Trojaner-Board - Nach Wiederherstellung Trojan.Banker und Backdoor.bot gefunden

Hallo Trojaner-Board Team,

ich habe hier einen Patienten auf meinem Tisch für den ich eure Hilfe bräuchte.
Bekannte erhielten eine Email vom Deutsche Telekom Abuse-Team mit dem Hinweis auf den Mißbrauch des Internet-Zugangs. Daraufhin wurde eine Wiederherstellung auf einen Zeitpunkt vor dem in der Email genannten gemacht.

Zur Kontrolle habe ich jetzt den Rechner bekommen und habe beim Scan mit Anti-Malware Trojan.Banker, Backdoor.bot, Malware.Trace, Trojan.FakeAlert, Stolen.Data und Hijack.UserInit gefunden.
Zum Glück wird der Rechner nicht für Online-Banking benutzt.

Ich habe die Vorarbeiten wie beschrieben durchgeführt und die log-Files beigefügt. Könntet Ihr bitte mal die Logdateien prüfen und mir Empfehlungen für die weitere Vorgehensweise geben.

Vielen Dank schon mal im Voraus!

Gruß Steini

OTL.txt

Code:

OTL logfile created on: 14.11.2012 08:51:22 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,07% Memory free

3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,15% Paging File free

Paging file location(s): D:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 29,29 Gb Total Space | 12,20 Gb Free Space | 41,63% Space Free | Partition Type: NTFS

Drive D: | 119,67 Gb Total Space | 99,83 Gb Free Space | 83,42% Space Free | Partition Type: NTFS

Drive F: | 3,77 Gb Total Space | 3,69 Gb Free Space | 97,91% Space Free | Partition Type: FAT32

 

Computer Name: HOME | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.11.14 08:37:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

PRC - [2012.07.26 13:16:12 | 000,247,768 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe

PRC - [2010.06.28 10:56:08 | 000,180,224 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Transcend\SJelite3\SJelite3Launch.exe

PRC - [2009.03.08 03:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe

PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

PRC - [2008.04.23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe

PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.02.22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe

PRC - [2007.02.22 20:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2007.02.22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2007.02.21 10:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007.02.21 10:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2007.02.21 10:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2007.02.21 10:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2006.12.19 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\Mctray.exe

PRC - [2006.12.19 11:27:54 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe

PRC - [2006.12.19 11:27:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe

PRC - [2006.12.19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe

PRC - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

PRC - [2006.03.24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.06.28 10:56:08 | 000,180,224 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Transcend\SJelite3\SJelite3Launch.exe

MOD - [2010.05.13 09:25:14 | 000,263,680 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Transcend\SJelite3\asmtusb.dll

MOD - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

MOD - [2007.02.21 10:13:02 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2006.12.19 11:28:14 | 000,120,384 | ---- | M] () -- C:\Programme\McAfee\Common Framework\naXML71.dll

MOD - [2006.12.19 11:26:12 | 000,157,248 | ---- | M] () -- C:\Programme\McAfee\Common Framework\naisign.dll

MOD - [2006.11.30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Programme\McAfee\VirusScan Enterprise\vsevntui.dll

MOD - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

MOD - [2006.10.17 15:13:20 | 001,167,360 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll

MOD - [2006.01.12 20:20:48 | 001,265,664 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\adistres.DEU

MOD - [2006.01.12 20:20:26 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.DEU

MOD - [2006.01.12 20:13:46 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.FRA

MOD - [2003.05.15 13:43:24 | 000,119,808 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)

SRV - File not found [Auto | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /svc -- (gupdate)

SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.10.09 09:50:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)

SRV - [2007.02.22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)

SRV - [2007.02.22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2007.02.21 10:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)

SRV - [2006.12.19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)

DRV - [2008.07.12 12:39:22 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)

DRV - [2008.04.15 10:18:07 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2007.02.25 05:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)

DRV - [2007.02.22 20:50:00 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2007.02.21 10:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2006.11.30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2006.11.30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2006.11.30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2006.11.30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2006.11.21 03:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006.11.14 23:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006.11.14 18:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006.11.14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006.07.31 19:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)

DRV - [2006.03.24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2005.08.12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/

IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.google.com/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.google.com/

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{45E15EDF-1A50-4BAB-BF16-162DA5B6E395}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_ES&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6820E7DB-A94A-4BE5-9CA0-240519110663&apn_sauid=51C94114-8E17-467D-B3D7-3CC55FA3FD15&

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA

IE - HKCU\..\SearchScopes\{B2E76888-81DA-4CD0-B985-AD08064407B1}: "URL" = hxxp://windiwsfsearch.com/search?q={searchTerms}

IE - HKCU\..\SearchScopes\{CB070C4B-01E3-4865-AE9A-A66BFBBEB0AB}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.lsa-net.de:9999

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found

 

 

[2009.11.27 16:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2009.11.27 16:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

 

O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {C0F1636E-13A8-4C84-BB11-774BE45E1F83} - C:\WINDOWS\system32\AcroIEHelpe231.dll ()

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NWEReboot]  File not found

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" File not found

O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found

O4 - HKCU..\Run: [SJelite3Launch] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Transcend\SJelite3\SJelite3Launch.exe ()

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178883505031 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BAAB1B8-1381-4FFE-BF9F-085EF9D46B5E}: NameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0F2A04-1865-4814-ADD1-8AE933E4081B}: NameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appConf32.exe) - C:\WINDOWS\system32\appConf32.exe ()

O20 - Winlogon\Notify\cryptonet: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.05.11 09:36:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a69e5173-ff9b-11db-bc29-ed138cfcceb1}\Shell - "" = Autorun

O33 - MountPoints2\{a69e5173-ff9b-11db-bc29-ed138cfcceb1}\Shell\AutoRun\command - "" = F:\Steuer\Steuerprogramm\2008\StartCenter.exe

O33 - MountPoints2\{a69e5173-ff9b-11db-bc29-ed138cfcceb1}\Shell\open\command - "" = F:\Steuer\Steuerprogramm\2008\StartCenter.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.14 08:52:26 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Meine empfangenen Dateien

[2012.11.14 08:43:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2012.11.14 08:43:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Avira-DE-Cleaner

[2012.11.13 10:26:32 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype

[2012.11.13 10:26:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype

[2012.11.13 10:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm

[2012.11.13 10:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock

[2012.11.13 10:18:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012.11.11 08:21:16 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012.11.10 20:11:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong

[2012.11.10 20:11:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\FileConverter_1.3

[2012.11.10 20:11:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Conduit

[2012.11.10 20:10:26 | 000,000,000 | ---D | C] -- C:\Programme\FileConverter_1.3

[2012.11.10 20:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Systweak

[2012.11.10 20:05:19 | 000,000,000 | ---D | C] -- C:\Programme\Advanced System Protector

[2012.11.10 20:04:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Systweak

[2012.11.10 20:04:49 | 000,000,000 | ---D | C] -- C:\Programme\RegClean Pro

[2012.11.10 13:00:31 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Downloads

[2012.11.04 15:17:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4388EF20DE80A8D0000F4379ABF0F29

[2012.10.16 13:05:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.14 08:50:20 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012.11.14 08:49:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.11.14 08:43:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012.11.14 08:37:46 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\qel7hexq.exe

[2012.11.14 08:37:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2012.11.14 08:36:04 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe

[2012.11.14 08:36:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4E8CF885-4A24-4D9F-BDDB-E3AB0CBDCA65}.job

[2012.11.14 08:29:10 | 000,040,495 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2012.11.14 07:57:44 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk

[2012.11.14 07:57:31 | 000,062,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.11.14 07:57:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.11.14 07:55:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.11.13 13:47:21 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\***\default.pls

[2012.11.13 13:46:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.11.13 13:46:53 | 000,000,051 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res

[2012.11.13 13:17:03 | 000,207,456 | ---- | M] () -- C:\WINDOWS\System32\AcroIEHelpe231.dll

[2012.11.13 11:18:29 | 000,040,495 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2012.11.13 11:00:02 | 000,207,456 | ---- | M] () -- C:\WINDOWS\System32\AcroIEHelpe230.dll

[2012.11.13 09:46:42 | 000,000,114 | ---- | M] () -- C:\WINDOWS\homeDVD-Fotos5_5.INI

[2012.11.13 09:19:21 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.11.11 15:01:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job

[2012.11.10 20:05:03 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job

[2012.11.10 13:40:34 | 000,510,910 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.11.10 13:40:34 | 000,488,326 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.11.10 13:40:34 | 000,099,010 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.11.10 13:40:34 | 000,082,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.11.09 16:49:32 | 000,208,528 | ---- | M] () -- C:\WINDOWS\System32\AcroIEHelpe226.dll

[2012.11.09 13:41:37 | 000,030,720 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.11.08 17:19:10 | 000,364,908 | ---- | M] () -- D:\Eigene Dateien\abrechnung  debeka.pdf

[2012.11.08 13:21:43 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2012.10.25 10:30:16 | 000,000,011 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat

[2012.10.15 11:28:33 | 000,001,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.11.14 08:50:20 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012.11.14 08:43:43 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe

[2012.11.14 08:43:34 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\qel7hexq.exe

[2012.11.13 13:17:03 | 000,207,456 | ---- | C] () -- C:\WINDOWS\System32\AcroIEHelpe231.dll

[2012.11.13 11:00:02 | 000,207,456 | ---- | C] () -- C:\WINDOWS\System32\AcroIEHelpe230.dll

[2012.11.10 20:05:03 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job

[2012.11.10 20:05:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job

[2012.11.09 16:49:32 | 000,208,528 | ---- | C] () -- C:\WINDOWS\System32\AcroIEHelpe226.dll

[2012.10.25 10:30:16 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2012.10.16 13:02:40 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res

[2012.10.15 11:28:33 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk

[2012.10.15 11:28:33 | 000,001,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk

[2012.02.15 13:18:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.10.20 11:03:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011.10.20 11:03:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011.10.20 11:03:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011.10.20 11:03:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011.10.20 11:03:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011.10.20 11:03:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011.10.20 11:03:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2011.10.20 11:03:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011.10.20 11:03:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011.10.20 11:03:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011.10.20 11:03:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011.10.20 11:03:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011.10.20 11:03:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2011.10.20 11:03:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2011.10.20 11:03:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011.10.20 11:03:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2011.10.20 11:03:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011.10.20 11:03:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011.10.20 11:03:47 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2008.10.27 18:28:08 | 000,032,228 | ---- | C] () -- C:\Dokumente und Einstellungen\***\base.dat

[2008.04.02 17:50:30 | 000,030,720 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007.06.21 15:16:02 | 000,000,079 | ---- | C] () -- C:\Dokumente und Einstellungen\***\default.pls

[2007.05.11 13:08:55 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

 
 ========== ZeroAccess Check ==========

 

[2011.10.20 10:53:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.01.17 18:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV

[2011.10.21 19:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask

[2007.06.28 18:04:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2010.02.20 17:26:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData

[2012.11.04 15:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4388EF20DE80A8D0000F4379ABF0F29

[2007.06.20 16:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX

[2008.10.28 13:53:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Software Licensors

[2012.11.10 20:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Systweak

[2009.11.27 17:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom

[2012.01.17 18:04:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AAV

[2008.10.27 18:37:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Logs

[2012.05.01 13:17:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX

[2010.02.20 17:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera

[2011.10.24 16:48:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PIE

[2012.11.10 20:11:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong

[2008.10.28 17:19:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Safer Networking

[2012.11.10 20:05:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Systweak

[2007.05.16 07:35:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\The Labyrinth Plus! Edition

[2009.11.27 16:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TomTom

[2010.10.25 16:45:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Transcend

 
 ========== Purity Check ==========

 

 
 

< End of report >

Extras.txt

Code:

OTL Extras logfile created on: 14.11.2012 08:51:22 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,07% Memory free

3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,15% Paging File free

Paging file location(s): D:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 29,29 Gb Total Space | 12,20 Gb Free Space | 41,63% Space Free | Partition Type: NTFS

Drive D: | 119,67 Gb Total Space | 99,83 Gb Free Space | 83,42% Space Free | Partition Type: NTFS

Drive F: | 3,77 Gb Total Space | 3,69 Gb Free Space | 97,91% Space Free | Partition Type: FAT32

 

Computer Name: HOME | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Programme\Caplio Software\RGateLXP.exe" = C:\Programme\Caplio Software\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC

"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:AC3 Audio (ac3) -- (Nero AG)

"C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 29

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3B07D847-8077-4242-91C7-DFA3CE5113E0}" = ImageMixer

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{58F88223-CBF3-4A91-876A-BD44768C53B4}" = MapPoint2006EU

"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2

"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{B653515B-3228-9A8F-46EF-9572CC401031}" = Nero 7 Premium

"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D322A73E-A792-45E8-B7C0-477E94F44F26}" = CyberView CS - CS500IR 1.1e

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! für Windows XP

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}" = InfoBibliothek

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)

"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung

"Canon Setup Utility 2.3" = Canon Setup Utility 2.3

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox

"Easy-WebPrint" = Easy-WebPrint

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)

"Google Chrome" = Google Chrome

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)

"MAGIX Fotos auf CD & DVD 5.5 D" = MAGIX Fotos auf CD & DVD 5.5 (D)

"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D)

"MAGIX Online Druck Service D" = MAGIX Online Druck Service (D)

"MediaNavigation.CDLabelPrint" = CD-LabelPrint

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"OVT Scanner" = Uninstall OVT Scanner

"ProInst" = Intel(R) PROSet/Wireless Software

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 14.08.2012 14:12:02 | Computer Name = HOME | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 16.08.2012 13:04:12 | Computer Name = HOME | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 19.08.2012 15:27:38 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plusaqar.scr, Version 1.0.0.13, fehlgeschlagenes

 Modul dmusic.dll, Version 5.3.2600.5512, Fehleradresse 0x00014984.

 

Error - 23.08.2012 12:14:54 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul

 unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

 

Error - 16.09.2012 18:01:29 | Computer Name = HOME | Source = WmiAdapter | ID = 4099

Description = Dienst konnte nicht geöffnet werden.

 

Error - 21.09.2012 06:59:06 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul

 unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

 

Error - 24.09.2012 03:38:41 | Computer Name = HOME | Source = WmiAdapter | ID = 4099

Description = Dienst konnte nicht geöffnet werden.

 

Error - 17.10.2012 18:13:08 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul

 unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

 

Error - 04.11.2012 13:32:08 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung Skype.exe, Version 5.10.0.116, fehlgeschlagenes

 Modul unknown, Version 0.0.0.0, Fehleradresse 0x7463656a.

 

Error - 13.11.2012 04:38:21 | Computer Name = HOME | Source = TomTomHOMEService | ID = 10000

Description = 

 

[ System Events ]

Error - 13.11.2012 06:16:38 | Computer Name = HOME | Source = Service Control Manager | ID = 7028

Description = Der Registrierungsschlüssel "xhphfrt" hat den Zugriff für SYSTEM-Kontoprogramme

 verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels

 übernommen.

 

Error - 13.11.2012 06:18:23 | Computer Name = HOME | Source = Service Control Manager | ID = 7028

Description = Der Registrierungsschlüssel "xhphfrt" hat den Zugriff für SYSTEM-Kontoprogramme

 verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels

 übernommen.

 

Error - 13.11.2012 06:18:27 | Computer Name = HOME | Source = Service Control Manager | ID = 7028

Description = Der Registrierungsschlüssel "xhphfrt" hat den Zugriff für SYSTEM-Kontoprogramme

 verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels

 übernommen.

 

Error - 13.11.2012 06:49:02 | Computer Name = HOME | Source = Service Control Manager | ID = 7028

Description = Der Registrierungsschlüssel "xhphfrt" hat den Zugriff für SYSTEM-Kontoprogramme

 verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels

 übernommen.

 

Error - 13.11.2012 07:12:49 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 13.11.2012 08:15:20 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 13.11.2012 08:16:17 | Computer Name = HOME | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst NVSvc.

 

Error - 13.11.2012 08:45:03 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 13.11.2012 08:46:08 | Computer Name = HOME | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst NVSvc.

 

Error - 14.11.2012 02:55:45 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

 

< End of report >

GMER.txt

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-11-14 10:13:10

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVS-75RST0 rev.04.01G04

Running: qel7hexq.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\pgtdipow.sys
 
 

---- System - GMER 1.0.15 ----
 

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                                           ZwCreateKey [0xB4DCD500]

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                                           ZwDeleteKey [0xB4DCD514]

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                                           ZwDeleteValueKey [0xB4DCD540]

Code            \??\C:\WINDOWS\SYSTEM32\DRIVERS\xhphfrt.sys                                                                                            ZwEnumerateKey [0xB509E58C]

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                                           ZwOpenKey [0xB4DCD4EC]

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                                           ZwRenameKey [0xB4DCD52A]

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                                           ZwSetValueKey [0xB4DCD556]

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                                           ZwTerminateProcess [0xB4DCD56C]
 

---- Kernel code sections - GMER 1.0.15 ----
 

PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                                                        805D22D8 5 Bytes  JMP B4DCD570 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwSetValueKey                                                                                                             80622668 7 Bytes  JMP B4DCD55A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwRenameKey                                                                                                               80623B18 7 Bytes  JMP B4DCD52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwCreateKey                                                                                                               806240F6 5 Bytes  JMP B4DCD504 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwDeleteKey                                                                                                               80624592 7 Bytes  JMP B4DCD518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwDeleteValueKey                                                                                                          80624762 7 Bytes  JMP B4DCD544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE            ntkrnlpa.exe!ZwEnumerateKey                                                                                                            80624942 7 Bytes  JMP B509E590 \??\C:\WINDOWS\SYSTEM32\DRIVERS\xhphfrt.sys

PAGE            ntkrnlpa.exe!ZwOpenKey                                                                                                                 806254D4 5 Bytes  JMP B4DCD4F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                               section is writeable [0xB9A18380, 0x21FEFD, 0xE8000020]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\rundll32.exe[112] ntdll.dll!NtClearEvent + F                                                                       7C91CFED 1 Byte  [00]

.text           C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[412] ntdll.dll!NtClearEvent + F                                                           7C91CFED 1 Byte  [00]

.text           C:\Dokumente und Einstellungen\***\Desktop\qel7hexq.exe[872] ntdll.dll!NtClearEvent + F                                           7C91CFED 1 Byte  [00]

.text           C:\WINDOWS\stsystra.exe[944] ntdll.dll!NtClearEvent + F                                                                                7C91CFED 1 Byte  [00]

.text           C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[956] ntdll.dll!NtClearEvent + F                                                           7C91CFED 1 Byte  [00]

.text           ...                                                                                                                                    

.text           C:\WINDOWS\Explorer.EXE[1628] kernel32.dll!CreateProcessW                                                                              7C802336 5 Bytes  JMP 04A856AB 

.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2448] ntdll.dll!NtClearEvent + F                                                             7C91CFED 1 Byte  [00]

.text           C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2476] ntdll.dll!NtClearEvent + F                                                           7C91CFED 1 Byte  [00]

.text           C:\WINDOWS\system32\svchost.exe[2816] ntdll.dll!NtClearEvent + F                                                                       7C91CFED 1 Byte  [00]

.text           C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2904] ntdll.dll!NtClearEvent + F                                                  7C91CFED 1 Byte  [00]

.text           C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[3000] ntdll.dll!NtClearEvent + F                                                   7C91CFED 1 Byte  [00]

.text           ...                                                                                                                                    
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                                                 xhphfrt.sys
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                 mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                               mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                              mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                              mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                            mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                               mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
 

---- Services - GMER 1.0.15 ----
 

Service         C:\WINDOWS\SYSTEM32\DRIVERS\xhphfrt.sys (*** hidden *** )                                                                              [AUTO] xhphfrt                                                                                                                <-- ROOTKIT !!!
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\xhphfrt                                                                                         

Reg             HKLM\SYSTEM\CurrentControlSet\Services\xhphfrt@Type                                                                                    1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\xhphfrt@Start                                                                                   2

Reg             HKLM\SYSTEM\CurrentControlSet\Services\xhphfrt@ErrorControl                                                                            1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\xhphfrt@ImagePath                                                                               \??\C:\WINDOWS\SYSTEM32\DRIVERS\xhphfrt.sys

Reg             HKLM\SYSTEM\CurrentControlSet\Services\xhphfrt@DisplayName                                                                             xhphfrt

Reg             HKLM\SYSTEM\CurrentControlSet\Services\xhphfrt\Security                                                                                

Reg             HKLM\SYSTEM\CurrentControlSet\Services\xhphfrt\Security@Security                                                                       0x01 0x00 0x14 0x80 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\xhphfrt (not active ControlSet)                                                                     

Reg             HKLM\SYSTEM\ControlSet003\Services\xhphfrt@Type                                                                                        1

Reg             HKLM\SYSTEM\ControlSet003\Services\xhphfrt@Start                                                                                       2

Reg             HKLM\SYSTEM\ControlSet003\Services\xhphfrt@ErrorControl                                                                                1

Reg             HKLM\SYSTEM\ControlSet003\Services\xhphfrt@ImagePath                                                                                   \??\C:\WINDOWS\SYSTEM32\DRIVERS\xhphfrt.sys

Reg             HKLM\SYSTEM\ControlSet003\Services\xhphfrt@DisplayName                                                                                 xhphfrt

Reg             HKLM\SYSTEM\ControlSet003\Services\xhphfrt\Security (not active ControlSet)                                                            

Reg             HKLM\SYSTEM\ControlSet003\Services\xhphfrt\Security@Security                                                                           0x01 0x00 0x14 0x80 ...
 

---- Files - GMER 1.0.15 ----
 

File            C:\WINDOWS\system32\drivers\wpdusb.sys                                                                                                 38528 bytes executable

File            C:\WINDOWS\system32\drivers\ws2ifsl.sys                                                                                                12032 bytes executable

File            C:\WINDOWS\system32\drivers\WSTCODEC.SYS                                                                                               19200 bytes executable                                                                                                        <-- ROOTKIT !!!

File            C:\WINDOWS\system32\drivers\WudfPf.sys                                                                                                 77568 bytes executable                                                                                                        <-- ROOTKIT !!!

File            C:\WINDOWS\system32\drivers\WudfRd.sys                                                                                                 82944 bytes executable                                                                                                        <-- ROOTKIT !!!

File            C:\WINDOWS\system32\drivers\xhphfrt.sys                                                                                                385024 bytes executable                                                                                                       <-- ROOTKIT !!!
 

---- Services - GMER 1.0.15 ----
 

Service         C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation)                                                  [MANUAL] WSTCODEC                                                                                                             <-- ROOTKIT !!!

Service         C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)  [MANUAL] WudfPf                                                                                                               <-- ROOTKIT !!!

Service         C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation)        [MANUAL] WudfRd                                                                                                               <-- ROOTKIT !!!
 

---- EOF - GMER 1.0.15 ----

Hallo Markus,

anbei der gewünschte Report von dem Scan mit TDSS Killer.

Code:

14:23:52.0625 4092  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

14:23:52.0718 4092  ============================================================

14:23:52.0718 4092  Current date / time: 2012/11/16 14:23:52.0718

14:23:52.0718 4092  SystemInfo:

14:23:52.0718 4092  

14:23:52.0718 4092  OS Version: 5.1.2600 ServicePack: 3.0

14:23:52.0718 4092  Product type: Workstation

14:23:52.0718 4092  ComputerName: HOME

14:23:52.0718 4092  UserName: FamStein

14:23:52.0718 4092  Windows directory: C:\WINDOWS

14:23:52.0718 4092  System windows directory: C:\WINDOWS

14:23:52.0718 4092  Processor architecture: Intel x86

14:23:52.0718 4092  Number of processors: 2

14:23:52.0718 4092  Page size: 0x1000

14:23:52.0718 4092  Boot type: Normal boot

14:23:52.0718 4092  ============================================================

14:23:54.0562 4092  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:23:54.0562 4092  ============================================================

14:23:54.0562 4092  \Device\Harddisk0\DR0:

14:23:54.0562 4092  MBR partitions:

14:23:54.0562 4092  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x3A962F0

14:23:54.0562 4092  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3AC153B, BlocksNum 0xEF57586

14:23:54.0562 4092  ============================================================

14:23:54.0609 4092  C: <-> \Device\Harddisk0\DR0\Partition1

14:23:54.0640 4092  D: <-> \Device\Harddisk0\DR0\Partition2

14:23:54.0640 4092  ============================================================

14:23:54.0640 4092  Initialize success

14:23:54.0640 4092  ============================================================

14:25:12.0484 2264  ============================================================

14:25:12.0484 2264  Scan started

14:25:12.0484 2264  Mode: Manual; SigCheck; TDLFS; 

14:25:12.0484 2264  ============================================================

14:25:16.0843 2264  ================ Scan system memory ========================

14:25:18.0531 2264  System memory - ok

14:25:18.0531 2264  ================ Scan services =============================

14:25:18.0671 2264  Abiosdsk - ok

14:25:18.0687 2264  abp480n5 - ok

14:25:18.0734 2264  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:25:20.0578 2264  ACPI - ok

14:25:20.0656 2264  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys

14:25:20.0796 2264  ACPIEC - ok

14:25:20.0875 2264  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:25:20.0890 2264  AdobeFlashPlayerUpdateSvc - ok

14:25:20.0890 2264  adpu160m - ok

14:25:20.0937 2264  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys

14:25:21.0062 2264  aec - ok

14:25:21.0093 2264  [ 375EB0B97E3950ADEF3633C27A82438B ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys

14:25:21.0125 2264  AegisP ( UnsignedFile.Multi.Generic ) - warning

14:25:21.0125 2264  AegisP - detected UnsignedFile.Multi.Generic (1)

14:25:21.0171 2264  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys

14:25:21.0250 2264  AFD - ok

14:25:21.0250 2264  Aha154x - ok

14:25:21.0265 2264  aic78u2 - ok

14:25:21.0265 2264  aic78xx - ok

14:25:21.0296 2264  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll

14:25:21.0437 2264  Alerter - ok

14:25:21.0546 2264  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe

14:25:21.0640 2264  ALG - ok

14:25:21.0640 2264  AliIde - ok

14:25:21.0656 2264  amsint - ok

14:25:21.0703 2264  [ 1FC8A7E5C3AED31F00940C6AB2FD9B49 ] APL531          C:\WINDOWS\system32\Drivers\ov550i.sys

14:25:21.0796 2264  APL531 ( UnsignedFile.Multi.Generic ) - warning

14:25:21.0796 2264  APL531 - detected UnsignedFile.Multi.Generic (1)

14:25:21.0828 2264  [ EC94E05B76D033B74394E7B2175103CF ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

14:25:21.0843 2264  APPDRV ( UnsignedFile.Multi.Generic ) - warning

14:25:21.0843 2264  APPDRV - detected UnsignedFile.Multi.Generic (1)

14:25:21.0890 2264  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll

14:25:22.0046 2264  AppMgmt - ok

14:25:22.0078 2264  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys

14:25:22.0281 2264  Arp1394 - ok

14:25:22.0281 2264  asc - ok

14:25:22.0281 2264  asc3350p - ok

14:25:22.0296 2264  asc3550 - ok

14:25:22.0359 2264  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

14:25:22.0375 2264  aspnet_state - ok

14:25:22.0390 2264  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:25:22.0515 2264  AsyncMac - ok

14:25:22.0546 2264  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys

14:25:22.0671 2264  atapi - ok

14:25:22.0671 2264  Atdisk - ok

14:25:22.0703 2264  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:25:22.0812 2264  Atmarpc - ok

14:25:22.0843 2264  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll

14:25:22.0968 2264  AudioSrv - ok

14:25:22.0984 2264  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys

14:25:23.0093 2264  audstub - ok

14:25:23.0125 2264  [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

14:25:23.0156 2264  bcm4sbxp - ok

14:25:23.0187 2264  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys

14:25:23.0312 2264  Beep - ok

14:25:23.0359 2264  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll

14:25:23.0609 2264  BITS - ok

14:25:23.0625 2264  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll

14:25:23.0703 2264  Browser - ok

14:25:23.0734 2264  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys

14:25:23.0906 2264  cbidf2k - ok

14:25:23.0937 2264  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

14:25:24.0093 2264  CCDECODE - ok

14:25:24.0093 2264  cd20xrnt - ok

14:25:24.0125 2264  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys

14:25:24.0234 2264  Cdaudio - ok

14:25:24.0265 2264  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys

14:25:24.0375 2264  Cdfs - ok

14:25:24.0406 2264  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:25:24.0546 2264  Cdrom - ok

14:25:24.0578 2264  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe

14:25:24.0703 2264  CiSvc - ok

14:25:24.0734 2264  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe

14:25:24.0859 2264  ClipSrv - ok

14:25:24.0890 2264  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:25:24.0906 2264  clr_optimization_v2.0.50727_32 - ok

14:25:24.0968 2264  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:25:24.0984 2264  clr_optimization_v4.0.30319_32 - ok

14:25:25.0000 2264  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys

14:25:25.0125 2264  CmBatt - ok

14:25:25.0125 2264  CmdIde - ok

14:25:25.0171 2264  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys

14:25:25.0296 2264  Compbatt - ok

14:25:25.0296 2264  COMSysApp - ok

14:25:25.0312 2264  Cpqarray - ok

14:25:25.0343 2264  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll

14:25:25.0468 2264  CryptSvc - ok

14:25:25.0468 2264  dac2w2k - ok

14:25:25.0484 2264  dac960nt - ok

14:25:25.0531 2264  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll

14:25:25.0609 2264  DcomLaunch - ok

14:25:25.0656 2264  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll

14:25:25.0781 2264  Dhcp - ok

14:25:25.0781 2264  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys

14:25:25.0921 2264  Disk - ok

14:25:25.0937 2264  dmadmin - ok

14:25:25.0984 2264  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys

14:25:26.0218 2264  dmboot - ok

14:25:26.0234 2264  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys

14:25:26.0406 2264  dmio - ok

14:25:26.0421 2264  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys

14:25:26.0609 2264  dmload - ok

14:25:26.0656 2264  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll

14:25:26.0765 2264  dmserver - ok

14:25:26.0796 2264  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys

14:25:26.0906 2264  DMusic - ok

14:25:26.0953 2264  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll

14:25:27.0046 2264  Dnscache - ok

14:25:27.0078 2264  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll

14:25:27.0187 2264  Dot3svc - ok

14:25:27.0187 2264  dpti2o - ok

14:25:27.0234 2264  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys

14:25:27.0343 2264  drmkaud - ok

14:25:27.0390 2264  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll

14:25:27.0609 2264  EapHost - ok

14:25:27.0656 2264  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll

14:25:27.0781 2264  ERSvc - ok

14:25:27.0812 2264  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe

14:25:27.0843 2264  Eventlog - ok

14:25:27.0906 2264  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll

14:25:27.0937 2264  EventSystem - ok

14:25:28.0046 2264  [ 4C6FA3FD55087B7C35707068723A1710 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe

14:25:28.0078 2264  EvtEng ( UnsignedFile.Multi.Generic ) - warning

14:25:28.0078 2264  EvtEng - detected UnsignedFile.Multi.Generic (1)

14:25:28.0109 2264  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys

14:25:28.0234 2264  Fastfat - ok

14:25:28.0265 2264  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

14:25:28.0359 2264  FastUserSwitchingCompatibility - ok

14:25:28.0390 2264  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys

14:25:28.0562 2264  Fdc - ok

14:25:28.0593 2264  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys

14:25:28.0781 2264  Fips - ok

14:25:28.0906 2264  [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\MAGIX\Common\Database\bin\fbserver.exe

14:25:29.0046 2264  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning

14:25:29.0046 2264  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)

14:25:29.0078 2264  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys

14:25:29.0203 2264  Flpydisk - ok

14:25:29.0250 2264  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys

14:25:29.0437 2264  FltMgr - ok

14:25:29.0515 2264  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

14:25:29.0531 2264  FontCache3.0.0.0 - ok

14:25:29.0546 2264  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:25:29.0671 2264  Fs_Rec - ok

14:25:29.0687 2264  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:25:29.0812 2264  Ftdisk - ok

14:25:29.0828 2264  [ B56EB0A2210980E76390BD670BCB618B ] gmer            C:\WINDOWS\system32\DRIVERS\gmer.sys

14:25:29.0843 2264  gmer ( UnsignedFile.Multi.Generic ) - warning

14:25:29.0843 2264  gmer - detected UnsignedFile.Multi.Generic (1)

14:25:29.0875 2264  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:25:29.0984 2264  Gpc - ok

14:25:30.0046 2264  gupdate - ok

14:25:30.0046 2264  gupdatem - ok

14:25:30.0062 2264  [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

14:25:30.0093 2264  gusvc - ok

14:25:30.0140 2264  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

14:25:30.0250 2264  HDAudBus - ok

14:25:30.0312 2264  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

14:25:30.0468 2264  helpsvc - ok

14:25:30.0484 2264  HidServ - ok

14:25:30.0500 2264  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:25:30.0609 2264  HidUsb - ok

14:25:30.0656 2264  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll

14:25:30.0765 2264  hkmsvc - ok

14:25:30.0765 2264  hpn - ok

14:25:30.0828 2264  [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

14:25:30.0921 2264  HSF_DPV - ok

14:25:30.0953 2264  [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

14:25:30.0984 2264  HSXHWAZL - ok

14:25:31.0031 2264  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys

14:25:31.0078 2264  HTTP - ok

14:25:31.0109 2264  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll

14:25:31.0265 2264  HTTPFilter - ok

14:25:31.0265 2264  i2omp - ok

14:25:31.0296 2264  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:25:31.0500 2264  i8042prt - ok

14:25:31.0640 2264  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:25:31.0718 2264  idsvc - ok

14:25:31.0734 2264  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys

14:25:31.0843 2264  Imapi - ok

14:25:31.0875 2264  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe

14:25:32.0000 2264  ImapiService - ok

14:25:32.0015 2264  InCDFs - ok

14:25:32.0015 2264  ini910u - ok

14:25:32.0031 2264  IntelIde - ok

14:25:32.0062 2264  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:25:32.0265 2264  intelppm - ok

14:25:32.0281 2264  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys

14:25:32.0390 2264  Ip6Fw - ok

14:25:32.0437 2264  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:25:32.0562 2264  IpFilterDriver - ok

14:25:32.0593 2264  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:25:32.0718 2264  IpInIp - ok

14:25:32.0734 2264  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:25:32.0843 2264  IpNat - ok

14:25:32.0890 2264  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:25:33.0015 2264  IPSec - ok

14:25:33.0046 2264  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys

14:25:33.0109 2264  IRENUM - ok

14:25:33.0140 2264  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:25:33.0265 2264  isapnp - ok

14:25:33.0359 2264  [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe

14:25:33.0406 2264  JavaQuickStarterService - ok

14:25:33.0421 2264  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:25:33.0562 2264  Kbdclass - ok

14:25:33.0578 2264  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys

14:25:33.0687 2264  kmixer - ok

14:25:33.0734 2264  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys

14:25:33.0796 2264  KSecDD - ok

14:25:33.0843 2264  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll

14:25:33.0906 2264  lanmanserver - ok

14:25:33.0953 2264  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

14:25:34.0015 2264  lanmanworkstation - ok

14:25:34.0078 2264  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll

14:25:34.0203 2264  LmHosts - ok

14:25:34.0250 2264  [ D73D8FFEEF7711C79C54284D928AC135 ] McAfeeFramework C:\Programme\McAfee\Common Framework\FrameworkService.exe

14:25:34.0281 2264  McAfeeFramework - ok

14:25:34.0312 2264  [ B74CEBEF7F2126F68CDC060C855E5AAB ] McShield        C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe

14:25:34.0359 2264  McShield - ok

14:25:34.0375 2264  [ A7AF906D9F480A5B60F70C499B91A983 ] McTaskManager   C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe

14:25:34.0406 2264  McTaskManager - ok

14:25:34.0437 2264  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

14:25:34.0484 2264  mdmxsdk - ok

14:25:34.0515 2264  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll

14:25:34.0734 2264  Messenger - ok

14:25:34.0765 2264  [ B5C306C5B5E7417B9D2B410894678069 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys

14:25:34.0796 2264  mfeapfk - ok

14:25:34.0828 2264  [ 87B28198B308AF3469D6E0B81D86C1FA ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys

14:25:34.0843 2264  mfeavfk - ok

14:25:34.0890 2264  [ CF37784DD24C83F62626BC0EA3F5E386 ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys

14:25:34.0906 2264  mfebopk - ok

14:25:34.0937 2264  [ 241C09C7D8C589EA1D72A36E6578E42C ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys

14:25:34.0953 2264  mfehidk - ok

14:25:34.0968 2264  [ 19C2D8AF421E96D12E4004CA2162DBE9 ] mfetdik         C:\WINDOWS\system32\drivers\mfetdik.sys

14:25:34.0984 2264  mfetdik - ok

14:25:35.0015 2264  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys

14:25:35.0140 2264  mnmdd - ok

14:25:35.0171 2264  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe

14:25:35.0296 2264  mnmsrvc - ok

14:25:35.0328 2264  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys

14:25:35.0468 2264  Modem - ok

14:25:35.0515 2264  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:25:35.0640 2264  Mouclass - ok

14:25:35.0687 2264  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:25:35.0812 2264  mouhid - ok

14:25:35.0843 2264  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys

14:25:35.0984 2264  MountMgr - ok

14:25:35.0984 2264  mraid35x - ok

14:25:36.0015 2264  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:25:36.0156 2264  MRxDAV - ok

14:25:36.0187 2264  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:25:36.0250 2264  MRxSmb - ok

14:25:36.0296 2264  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe

14:25:36.0453 2264  MSDTC - ok

14:25:36.0468 2264  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys

14:25:36.0593 2264  Msfs - ok

14:25:36.0593 2264  MSIServer - ok

14:25:36.0609 2264  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:25:36.0750 2264  MSKSSRV - ok

14:25:36.0750 2264  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:25:36.0890 2264  MSPCLOCK - ok

14:25:36.0890 2264  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys

14:25:37.0015 2264  MSPQM - ok

14:25:37.0046 2264  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:25:37.0156 2264  mssmbios - ok

14:25:37.0187 2264  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys

14:25:37.0312 2264  MSTEE - ok

14:25:37.0328 2264  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys

14:25:37.0359 2264  Mup - ok

14:25:37.0390 2264  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

14:25:37.0515 2264  NABTSFEC - ok

14:25:37.0562 2264  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll

14:25:37.0703 2264  napagent - ok

14:25:37.0750 2264  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys

14:25:37.0890 2264  NDIS - ok

14:25:37.0890 2264  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys

14:25:38.0031 2264  NdisIP - ok

14:25:38.0078 2264  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:25:38.0140 2264  NdisTapi - ok

14:25:38.0156 2264  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:25:38.0328 2264  Ndisuio - ok

14:25:38.0359 2264  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:25:38.0500 2264  NdisWan - ok

14:25:38.0515 2264  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys

14:25:38.0578 2264  NDProxy - ok

14:25:38.0625 2264  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys

14:25:38.0812 2264  NetBIOS - ok

14:25:38.0859 2264  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys

14:25:39.0031 2264  NetBT - ok

14:25:39.0062 2264  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe

14:25:39.0203 2264  NetDDE - ok

14:25:39.0203 2264  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe

14:25:39.0328 2264  NetDDEdsdm - ok

14:25:39.0343 2264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe

14:25:39.0468 2264  Netlogon - ok

14:25:39.0484 2264  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll

14:25:39.0625 2264  Netman - ok

14:25:39.0703 2264  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:25:39.0718 2264  NetTcpPortSharing - ok

14:25:39.0828 2264  [ 12B0D99865434387F784268B70E23360 ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

14:25:40.0000 2264  NETw4x32 - ok

14:25:40.0046 2264  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:25:40.0187 2264  NIC1394 - ok

14:25:40.0203 2264  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll

14:25:40.0281 2264  Nla - ok

14:25:40.0312 2264  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys

14:25:40.0515 2264  Npfs - ok

14:25:40.0562 2264  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys

14:25:40.0687 2264  Ntfs - ok

14:25:40.0703 2264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe

14:25:40.0828 2264  NtLmSsp - ok

14:25:40.0890 2264  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll

14:25:41.0031 2264  NtmsSvc - ok

14:25:41.0046 2264  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys

14:25:41.0171 2264  Null - ok

14:25:41.0312 2264  [ 7F4551A2A1E96B4A6C29EF19DACCE18C ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

14:25:41.0578 2264  nv - ok

14:25:41.0609 2264  [ 77FC5D3E2D395911F35FA4BDAA239058 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe

14:25:41.0625 2264  NVSvc - ok

14:25:41.0656 2264  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:25:41.0812 2264  NwlnkFlt - ok

14:25:41.0843 2264  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:25:42.0015 2264  NwlnkFwd - ok

14:25:42.0062 2264  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:25:42.0187 2264  ohci1394 - ok

14:25:42.0250 2264  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

14:25:42.0265 2264  ose - ok

14:25:42.0296 2264  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys

14:25:42.0421 2264  Parport - ok

14:25:42.0437 2264  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys

14:25:42.0546 2264  PartMgr - ok

14:25:42.0562 2264  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys

14:25:42.0703 2264  ParVdm - ok

14:25:42.0734 2264  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys

14:25:42.0859 2264  PCI - ok

14:25:42.0890 2264  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys

14:25:43.0015 2264  PCIIde - ok

14:25:43.0046 2264  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys

14:25:43.0171 2264  Pcmcia - ok

14:25:43.0171 2264  perc2 - ok

14:25:43.0171 2264  perc2hib - ok

14:25:43.0203 2264  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe

14:25:43.0234 2264  PlugPlay - ok

14:25:43.0250 2264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe

14:25:43.0359 2264  PolicyAgent - ok

14:25:43.0390 2264  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:25:43.0515 2264  PptpMiniport - ok

14:25:43.0515 2264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

14:25:43.0640 2264  ProtectedStorage - ok

14:25:43.0687 2264  [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe

14:25:43.0718 2264  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning

14:25:43.0718 2264  ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)

14:25:43.0718 2264  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys

14:25:43.0859 2264  PSched - ok

14:25:43.0890 2264  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:25:44.0015 2264  Ptilink - ok

14:25:44.0015 2264  ql1080 - ok

14:25:44.0031 2264  Ql10wnt - ok

14:25:44.0031 2264  ql12160 - ok

14:25:44.0031 2264  ql1240 - ok

14:25:44.0046 2264  ql1280 - ok

14:25:44.0062 2264  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:25:44.0171 2264  RasAcd - ok

14:25:44.0203 2264  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll

14:25:44.0328 2264  RasAuto - ok

14:25:44.0328 2264  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:25:44.0453 2264  Rasl2tp - ok

14:25:44.0500 2264  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll

14:25:44.0625 2264  RasMan - ok

14:25:44.0640 2264  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:25:44.0750 2264  RasPppoe - ok

14:25:44.0765 2264  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys

14:25:44.0906 2264  Raspti - ok

14:25:44.0921 2264  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:25:45.0031 2264  Rdbss - ok

14:25:45.0046 2264  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:25:45.0171 2264  RDPCDD - ok

14:25:45.0203 2264  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:25:45.0312 2264  rdpdr - ok

14:25:45.0359 2264  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys

14:25:45.0437 2264  RDPWD - ok

14:25:45.0468 2264  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe

14:25:45.0609 2264  RDSessMgr - ok

14:25:45.0625 2264  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys

14:25:45.0750 2264  redbook - ok

14:25:45.0796 2264  [ 8AC155995F5D10FC0D3AD949A1A68075 ] RegSrvc         C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

14:25:45.0812 2264  RegSrvc ( UnsignedFile.Multi.Generic ) - warning

14:25:45.0812 2264  RegSrvc - detected UnsignedFile.Multi.Generic (1)

14:25:45.0843 2264  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll

14:25:46.0046 2264  RemoteAccess - ok

14:25:46.0078 2264  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll

14:25:46.0281 2264  RemoteRegistry - ok

14:25:46.0343 2264  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

14:25:46.0375 2264  rimmptsk - ok

14:25:46.0390 2264  [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

14:25:46.0453 2264  rimsptsk - ok

14:25:46.0468 2264  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

14:25:46.0484 2264  rismxdp - ok

14:25:46.0515 2264  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe

14:25:46.0625 2264  RpcLocator - ok

14:25:46.0671 2264  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll

14:25:46.0718 2264  RpcSs - ok

14:25:46.0734 2264  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe

14:25:46.0859 2264  RSVP - ok

14:25:46.0921 2264  [ 131D50F081D2E29EBD1365B21F6B9736 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

14:25:47.0000 2264  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning

14:25:47.0000 2264  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)

14:25:47.0015 2264  [ E2C6ABCBEFB1D44F6AAEB1CD5D6062D4 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys

14:25:47.0031 2264  s24trans ( UnsignedFile.Multi.Generic ) - warning

14:25:47.0031 2264  s24trans - detected UnsignedFile.Multi.Generic (1)

14:25:47.0046 2264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe

14:25:47.0171 2264  SamSs - ok

14:25:47.0203 2264  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe

14:25:47.0328 2264  SCardSvr - ok

14:25:47.0343 2264  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll

14:25:47.0515 2264  Schedule - ok

14:25:47.0546 2264  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys

14:25:47.0718 2264  sdbus - ok

14:25:47.0734 2264  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:25:47.0812 2264  Secdrv - ok

14:25:47.0843 2264  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll

14:25:47.0968 2264  seclogon - ok

14:25:48.0000 2264  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll

14:25:48.0109 2264  SENS - ok

14:25:48.0156 2264  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys

14:25:48.0265 2264  Serial - ok

14:25:48.0296 2264  [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys

14:25:48.0406 2264  sffdisk - ok

14:25:48.0437 2264  [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

14:25:48.0562 2264  sffp_sd - ok

14:25:48.0593 2264  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys

14:25:48.0718 2264  Sfloppy - ok

14:25:48.0750 2264  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll

14:25:48.0875 2264  SharedAccess - ok

14:25:48.0921 2264  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

14:25:48.0953 2264  ShellHWDetection - ok

14:25:48.0968 2264  Simbad - ok

14:25:49.0015 2264  [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe

14:25:49.0031 2264  SkypeUpdate - ok

14:25:49.0062 2264  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys

14:25:49.0234 2264  SLIP - ok

14:25:49.0250 2264  Sparrow - ok

14:25:49.0281 2264  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys

14:25:49.0390 2264  splitter - ok

14:25:49.0421 2264  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe

14:25:49.0484 2264  Spooler - ok

14:25:49.0500 2264  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys

14:25:49.0562 2264  sr - ok

14:25:49.0609 2264  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll

14:25:49.0671 2264  srservice - ok

14:25:49.0703 2264  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys

14:25:49.0781 2264  Srv - ok

14:25:49.0843 2264  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll

14:25:49.0921 2264  SSDPSRV - ok

14:25:49.0953 2264  [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

14:25:49.0968 2264  ssmdrv ( UnsignedFile.Multi.Generic ) - warning

14:25:49.0968 2264  ssmdrv - detected UnsignedFile.Multi.Generic (1)

14:25:50.0031 2264  [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys

14:25:50.0156 2264  STHDA - ok

14:25:50.0171 2264  [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys

14:25:50.0312 2264  StillCam - ok

14:25:50.0359 2264  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll

14:25:50.0546 2264  stisvc - ok

14:25:50.0578 2264  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys

14:25:50.0703 2264  streamip - ok

14:25:50.0734 2264  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys

14:25:50.0843 2264  swenum - ok

14:25:50.0875 2264  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys

14:25:50.0984 2264  swmidi - ok

14:25:50.0984 2264  SwPrv - ok

14:25:51.0000 2264  symc810 - ok

14:25:51.0000 2264  symc8xx - ok

14:25:51.0015 2264  sym_hi - ok

14:25:51.0015 2264  sym_u3 - ok

14:25:51.0062 2264  [ FA2DAA32BED908023272A0F77D625DAE ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys

14:25:51.0125 2264  SynTP - ok

14:25:51.0140 2264  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys

14:25:51.0265 2264  sysaudio - ok

14:25:51.0312 2264  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe

14:25:51.0437 2264  SysmonLog - ok

14:25:51.0484 2264  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll

14:25:51.0625 2264  TapiSrv - ok

14:25:51.0671 2264  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:25:51.0718 2264  Tcpip - ok

14:25:51.0765 2264  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys

14:25:51.0906 2264  TDPIPE - ok

14:25:51.0937 2264  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys

14:25:52.0093 2264  TDTCP - ok

14:25:52.0109 2264  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys

14:25:52.0234 2264  TermDD - ok

14:25:52.0265 2264  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll

14:25:52.0406 2264  TermService - ok

14:25:52.0437 2264  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll

14:25:52.0453 2264  Themes - ok

14:25:52.0484 2264  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe

14:25:52.0562 2264  TlntSvr - ok

14:25:52.0562 2264  TosIde - ok

14:25:52.0593 2264  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll

14:25:52.0703 2264  TrkWks - ok

14:25:52.0734 2264  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys

14:25:52.0859 2264  Udfs - ok

14:25:52.0859 2264  ultra - ok

14:25:52.0906 2264  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys

14:25:53.0031 2264  Update - ok

14:25:53.0062 2264  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll

14:25:53.0156 2264  upnphost - ok

14:25:53.0171 2264  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe

14:25:53.0296 2264  UPS - ok

14:25:53.0312 2264  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:25:53.0421 2264  usbehci - ok

14:25:53.0453 2264  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:25:53.0609 2264  usbhub - ok

14:25:53.0640 2264  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:25:53.0765 2264  usbprint - ok

14:25:53.0812 2264  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:25:53.0937 2264  USBSTOR - ok

14:25:53.0953 2264  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:25:54.0078 2264  usbuhci - ok

14:25:54.0109 2264  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys

14:25:54.0234 2264  VgaSave - ok

14:25:54.0250 2264  ViaIde - ok

14:25:54.0265 2264  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys

14:25:54.0375 2264  VolSnap - ok

14:25:54.0421 2264  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe

14:25:54.0515 2264  VSS - ok

14:25:54.0562 2264  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll

14:25:54.0687 2264  W32Time - ok

14:25:54.0703 2264  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:25:54.0828 2264  Wanarp - ok

14:25:54.0859 2264  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys

14:25:54.0984 2264  wdmaud - ok

14:25:55.0015 2264  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll

14:25:55.0140 2264  WebClient - ok

14:25:55.0203 2264  [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

14:25:55.0250 2264  winachsf - ok

14:25:55.0312 2264  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll

14:25:55.0453 2264  winmgmt - ok

14:25:55.0500 2264  [ 8880769B9F88918E27F8E7332AA1AA01 ] WLANKEEPER      C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

14:25:55.0515 2264  WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning

14:25:55.0515 2264  WLANKEEPER - detected UnsignedFile.Multi.Generic (1)

14:25:55.0562 2264  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll

14:25:55.0640 2264  WmdmPmSN - ok

14:25:55.0687 2264  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll

14:25:55.0750 2264  Wmi - ok

14:25:55.0796 2264  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

14:25:55.0953 2264  WmiAcpi - ok

14:25:55.0984 2264  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe

14:25:56.0171 2264  WmiApSrv - ok

14:25:56.0234 2264  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe

14:25:56.0343 2264  WMPNetworkSvc - ok

14:25:56.0390 2264  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:25:56.0484 2264  WPFFontCache_v0400 - ok

14:25:56.0515 2264  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll

14:25:56.0656 2264  wscsvc - ok

14:25:56.0671 2264  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

14:25:56.0671 2264  Suspicious file (Hidden): C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS. md5: C98B39829C2BBD34E454150633C62C78

14:25:56.0671 2264  WSTCODEC ( HiddenFile.Multi.Generic ) - warning

14:25:56.0671 2264  WSTCODEC - detected HiddenFile.Multi.Generic (1)

14:25:56.0718 2264  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll

14:25:56.0921 2264  wuauserv - ok

14:25:56.0953 2264  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:25:56.0953 2264  Suspicious file (Hidden): C:\WINDOWS\system32\DRIVERS\WudfPf.sys. md5: F15FEAFFFBB3644CCC80C5DA584E6311

14:25:56.0953 2264  WudfPf ( HiddenFile.Multi.Generic ) - warning

14:25:56.0953 2264  WudfPf - detected HiddenFile.Multi.Generic (1)

14:25:56.0968 2264  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:25:56.0968 2264  Suspicious file (Hidden): C:\WINDOWS\system32\DRIVERS\wudfrd.sys. md5: 28B524262BCE6DE1F7EF9F510BA3985B

14:25:56.0968 2264  WudfRd ( HiddenFile.Multi.Generic ) - warning

14:25:56.0968 2264  WudfRd - detected HiddenFile.Multi.Generic (1)

14:25:57.0000 2264  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll

14:25:57.0062 2264  WudfSvc - ok

14:25:57.0109 2264  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll

14:25:57.0343 2264  WZCSVC - ok

14:25:57.0359 2264  Suspicious service (Hidden): xhphfrt

14:25:57.0390 2264  [ 4401B220E960764B186C4EE05B6E4F1D ] xhphfrt         C:\WINDOWS\SYSTEM32\DRIVERS\xhphfrt.sys

14:25:57.0390 2264  Suspicious file (Hidden): C:\WINDOWS\SYSTEM32\DRIVERS\xhphfrt.sys. md5: 4401B220E960764B186C4EE05B6E4F1D

14:25:57.0390 2264  xhphfrt ( HiddenService.Multi.Generic ) - warning

14:25:57.0390 2264  xhphfrt - detected HiddenService.Multi.Generic (1)

14:25:57.0421 2264  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll

14:25:57.0640 2264  xmlprov - ok

14:25:57.0656 2264  ================ Scan global ===============================

14:25:57.0687 2264  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll

14:25:57.0734 2264  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll

14:25:57.0796 2264  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll

14:25:57.0843 2264  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe

14:25:57.0859 2264  [Global] - ok

14:25:57.0859 2264  ================ Scan MBR ==================================

14:25:57.0890 2264  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0

14:25:58.0218 2264  \Device\Harddisk0\DR0 - ok

14:25:58.0218 2264  ================ Scan VBR ==================================

14:25:58.0218 2264  [ F299709F5954AAF4EA945FE92F89A4D7 ] \Device\Harddisk0\DR0\Partition1

14:25:58.0218 2264  \Device\Harddisk0\DR0\Partition1 - ok

14:25:58.0250 2264  [ 1D1CCE3501D5E44D2A0A8878799FB83F ] \Device\Harddisk0\DR0\Partition2

14:25:58.0250 2264  \Device\Harddisk0\DR0\Partition2 - ok

14:25:58.0250 2264  ============================================================

14:25:58.0250 2264  Scan finished

14:25:58.0250 2264  ============================================================

14:25:58.0359 4020  Detected object count: 16

14:25:58.0359 4020  Actual detected object count: 16

14:29:30.0421 4020  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0421 4020  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0421 4020  APL531 ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0421 4020  APL531 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0437 4020  APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0437 4020  APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0437 4020  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0437 4020  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0437 4020  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0437 4020  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0437 4020  gmer ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0437 4020  gmer ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0437 4020  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0437 4020  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0437 4020  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0437 4020  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0453 4020  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0453 4020  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0453 4020  s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0453 4020  s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0453 4020  ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0453 4020  ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0453 4020  WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:30.0453 4020  WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:29:30.0453 4020  WSTCODEC ( HiddenFile.Multi.Generic ) - skipped by user

14:29:30.0453 4020  WSTCODEC ( HiddenFile.Multi.Generic ) - User select action: Skip 

14:29:30.0468 4020  WudfPf ( HiddenFile.Multi.Generic ) - skipped by user

14:29:30.0468 4020  WudfPf ( HiddenFile.Multi.Generic ) - User select action: Skip 

14:29:30.0468 4020  WudfRd ( HiddenFile.Multi.Generic ) - skipped by user

14:29:30.0468 4020  WudfRd ( HiddenFile.Multi.Generic ) - User select action: Skip 

14:29:30.0468 4020  xhphfrt ( HiddenService.Multi.Generic ) - skipped by user

14:29:30.0468 4020  xhphfrt ( HiddenService.Multi.Generic ) - User select action: Skip