1632        hpn - ok

17:46:33.0562 1632        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:46:33.0609 1632        HTTP - ok

17:46:33.0640 1632        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

17:46:33.0765 1632        HTTPFilter - ok

17:46:33.0781 1632        i2omgmt - ok

17:46:33.0796 1632        i2omp - ok

17:46:33.0828 1632        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:46:33.0937 1632        i8042prt - ok

17:46:34.0015 1632        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

17:46:34.0125 1632        iaStor - ok

17:46:34.0250 1632        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:46:34.0328 1632        idsvc - ok

17:46:34.0359 1632        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:46:34.0453 1632        Imapi - ok

17:46:34.0500 1632        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

17:46:34.0609 1632        ImapiService - ok

17:46:34.0625 1632        ini910u - ok

17:46:34.0828 1632        IntcAzAudAddService (6d6b57808c923a4d79cc8f47307753c9) C:\WINDOWS\system32\drivers\RtkHDAud.sys

17:46:35.0187 1632        IntcAzAudAddService - ok

17:46:35.0218 1632        IntelIde - ok

17:46:35.0234 1632        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:46:35.0359 1632        intelppm - ok

17:46:35.0406 1632        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:46:35.0500 1632        Ip6Fw - ok

17:46:35.0546 1632        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:46:35.0656 1632        IpFilterDriver - ok

17:46:35.0703 1632        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:46:35.0812 1632        IpInIp - ok

17:46:35.0843 1632        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:46:35.0953 1632        IpNat - ok

17:46:36.0000 1632        Iprip           (9843f75e31fb74c5fe757d28150c2b9f) C:\WINDOWS\System32\iprip.dll

17:46:36.0109 1632        Iprip - ok

17:46:36.0125 1632        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:46:36.0250 1632        IPSec - ok

17:46:36.0265 1632        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:46:36.0359 1632        IRENUM - ok

17:46:36.0437 1632        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:46:36.0531 1632        isapnp - ok

17:46:36.0640 1632        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe

17:46:36.0656 1632        JavaQuickStarterService - ok

17:46:36.0687 1632        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:46:36.0796 1632        Kbdclass - ok

17:46:36.0859 1632        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:46:36.0968 1632        kmixer - ok

17:46:37.0000 1632        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:46:37.0093 1632        KSecDD - ok

17:46:37.0125 1632        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

17:46:37.0187 1632        lanmanserver - ok

17:46:37.0234 1632        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

17:46:37.0265 1632        lanmanworkstation - ok

17:46:37.0312 1632        lbrtfdc - ok

17:46:37.0343 1632        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

17:46:37.0453 1632        LmHosts - ok

17:46:37.0500 1632        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

17:46:37.0515 1632        LVPr2Mon - ok

17:46:37.0562 1632        LVRS            (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys

17:46:37.0593 1632        LVRS - ok

17:46:37.0781 1632        LVUVC           (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

17:46:38.0093 1632        LVUVC - ok

17:46:38.0171 1632        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe

17:46:38.0187 1632        McComponentHostService - ok

17:46:38.0234 1632        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

17:46:38.0343 1632        Messenger - ok

17:46:38.0390 1632        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:46:38.0500 1632        mnmdd - ok

17:46:38.0562 1632        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

17:46:38.0656 1632        mnmsrvc - ok

17:46:38.0718 1632        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

17:46:38.0828 1632        Modem - ok

17:46:38.0859 1632        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:46:38.0968 1632        Mouclass - ok

17:46:39.0015 1632        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:46:39.0140 1632        mouhid - ok

17:46:39.0187 1632        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:46:39.0281 1632        MountMgr - ok

17:46:39.0296 1632        mraid35x - ok

17:46:39.0343 1632        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:46:39.0437 1632        MRxDAV - ok

17:46:39.0500 1632        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:46:39.0609 1632        MRxSmb - ok

17:46:39.0687 1632        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

17:46:39.0781 1632        MSDTC - ok

17:46:39.0828 1632        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:46:39.0937 1632        Msfs - ok

17:46:39.0953 1632        MSIServer - ok

17:46:39.0984 1632        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:46:40.0078 1632        MSKSSRV - ok

17:46:40.0109 1632        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:46:40.0218 1632        MSPCLOCK - ok

17:46:40.0250 1632        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:46:40.0359 1632        MSPQM - ok

17:46:40.0390 1632        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:46:40.0500 1632        mssmbios - ok

17:46:40.0546 1632        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:46:40.0656 1632        MSTEE - ok

17:46:40.0687 1632        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:46:40.0750 1632        Mup - ok

17:46:40.0828 1632        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:46:40.0921 1632        NABTSFEC - ok

17:46:40.0984 1632        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

17:46:41.0093 1632        napagent - ok

17:46:41.0140 1632        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:46:41.0250 1632        NDIS - ok

17:46:41.0281 1632        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:46:41.0390 1632        NdisIP - ok

17:46:41.0421 1632        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:46:41.0437 1632        NdisTapi - ok

17:46:41.0468 1632        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:46:41.0578 1632        Ndisuio - ok

17:46:41.0625 1632        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:46:41.0734 1632        NdisWan - ok

17:46:41.0765 1632        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:46:41.0828 1632        NDProxy - ok

17:46:41.0890 1632        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:46:41.0984 1632        NetBIOS - ok

17:46:42.0015 1632        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:46:42.0109 1632        NetBT - ok

17:46:42.0156 1632        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:46:42.0265 1632        NetDDE - ok

17:46:42.0265 1632        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:46:42.0359 1632        NetDDEdsdm - ok

17:46:42.0406 1632        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:46:42.0515 1632        Netlogon - ok

17:46:42.0562 1632        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

17:46:42.0671 1632        Netman - ok

17:46:42.0750 1632        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:46:42.0765 1632        NetTcpPortSharing - ok

17:46:42.0890 1632        NETw3x32        (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

17:46:43.0078 1632        NETw3x32 - ok

17:46:43.0171 1632        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:46:43.0281 1632        NIC1394 - ok

17:46:43.0328 1632        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

17:46:43.0375 1632        Nla - ok

17:46:43.0421 1632        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:46:43.0515 1632        Npfs - ok

17:46:43.0562 1632        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:46:43.0687 1632        Ntfs - ok

17:46:43.0718 1632        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:46:43.0812 1632        NtLmSsp - ok

17:46:43.0859 1632        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

17:46:43.0984 1632        NtmsSvc - ok

17:46:44.0031 1632        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:46:44.0156 1632        Null - ok

17:46:44.0359 1632        nv              (0bbd8ad87ddff5e374ca61b611072879) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:46:44.0625 1632        nv - ok

17:46:44.0671 1632        NVSvc           (7e59a21501366df3e3677233219e712e) C:\WINDOWS\system32\nvsvc32.exe

17:46:44.0703 1632        NVSvc - ok

17:46:44.0750 1632        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:46:44.0859 1632        NwlnkFlt - ok

17:46:44.0875 1632        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:46:44.0984 1632        NwlnkFwd - ok

17:46:45.0031 1632        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:46:45.0140 1632        ohci1394 - ok

17:46:45.0187 1632        p2pgasvc        (9bad7edcfee78ff3b3d852e881633c6a) C:\WINDOWS\system32\p2pgasvc.dll

17:46:45.0296 1632        p2pgasvc - ok

17:46:45.0390 1632        p2pimsvc        (02ebbece9fb4a4811ad3c4bb55cced0c) C:\WINDOWS\system32\p2psvc.dll

17:46:45.0546 1632        p2pimsvc - ok

17:46:45.0562 1632        p2psvc          (02ebbece9fb4a4811ad3c4bb55cced0c) C:\WINDOWS\system32\p2psvc.dll

17:46:45.0671 1632        p2psvc - ok

17:46:45.0718 1632        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

17:46:45.0828 1632        Parport - ok

17:46:45.0859 1632        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:46:45.0953 1632        PartMgr - ok

17:46:46.0000 1632        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

17:46:46.0109 1632        ParVdm - ok

17:46:46.0125 1632        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

17:46:46.0218 1632        PCI - ok

17:46:46.0234 1632        PCIDump - ok

17:46:46.0265 1632        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:46:46.0359 1632        PCIIde - ok

17:46:46.0390 1632        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:46:46.0500 1632        Pcmcia - ok

17:46:46.0500 1632        PDCOMP - ok

17:46:46.0531 1632        PDFRAME - ok

17:46:46.0546 1632        PDRELI - ok

17:46:46.0562 1632        PDRFRAME - ok

17:46:46.0578 1632        perc2 - ok

17:46:46.0593 1632        perc2hib - ok

17:46:46.0640 1632        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:46:46.0671 1632        PlugPlay - ok

17:46:46.0703 1632        PNRPSvc         (02ebbece9fb4a4811ad3c4bb55cced0c) C:\WINDOWS\system32\p2psvc.dll

17:46:46.0812 1632        PNRPSvc - ok

17:46:46.0843 1632        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:46:46.0937 1632        PolicyAgent - ok

17:46:46.0984 1632        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:46:47.0093 1632        PptpMiniport - ok

17:46:47.0093 1632        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:46:47.0187 1632        ProtectedStorage - ok

17:46:47.0218 1632        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:46:47.0312 1632        PSched - ok

17:46:47.0343 1632        PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

17:46:47.0359 1632        PSI - ok

17:46:47.0421 1632        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:46:47.0531 1632        Ptilink - ok

17:46:47.0546 1632        ql1080 - ok

17:46:47.0562 1632        Ql10wnt - ok

17:46:47.0593 1632        ql12160 - ok

17:46:47.0609 1632        ql1240 - ok

17:46:47.0625 1632        ql1280 - ok

17:46:47.0640 1632        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:46:47.0750 1632        RasAcd - ok

17:46:47.0828 1632        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

17:46:47.0937 1632        RasAuto - ok

17:46:47.0968 1632        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:46:48.0062 1632        Rasl2tp - ok

17:46:48.0109 1632        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

17:46:48.0218 1632        RasMan - ok

17:46:48.0250 1632        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:46:48.0359 1632        RasPppoe - ok

17:46:48.0375 1632        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:46:48.0500 1632        Raspti - ok

17:46:48.0578 1632        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:46:48.0687 1632        Rdbss - ok

17:46:48.0750 1632        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:46:48.0859 1632        RDPCDD - ok

17:46:48.0937 1632        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

17:46:48.0984 1632        RDPWD - ok

17:46:49.0031 1632        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

17:46:49.0140 1632        RDSessMgr - ok

17:46:49.0187 1632        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:46:49.0281 1632        redbook - ok

17:46:49.0328 1632        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

17:46:49.0437 1632        RemoteAccess - ok

17:46:49.0484 1632        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

17:46:49.0578 1632        RFCOMM - ok

17:46:49.0609 1632        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

17:46:49.0703 1632        RpcLocator - ok

17:46:49.0796 1632        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

17:46:49.0828 1632        RpcSs - ok

17:46:49.0890 1632        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

17:46:50.0000 1632        RSVP - ok

17:46:50.0062 1632        RTL8023xp       (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

17:46:50.0140 1632        RTL8023xp - ok

17:46:50.0156 1632        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:46:50.0250 1632        SamSs - ok

17:46:50.0281 1632        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

17:46:50.0390 1632        SCardSvr - ok

17:46:50.0437 1632        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

17:46:50.0546 1632        Schedule - ok

17:46:50.0578 1632        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:46:50.0671 1632        Secdrv - ok

17:46:50.0718 1632        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

17:46:50.0828 1632        seclogon - ok

17:46:50.0890 1632        Secunia PSI Agent - ok

17:46:50.0906 1632        Secunia Update Agent - ok

17:46:50.0968 1632        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

17:46:51.0078 1632        SENS - ok

17:46:51.0140 1632        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

17:46:51.0234 1632        Serial - ok

17:46:51.0281 1632        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:46:51.0375 1632        Sfloppy - ok

17:46:51.0421 1632        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

17:46:51.0546 1632        SharedAccess - ok

17:46:51.0593 1632        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

17:46:51.0609 1632        ShellHWDetection - ok

17:46:51.0625 1632        Simbad - ok

17:46:51.0671 1632        SimpTcp         (7a1a532f14fde28489dc349c6e404a67) C:\WINDOWS\system32\tcpsvcs.exe

17:46:51.0781 1632        SimpTcp - ok

17:46:51.0859 1632        SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Programme\Skype\Updater\Updater.exe

17:46:51.0875 1632        SkypeUpdate - ok

17:46:51.0953 1632        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:46:52.0062 1632        SLIP - ok

17:46:52.0140 1632        smserial        (6d841806e2a4feff0e0f65989025b964) C:\WINDOWS\system32\DRIVERS\smserial.sys

17:46:52.0265 1632        smserial - ok

17:46:52.0281 1632        Sparrow - ok

17:46:52.0328 1632        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:46:52.0437 1632        splitter - ok

17:46:52.0468 1632        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

17:46:52.0531 1632        Spooler - ok

17:46:52.0578 1632        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

17:46:52.0671 1632        sr - ok

17:46:52.0718 1632        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

17:46:52.0828 1632        srservice - ok

17:46:52.0921 1632        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:46:53.0000 1632        Srv - ok

17:46:53.0062 1632        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

17:46:53.0156 1632        SSDPSRV - ok

17:46:53.0218 1632        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:46:53.0234 1632        ssmdrv - ok

17:46:53.0281 1632        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

17:46:53.0406 1632        stisvc - ok

17:46:53.0453 1632        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:46:53.0562 1632        streamip - ok

17:46:53.0578 1632        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:46:53.0687 1632        swenum - ok

17:46:53.0718 1632        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:46:53.0843 1632        swmidi - ok

17:46:53.0859 1632        SwPrv - ok

17:46:53.0875 1632        symc810 - ok

17:46:53.0890 1632        symc8xx - ok

17:46:53.0906 1632        sym_hi - ok

17:46:53.0921 1632        sym_u3 - ok

17:46:53.0968 1632        SynTP           (9d7385ad343eeed23a61d4ac5ae44601) C:\WINDOWS\system32\DRIVERS\SynTP.sys

17:46:54.0000 1632        SynTP - ok

17:46:54.0093 1632        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:46:54.0203 1632        sysaudio - ok

17:46:54.0250 1632        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

17:46:54.0359 1632        SysmonLog - ok

17:46:54.0406 1632        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

17:46:54.0515 1632        TapiSrv - ok

17:46:54.0593 1632        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:46:54.0640 1632        Tcpip - ok

17:46:54.0671 1632        Tcpip6          (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

17:46:54.0718 1632        Tcpip6 - ok

17:46:54.0750 1632        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:46:54.0843 1632        TDPIPE - ok

17:46:54.0875 1632        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:46:54.0968 1632        TDTCP - ok

17:46:55.0000 1632        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:46:55.0109 1632        TermDD - ok

17:46:55.0171 1632        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

17:46:55.0281 1632        TermService - ok

17:46:55.0328 1632        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

17:46:55.0343 1632        Themes - ok

17:46:55.0375 1632        TosIde - ok

17:46:55.0421 1632        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

17:46:55.0515 1632        TrkWks - ok

17:46:55.0578 1632        tunmp           (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

17:46:55.0703 1632        tunmp - ok

17:46:55.0734 1632        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:46:55.0843 1632        Udfs - ok

17:46:55.0859 1632        ultra - ok

17:46:55.0953 1632        UMVPFSrv        (927754abf077aeb5504be4e0f2c60c1b) C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\UMVPFSrv.exe

17:46:55.0984 1632        UMVPFSrv - ok

17:46:56.0015 1632        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:46:56.0156 1632        Update - ok

17:46:56.0218 1632        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

17:46:56.0328 1632        upnphost - ok

17:46:56.0343 1632        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

17:46:56.0453 1632        UPS - ok

17:46:56.0500 1632        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:46:56.0593 1632        usbaudio - ok

17:46:56.0640 1632        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:46:56.0734 1632        usbccgp - ok

17:46:56.0828 1632        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:46:56.0921 1632        usbehci - ok

17:46:56.0968 1632        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:46:57.0062 1632        usbhub - ok

17:46:57.0093 1632        usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:46:57.0171 1632        usbprint - ok

17:46:57.0187 1632        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:46:57.0296 1632        USBSTOR - ok

17:46:57.0312 1632        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:46:57.0421 1632        usbuhci - ok

17:46:57.0453 1632        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

17:46:57.0578 1632        usbvideo - ok

17:46:57.0593 1632        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:46:57.0687 1632        VgaSave - ok

17:46:57.0703 1632        ViaIde - ok

17:46:57.0750 1632        viamraid        (25700f5d901d8a8f4c7e851788a2707d) C:\WINDOWS\system32\DRIVERS\viamraid.sys

17:46:57.0781 1632        viamraid - ok

17:46:57.0828 1632        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

17:46:57.0921 1632        VolSnap - ok

17:46:57.0984 1632        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

17:46:58.0093 1632        VSS - ok

17:46:58.0140 1632        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

17:46:58.0250 1632        W32Time - ok

17:46:58.0281 1632        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:46:58.0390 1632        Wanarp - ok

17:46:58.0421 1632        WDICA - ok

17:46:58.0453 1632        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:46:58.0546 1632        wdmaud - ok

17:46:58.0609 1632        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

17:46:58.0703 1632        WebClient - ok

17:46:58.0781 1632        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:46:58.0890 1632        winmgmt - ok

17:46:58.0937 1632        WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll

17:46:59.0031 1632        WmdmPmSN - ok

17:46:59.0109 1632        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

17:46:59.0203 1632        WmiAcpi - ok

17:46:59.0250 1632        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:46:59.0343 1632        WmiApSrv - ok

17:46:59.0406 1632        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:46:59.0515 1632        WS2IFSL - ok

17:46:59.0578 1632        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

17:46:59.0671 1632        wscsvc - ok

17:46:59.0750 1632        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:46:59.0859 1632        WSTCODEC - ok

17:46:59.0890 1632        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

17:47:00.0015 1632        wuauserv - ok

17:47:00.0062 1632        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

17:47:00.0203 1632        WZCSVC - ok

17:47:00.0250 1632        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

17:47:00.0359 1632        xmlprov - ok

17:47:00.0375 1632        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

17:47:00.0562 1632        \Device\Harddisk0\DR0 - ok

17:47:00.0578 1632        Boot (0x1200)   (c47f7eea6154e1af146cd0a2bcbcf92c) \Device\Harddisk0\DR0\Partition0

17:47:00.0578 1632        \Device\Harddisk0\DR0\Partition0 - ok

17:47:00.0593 1632        Boot (0x1200)   (ad553f22e0911cbbefcd48a04292872d) \Device\Harddisk0\DR0\Partition1

17:47:00.0593 1632        \Device\Harddisk0\DR0\Partition1 - ok

17:47:00.0593 1632        ============================================================

17:47:00.0593 1632        Scan finished

17:47:00.0593 1632        ============================================================

17:47:00.0703 1484        Detected object count: 1

17:47:00.0703 1484        Actual detected object count: 1