Trojaner-Board - Verschlüsselungs-Trojaner TR/Jorik.Zbot.dkw

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Verschlüsselungs-Trojaner TR/Jorik.Zbot.dkw (https://www.trojaner-board.de/118336-verschluesselungs-trojaner-tr-jorik-zbot-dkw.html)

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 21.07.2012 11:26:17 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Daniel Sun\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

510,98 Mb Total Physical Memory | 278,94 Mb Available Physical Memory | 54,59% Memory free

1,22 Gb Paging File | 0,69 Gb Available in Paging File | 56,28% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 46,29 Gb Total Space | 2,91 Gb Free Space | 6,28% Space Free | Partition Type: NTFS

Drive D: | 37,00 Gb Total Space | 6,09 Gb Free Space | 16,46% Space Free | Partition Type: NTFS

Drive E: | 9,76 Gb Total Space | 2,78 Gb Free Space | 28,44% Space Free | Partition Type: FAT32

Drive H: | 465,76 Gb Total Space | 74,73 Gb Free Space | 16,04% Space Free | Partition Type: NTFS

 

Computer Name: DANIEL | User Name: Daniel Sun | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.21 10:12:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\OTL.exe

PRC - [2012.05.13 10:32:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.13 10:31:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.05.13 10:31:55 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.13 10:31:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe

PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009.04.02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SAMSUNG\Samsung New PC Studio\NPSAgent.exe

PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe

PRC - [2008.07.21 18:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Programme\Maxtor One touch 4\OneTouch Status\MaxMenuMgr.exe

PRC - [2008.07.21 18:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Maxtor One touch 4\Sync\SyncServices.exe

PRC - [2008.06.19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008.01.31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe

PRC - [2007.10.21 17:50:58 | 000,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

PRC - [2006.06.09 20:38:00 | 000,294,912 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Programme\FinePixViewer\QuickDCF2.exe

PRC - [2005.06.23 21:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

PRC - [2005.04.30 18:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe

PRC - [2005.01.11 19:18:40 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

PRC - [2005.01.11 19:18:40 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

PRC - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

PRC - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

PRC - [2005.01.11 19:17:20 | 000,118,926 | ---- | M] (CyberLink Corp.) -- C:\Programme\Home Cinema\PowerCinema\PCMService.exe

PRC - [2004.12.01 16:54:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2004.11.29 20:55:44 | 000,569,405 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2004.11.29 20:55:10 | 001,261,652 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2004.11.02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe

PRC - [2004.10.05 17:25:10 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe

PRC - [2003.06.20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.07.08 22:51:28 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll

MOD - [2012.07.08 22:46:59 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65801ce9901782d7d91bcab541ffc163\System.Windows.Forms.ni.dll

MOD - [2012.07.08 22:45:55 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll

MOD - [2012.07.06 23:36:41 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

MOD - [2012.05.13 10:32:12 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2012.05.13 10:24:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b9a87bd4453655cef92df71d1623a50e\System.Configuration.ni.dll

MOD - [2012.05.11 22:44:06 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll

MOD - [2012.05.11 22:37:11 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll

MOD - [2012.05.11 22:36:43 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll

MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2008.06.19 19:08:52 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2006.02.22 13:44:00 | 000,061,440 | ---- | M] () -- C:\Programme\FinePixViewer\wia_register_event.dll

MOD - [2005.10.07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Programme\win rar\RarExt.dll

MOD - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

MOD - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

MOD - [2005.01.11 19:17:50 | 000,168,020 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapEngine.dll

MOD - [2005.01.11 19:17:50 | 000,057,422 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSchMgr.dll

MOD - [2005.01.11 19:17:50 | 000,028,672 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvcps.dll

MOD - [2005.01.11 19:17:14 | 000,229,458 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll

MOD - [2004.11.29 20:56:52 | 000,053,248 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.07.20 09:32:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.13 10:32:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.13 10:31:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.05.05 10:37:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2009.01.21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2009.01.07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2008.07.21 18:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Maxtor One touch 4\Sync\SyncServices.exe -- (Maxtor Sync Service)

SRV - [2008.06.19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2005.04.30 18:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2005.01.11 19:18:40 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003.06.20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\UltraStar Deluxe\zlportio.sys -- (zlportio)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\x10uif.sys -- (X10UIF)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Antivirus\BullGuard 5.0\reconn.sys -- (Reconn)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Antivirus\BullGuard 5.0\filespy5.sys -- (FileSpy5)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.07.05 13:11:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012.05.13 10:32:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.13 10:32:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.04.03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)

DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)

DRV - [2008.06.19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008.06.10 22:22:52 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)

DRV - [2008.06.02 16:19:16 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)

DRV - [2008.06.02 16:19:12 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)

DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007.05.03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)

DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2005.06.02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2005.02.23 19:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)

DRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

DRV - [2005.01.26 12:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2005.01.10 17:54:02 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)

DRV - [2004.12.21 15:33:00 | 000,909,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004.12.01 21:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004.11.29 20:36:22 | 000,399,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2004.11.29 20:34:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)

DRV - [2004.11.29 20:34:32 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)

DRV - [2004.11.29 20:34:20 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2004.11.29 20:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2004.11.29 20:31:16 | 000,030,299 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2004.11.29 20:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2004.10.29 19:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)

DRV - [2004.10.06 15:10:46 | 000,945,152 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)

DRV - [2004.08.04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2004.08.04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2004.07.22 15:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2004.05.27 00:07:30 | 000,067,584 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)

DRV - [2004.05.26 16:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2004.01.16 14:02:58 | 000,017,408 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2000.01.08 10:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com

IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\SearchScopes\{2BA80DF8-0538-46ED-A850-D5613E0159F3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DVXE_de

IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\SearchScopes\{7798EBD2-8976-4E51-9738-7B6082A1F5FF}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.06.12 18:20:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.05.13 23:06:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.05.13 23:06:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7\Extensions\\Components: C:\Programme\Mozilla1.7\Components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7\Extensions\\Plugins: C:\Programme\Mozilla1.7\Plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.20 09:32:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.15 10:22:38 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7\Extensions\\Components: C:\Programme\Mozilla1.7\Components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7\Extensions\\Plugins: C:\Programme\Mozilla1.7\Plugins

 

[2008.10.22 14:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Mozilla\Extensions

[2012.07.08 23:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Mozilla\Firefox\Profiles\lig3szrt.default\extensions

[2012.01.11 12:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2007.10.21 17:44:11 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com

[2012.07.20 09:32:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2006.01.18 13:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npsnapfish.dll

[2011.10.05 21:37:03 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.05 21:37:03 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.10.05 21:37:03 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.05 21:37:03 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.05 21:37:03 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.05 21:37:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O3 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor One touch 4\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKLM..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe File not found

O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()

O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)

O4 - HKLM..\Run: [RemoteControl] C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found

O4 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008..\Run: [AutoStartNPSAgent] C:\Programme\SAMSUNG\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008..\Run: [ReJf5vH] C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Microsoft\Windows\rjatyd.exe File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher 2.lnk = C:\Programme\FinePixViewer\QuickDCF2.exe (FUJI PHOTO FILM CO., LTD.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()

O4 - Startup: C:\Dokumente und Einstellungen\Daniel Sun\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Macromedia Active Shockwave)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104261081168 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} hxxp://www.studivz.net/lib/photouploader/PhotoUploader.cab (Photo Uploader Control)

O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64E6EFBD-4F93-49EC-A677-C57C96FB2574}: NameServer = 192.168.71.199

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6769707-45E0-4107-A111-89987CAD1CF6}: NameServer = 213.209.104.250 213.209.104.220

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)

O18 - Protocol\Filter\text/html - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Daniel Sun\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Daniel Sun\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.10.30 21:26:08 | 000,000,131 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - Unable to obtain root file information for disk E:\

O32 - Unable to obtain root file information for disk H:\

O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell - "" = AutoRun

O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{4c02ab01-15bb-11dd-b871-000e35d07965}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe

O33 - MountPoints2\{ee8d0990-2ece-11db-b5a2-00038a000015}\Shell\AutoRun\command - "" = G:\setupSNK.exe

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.21 11:24:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\OTL

[2012.07.21 10:12:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\OTL.exe

[2012.07.14 14:12:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\ESET online scanner

[2012.07.05 17:34:06 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.07.05 17:33:09 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\esetsmartinstaller_enu.exe

[2012.07.05 13:10:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.07.05 13:10:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Malwarebytes

[2012.07.05 13:10:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.07.05 13:10:08 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.07.05 13:07:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\Malwarebytes

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.21 11:37:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.07.21 10:12:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\OTL.exe

[2012.07.21 10:01:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.07.21 09:52:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.07.21 09:52:37 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.20 09:53:29 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

[2012.07.19 09:57:20 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.07.19 09:50:36 | 000,624,883 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\adwcleaner.exe

[2012.07.19 09:23:33 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.07.14 18:13:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.07.06 23:37:26 | 000,461,356 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.07.06 23:37:26 | 000,436,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.07.06 23:37:26 | 000,086,042 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.07.06 23:37:26 | 000,070,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.07.06 15:00:01 | 000,000,552 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Daniel Sun.job

[2012.07.05 17:33:10 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\esetsmartinstaller_enu.exe

[2012.07.05 13:11:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.07.05 13:10:10 | 000,000,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.05 13:04:20 | 000,000,554 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Wilhelm.tel.lnk

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.19 09:50:23 | 000,624,883 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\adwcleaner.exe

[2012.07.05 13:10:10 | 000,000,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.15 18:05:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.11.20 11:47:10 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\yNteLJfXjgGlouday

[2011.02.22 22:56:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2011.02.22 22:56:32 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2011.02.22 22:56:16 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\$_hpcst$.hpc

[2010.09.13 17:48:33 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006.09.21 15:19:47 | 000,004,096 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\log.dat

[2005.03.09 19:12:46 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2005.02.23 12:07:02 | 000,056,186 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\wklnhst.dat

[2005.02.23 12:07:00 | 000,248,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005.02.23 12:07:00 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[1601.02.13 10:28:18 | 000,003,836 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\GlEuUaqrssnJfXAgG

[1601.02.13 10:28:18 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel Sun\VequtaEOUlAJGXnNV

 
 ========== LOP Check ==========

 

[2005.01.12 08:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX

[2008.12.11 10:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development

[2012.05.24 14:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games

[2012.06.12 18:15:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy3_America

[2007.12.12 19:20:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon

[2011.04.21 14:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware

[2008.01.21 19:30:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor

[2005.01.10 02:30:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies

[2011.02.22 23:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2006.10.30 22:06:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle

[2006.10.30 21:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio

[2012.05.23 12:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rionix

[2009.12.07 18:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2006.10.30 21:29:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc

[2012.05.24 15:26:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2010.05.10 19:39:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012.05.24 14:25:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Artifex Mundi

[2012.06.12 18:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Audacity

[2012.06.12 18:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Azureus

[2012.06.12 18:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DDMSettings

[2011.11.20 16:51:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

[2011.11.30 12:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoft

[2012.06.12 18:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoftIEHelpers

[2012.06.12 18:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\FUJIFILM

[2012.04.06 16:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\gtk-2.0

[2007.12.12 19:20:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\HaCon

[2012.02.07 19:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Klett

[2008.04.24 16:46:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Leadertech

[2011.04.21 14:55:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Lexware

[2005.01.12 08:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\MAGIX

[2011.06.20 10:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\OpenOffice.org

[2011.02.22 23:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\PC Suite

[2012.06.12 18:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\pokerth

[2011.02.22 22:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Samsung

[2007.03.17 23:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Snapfish

[2005.01.12 08:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\MAGIX

[2005.01.10 17:54:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander

[2007.02.12 13:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\X10 Commander

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.11.20 11:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Adobe

[2012.06.12 18:21:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\AdobeUM

[2012.06.12 18:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Ahead

[2007.01.16 10:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\AOL

[2010.09.01 13:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Apple Computer

[2012.05.24 14:25:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Artifex Mundi

[2012.06.12 18:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Audacity

[2012.02.16 18:12:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Avira

[2012.06.12 18:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Azureus

[2009.10.02 20:04:32 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Brother

[2005.02.23 12:39:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\CyberLink

[2012.06.12 18:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DDMSettings

[2011.11.20 16:51:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

[2010.06.01 19:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DivX

[2011.11.30 12:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoft

[2012.06.12 18:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\DVDVideoSoftIEHelpers

[2012.06.12 18:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\FUJIFILM

[2008.07.16 18:03:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Google

[2012.04.06 16:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\gtk-2.0

[2007.12.12 19:20:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\HaCon

[2012.06.12 18:21:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Help

[2005.10.14 23:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Hewlett-Packard

[2004.12.28 18:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Identities

[2009.10.02 19:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\InstallShield

[2005.01.18 09:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Intel

[2012.02.07 19:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Klett

[2008.04.24 16:46:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Leadertech

[2011.04.21 14:55:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Lexware

[2005.01.02 17:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Macromedia

[2005.01.12 08:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\MAGIX

[2012.07.05 13:10:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Malwarebytes

[2012.06.12 18:23:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Microsoft

[2008.10.22 14:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Mozilla

[2011.06.20 10:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\OpenOffice.org

[2011.02.22 23:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\PC Suite

[2007.10.21 17:44:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\PC Tools

[2012.06.12 18:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\pokerth

[2005.01.01 20:32:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Real

[2012.06.12 18:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Reallusion

[2011.02.22 22:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Samsung

[2012.06.12 18:24:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Skype

[2007.03.17 23:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Snapfish

[2005.01.01 20:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Sun

[2007.01.18 11:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Talkback

[2008.04.24 11:46:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\U3

[2012.06.12 18:24:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\vlc

[2005.01.02 10:17:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\You've Got Pictures Screensaver

 
 < %APPDATA%\*.exe /s >

[2011.11.20 16:47:07 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011.11.20 11:38:35 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe

[2011.09.15 17:17:24 | 005,147,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe

[2006.12.14 10:00:02 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\U3\temp\cleanup.exe

[2007.02.12 17:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2001.01.10 13:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.10.01 12:23:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.10.01 12:23:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.10.01 12:23:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.10.01 12:23:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Dokumente und Einstellungen\Daniel Sun\Desktop\Malwarebytes\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2004.12.28 19:05:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004.12.28 19:05:15 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004.12.28 19:05:15 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F43B7E8F

@Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:07C99568

@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F98E6C67

@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FA5F15C4

@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
 

< End of report >

--- --- ---
[/code]

LG Daniel Sun

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O3 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKLM..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe File not found

O4 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008..\Run: [ReJf5vH] C:\Dokumente und Einstellungen\Daniel Sun\Anwendungsdaten\Microsoft\Windows\rjatyd.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.10.30 21:26:08 | 000,000,131 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - Unable to obtain root file information for disk E:\

O32 - Unable to obtain root file information for disk H:\

O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell - "" = AutoRun

O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{4c02ab01-15bb-11dd-b871-000e35d07965}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe

O33 - MountPoints2\{ee8d0990-2ece-11db-b5a2-00038a000015}\Shell\AutoRun\command - "" = G:\setupSNK.exe

@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F43B7E8F

@Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:07C99568

@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F98E6C67

@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FA5F15C4

@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Einmal das OTL Fix Logfile:

Code:

 All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1201297730-1576740685-3053416582-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-1201297730-1576740685-3053416582-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCLEPCI deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1201297730-1576740685-3053416582-1008\Software\Microsoft\Windows\CurrentVersion\Run\\ReJf5vH deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1201297730-1576740685-3053416582-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

File  not found.

File  not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ea758d0-e6b7-11dc-b815-000e35d07965}\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c02ab01-15bb-11dd-b871-000e35d07965}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c02ab01-15bb-11dd-b871-000e35d07965}\ not found.

File G:\wd_windows_tools\setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee8d0990-2ece-11db-b5a2-00038a000015}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee8d0990-2ece-11db-b5a2-00038a000015}\ not found.

File G:\setupSNK.exe not found.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F43B7E8F deleted successfully.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:07C99568 deleted successfully.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F98E6C67 deleted successfully.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FA5F15C4 deleted successfully.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 369018 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 300 bytes

 

User: All Users

 

User: Besitzer

 

User: Daniel Sun

->Temp folder emptied: 73146421 bytes

->Temporary Internet Files folder emptied: 13265258 bytes

->Java cache emptied: 149180 bytes

->FireFox cache emptied: 115414121 bytes

->Flash cache emptied: 20638697 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 278662 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 56775 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 42049306 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33172 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1706597 bytes

%systemroot%\System32 .tmp files removed: 8522240 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2875073 bytes

RecycleBin emptied: 4889376 bytes

 

Total Files Cleaned = 270,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Besitzer

 

User: Daniel Sun

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_165210
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

LG Daniel Sun

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Ist erledigt:

Code:

 09:45:11.0731 2436        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

09:45:11.0801 2436        ============================================================

09:45:11.0801 2436        Current date / time: 2012/07/26 09:45:11.0801

09:45:11.0801 2436        SystemInfo:

09:45:11.0801 2436        

09:45:11.0801 2436        OS Version: 5.1.2600 ServicePack: 3.0

09:45:11.0801 2436        Product type: Workstation

09:45:11.0801 2436        ComputerName: DANIEL

09:45:11.0801 2436        UserName: Daniel Sun

09:45:11.0801 2436        Windows directory: C:\WINDOWS

09:45:11.0801 2436        System windows directory: C:\WINDOWS

09:45:11.0801 2436        Processor architecture: Intel x86

09:45:11.0801 2436        Number of processors: 1

09:45:11.0801 2436        Page size: 0x1000

09:45:11.0801 2436        Boot type: Normal boot

09:45:11.0801 2436        ============================================================

09:45:15.0526 2436        Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

09:45:15.0536 2436        Drive \Device\Harddisk1\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

09:45:15.0556 2436        ============================================================

09:45:15.0556 2436        \Device\Harddisk0\DR0:

09:45:15.0556 2436        MBR partitions:

09:45:15.0556 2436        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5C9559C

09:45:15.0597 2436        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5C9561A, BlocksNum 0x49FFD1F

09:45:15.0607 2436        \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0xA695378, BlocksNum 0x1388AFC

09:45:15.0607 2436        \Device\Harddisk1\DR5:

09:45:15.0607 2436        MBR partitions:

09:45:15.0607 2436        \Device\Harddisk1\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

09:45:15.0607 2436        ============================================================

09:45:16.0318 2436        C: <-> \Device\Harddisk0\DR0\Partition0

09:45:16.0368 2436        D: <-> \Device\Harddisk0\DR0\Partition1

09:45:16.0368 2436        E: <-> \Device\Harddisk0\DR0\Partition2

09:45:16.0378 2436        H: <-> \Device\Harddisk1\DR5\Partition0

09:45:16.0378 2436        ============================================================

09:45:16.0378 2436        Initialize success

09:45:16.0378 2436        ============================================================

09:45:57.0206 2864        ============================================================

09:45:57.0206 2864        Scan started

09:45:57.0206 2864        Mode: Manual; SigCheck; TDLFS; 

09:45:57.0206 2864        ============================================================

09:46:04.0667 2864        3xHybrid        (97165948af80eda4a3015eb536a85818) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys

09:46:09.0424 2864        3xHybrid - ok

09:46:09.0925 2864        61883           (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

09:46:14.0331 2864        61883 - ok

09:46:14.0341 2864        Abiosdsk - ok

09:46:14.0351 2864        abp480n5 - ok

09:46:17.0185 2864        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:46:17.0866 2864        ACPI - ok

09:46:18.0126 2864        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

09:46:18.0387 2864        ACPIEC - ok

09:46:18.0497 2864        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

09:46:18.0537 2864        AdobeFlashPlayerUpdateSvc - ok

09:46:18.0547 2864        adpu160m - ok

09:46:18.0587 2864        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:46:18.0747 2864        aec - ok

09:46:18.0807 2864        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:46:18.0858 2864        AFD - ok

09:46:18.0958 2864        AgereSoftModem  (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

09:46:19.0128 2864        AgereSoftModem - ok

09:46:19.0168 2864        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

09:46:19.0328 2864        agp440 - ok

09:46:19.0338 2864        Aha154x - ok

09:46:19.0348 2864        aic78u2 - ok

09:46:19.0358 2864        aic78xx - ok

09:46:19.0549 2864        ALCXWDM         (4e0aca5290b2966f24c45250a56c2da1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

09:46:19.0979 2864        ALCXWDM - ok

09:46:20.0099 2864        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

09:46:20.0270 2864        Alerter - ok

09:46:20.0280 2864        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

09:46:20.0430 2864        ALG - ok

09:46:20.0460 2864        AliIde - ok

09:46:20.0460 2864        amsint - ok

09:46:20.0590 2864        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe

09:46:20.0620 2864        AntiVirSchedulerService - ok

09:46:20.0660 2864        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe

09:46:20.0680 2864        AntiVirService - ok

09:46:20.0770 2864        Apple Mobile Device (d503df3aba595f551b98b9bae017a271) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:46:20.0790 2864        Apple Mobile Device - ok

09:46:20.0800 2864        AppMgmt - ok

09:46:20.0850 2864        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:46:21.0011 2864        Arp1394 - ok

09:46:21.0041 2864        Asapi           (7de1504dba7e72313bb4ca5587df86cf) C:\WINDOWS\system32\drivers\Asapi.sys

09:46:21.0041 2864        Asapi ( UnsignedFile.Multi.Generic ) - warning

09:46:21.0041 2864        Asapi - detected UnsignedFile.Multi.Generic (1)

09:46:21.0081 2864        ASAPIW2K        (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\asapiW2k.sys

09:46:21.0091 2864        ASAPIW2K ( UnsignedFile.Multi.Generic ) - warning

09:46:21.0091 2864        ASAPIW2K - detected UnsignedFile.Multi.Generic (1)

09:46:21.0101 2864        asc - ok

09:46:21.0111 2864        asc3350p - ok

09:46:21.0121 2864        asc3550 - ok

09:46:21.0251 2864        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

09:46:21.0261 2864        aspnet_state - ok

09:46:21.0321 2864        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:46:21.0471 2864        AsyncMac - ok

09:46:21.0501 2864        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:46:21.0652 2864        atapi - ok

09:46:21.0672 2864        Atdisk - ok

09:46:21.0742 2864        Ati HotKey Poller (95c8d501214b4ae5e786c540063d6378) C:\WINDOWS\system32\Ati2evxx.exe

09:46:21.0842 2864        Ati HotKey Poller - ok

09:46:21.0902 2864        ati2mtag        (3714f1bf8e347a66405be47af3738a2d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:46:22.0042 2864        ati2mtag - ok

09:46:22.0072 2864        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:46:22.0222 2864        Atmarpc - ok

09:46:22.0272 2864        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

09:46:22.0423 2864        AudioSrv - ok

09:46:22.0463 2864        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:46:22.0613 2864        audstub - ok

09:46:22.0643 2864        Avc             (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

09:46:22.0803 2864        Avc - ok

09:46:22.0853 2864        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

09:46:22.0903 2864        avgntflt - ok

09:46:22.0943 2864        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys

09:46:22.0973 2864        avipbb - ok

09:46:23.0013 2864        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

09:46:23.0034 2864        avkmgr - ok

09:46:23.0094 2864        bcm4sbxp        (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

09:46:23.0134 2864        bcm4sbxp - ok

09:46:23.0184 2864        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:46:23.0354 2864        Beep - ok

09:46:23.0434 2864        bgsvcgen        (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe

09:46:23.0454 2864        bgsvcgen ( UnsignedFile.Multi.Generic ) - warning

09:46:23.0454 2864        bgsvcgen - detected UnsignedFile.Multi.Generic (1)

09:46:23.0524 2864        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

09:46:23.0825 2864        BITS - ok

09:46:23.0915 2864        Bonjour Service (ebad0f51d8d4dade7660b1851addbd07) C:\Programme\Bonjour\mDNSResponder.exe

09:46:23.0955 2864        Bonjour Service - ok

09:46:24.0025 2864        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

09:46:24.0155 2864        Browser - ok

09:46:24.0195 2864        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

09:46:24.0245 2864        BrScnUsb - ok

09:46:24.0315 2864        btaudio         (5d0ba6d229996a5f640f571ad478e532) C:\WINDOWS\system32\drivers\btaudio.sys

09:46:24.0375 2864        btaudio ( UnsignedFile.Multi.Generic ) - warning

09:46:24.0375 2864        btaudio - detected UnsignedFile.Multi.Generic (1)

09:46:24.0416 2864        BTDriver        (0cd9a9aadabe621b3872e54283cd4bee) C:\WINDOWS\system32\DRIVERS\btport.sys

09:46:24.0436 2864        BTDriver ( UnsignedFile.Multi.Generic ) - warning

09:46:24.0436 2864        BTDriver - detected UnsignedFile.Multi.Generic (1)

09:46:24.0476 2864        BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

09:46:24.0636 2864        BthEnum - ok

09:46:24.0706 2864        BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

09:46:24.0866 2864        BthPan - ok

09:46:24.0906 2864        BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys

09:46:24.0946 2864        BTHPORT - ok

09:46:24.0976 2864        BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll

09:46:25.0127 2864        BthServ - ok

09:46:25.0177 2864        BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

09:46:25.0337 2864        BTHUSB - ok

09:46:25.0447 2864        BTKRNL          (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

09:46:25.0577 2864        BTKRNL ( UnsignedFile.Multi.Generic ) - warning

09:46:25.0577 2864        BTKRNL - detected UnsignedFile.Multi.Generic (1)

09:46:25.0687 2864        BTSERIAL        (ca33ae514a49105f2b6b9bd48c49d4de) C:\WINDOWS\system32\drivers\btserial.sys

09:46:25.0697 2864        BTSERIAL ( UnsignedFile.Multi.Generic ) - warning

09:46:25.0697 2864        BTSERIAL - detected UnsignedFile.Multi.Generic (1)

09:46:25.0767 2864        BTSLBCSP        (2718bb436b801b32b3bce8b1ee23968d) C:\WINDOWS\system32\drivers\btslbcsp.sys

09:46:25.0808 2864        BTSLBCSP ( UnsignedFile.Multi.Generic ) - warning

09:46:25.0808 2864        BTSLBCSP - detected UnsignedFile.Multi.Generic (1)

09:46:25.0898 2864        btwdins         (14ed6f66e516ef4ba45052c232a2350c) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

09:46:25.0968 2864        btwdins ( UnsignedFile.Multi.Generic ) - warning

09:46:25.0968 2864        btwdins - detected UnsignedFile.Multi.Generic (1)

09:46:26.0008 2864        BTWDNDIS        (59a6c89408366364ad3d8ab66c771bd5) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

09:46:26.0038 2864        BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning

09:46:26.0038 2864        BTWDNDIS - detected UnsignedFile.Multi.Generic (1)

09:46:26.0078 2864        BTWUSB          (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys

09:46:26.0088 2864        BTWUSB ( UnsignedFile.Multi.Generic ) - warning

09:46:26.0088 2864        BTWUSB - detected UnsignedFile.Multi.Generic (1)

09:46:26.0148 2864        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:46:26.0318 2864        cbidf2k - ok

09:46:26.0358 2864        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

09:46:26.0498 2864        CCDECODE - ok

09:46:26.0519 2864        cd20xrnt - ok

09:46:26.0559 2864        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:46:26.0719 2864        Cdaudio - ok

09:46:26.0739 2864        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:46:26.0869 2864        Cdfs - ok

09:46:26.0889 2864        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:46:27.0049 2864        Cdrom - ok

09:46:27.0059 2864        Changer - ok

09:46:27.0099 2864        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

09:46:27.0250 2864        CiSvc - ok

09:46:27.0400 2864        CLCapSvc        (0138fdf9018056be2d59612dae2973d6) C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

09:46:27.0410 2864        CLCapSvc ( UnsignedFile.Multi.Generic ) - warning

09:46:27.0410 2864        CLCapSvc - detected UnsignedFile.Multi.Generic (1)

09:46:27.0450 2864        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

09:46:27.0600 2864        ClipSrv - ok

09:46:27.0760 2864        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:46:27.0780 2864        clr_optimization_v2.0.50727_32 - ok

09:46:27.0830 2864        CLSched         (c19f7d72bf0aa6882cc8a00a826f00cb) C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

09:46:27.0860 2864        CLSched ( UnsignedFile.Multi.Generic ) - warning

09:46:27.0860 2864        CLSched - detected UnsignedFile.Multi.Generic (1)

09:46:27.0901 2864        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:46:28.0041 2864        CmBatt - ok

09:46:28.0051 2864        CmdIde - ok

09:46:28.0081 2864        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:46:28.0231 2864        Compbatt - ok

09:46:28.0241 2864        COMSysApp - ok

09:46:28.0261 2864        Cpqarray - ok

09:46:28.0311 2864        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

09:46:28.0451 2864        CryptSvc - ok

09:46:28.0511 2864        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

09:46:28.0561 2864        CVirtA - ok

09:46:28.0742 2864        CVPND           (98b1b70e250ebca7b7a0a56ad2a7e62f) C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

09:46:28.0862 2864        CVPND - ok

09:46:28.0972 2864        CVPNDRVA        (465ced77e7c4f9d71b81ba600edafac1) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

09:46:29.0032 2864        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

09:46:29.0032 2864        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

09:46:29.0172 2864        CyberLink Media Library Service (2bb11cd367d49098d57a8638adb5bcf6) C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

09:46:29.0192 2864        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning

09:46:29.0192 2864        CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)

09:46:29.0202 2864        dac2w2k - ok

09:46:29.0212 2864        dac960nt - ok

09:46:29.0373 2864        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

09:46:29.0473 2864        DcomLaunch - ok

09:46:29.0503 2864        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

09:46:29.0643 2864        Dhcp - ok

09:46:29.0713 2864        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:46:29.0843 2864        Disk - ok

09:46:29.0853 2864        dmadmin - ok

09:46:29.0903 2864        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

09:46:30.0154 2864        dmboot - ok

09:46:30.0174 2864        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

09:46:30.0334 2864        dmio - ok

09:46:30.0404 2864        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:46:30.0544 2864        dmload - ok

09:46:30.0594 2864        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

09:46:30.0745 2864        dmserver - ok

09:46:30.0765 2864        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:46:30.0915 2864        DMusic - ok

09:46:30.0965 2864        DNE             (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys

09:46:30.0985 2864        DNE - ok

09:46:31.0025 2864        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

09:46:31.0125 2864        Dnscache - ok

09:46:31.0155 2864        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

09:46:31.0325 2864        Dot3svc - ok

09:46:31.0335 2864        dpti2o - ok

09:46:31.0406 2864        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:46:31.0546 2864        drmkaud - ok

09:46:31.0576 2864        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

09:46:31.0706 2864        EapHost - ok

09:46:31.0756 2864        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

09:46:31.0896 2864        ERSvc - ok

09:46:31.0946 2864        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

09:46:31.0976 2864        Eventlog - ok

09:46:32.0036 2864        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

09:46:32.0107 2864        EventSystem - ok

09:46:32.0137 2864        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:46:32.0287 2864        Fastfat - ok

09:46:32.0317 2864        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

09:46:32.0447 2864        FastUserSwitchingCompatibility - ok

09:46:32.0487 2864        Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe

09:46:32.0677 2864        Fax - ok

09:46:32.0727 2864        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

09:46:32.0858 2864        Fdc - ok

09:46:32.0908 2864        FileSpy5 - ok

09:46:32.0928 2864        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

09:46:33.0058 2864        Fips - ok

09:46:33.0098 2864        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:46:33.0248 2864        Flpydisk - ok

09:46:33.0288 2864        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:46:33.0448 2864        FltMgr - ok

09:46:33.0559 2864        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:46:33.0579 2864        FontCache3.0.0.0 - ok

09:46:33.0619 2864        FsUsbExDisk     (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS

09:46:33.0639 2864        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning

09:46:33.0639 2864        FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)

09:46:33.0669 2864        FsUsbExService  (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe

09:46:33.0699 2864        FsUsbExService ( UnsignedFile.Multi.Generic ) - warning

09:46:33.0699 2864        FsUsbExService - detected UnsignedFile.Multi.Generic (1)

09:46:33.0749 2864        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:46:33.0909 2864        Fs_Rec - ok

09:46:33.0959 2864        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:46:34.0129 2864        Ftdisk - ok

09:46:34.0170 2864        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:46:34.0180 2864        GEARAspiWDM - ok

09:46:34.0200 2864        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:46:34.0350 2864        Gpc - ok

09:46:34.0410 2864        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:46:34.0540 2864        helpsvc - ok

09:46:34.0550 2864        HidServ - ok

09:46:34.0580 2864        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:46:34.0720 2864        HidUsb - ok

09:46:34.0780 2864        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

09:46:34.0911 2864        hkmsvc - ok

09:46:34.0921 2864        hpn - ok

09:46:34.0961 2864        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:46:35.0021 2864        HTTP - ok

09:46:35.0041 2864        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

09:46:35.0191 2864        HTTPFilter - ok

09:46:35.0201 2864        i2omgmt - ok

09:46:35.0211 2864        i2omp - ok

09:46:35.0241 2864        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:46:35.0401 2864        i8042prt - ok

09:46:35.0511 2864        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

09:46:35.0511 2864        IDriverT ( UnsignedFile.Multi.Generic ) - warning

09:46:35.0511 2864        IDriverT - detected UnsignedFile.Multi.Generic (1)

09:46:35.0632 2864        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:46:35.0732 2864        idsvc - ok

09:46:35.0832 2864        IKFileSec       (bf1d66c139a4e9be079d47fcfa993578) C:\WINDOWS\system32\drivers\ikfilesec.sys

09:46:35.0842 2864        IKFileSec - ok

09:46:35.0892 2864        IKSysFlt        (a90856d3fc565a0d0165574e51a6d088) C:\WINDOWS\system32\drivers\iksysflt.sys

09:46:35.0912 2864        IKSysFlt - ok

09:46:35.0952 2864        IKSysSec        (6ebded50d6e19879bc3a86c36d3a0f9d) C:\WINDOWS\system32\drivers\iksyssec.sys

09:46:35.0972 2864        IKSysSec - ok

09:46:36.0032 2864        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:46:36.0172 2864        Imapi - ok

09:46:36.0232 2864        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

09:46:36.0383 2864        ImapiService - ok

09:46:36.0403 2864        ini910u - ok

09:46:36.0433 2864        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:46:36.0573 2864        IntelIde - ok

09:46:36.0583 2864        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:46:36.0723 2864        intelppm - ok

09:46:36.0753 2864        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:46:36.0903 2864        Ip6Fw - ok

09:46:36.0934 2864        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:46:37.0104 2864        IpFilterDriver - ok

09:46:37.0134 2864        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:46:37.0284 2864        IpInIp - ok

09:46:37.0324 2864        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:46:37.0484 2864        IpNat - ok

09:46:37.0564 2864        iPod Service    (3c30491045dbbd44a42876b3d6f3917d) C:\Programme\iPod\bin\iPodService.exe

09:46:37.0614 2864        iPod Service - ok

09:46:37.0665 2864        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:46:37.0795 2864        IPSec - ok

09:46:37.0835 2864        irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

09:46:37.0985 2864        irda - ok

09:46:38.0005 2864        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:46:38.0145 2864        IRENUM - ok

09:46:38.0195 2864        Irmon           (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll

09:46:38.0346 2864        Irmon - ok

09:46:38.0386 2864        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:46:38.0516 2864        isapnp - ok

09:46:38.0616 2864        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

09:46:38.0646 2864        JavaQuickStarterService - ok

09:46:38.0656 2864        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:46:38.0796 2864        Kbdclass - ok

09:46:38.0846 2864        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:46:38.0996 2864        kmixer - ok

09:46:39.0047 2864        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:46:39.0107 2864        KSecDD - ok

09:46:39.0147 2864        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

09:46:39.0217 2864        lanmanserver - ok

09:46:39.0267 2864        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

09:46:39.0317 2864        lanmanworkstation - ok

09:46:39.0327 2864        lbrtfdc - ok

09:46:39.0367 2864        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

09:46:39.0497 2864        LmHosts - ok

09:46:39.0567 2864        MarvinBus       (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

09:46:39.0587 2864        MarvinBus ( UnsignedFile.Multi.Generic ) - warning

09:46:39.0587 2864        MarvinBus - detected UnsignedFile.Multi.Generic (1)

09:46:39.0697 2864        Maxtor Sync Service (f96cdd0edb411c1193c5dd9925c306db) C:\Programme\Maxtor One touch 4\Sync\SyncServices.exe

09:46:39.0718 2864        Maxtor Sync Service - ok

09:46:39.0768 2864        MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

09:46:39.0778 2864        MBAMSwissArmy - ok

09:46:39.0878 2864        MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

09:46:39.0918 2864        MDM - ok

09:46:39.0958 2864        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

09:46:40.0098 2864        Messenger - ok

09:46:40.0138 2864        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:46:40.0298 2864        mnmdd - ok

09:46:40.0328 2864        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

09:46:40.0499 2864        mnmsrvc - ok

09:46:40.0539 2864        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

09:46:40.0689 2864        Modem - ok

09:46:40.0709 2864        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:46:40.0849 2864        Mouclass - ok

09:46:40.0889 2864        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:46:41.0049 2864        mouhid - ok

09:46:41.0069 2864        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:46:41.0210 2864        MountMgr - ok

09:46:41.0260 2864        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

09:46:41.0280 2864        MozillaMaintenance - ok

09:46:41.0310 2864        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

09:46:41.0450 2864        MPE - ok

09:46:41.0460 2864        mraid35x - ok

09:46:41.0530 2864        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:46:41.0680 2864        MRxDAV - ok

09:46:41.0750 2864        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:46:41.0881 2864        MRxSmb - ok

09:46:41.0911 2864        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

09:46:42.0051 2864        MSDTC - ok

09:46:42.0091 2864        MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

09:46:42.0271 2864        MSDV - ok

09:46:42.0291 2864        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:46:42.0431 2864        Msfs - ok

09:46:42.0441 2864        MSIServer - ok

09:46:42.0491 2864        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:46:42.0612 2864        MSKSSRV - ok

09:46:42.0632 2864        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:46:42.0782 2864        MSPCLOCK - ok

09:46:42.0822 2864        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:46:42.0972 2864        MSPQM - ok

09:46:43.0002 2864        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:46:43.0142 2864        mssmbios - ok

09:46:43.0193 2864        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

09:46:43.0343 2864        MSTEE - ok

09:46:43.0413 2864        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:46:43.0463 2864        Mup - ok

09:46:43.0503 2864        MxlW2k          (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys

09:46:43.0523 2864        MxlW2k ( UnsignedFile.Multi.Generic ) - warning

09:46:43.0523 2864        MxlW2k - detected UnsignedFile.Multi.Generic (1)

09:46:43.0573 2864        MXOPSWD         (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys

09:46:43.0663 2864        MXOPSWD - ok

09:46:43.0683 2864        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

09:46:43.0823 2864        NABTSFEC - ok

09:46:43.0894 2864        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

09:46:44.0064 2864        napagent - ok

09:46:44.0094 2864        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:46:44.0244 2864        NDIS - ok

09:46:44.0284 2864        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

09:46:44.0434 2864        NdisIP - ok

09:46:44.0494 2864        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:46:44.0564 2864        NdisTapi - ok

09:46:44.0585 2864        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:46:44.0715 2864        Ndisuio - ok

09:46:44.0745 2864        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:46:44.0885 2864        NdisWan - ok

09:46:44.0935 2864        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:46:44.0965 2864        NDProxy - ok

09:46:44.0995 2864        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:46:45.0145 2864        NetBIOS - ok

09:46:45.0175 2864        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:46:45.0336 2864        NetBT - ok

09:46:45.0376 2864        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

09:46:45.0526 2864        NetDDE - ok

09:46:45.0536 2864        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

09:46:45.0666 2864        NetDDEdsdm - ok

09:46:45.0696 2864        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

09:46:45.0826 2864        Netlogon - ok

09:46:45.0856 2864        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

09:46:46.0017 2864        Netman - ok

09:46:46.0157 2864        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:46:46.0177 2864        NetTcpPortSharing - ok

09:46:46.0197 2864        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:46:46.0347 2864        NIC1394 - ok

09:46:46.0397 2864        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

09:46:46.0447 2864        Nla - ok

09:46:46.0517 2864        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:46:46.0647 2864        Npfs - ok

09:46:46.0678 2864        NSCIRDA         (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

09:46:46.0818 2864        NSCIRDA - ok

09:46:46.0868 2864        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:46:47.0048 2864        Ntfs - ok

09:46:47.0078 2864        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

09:46:47.0208 2864        NtLmSsp - ok

09:46:47.0268 2864        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

09:46:47.0469 2864        NtmsSvc - ok

09:46:47.0519 2864        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:46:47.0659 2864        Null - ok

09:46:47.0719 2864        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:46:47.0879 2864        NwlnkFlt - ok

09:46:47.0899 2864        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:46:48.0059 2864        NwlnkFwd - ok

09:46:48.0110 2864        NwlnkIpx        (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

09:46:48.0270 2864        NwlnkIpx - ok

09:46:48.0330 2864        NwlnkNb         (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

09:46:48.0480 2864        NwlnkNb - ok

09:46:48.0500 2864        NwlnkSpx        (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

09:46:48.0660 2864        NwlnkSpx - ok

09:46:48.0680 2864        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:46:48.0821 2864        ohci1394 - ok

09:46:48.0851 2864        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

09:46:48.0991 2864        Parport - ok

09:46:49.0031 2864        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:46:49.0171 2864        PartMgr - ok

09:46:49.0211 2864        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

09:46:49.0371 2864        ParVdm - ok

09:46:49.0421 2864        pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

09:46:49.0472 2864        pccsmcfd - ok

09:46:49.0532 2864        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

09:46:49.0662 2864        PCI - ok

09:46:49.0682 2864        PCIDump - ok

09:46:49.0722 2864        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:46:49.0862 2864        PCIIde - ok

09:46:49.0912 2864        PCLEPCI         (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys

09:46:49.0922 2864        PCLEPCI ( UnsignedFile.Multi.Generic ) - warning

09:46:49.0922 2864        PCLEPCI - detected UnsignedFile.Multi.Generic (1)

09:46:49.0952 2864        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

09:46:50.0102 2864        Pcmcia - ok

09:46:50.0142 2864        PCTCore         (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys

09:46:50.0173 2864        PCTCore - ok

09:46:50.0183 2864        PDCOMP - ok

09:46:50.0193 2864        PDFRAME - ok

09:46:50.0203 2864        PDRELI - ok

09:46:50.0213 2864        PDRFRAME - ok

09:46:50.0223 2864        perc2 - ok

09:46:50.0233 2864        perc2hib - ok

09:46:50.0313 2864        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

09:46:50.0333 2864        PlugPlay - ok

09:46:50.0373 2864        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

09:46:50.0503 2864        PolicyAgent - ok

09:46:50.0563 2864        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:46:50.0703 2864        PptpMiniport - ok

09:46:50.0713 2864        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

09:46:50.0854 2864        ProtectedStorage - ok

09:46:50.0894 2864        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:46:51.0054 2864        Ptilink - ok

09:46:51.0104 2864        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:46:51.0114 2864        PxHelp20 - ok

09:46:51.0134 2864        ql1080 - ok

09:46:51.0154 2864        Ql10wnt - ok

09:46:51.0164 2864        ql12160 - ok

09:46:51.0174 2864        ql1240 - ok

09:46:51.0184 2864        ql1280 - ok

09:46:51.0224 2864        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:46:51.0374 2864        RasAcd - ok

09:46:51.0655 2864        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

09:46:51.0805 2864        RasAuto - ok

09:46:51.0845 2864        Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

09:46:51.0935 2864        Rasirda - ok

09:46:51.0995 2864        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:46:52.0135 2864        Rasl2tp - ok

09:46:52.0195 2864        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

09:46:52.0376 2864        RasMan - ok

09:46:52.0406 2864        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:46:52.0536 2864        RasPppoe - ok

09:46:52.0576 2864        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:46:52.0736 2864        Raspti - ok

09:46:52.0796 2864        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:46:52.0937 2864        Rdbss - ok

09:46:52.0977 2864        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:46:53.0137 2864        RDPCDD - ok

09:46:53.0187 2864        RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

09:46:53.0257 2864        RDPWD - ok

09:46:53.0297 2864        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

09:46:53.0467 2864        RDSessMgr - ok

09:46:53.0517 2864        Reconn - ok

09:46:53.0557 2864        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:46:53.0698 2864        redbook - ok

09:46:53.0738 2864        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

09:46:53.0868 2864        RemoteAccess - ok

09:46:53.0908 2864        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

09:46:54.0048 2864        RFCOMM - ok

09:46:54.0078 2864        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

09:46:54.0208 2864        RpcLocator - ok

09:46:54.0268 2864        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

09:46:54.0288 2864        RpcSs - ok

09:46:54.0359 2864        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

09:46:54.0509 2864        RSVP - ok

09:46:54.0519 2864        s24trans - ok

09:46:54.0549 2864        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

09:46:54.0679 2864        SamSs - ok

09:46:54.0709 2864        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

09:46:54.0869 2864        SCardSvr - ok

09:46:54.0909 2864        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

09:46:55.0070 2864        Schedule - ok

09:46:55.0180 2864        sdAuxService    (2881d5c135d076bcf52b0f5ad3d8dc0b) C:\Programme\Spyware Doctor\pctsAuxs.exe

09:46:55.0220 2864        sdAuxService - ok

09:46:55.0280 2864        sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

09:46:55.0420 2864        sdbus - ok

09:46:55.0490 2864        sdCoreService   (9caca3fad05c4b0d7967592e65b338f1) C:\Programme\Spyware Doctor\pctsSvc.exe

09:46:55.0570 2864        sdCoreService - ok

09:46:55.0650 2864        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:46:55.0781 2864        Secdrv - ok

09:46:55.0821 2864        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

09:46:55.0961 2864        seclogon - ok

09:46:56.0001 2864        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

09:46:56.0141 2864        SENS - ok

09:46:56.0171 2864        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

09:46:56.0321 2864        Serial - ok

09:46:56.0432 2864        ServiceLayer    (9d38320bb32230349379df5ddbbf7fce) C:\Programme\PC Connectivity Solution\ServiceLayer.exe

09:46:56.0512 2864        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning

09:46:56.0512 2864        ServiceLayer - detected UnsignedFile.Multi.Generic (1)

09:46:56.0572 2864        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

09:46:56.0712 2864        Sfloppy - ok

09:46:56.0762 2864        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

09:46:56.0922 2864        SharedAccess - ok

09:46:56.0972 2864        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

09:46:56.0992 2864        ShellHWDetection - ok

09:46:57.0002 2864        Simbad - ok

09:46:57.0022 2864        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

09:46:57.0173 2864        SLIP - ok

09:46:57.0183 2864        Sparrow - ok

09:46:57.0203 2864        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:46:57.0363 2864        splitter - ok

09:46:57.0403 2864        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:46:57.0433 2864        Spooler - ok

09:46:57.0453 2864        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

09:46:57.0593 2864        sr - ok

09:46:57.0653 2864        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

09:46:57.0804 2864        srservice - ok

09:46:57.0874 2864        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:46:57.0974 2864        Srv - ok

09:46:58.0004 2864        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

09:46:58.0144 2864        SSDPSRV - ok

09:46:58.0184 2864        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

09:46:58.0194 2864        ssmdrv - ok

09:46:58.0244 2864        ss_bbus         (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys

09:46:58.0274 2864        ss_bbus - ok

09:46:58.0314 2864        ss_bmdfl        (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys

09:46:58.0334 2864        ss_bmdfl - ok

09:46:58.0364 2864        ss_bmdm         (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys

09:46:58.0384 2864        ss_bmdm - ok

09:46:58.0424 2864        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

09:46:58.0625 2864        stisvc - ok

09:46:58.0655 2864        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

09:46:58.0805 2864        streamip - ok

09:46:58.0815 2864        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:46:58.0965 2864        swenum - ok

09:46:58.0985 2864        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:46:59.0125 2864        swmidi - ok

09:46:59.0135 2864        SwPrv - ok

09:46:59.0145 2864        symc810 - ok

09:46:59.0155 2864        symc8xx - ok

09:46:59.0165 2864        sym_hi - ok

09:46:59.0175 2864        sym_u3 - ok

09:46:59.0226 2864        SynTP           (1a8e6b04907687a8eed75c8031b679fd) C:\WINDOWS\system32\DRIVERS\SynTP.sys

09:46:59.0286 2864        SynTP - ok

09:46:59.0326 2864        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:46:59.0456 2864        sysaudio - ok

09:46:59.0506 2864        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

09:46:59.0646 2864        SysmonLog - ok

09:46:59.0686 2864        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

09:46:59.0846 2864        TapiSrv - ok

09:46:59.0907 2864        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:46:59.0947 2864        Tcpip - ok

09:47:00.0027 2864        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:47:00.0167 2864        TDPIPE - ok

09:47:00.0217 2864        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:47:00.0367 2864        TDTCP - ok

09:47:00.0417 2864        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:47:00.0547 2864        TermDD - ok

09:47:00.0628 2864        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

09:47:00.0778 2864        TermService - ok

09:47:00.0848 2864        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

09:47:00.0858 2864        Themes - ok

09:47:00.0908 2864        tifm21          (fcbaf94b58ad03aca117c7df0eb5f446) C:\WINDOWS\system32\drivers\tifm21.sys

09:47:00.0988 2864        tifm21 - ok

09:47:00.0998 2864        TosIde - ok

09:47:01.0048 2864        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

09:47:01.0188 2864        TrkWks - ok

09:47:01.0238 2864        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:47:01.0399 2864        Udfs - ok

09:47:01.0409 2864        ultra - ok

09:47:01.0469 2864        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:47:01.0679 2864        Update - ok

09:47:01.0709 2864        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

09:47:01.0859 2864        upnphost - ok

09:47:01.0879 2864        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

09:47:02.0030 2864        UPS - ok

09:47:02.0090 2864        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:47:02.0220 2864        usbccgp - ok

09:47:02.0240 2864        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:47:02.0380 2864        usbehci - ok

09:47:02.0430 2864        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:47:02.0570 2864        usbhub - ok

09:47:02.0580 2864        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:47:02.0721 2864        usbprint - ok

09:47:02.0741 2864        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:47:02.0891 2864        usbscan - ok

09:47:02.0921 2864        usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:47:03.0061 2864        usbstor - ok

09:47:03.0111 2864        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:47:03.0241 2864        usbuhci - ok

09:47:03.0281 2864        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:47:03.0442 2864        VgaSave - ok

09:47:03.0442 2864        ViaIde - ok

09:47:03.0502 2864        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

09:47:03.0632 2864        VolSnap - ok

09:47:03.0712 2864        vsdatant        (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

09:47:03.0752 2864        vsdatant - ok

09:47:03.0822 2864        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

09:47:03.0962 2864        VSS - ok

09:47:04.0173 2864        w29n51          (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys

09:47:04.0884 2864        w29n51 - ok

09:47:04.0994 2864        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

09:47:05.0164 2864        W32Time - ok

09:47:05.0234 2864        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:47:05.0384 2864        Wanarp - ok

09:47:05.0394 2864        wanatw - ok

09:47:05.0404 2864        WDICA - ok

09:47:05.0455 2864        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:47:05.0615 2864        wdmaud - ok

09:47:05.0665 2864        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

09:47:05.0805 2864        WebClient - ok

09:47:05.0885 2864        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:47:06.0035 2864        winmgmt - ok

09:47:06.0095 2864        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

09:47:06.0206 2864        WmdmPmSN - ok

09:47:06.0246 2864        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:47:06.0396 2864        WmiApSrv - ok

09:47:06.0556 2864        WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe

09:47:06.0646 2864        WMPNetworkSvc - ok

09:47:06.0716 2864        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:47:06.0736 2864        WpdUsb - ok

09:47:06.0826 2864        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

09:47:06.0957 2864        wscsvc - ok

09:47:06.0997 2864        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

09:47:07.0147 2864        WSTCODEC - ok

09:47:07.0177 2864        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

09:47:07.0347 2864        wuauserv - ok

09:47:07.0397 2864        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:47:07.0437 2864        WudfPf - ok

09:47:07.0487 2864        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:47:07.0538 2864        WudfRd - ok

09:47:07.0548 2864        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

09:47:07.0568 2864        WudfSvc - ok

09:47:07.0618 2864        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

09:47:07.0838 2864        WZCSVC - ok

09:47:07.0908 2864        x10nets         (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

09:47:07.0928 2864        x10nets ( UnsignedFile.Multi.Generic ) - warning

09:47:07.0928 2864        x10nets - detected UnsignedFile.Multi.Generic (1)

09:47:07.0938 2864        X10UIF - ok

09:47:07.0978 2864        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

09:47:08.0128 2864        xmlprov - ok

09:47:08.0198 2864        XUIF            (93692d6b2fcbb63f517642048f5295fb) C:\WINDOWS\system32\Drivers\x10ufx2.sys

09:47:08.0239 2864        XUIF - ok

09:47:08.0279 2864        zlportio - ok

09:47:08.0349 2864        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

09:47:08.0889 2864        \Device\Harddisk0\DR0 - ok

09:47:08.0909 2864        MBR (0x1B8)     (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR5

09:47:09.0861 2864        \Device\Harddisk1\DR5 - ok

09:47:09.0861 2864        Boot (0x1200)   (f4dbbe9ff644837c2b48fe21715a6d57) \Device\Harddisk0\DR0\Partition0

09:47:09.0871 2864        \Device\Harddisk0\DR0\Partition0 - ok

09:47:09.0891 2864        Boot (0x1200)   (0bc102cd49f88e48572995208389ca73) \Device\Harddisk0\DR0\Partition1

09:47:09.0891 2864        \Device\Harddisk0\DR0\Partition1 - ok

09:47:09.0921 2864        Boot (0x1200)   (a0fef84d8915b75baefbd9da793105b7) \Device\Harddisk0\DR0\Partition2

09:47:09.0921 2864        \Device\Harddisk0\DR0\Partition2 - ok

09:47:09.0931 2864        Boot (0x1200)   (2727c5861400f09ddea8135a113a3b92) \Device\Harddisk1\DR5\Partition0

09:47:09.0931 2864        \Device\Harddisk1\DR5\Partition0 - ok

09:47:09.0931 2864        ============================================================

09:47:09.0931 2864        Scan finished

09:47:09.0931 2864        ============================================================

09:47:10.0041 3616        Detected object count: 23

09:47:10.0041 3616        Actual detected object count: 23

09:47:53.0954 3616        Asapi ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0954 3616        Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0954 3616        ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0954 3616        ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0954 3616        bgsvcgen ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0954 3616        bgsvcgen ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0954 3616        btaudio ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0954 3616        btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0964 3616        BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0964 3616        BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0964 3616        BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0964 3616        BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0964 3616        BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0964 3616        BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0964 3616        BTSLBCSP ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0964 3616        BTSLBCSP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0964 3616        btwdins ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0964 3616        btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0964 3616        BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0964 3616        BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0974 3616        BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0974 3616        BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0974 3616        CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0974 3616        CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0974 3616        CLSched ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0974 3616        CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0974 3616        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0974 3616        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0974 3616        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0974 3616        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0974 3616        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0974 3616        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0974 3616        FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0974 3616        FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0974 3616        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0974 3616        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0984 3616        MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0984 3616        MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0984 3616        MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0984 3616        MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0984 3616        PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0984 3616        PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0984 3616        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0984 3616        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 

09:47:53.0984 3616        x10nets ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:53.0984 3616        x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

LG Daniel Sun

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Habe CF viermal laufen lassen. Jedesmal läuft das Programm bis zur Meldung "Löschen von Dateien", dann erscheint ein blauer Bildschirm mit zu viel Text für zu kurze Zeit (aber es ist eine Fehlermeldung mit einem schwerwiegenden Problem), anschließend startet der PC sofort neu, es ist aber keine .txt Datei erzeugt worden.
Hatte sämtliche Programme aus und sogar meine Firewall ausgeschaltet, hilft nix.

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

Leider dreimal dasselbe Ergebnis.

Ich habe beim letzten Durchlauf mal meine externe Festplatte abgekoppelt, um zu sehen ob's daran liegt, aber auch da stürzte der PC leider ab und startete Windows neu.

Was kann ich sonst tun?

LG Daniel Sun

Probier CF noch ein letztes Mal aus, aber dieses Mal im abgesicherten Modus mit Netzwerktreibern

Ich habe leider feststellen müssen, dass ich Windows nicht mehr im abgesicherten Modus gestartet bekomme, weder mit noch ohne Netzwerktreiber.

Na klasse :stirn:

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Wie schon vorhergesagt, GMER stürtzt leider beim Starten des Programms ab.

Die beiden nächsten Schritte haben aber problemlos geklappt.

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 11:51:58 on 30.07.2012
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 13.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"%DESCRIPTION%" (X10UIF) - ? - C:\WINDOWS\System32\Drivers\x10uif.sys  (File not found)

"ASAPIW2K" (ASAPIW2K) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\Drivers\asapiW2k.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys

"Bluetooth Port Client Driver" (BTSLBCSP) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btslbcsp.sys

"Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys

"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys

"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys

"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys

"BullGuard File Monitor" (FileSpy5) - ? - C:\Programme\Antivirus\BullGuard 5.0\filespy5.sys  (File not found)

"BullGuard Mail Monitor" (Reconn) - ? - C:\Programme\Antivirus\BullGuard 5.0\reconn.sys  (File not found)

"catchme" (catchme) - ? - C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

"File Security Driver" (IKFileSec) - "PCTools Research Pty Ltd." - C:\WINDOWS\system32\drivers\ikfilesec.sys

"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys

"MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys

"PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"System Filter Driver" (IKSysFlt) - "PCTools Research Pty Ltd." - C:\WINDOWS\System32\drivers\iksysflt.sys

"System Security Driver" (IKSysSec) - "PCTools Research Pty Ltd." - C:\WINDOWS\System32\drivers\iksyssec.sys

"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys

"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys

"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys

"zlportio" (zlportio) - ? - C:\Programme\UltraStar Deluxe\zlportio.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll

{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL

{EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} "WidImg Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btxppanel.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 10\programs\BlueShellExt.dll  (File found, but it contains no detailed information)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\win rar\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"MedionShop" - ? - hxxp://www.medionshop.de/  (HTTP value)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Macromedia Active Shockwave" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\director\ie32dsw.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc.cab

{96512D57-F751-4088-A689-5778FCC77F7A} "Photo Uploader Control" - "StudiVZ" - C:\WINDOWS\Downloaded Program Files\PhotoUploader.ocx / hxxp://www.studivz.net/lib/photouploader/PhotoUploader.cab

{406B5949-7190-4245-91A9-30A17DE16AD0} "Snapfish Activia" - "Snapfish" - C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx / hxxp://www3.snapfish.de/SnapfishActivia.cab

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

"ATIPTA" - "ATI Technologies, Inc." - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"BrMfcWnd" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun

"CtrlVol" - ? - C:\Programme\Launch Manager\CtrlVol.exe  (File not found)

"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"

"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"

"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart

"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)

"mxomssmenu" - "Maxtor Corporation" - "C:\Programme\Maxtor One touch 4\OneTouch Status\maxmenumgr.exe"

"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe

"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"

"PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"

"PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

"PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime

"REGSHAVE" - "FUJI PHOTO FILM CO., LTD." - C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN

"RemoteControl" - "Cyberlink Corp." - "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"

"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll

"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe

"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"FsUsbExService" (FsUsbExService) - "Teruten" - C:\WINDOWS\system32\FsUsbExService.Exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

"Maxtor Service" (Maxtor Sync Service) - "Seagate Technology LLC" - C:\Programme\Maxtor One touch 4\Sync\SyncServices.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe

"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe

"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und das Logfile von aswMBR:

Code:

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-07-30 11:57:26

-----------------------------

11:57:26.081    OS Version: Windows 5.1.2600 Service Pack 3

11:57:26.081    Number of processors: 1 586 0xD06

11:57:26.081    ComputerName: DANIEL  UserName: 

11:57:27.172    Initialize success

11:58:42.941    AVAST engine defs: 12073000

11:59:18.242    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

11:59:18.262    Disk 0 Vendor: ST9100823A 3.02 Size: 95396MB BusType: 3

11:59:18.312    Disk 0 MBR read successfully

11:59:18.312    Disk 0 MBR scan

11:59:18.553    Disk 0 Windows XP default MBR code

11:59:18.593    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        47402 MB offset 63

11:59:18.613    Disk 0 Partition - 00     0F Extended LBA             47889 MB offset 97080795

11:59:18.653    Disk 0 Partition 2 00     83        Linux                94 MB offset 195157620

11:59:18.693    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        37887 MB offset 97080858

11:59:18.703    Disk 0 Partition - 00     05     Extended             10001 MB offset 174674745

11:59:18.733    Disk 0 Partition 4 00     0B        FAT32 MSWIN4.1    10001 MB offset 174674808

11:59:18.773    Disk 0 scanning sectors +195350400

11:59:18.943    Disk 0 scanning C:\WINDOWS\system32\drivers

11:59:37.930    Service scanning

12:00:01.995    Modules scanning

12:00:13.862    Disk 0 trace - called modules:

12:00:13.892    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 

12:00:13.912    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcbab8]

12:00:13.932    3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\00000087[0x82f849e8]

12:00:13.942    5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fab940]

12:00:14.773    AVAST engine scan C:\WINDOWS

12:00:34.962    AVAST engine scan C:\WINDOWS\system32

12:05:05.672    AVAST engine scan C:\WINDOWS\system32\drivers

12:05:29.166    AVAST engine scan C:\Dokumente und Einstellungen\Daniel Sun

12:30:34.510    AVAST engine scan C:\Dokumente und Einstellungen\All Users

12:36:06.477    Scan finished successfully

12:41:18.887    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Daniel Sun\Desktop\MBR.dat"

12:41:18.907    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Daniel Sun\Desktop\aswMBR.txt"

LG Daniel Sun

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!