Trojaner-Board - GMX Abuse meldet mir Infizierung mit Virus "Zeus"

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.9 (04.22.2013:1)

OS: Microsoft Windows XP x86

Ran by elsaesser on 26.04.2013 at 11:15:46.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1529201136-1576731350-2773778870-1129\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\nctaudiocdgrabber2.dll
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted: [File] C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\mozilla\firefox\profiles\srkvwtv1.default\user.js

Emptied folder: C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\mozilla\firefox\profiles\srkvwtv1.default\minidumps [1 files]
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26.04.2013 at 11:20:26.64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW Cleaner:

Code:

# AdwCleaner v2.202 - Datei am 26/04/2013 um 11:23:47 erstellt

# Aktualisiert am 23/04/2013 von Xplode

# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)

# Benutzer : elsaesser - HP-LABOR-4

# Bootmodus : Normal

# Ausgeführt unter : C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v6.0.2900.2180
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v18.0 (de)
 

Datei : C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\prefs.js
 

[OK] Die Datei ist sauber.
 

Datei : C:\Dokumente und Einstellungen\traxler\Anwendungsdaten\Mozilla\Firefox\Profiles\l4b9jhkl.default\prefs.js
 

[OK] Die Datei ist sauber.
 

Datei : C:\Dokumente und Einstellungen\werkcad\Anwendungsdaten\Mozilla\Firefox\Profiles\p7kft8qd.default\prefs.js
 

[OK] Die Datei ist sauber.
 

Datei : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ioov3c3d.default\prefs.js
 

[OK] Die Datei ist sauber.
 

-\\ Google Chrome v9.0.597.94
 

Datei : C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[S1].txt - [2066 octets] - [26/04/2013 11:23:47]
 

########## EOF - C:\AdwCleaner[S1].txt - [2126 octets] ##########

OTL:

Code:

OTL logfile created on: 26.04.2013 11:31:23 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\elsaesser\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

1.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.98% Memory free

3.84 Gb Paging File | 3.57 Gb Available in Paging File | 92.85% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232.88 Gb Total Space | 200.69 Gb Free Space | 86.18% Space Free | Partition Type: NTFS

Drive P: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive Q: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive R: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive T: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive U: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive V: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive W: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive X: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive Z: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

 

Computer Name: HP-LABOR-4 | User Name: elsaesser | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Norman\Nse\Bin\nsesvc.exe (Norman ASA)

PRC - C:\Programme\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()

PRC - C:\Programme\Norman\Npm\Bin\zlh.exe (Norman ASA)

PRC - C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA)

PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)

PRC - C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA)

PRC - C:\Programme\Norman\Nvc\Bin\nip.exe (Norman ASA)

PRC - C:\Programme\Norman\Nvc\Bin\cclaw.exe (Norman ASA)

PRC - C:\Programme\Norman\Npm\Bin\njeeves.exe ()

PRC - C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)

PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)

PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()

MOD - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()

MOD - C:\Programme\Norman\Npm\Bin\njeeves.exe ()

MOD - C:\Programme\Norman\Nvc\Bin\ndlg.dll ()

MOD - C:\Programme\Norman\Npm\Bin\noemrc.dll ()

MOD - C:\Programme\Norman\Npm\Bin\nqtcore4.dll ()

MOD - C:\Programme\Norman\Npm\Bin\lua.dll ()

MOD - C:\WINDOWS\system32\redmonnt.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (nsesvc) -- C:\Programme\Norman\Nse\Bin\nsesvc.exe (Norman ASA)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()

SRV - (NormanZfr) -- C:\Programme\Norman\Npm\Bin\zfr.exe (Norman ASA)

SRV - (nvcoas) -- C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA)

SRV - (NVOY) -- C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)

SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA)

SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\njeeves.exe ()

SRV - (Scheduler) -- C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)

SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)

SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (msvsmon90) -- C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)

SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (pdfcDispatcher) -- C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (TetaSCDevice) -- C:\WINDOWS\system32\tetascop.SYS File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found

DRV - (Changer) --  File not found

DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)

DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\ndiskio.sys (Norman ASA)

DRV - (nnetsec) -- C:\WINDOWS\system32\drivers\nnetsec.sys (Norman ASA)

DRV - (NNetSecC) -- C:\Programme\Norman\Ngs\Bin\nnetsecc.sys (Norman ASA)

DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)

DRV - (NGS) -- c:\Programme\Norman\Ngs\Bin\ngs.sys (Norman ASA)

DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)

DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (VirtualCom) -- C:\WINDOWS\system32\drivers\glvsp.sys (OEM(CI))

DRV - (npdrv) -- C:\WINDOWS\system32\drivers\npdrv.sys (Moxa Technologies Co., Ltd. )

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)

DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)

DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)

DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)

DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)

DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)

DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)

DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)

DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)

DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)

DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)

DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)

DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)

DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)

DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)

DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)

DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)

DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)

DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)

DRV - (Symmpi) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)

DRV - (SSIPDDP) -- C:\WINDOWS\system32\drivers\SSIPDDP.SYS ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.ch"

FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1

FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0

FF - prefs.js..extensions.enabledAddons: %7B9d1f059c-cada-4111-9696-41a62d64e3ba%7D:0.10.0.3

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.02.01 10:08:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.14 12:32:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.25 08:47:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.02.01 10:08:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2013.02.25 08:47:19 | 000,000,000 | ---D | M]

 

[2010.10.27 08:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Extensions

[2010.10.27 08:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.12.03 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions

[2012.12.03 17:48:46 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}

[2012.10.26 13:30:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2012.11.30 16:31:32 | 000,025,781 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions\add-to-searchbox@maltekraus.de.xpi

[2012.10.26 13:30:47 | 000,021,093 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2008.08.27 08:42:46 | 000,001,660 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\searchplugins\leo-deu-eng.xml

[2012.11.30 16:31:53 | 000,001,330 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Mozilla\Firefox\Profiles\srkvwtv1.default\searchplugins\wikipedia-en.xml

[2013.01.14 12:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.01.14 12:31:59 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2013.02.01 10:07:55 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll

[2013.01.14 12:31:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.01.14 12:31:56 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2013.01.14 12:31:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2013.01.14 12:31:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.01.14 12:31:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.01.14 12:31:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\8.0.552.224\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\8.0.552.224\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\8.0.552.224\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

 

O1 HOSTS File: ([2013.04.25 13:41:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\npm\bin\ZLH.EXE (Norman ASA)

O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129..\Run: [Zoubyd] C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe (InnoTech Co. Ltd.)

O4 - Startup: C:\Dokumente und Einstellungen\Rohner\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1529201136-1576731350-2773778870-1129\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UNITONAG.intra

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64DE5CA8-5EBE-4D7E-9F58-2752C0D78815}: NameServer = 192.168.1.6,0.0.0.0

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 () - 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.13 13:26:36 | 000,001,120 | ---- | M] () - Q:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.01.26 12:27:12 | 000,000,000 | ---D | M] - Z:\AutoCAD -- [ NTFS ]

O32 - AutoRun File - [2007.07.16 11:02:02 | 000,000,000 | ---D | M] - Z:\autosketch -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.26 11:15:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013.04.26 11:14:06 | 000,000,000 | ---D | C] -- C:\JRT

[2013.04.26 11:12:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe

[2013.04.26 11:11:35 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\JRT.exe

[2013.04.26 10:21:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013.04.26 10:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WINDOWS

[2013.04.26 10:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp

[2013.04.26 10:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\images

[2013.04.26 10:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\html

[2013.04.25 13:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2013.04.25 13:33:26 | 000,000,000 | ---D | C] -- C:\cmdcons

[2013.04.25 13:18:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.04.25 13:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013.04.24 08:05:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2013.04.24 08:05:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2013.04.22 15:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\elsaesser\Desktop\DMAX Soft Version 2.16 Beta 2

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.26 11:31:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013.04.26 11:29:02 | 000,018,642 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI

[2013.04.26 11:27:29 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job

[2013.04.26 11:27:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job

[2013.04.26 11:27:10 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job

[2013.04.26 11:27:07 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013.04.26 11:27:05 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_elsaesser.job

[2013.04.26 11:26:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.04.26 11:26:00 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.26 11:12:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe

[2013.04.26 11:12:29 | 000,619,461 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe

[2013.04.26 11:11:36 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\JRT.exe

[2013.04.26 11:09:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.04.26 09:51:50 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\sysdata.xml

[2013.04.26 09:30:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.04.26 08:41:51 | 000,500,102 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.04.26 08:41:51 | 000,482,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.04.26 08:41:51 | 000,086,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.04.26 08:41:50 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.04.25 13:41:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013.04.24 10:10:00 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\defogger_reenable

[2013.04.22 18:11:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_elsaesser.job

[2013.04.22 18:09:02 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_elsaesser.job

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.26 11:12:29 | 000,619,461 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe

[2013.04.26 10:24:46 | 2138,365,952 | -HS- | C] () -- C:\hiberfil.sys

[2013.04.26 09:51:50 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\sysdata.xml

[2013.04.25 13:33:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013.04.25 13:33:29 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2013.04.24 10:10:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\defogger_reenable

[2013.04.22 18:09:01 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_elsaesser.job

[2013.04.22 18:09:01 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_elsaesser.job

[2013.04.22 18:09:00 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_elsaesser.job

[2013.04.22 15:24:58 | 045,407,693 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\DMAX Soft Version 2.16 Beta 2.zip

[2011.09.14 16:45:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI

[2011.06.24 14:03:34 | 000,002,164 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\.recently-used.xbel

[2011.05.12 16:12:19 | 000,000,236 | ---- | C] () -- C:\WINDOWS\DsmDwnld.INI

[2011.05.12 16:08:48 | 000,000,063 | ---- | C] () -- C:\WINDOWS\DSMProgrammer.INI

[2011.05.12 13:20:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\C63.INI

[2009.02.26 17:01:58 | 000,019,938 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\MPS Icon 24x24 bis 128x128#.2009_02_26_16_01_58.1

[2009.02.26 17:01:58 | 000,014,466 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Neues Dokument 1.2009_02_26_16_01_58.0

[2009.01.21 18:29:48 | 000,191,440 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2008.12.17 09:47:30 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.11 10:07:20 | 000,179,545 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\debuggee.mdmp

[2008.05.08 09:28:27 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2008.05.06 07:59:33 | 000,002,412 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

 
 ========== ZeroAccess Check ==========

 

[2008.05.05 01:37:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2006.02.28 14:00:00 | 001,492,480 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004.08.04 09:57:20 | 000,472,064 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 09:57:38 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

Code:

OTL Extras logfile created on: 26.04.2013 11:31:24 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\elsaesser\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

1.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.98% Memory free

3.84 Gb Paging File | 3.57 Gb Available in Paging File | 92.85% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232.88 Gb Total Space | 200.69 Gb Free Space | 86.18% Space Free | Partition Type: NTFS

Drive P: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive Q: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive R: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive T: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive U: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive V: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive W: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive X: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

Drive Z: | 273.45 Gb Total Space | 97.61 Gb Free Space | 35.70% Space Free | Partition Type: NTFS

 

Computer Name: HP-LABOR-4 | User Name: elsaesser | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.ini [@ = UltraEdit.ini] -- C:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

.txt [@ = UltraEdit.txt] -- C:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

 

[HKEY_USERS\S-1-5-21-1529201136-1576731350-2773778870-1129\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programme\mcuez\prog\motpm.exe" = C:\Programme\mcuez\prog\motpm.exe:*:Enabled:motpm

"C:\Programme\mcuez\prog\mcuez.exe" = C:\Programme\mcuez\prog\mcuez.exe:*:Enabled:MCUez EXE -- (Motorola)

"C:\Programme\mcuez\prog\Launcher.exe" = C:\Programme\mcuez\prog\Launcher.exe:*:Enabled:Launcher

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio Data Module

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)

"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus

"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)

"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01

"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B92A11C-F48F-430A-AB8D-3F7CA80669CD}" = SDMSSplash

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003

"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008

"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{860CEC95-75B3-461F-B0C6-0BD96B0C4A14}" = PMD Software Suite

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{8BD1F2E9-AE66-4E1B-8B09-BECFF831C905}" = Norman Endpoint Protection

"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime

"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007

"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone

"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3

"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio Audio Module

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B02F7022-0267-4D7E-94AE-E57A99162E77}" = MPS Tools

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio Copy Module

"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools

"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU

"{B461FE96-6E19-44E6-A621-938493D9AF35}" = MPS Software Suite

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C152E341-135F-4F23-BF0C-D593C04A7D18}" = PMD Tools

"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English

"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF787A9E-CFB5-42A0-A490-2C169DB7C1F5}" = SigmaStudio 3.0

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer

"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client

"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs

"{FEF07CF4-5834-4AF1-9DEA-9EE94B53C6EB}" = PhotoS

"7-Zip" = 7-Zip 4.62

"Ad-Aware" = Ad-Aware

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AutoSketch v5.0" = AutoSketch

"BC2_is1" = Beyond Compare Version 2.5.3

"Cool Edit 2000" = Cool Edit 2000

"Cool Edit 96" = Cool Edit 96

"CW6812BDeinstKey" = IAR 68HC12 C-SPY BDM-Debugger

"Diagram Designer" = Diagram Designer

"DMAX Software Suite" = DMAX Software Suite

"DMAX Tools" = DMAX Tools

"EW6812DeinstKey" = IAR 6812 Embedded Workbench

"Fotosizer" = Fotosizer 1.18

"FotoSketcher_is1" = FotoSketcher - Version 1.6

"FreePDF_XP" = FreePDF (Remove only)

"FT_INF" = FT_INF

"FuH_Docklight_V1_7_is1" = Docklight V1.7

"GPL Ghostscript 8.70" = GPL Ghostscript 8.70

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HelpNDoc_is1" = HelpNDoc 2.6.0.74 Standard Edition

"HTML Help Workshop" = HTML Help Workshop

"IconWorkshop" = Axialis IconWorkshop 6.31

"Inkscape" = Inkscape 0.48.0

"Install Creator Pro" = Install Creator Pro

"Install Maker Pro" = Install Maker Pro

"IrfanView" = IrfanView (remove only)

"Lexmark Printer Software Uninstall" = Lexmark Drucker-Software deinstallieren

"MCUez for  HC12 Development Tools" = MCUez for HC12 Development Tools

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a

"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime

"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU

"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)

"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MProg 3.0a" = MProg 3.0a

"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU

"NetMos Technology" = NetMos Multi-IO Controller

"NPort Administration Suite_is1" = NPort Administration Suite Ver1.10

"Office8.0" = Microsoft Office 97, Professional Edition

"Orcad Family Release 9.2 Standalone" = Orcad Family Release 9.2 Standalone

"PDF Complete" = PDF Complete

"Photo To Sketch_is1" = Photo To Sketch 3.51

"PhotoFiltre" = PhotoFiltre

"PMPSoft" = PMPSoft

"PrintKey2000" = PrintKey2000

"Professional Screen Saver Producer" = Axialis Professional Screen Saver Producer 3.6

"PSPad editor_is1" = PSPad editor

"Rainbow Sentinel Driver" = Sentinel System Driver

"RealPlayer 16.0" = RealPlayer

"Realterm" = Realterm 2.0.0.43

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"SLSSoft" = SLSSoft

"Unlocker" = Unlocker 1.8.5

"Visual C++ 6.0 Professional Edition" = Microsoft Visual C++ 6.0 Professional Edition

"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English

"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime

"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component

"VLC media player" = VLC media player 1.1.0

"WIC" = Windows Imaging Component

"WinGimp-2.0_is1" = GIMP 2.6.11

"Winmail Opener" = Winmail Opener 1.4

"WinPcapInst" = WinPcap 4.0.2

"Wireshark" = Wireshark 0.99.7

"XnView_is1" = XnView 1.94.2

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1529201136-1576731350-2773778870-1129\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DMAX Adjust" = DMAX Adjust

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 29.05.2009 07:28:03 | Computer Name = HP-LABOR-4 | Source = .NET Runtime | ID = 1023

Description = .NET Runtime version 2.0.50727.3053 - Schwerwiegender Fehler im Ausführungsmodul

 (7A2E0F92) (0).

 

Error - 11.06.2009 07:01:49 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung cspy.exe, Version 2.0.0.17, fehlgeschlagenes

 Modul b6812.cdr, Version 2.1.0.2, Fehleradresse 0x00015546.

 

Error - 03.07.2009 03:15:33 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung dmax sound.exe, Version 1.0.0.1, fehlgeschlagenes

 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000064.

 

Error - 08.07.2009 02:19:08 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes

 Modul ntdll.dll, Version 5.1.2600.2180, Fehleradresse 0x00064ed1.

 

Error - 10.07.2009 04:18:27 | Computer Name = HP-LABOR-4 | Source = .NET Runtime | ID = 1023

Description = .NET Runtime version 2.0.50727.3053 - Schwerwiegender Fehler im Ausführungsmodul

 (7A097706) (80131506).

 

Error - 10.07.2009 04:18:43 | Computer Name = HP-LABOR-4 | Source = Microsoft Visual Studio | ID = 1000

Description = Faulting application devenv.exe, version 9.0.30729.1, stamp 488f2b50,

 faulting module mscordbi.dll, version 2.0.50727.3053, stamp 4889dc56, debug? 0,

 fault address 0x000024f8.

 

Error - 10.07.2009 04:20:37 | Computer Name = HP-LABOR-4 | Source = .NET Runtime | ID = 1023

Description = .NET Runtime version 2.0.50727.3053 - Schwerwiegender Fehler im Ausführungsmodul

 (7A097706) (80131506).

 

Error - 17.07.2009 09:05:02 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung dsm.exe, Version 1.0.0.1, fehlgeschlagenes

 Modul dsm.exe, Version 1.0.0.1, Fehleradresse 0x00018c55.

 

Error - 29.07.2009 03:08:26 | Computer Name = HP-LABOR-4 | Source = .NET Runtime | ID = 1023

Description = .NET Runtime version 2.0.50727.3053 - Schwerwiegender Fehler im Ausführungsmodul

 (7A2E0F92) (0).

 

Error - 30.07.2009 06:51:25 | Computer Name = HP-LABOR-4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.0.3372, fehlgeschlagenes

 Modul npswf32.dll, Version 9.0.124.0, Fehleradresse 0x0022b773.

 

[ System Events ]

Error - 16.04.2037 08:02:36 | Computer Name = HP-LABOR-4 | Source = NETLOGON | ID = 3224

Description = Das Ändern des Kennworts für das Computerkonto HP-LABOR-4$ ist fehlgeschlagen.

Folgender

 Fehler ist aufgetreten:   %%8206

 

 

< End of report >

aswMBR

Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software

Run date: 2013-04-26 16:27:00

-----------------------------

16:27:00.312    OS Version: Windows 5.1.2600 Service Pack 2

16:27:00.312    Number of processors: 2 586 0xF02

16:27:00.312    ComputerName: HP-LABOR-4  UserName: elsaesser

16:27:00.953    Initialize success

16:31:17.546    AVAST engine defs: 13042600

16:31:41.140    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

16:31:41.140    Disk 0 Vendor: ST3250310AS 3.AHB Size: 238475MB BusType: 3

16:31:41.375    Disk 0 MBR read successfully

16:31:41.375    Disk 0 MBR scan

16:31:41.390    Disk 0 Windows XP default MBR code

16:31:41.390    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238464 MB offset 63

16:31:41.406    Disk 0 scanning sectors +488376000

16:31:41.656    Disk 0 scanning C:\WINDOWS\system32\drivers

16:32:00.687    Service scanning

16:32:39.625    Modules scanning

16:32:45.015    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**

16:32:46.703    Disk 0 trace - called modules:

16:32:46.718    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 

16:32:47.218    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89da2ab8]

16:32:47.218    3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\00000067[0x89dc7f18]

16:32:47.218    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89dc6d98]

16:32:47.718    AVAST engine scan C:\WINDOWS

16:32:56.734    AVAST engine scan C:\WINDOWS\system32

16:38:27.093    AVAST engine scan C:\WINDOWS\system32\drivers

16:39:09.703    AVAST engine scan C:\Dokumente und Einstellungen\elsaesser

16:39:37.218    File: C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe  **INFECTED** Win32:Malware-gen

16:49:47.359    AVAST engine scan C:\Dokumente und Einstellungen\All Users

16:50:41.593    Scan finished successfully

16:51:07.234    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\elsaesser\Desktop\MBR.dat"

16:51:07.234    The log file has been saved successfully to "C:\Dokumente und Einstellungen\elsaesser\Desktop\aswMBR.txt"

TDSS-Killer:

Code:

16:51:51.0687 2792  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

16:51:52.0093 2792  ============================================================

16:51:52.0093 2792  Current date / time: 2013/04/26 16:51:52.0093

16:51:52.0093 2792  SystemInfo:

16:51:52.0093 2792  

16:51:52.0093 2792  OS Version: 5.1.2600 ServicePack: 2.0

16:51:52.0093 2792  Product type: Workstation

16:51:52.0093 2792  ComputerName: HP-LABOR-4

16:51:52.0093 2792  UserName: elsaesser

16:51:52.0093 2792  Windows directory: C:\WINDOWS

16:51:52.0093 2792  System windows directory: C:\WINDOWS

16:51:52.0093 2792  Processor architecture: Intel x86

16:51:52.0093 2792  Number of processors: 2

16:51:52.0093 2792  Page size: 0x1000

16:51:52.0093 2792  Boot type: Normal boot

16:51:52.0093 2792  ============================================================

16:51:54.0250 2792  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

16:51:54.0250 2792  ============================================================

16:51:54.0250 2792  \Device\Harddisk0\DR0:

16:51:54.0250 2792  MBR partitions:

16:51:54.0250 2792  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681

16:51:54.0250 2792  ============================================================

16:51:54.0281 2792  C: <-> \Device\Harddisk0\DR0\Partition1

16:51:54.0281 2792  ============================================================

16:51:54.0281 2792  Initialize success

16:51:54.0281 2792  ============================================================

16:52:19.0437 2200  ============================================================

16:52:19.0437 2200  Scan started

16:52:19.0437 2200  Mode: Manual; SigCheck; TDLFS; 

16:52:19.0437 2200  ============================================================

16:52:19.0953 2200  ================ Scan system memory ========================

16:52:20.0906 2200  System memory - ok

16:52:20.0906 2200  ================ Scan services =============================

16:52:21.0031 2200  Abiosdsk - ok

16:52:21.0031 2200  abp480n5 - ok

16:52:21.0062 2200  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys

16:52:21.0640 2200  ac97intc - ok

16:52:21.0671 2200  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:52:21.0812 2200  ACPI - ok

16:52:21.0828 2200  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys

16:52:22.0000 2200  ACPIEC - ok

16:52:22.0109 2200  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:52:22.0281 2200  AdobeFlashPlayerUpdateSvc - ok

16:52:22.0281 2200  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys

16:52:22.0406 2200  adpu160m - ok

16:52:22.0421 2200  [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320         C:\WINDOWS\system32\DRIVERS\adpu320.sys

16:52:22.0468 2200  adpu320 ( UnsignedFile.Multi.Generic ) - warning

16:52:22.0468 2200  adpu320 - detected UnsignedFile.Multi.Generic (1)

16:52:22.0500 2200  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\WINDOWS\system32\drivers\aec.sys

16:52:22.0656 2200  aec - ok

16:52:22.0671 2200  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD             C:\WINDOWS\System32\drivers\afd.sys

16:52:22.0859 2200  AFD - ok

16:52:22.0859 2200  Aha154x - ok

16:52:22.0859 2200  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys

16:52:23.0000 2200  aic78u2 - ok

16:52:23.0000 2200  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys

16:52:23.0109 2200  aic78xx - ok

16:52:23.0156 2200  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         C:\WINDOWS\system32\alrsvc.dll

16:52:23.0265 2200  Alerter - ok

16:52:23.0296 2200  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             C:\WINDOWS\System32\alg.exe

16:52:23.0453 2200  ALG - ok

16:52:23.0453 2200  AliIde - ok

16:52:23.0453 2200  amsint - ok

16:52:23.0484 2200  [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll

16:52:23.0578 2200  AppMgmt - ok

16:52:23.0578 2200  asc - ok

16:52:23.0578 2200  asc3350p - ok

16:52:23.0593 2200  asc3550 - ok

16:52:23.0718 2200  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

16:52:23.0828 2200  aspnet_state - ok

16:52:23.0859 2200  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:52:23.0984 2200  AsyncMac - ok

16:52:24.0031 2200  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys

16:52:24.0109 2200  atapi - ok

16:52:24.0109 2200  Atdisk - ok

16:52:24.0109 2200  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:52:24.0265 2200  Atmarpc - ok

16:52:24.0312 2200  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll

16:52:24.0406 2200  AudioSrv - ok

16:52:24.0421 2200  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys

16:52:24.0562 2200  audstub - ok

16:52:24.0609 2200  [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys

16:52:24.0671 2200  b57w2k ( UnsignedFile.Multi.Generic ) - warning

16:52:24.0671 2200  b57w2k - detected UnsignedFile.Multi.Generic (1)

16:52:24.0687 2200  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys

16:52:24.0812 2200  Beep - ok

16:52:24.0859 2200  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll

16:52:25.0015 2200  BITS - ok

16:52:25.0062 2200  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         C:\WINDOWS\System32\browser.dll

16:52:25.0171 2200  Browser - ok

16:52:25.0218 2200  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys

16:52:25.0328 2200  cbidf2k - ok

16:52:25.0328 2200  cd20xrnt - ok

16:52:25.0359 2200  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys

16:52:25.0500 2200  Cdaudio - ok

16:52:25.0515 2200  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys

16:52:25.0671 2200  Cdfs - ok

16:52:25.0703 2200  [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:52:25.0781 2200  Cdrom - ok

16:52:25.0796 2200  Changer - ok

16:52:25.0812 2200  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           C:\WINDOWS\system32\cisvc.exe

16:52:25.0984 2200  CiSvc - ok

16:52:26.0015 2200  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe

16:52:26.0140 2200  ClipSrv - ok

16:52:26.0156 2200  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:52:26.0296 2200  clr_optimization_v2.0.50727_32 - ok

16:52:26.0296 2200  CmdIde - ok

16:52:26.0296 2200  COMSysApp - ok

16:52:26.0312 2200  Cpqarray - ok

16:52:26.0343 2200  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll

16:52:26.0468 2200  CryptSvc - ok

16:52:26.0484 2200  dac2w2k - ok

16:52:26.0484 2200  dac960nt - ok

16:52:26.0531 2200  [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll

16:52:26.0656 2200  DcomLaunch - ok

16:52:26.0703 2200  [ 81CDBF47D6FF9CF08672A0C877CE38C8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll

16:52:26.0796 2200  Dhcp - ok

16:52:26.0828 2200  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys

16:52:26.0968 2200  Disk - ok

16:52:27.0031 2200  [ 5A29679449029A82DF994B862B7D0DE0 ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS

16:52:27.0093 2200  DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

16:52:27.0093 2200  DLABOIOM - detected UnsignedFile.Multi.Generic (1)

16:52:27.0093 2200  [ 7581407A6A3C56860AE31E6E423FE824 ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

16:52:27.0156 2200  DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

16:52:27.0156 2200  DLACDBHM - detected UnsignedFile.Multi.Generic (1)

16:52:27.0171 2200  [ A5DC84AEB8FBEEFE4C984B8755718B95 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS

16:52:27.0265 2200  DLADResN ( UnsignedFile.Multi.Generic ) - warning

16:52:27.0265 2200  DLADResN - detected UnsignedFile.Multi.Generic (1)

16:52:27.0265 2200  [ 29E86B3DBCC0CCF2DCC12191BA17EB2B ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

16:52:27.0375 2200  DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

16:52:27.0375 2200  DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

16:52:27.0375 2200  [ 3D3CA499291FAB9966198C2C1CA7043F ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

16:52:27.0453 2200  DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

16:52:27.0453 2200  DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

16:52:27.0453 2200  [ CE8032966E6C15EF980C7CD0810ED5D0 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS

16:52:27.0531 2200  DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

16:52:27.0531 2200  DLAPoolM - detected UnsignedFile.Multi.Generic (1)

16:52:27.0562 2200  [ 693DFD92D41A3D270053CD97834E4960 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

16:52:27.0640 2200  DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

16:52:27.0640 2200  DLARTL_N - detected UnsignedFile.Multi.Generic (1)

16:52:27.0656 2200  [ E79432D1BF255854A0006FBA9682473A ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

16:52:27.0734 2200  DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

16:52:27.0734 2200  DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

16:52:27.0750 2200  [ 095F713890FC229FA0C70DFFD04FFCC3 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

16:52:27.0843 2200  DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

16:52:27.0843 2200  DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

16:52:27.0843 2200  dmadmin - ok

16:52:27.0890 2200  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys

16:52:28.0140 2200  dmboot - ok

16:52:28.0171 2200  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys

16:52:28.0343 2200  dmio - ok

16:52:28.0343 2200  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys

16:52:28.0468 2200  dmload - ok

16:52:28.0484 2200  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll

16:52:28.0578 2200  dmserver - ok

16:52:28.0593 2200  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys

16:52:28.0718 2200  DMusic - ok

16:52:28.0718 2200  [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll

16:52:28.0859 2200  Dnscache - ok

16:52:28.0875 2200  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys

16:52:28.0984 2200  dpti2o - ok

16:52:28.0984 2200  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys

16:52:29.0140 2200  drmkaud - ok

16:52:29.0156 2200  [ D626B0037E3585C12520F1E5CD67DFDE ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

16:52:29.0234 2200  DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

16:52:29.0234 2200  DRVMCDB - detected UnsignedFile.Multi.Generic (1)

16:52:29.0234 2200  [ 2AEEE1600D0F14BA535F90A1F4411B54 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

16:52:29.0296 2200  DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

16:52:29.0296 2200  DRVNDDM - detected UnsignedFile.Multi.Generic (1)

16:52:29.0312 2200  [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys

16:52:29.0453 2200  E100B - ok

16:52:29.0640 2200  [ 47E646AFBF2CBC2E64844A8AC34C725D ] eLoggerSvc6     C:\Programme\Norman\Npm\Bin\Elogsvc.exe

16:52:29.0718 2200  eLoggerSvc6 - ok

16:52:29.0750 2200  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           C:\WINDOWS\System32\ersvc.dll

16:52:29.0859 2200  ERSvc - ok

16:52:29.0906 2200  [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog        C:\WINDOWS\system32\services.exe

16:52:30.0125 2200  Eventlog - ok

16:52:30.0156 2200  [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem     C:\WINDOWS\system32\es.dll

16:52:30.0312 2200  EventSystem - ok

16:52:30.0359 2200  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys

16:52:30.0906 2200  Fastfat - ok

16:52:30.0953 2200  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

16:52:31.0078 2200  FastUserSwitchingCompatibility - ok

16:52:31.0093 2200  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys

16:52:31.0234 2200  Fdc - ok

16:52:31.0281 2200  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys

16:52:31.0406 2200  Fips - ok

16:52:31.0437 2200  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys

16:52:31.0593 2200  Flpydisk - ok

16:52:31.0640 2200  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys

16:52:31.0734 2200  FltMgr - ok

16:52:31.0812 2200  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

16:52:31.0843 2200  FontCache3.0.0.0 - ok

16:52:31.0843 2200  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:52:31.0968 2200  Fs_Rec - ok

16:52:31.0968 2200  FTD2XX - ok

16:52:32.0000 2200  [ F443589225D1BE41F686ED736926CA64 ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys

16:52:32.0078 2200  FTDIBUS - ok

16:52:32.0109 2200  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:52:32.0281 2200  Ftdisk - ok

16:52:32.0312 2200  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:52:32.0468 2200  Gpc - ok

16:52:32.0562 2200  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe

16:52:32.0578 2200  gupdate - ok

16:52:32.0578 2200  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe

16:52:32.0593 2200  gupdatem - ok

16:52:32.0625 2200  [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys

16:52:32.0703 2200  HdAudAddService - ok

16:52:32.0734 2200  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:52:32.0859 2200  HDAudBus - ok

16:52:32.0953 2200  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:52:33.0093 2200  helpsvc - ok

16:52:33.0093 2200  HidServ - ok

16:52:33.0109 2200  hpn - ok

16:52:33.0156 2200  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys

16:52:33.0375 2200  HTTP - ok

16:52:33.0390 2200  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll

16:52:33.0500 2200  HTTPFilter - ok

16:52:33.0500 2200  i2omgmt - ok

16:52:33.0500 2200  i2omp - ok

16:52:33.0515 2200  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:52:33.0671 2200  i8042prt - ok

16:52:33.0687 2200  [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x            C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

16:52:33.0828 2200  i81x - ok

16:52:33.0875 2200  [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0         C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

16:52:34.0015 2200  iAimFP0 - ok

16:52:34.0015 2200  [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1         C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

16:52:34.0156 2200  iAimFP1 - ok

16:52:34.0156 2200  [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2         C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

16:52:34.0296 2200  iAimFP2 - ok

16:52:34.0296 2200  [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3         C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

16:52:34.0421 2200  iAimFP3 - ok

16:52:34.0437 2200  [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4         C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

16:52:34.0562 2200  iAimFP4 - ok

16:52:34.0562 2200  [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5         C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

16:52:34.0703 2200  iAimFP5 - ok

16:52:34.0703 2200  [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6         C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

16:52:34.0828 2200  iAimFP6 - ok

16:52:34.0828 2200  [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7         C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

16:52:34.0968 2200  iAimFP7 - ok

16:52:34.0968 2200  [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0         C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

16:52:35.0125 2200  iAimTV0 - ok

16:52:35.0125 2200  [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1         C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

16:52:35.0250 2200  iAimTV1 - ok

16:52:35.0265 2200  [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3         C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

16:52:35.0375 2200  iAimTV3 - ok

16:52:35.0375 2200  [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4         C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

16:52:35.0515 2200  iAimTV4 - ok

16:52:35.0546 2200  [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5         C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

16:52:35.0671 2200  iAimTV5 - ok

16:52:35.0687 2200  [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6         C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

16:52:35.0796 2200  iAimTV6 - ok

16:52:35.0859 2200  [ 0674CE8AE167D830B871A99C677C5C59 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

16:52:36.0015 2200  ialm - ok

16:52:36.0093 2200  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:52:36.0265 2200  idsvc - ok

16:52:36.0296 2200  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys

16:52:36.0421 2200  Imapi - ok

16:52:36.0468 2200  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe

16:52:36.0671 2200  ImapiService - ok

16:52:36.0687 2200  ini910u - ok

16:52:36.0812 2200  [ 418FE3A08346CCCA61BC9A04457F46CF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

16:52:37.0671 2200  IntcAzAudAddService - ok

16:52:37.0687 2200  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys

16:52:37.0843 2200  IntelIde - ok

16:52:37.0859 2200  [ C1C2CC1DA79C5EE10457EF0A3B8568C7 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:52:37.0984 2200  intelppm - ok

16:52:37.0984 2200  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

16:52:38.0109 2200  Ip6Fw - ok

16:52:38.0109 2200  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:52:38.0234 2200  IpFilterDriver - ok

16:52:38.0250 2200  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:52:38.0390 2200  IpInIp - ok

16:52:38.0406 2200  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:52:38.0578 2200  IpNat - ok

16:52:38.0593 2200  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:52:38.0734 2200  IPSec - ok

16:52:38.0734 2200  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys

16:52:38.0828 2200  IRENUM - ok

16:52:38.0859 2200  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:52:39.0000 2200  isapnp - ok

16:52:39.0109 2200  [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe

16:52:39.0234 2200  JavaQuickStarterService - ok

16:52:39.0265 2200  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:52:39.0406 2200  Kbdclass - ok

16:52:39.0421 2200  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys

16:52:39.0593 2200  kmixer - ok

16:52:39.0609 2200  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys

16:52:39.0703 2200  KSecDD - ok

16:52:39.0750 2200  [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

16:52:39.0843 2200  lanmanworkstation - ok

16:52:39.0984 2200  [ 656B09EE2900B00B5D9874DA513A9ED3 ] Lavasoft Ad-Aware Service C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

16:52:40.0406 2200  Lavasoft Ad-Aware Service - ok

16:52:40.0437 2200  [ 0BD6D3F477DF86420DE942A741DABE37 ] Lavasoft Kernexplorer C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys

16:52:40.0546 2200  Lavasoft Kernexplorer - ok

16:52:40.0593 2200  [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd             C:\WINDOWS\system32\DRIVERS\Lbd.sys

16:52:40.0671 2200  Lbd - ok

16:52:40.0671 2200  lbrtfdc - ok

16:52:40.0734 2200  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll

16:52:40.0828 2200  LmHosts - ok

16:52:40.0984 2200  [ A9D1A5A0E8224FDE018DF5AFE93845D1 ] MDM             C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

16:52:41.0171 2200  MDM ( UnsignedFile.Multi.Generic ) - warning

16:52:41.0171 2200  MDM - detected UnsignedFile.Multi.Generic (1)

16:52:41.0203 2200  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       C:\WINDOWS\System32\msgsvc.dll

16:52:41.0343 2200  Messenger - ok

16:52:41.0359 2200  [ 729D83E56C29C510258A6E9E79FFDDC3 ] mf              C:\WINDOWS\system32\DRIVERS\mf.sys

16:52:41.0562 2200  mf - ok

16:52:41.0593 2200  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys

16:52:41.0687 2200  mnmdd - ok

16:52:41.0734 2200  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe

16:52:41.0937 2200  mnmsrvc - ok

16:52:42.0000 2200  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys

16:52:42.0140 2200  Modem - ok

16:52:42.0156 2200  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:52:42.0296 2200  Mouclass - ok

16:52:42.0312 2200  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys

16:52:42.0453 2200  MountMgr - ok

16:52:42.0500 2200  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

16:52:42.0640 2200  MozillaMaintenance - ok

16:52:42.0640 2200  mraid35x - ok

16:52:42.0656 2200  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:52:42.0843 2200  MRxDAV - ok

16:52:42.0875 2200  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:52:43.0140 2200  MRxSmb - ok

16:52:43.0171 2200  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           C:\WINDOWS\system32\msdtc.exe

16:52:43.0296 2200  MSDTC - ok

16:52:43.0312 2200  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys

16:52:43.0437 2200  Msfs - ok

16:52:43.0453 2200  MSIServer - ok

16:52:43.0453 2200  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:52:43.0578 2200  MSKSSRV - ok

16:52:43.0578 2200  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:52:43.0718 2200  MSPCLOCK - ok

16:52:43.0718 2200  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys

16:52:43.0843 2200  MSPQM - ok

16:52:43.0890 2200  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:52:44.0000 2200  mssmbios - ok

16:52:44.0093 2200  MSSQL$SQLEXPRESS - ok

16:52:44.0140 2200  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe

16:52:44.0234 2200  MSSQLServerADHelper - ok

16:52:44.0484 2200  [ 70E994D23895DF6B1EE1E70145299FCF ] msvsmon90       C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe

16:52:44.0906 2200  msvsmon90 - ok

16:52:44.0921 2200  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys

16:52:45.0078 2200  Mup - ok

16:52:45.0093 2200  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys

16:52:45.0281 2200  NDIS - ok

16:52:45.0359 2200  [ 725123F7AEBFEF717E3F26B25B149D7A ] Ndiskio         C:\Programme\Norman\Nse\Bin\NDISKIO.SYS

16:52:45.0437 2200  Ndiskio - ok

16:52:45.0453 2200  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:52:45.0593 2200  NdisTapi - ok

16:52:45.0625 2200  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:52:45.0765 2200  Ndisuio - ok

16:52:45.0781 2200  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:52:45.0968 2200  NdisWan - ok

16:52:46.0000 2200  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys

16:52:46.0125 2200  NDProxy - ok

16:52:46.0171 2200  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

16:52:46.0234 2200  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

16:52:46.0234 2200  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

16:52:46.0250 2200  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys

16:52:46.0390 2200  NetBIOS - ok

16:52:46.0453 2200  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys

16:52:46.0609 2200  NetBT - ok

16:52:46.0656 2200  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe

16:52:46.0843 2200  NetDDE - ok

16:52:46.0859 2200  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe

16:52:46.0921 2200  NetDDEdsdm - ok

16:52:46.0937 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe

16:52:47.0078 2200  Netlogon - ok

16:52:47.0109 2200  [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman          C:\WINDOWS\System32\netman.dll

16:52:47.0218 2200  Netman - ok

16:52:47.0281 2200  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:52:47.0750 2200  NetTcpPortSharing - ok

16:52:47.0828 2200  [ F01863FB9B02EDD0D457B406926070E5 ] NGS             c:\programme\norman\ngs\bin\ngs.sys

16:52:47.0906 2200  NGS - ok

16:52:47.0953 2200  [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla             C:\WINDOWS\System32\mswsock.dll

16:52:48.0046 2200  Nla - ok

16:52:48.0046 2200  [ 60CF8C7192B3614F240838DDBAA4A245 ] nm              C:\WINDOWS\system32\DRIVERS\NMnt.sys

16:52:48.0187 2200  nm - ok

16:52:48.0218 2200  [ DB1F8037073175014C119749F8AB7E08 ] nnetsec         C:\WINDOWS\system32\DRIVERS\nnetsec.sys

16:52:48.0296 2200  nnetsec - ok

16:52:48.0312 2200  [ 9F49380E683B14D6FFA16B4C251EA175 ] NNetSecC        C:\Programme\Norman\ngs\bin\nnetsecc.sys

16:52:48.0390 2200  NNetSecC - ok

16:52:48.0406 2200  [ 20F65E9205FFFD2F8579E0F8CE38B68F ] Norman NJeeves  C:\Programme\Norman\Npm\Bin\Njeeves.exe

16:52:48.0515 2200  Norman NJeeves - ok

16:52:48.0531 2200  [ DD3E6F98B73AAD03FAE0653CD5A92649 ] Norman ZANDA    C:\Programme\Norman\Npm\Bin\Zanda.exe

16:52:48.0703 2200  Norman ZANDA - ok

16:52:48.0750 2200  [ 2374F930C03FFE663662D04C2A3E0087 ] NormanZfr       C:\Programme\Norman\Npm\Bin\zfr.exe

16:52:48.0890 2200  NormanZfr ( UnsignedFile.Multi.Generic ) - warning

16:52:48.0890 2200  NormanZfr - detected UnsignedFile.Multi.Generic (1)

16:52:48.0937 2200  [ E1ACB2CDA08CA2E780CB4CF115E2A542 ] npdrv           C:\WINDOWS\system32\drivers\npdrv.sys

16:52:49.0015 2200  npdrv ( UnsignedFile.Multi.Generic ) - warning

16:52:49.0015 2200  npdrv - detected UnsignedFile.Multi.Generic (1)

16:52:49.0062 2200  [ 6623E51595C0076755C29C00846C4EB2 ] NPF             C:\WINDOWS\system32\drivers\npf.sys

16:52:49.0125 2200  NPF - ok

16:52:49.0171 2200  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys

16:52:49.0312 2200  Npfs - ok

16:52:49.0359 2200  [ 8894FD9B82F771B27D27191E91374311 ] nsesvc          C:\Programme\Norman\Nse\Bin\NSESVC.EXE

16:52:49.0484 2200  nsesvc - ok

16:52:49.0515 2200  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys

16:52:49.0734 2200  Ntfs - ok

16:52:49.0765 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe

16:52:49.0828 2200  NtLmSsp - ok

16:52:49.0859 2200  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll

16:52:50.0031 2200  NtmsSvc - ok

16:52:50.0046 2200  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys

16:52:50.0156 2200  Null - ok

16:52:50.0203 2200  [ 1D6B84EA4246B1DC99FCA50DA5191890 ] NvcMFlt         C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys

16:52:50.0265 2200  NvcMFlt - ok

16:52:50.0359 2200  [ 9F39E950A7BE358DC8FEF8EA4F80F935 ] nvcoas          C:\Programme\Norman\Nvc\Bin\nvcoas.exe

16:52:50.0515 2200  nvcoas - ok

16:52:50.0531 2200  [ 19CA1D927EB4D9C88D20E27845EFF07B ] NVOY            C:\Programme\Norman\npm\bin\nvoy.exe

16:52:50.0656 2200  NVOY - ok

16:52:50.0671 2200  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:52:50.0843 2200  NwlnkFlt - ok

16:52:50.0875 2200  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:52:51.0093 2200  NwlnkFwd - ok

16:52:51.0125 2200  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

16:52:51.0296 2200  ose - ok

16:52:51.0312 2200  [ 118C1004E38FDDB5F832A182E6EF6F40 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys

16:52:51.0468 2200  P3 - ok

16:52:51.0484 2200  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys

16:52:51.0656 2200  Parport - ok

16:52:51.0687 2200  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys

16:52:51.0828 2200  PartMgr - ok

16:52:51.0843 2200  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys

16:52:51.0968 2200  ParVdm - ok

16:52:51.0968 2200  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys

16:52:52.0125 2200  PCI - ok

16:52:52.0125 2200  PCIDump - ok

16:52:52.0140 2200  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys

16:52:52.0234 2200  PCIIde - ok

16:52:52.0265 2200  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys

16:52:52.0453 2200  Pcmcia - ok

16:52:52.0453 2200  PDCOMP - ok

16:52:52.0500 2200  pdfcDispatcher - ok

16:52:52.0500 2200  PDFRAME - ok

16:52:52.0500 2200  PDRELI - ok

16:52:52.0500 2200  PDRFRAME - ok

16:52:52.0515 2200  perc2 - ok

16:52:52.0515 2200  perc2hib - ok

16:52:52.0546 2200  [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay        C:\WINDOWS\system32\services.exe

16:52:52.0625 2200  PlugPlay - ok

16:52:52.0656 2200  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

16:52:52.0718 2200  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

16:52:52.0718 2200  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

16:52:52.0718 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe

16:52:52.0796 2200  PolicyAgent - ok

16:52:52.0843 2200  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:52:53.0000 2200  PptpMiniport - ok

16:52:53.0015 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

16:52:53.0093 2200  ProtectedStorage - ok

16:52:53.0109 2200  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:52:53.0234 2200  Ptilink - ok

16:52:53.0265 2200  [ 86724469CD077901706854974CD13C3E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:52:53.0343 2200  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

16:52:53.0343 2200  PxHelp20 - detected UnsignedFile.Multi.Generic (1)

16:52:53.0343 2200  ql1080 - ok

16:52:53.0343 2200  Ql10wnt - ok

16:52:53.0343 2200  ql12160 - ok

16:52:53.0359 2200  ql1240 - ok

16:52:53.0359 2200  ql1280 - ok

16:52:53.0375 2200  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:52:53.0484 2200  RasAcd - ok

16:52:53.0515 2200  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         C:\WINDOWS\System32\rasauto.dll

16:52:53.0640 2200  RasAuto - ok

16:52:53.0671 2200  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:52:53.0796 2200  Rasl2tp - ok

16:52:53.0828 2200  [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan          C:\WINDOWS\System32\rasmans.dll

16:52:53.0953 2200  RasMan - ok

16:52:53.0968 2200  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:52:54.0078 2200  RasPppoe - ok

16:52:54.0093 2200  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys

16:52:54.0218 2200  Raspti - ok

16:52:54.0265 2200  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:52:54.0453 2200  Rdbss - ok

16:52:54.0468 2200  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:52:54.0578 2200  RDPCDD - ok

16:52:54.0609 2200  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:52:54.0796 2200  rdpdr - ok

16:52:54.0828 2200  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys

16:52:54.0984 2200  RDPWD - ok

16:52:55.0000 2200  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe

16:52:55.0234 2200  RDSessMgr - ok

16:52:55.0312 2200  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe

16:52:56.0625 2200  RealNetworks Downloader Resolver Service - ok

16:52:56.0656 2200  [ AA56702E230860565CB8D43680F57F33 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys

16:52:56.0796 2200  redbook - ok

16:52:56.0812 2200  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll

16:52:56.0906 2200  RemoteAccess - ok

16:52:56.0937 2200  [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll

16:52:57.0031 2200  RemoteRegistry - ok

16:52:57.0078 2200  [ E51A8D02B4BD33EBA1F7A5B76C3766ED ] rpcapd          C:\Programme\WinPcap\rpcapd.exe

16:52:57.0187 2200  rpcapd - ok

16:52:57.0218 2200  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe

16:52:57.0390 2200  RpcLocator - ok

16:52:57.0421 2200  [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs           C:\WINDOWS\system32\rpcss.dll

16:52:57.0546 2200  RpcSs - ok

16:52:57.0593 2200  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe

16:52:57.0781 2200  RSVP - ok

16:52:57.0796 2200  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           C:\WINDOWS\system32\lsass.exe

16:52:57.0890 2200  SamSs - ok

16:52:57.0890 2200  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe

16:52:58.0046 2200  SCardSvr - ok

16:52:58.0046 2200  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll

16:52:58.0156 2200  Schedule - ok

16:52:58.0203 2200  [ 5FD85727E19476C24ACB8E7BFFBCE26C ] Scheduler       C:\Programme\Norman\Npm\Bin\scheduler.exe

16:52:58.0296 2200  Scheduler - ok

16:52:58.0296 2200  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:52:58.0375 2200  Secdrv - ok

16:52:58.0406 2200  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll

16:52:58.0500 2200  seclogon - ok

16:52:58.0515 2200  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll

16:52:58.0593 2200  SENS - ok

16:52:58.0625 2200  [ AEBBA7428A6C40CCE3C5ABDE45190B24 ] Sentinel        C:\WINDOWS\System32\Drivers\SENTINEL.SYS

16:52:58.0671 2200  Sentinel ( UnsignedFile.Multi.Generic ) - warning

16:52:58.0671 2200  Sentinel - detected UnsignedFile.Multi.Generic (1)

16:52:58.0718 2200  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys

16:52:58.0843 2200  serenum - ok

16:52:58.0843 2200  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys

16:52:58.0984 2200  Serial - ok

16:52:59.0031 2200  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys

16:52:59.0140 2200  Sfloppy - ok

16:52:59.0203 2200  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll

16:52:59.0359 2200  SharedAccess - ok

16:52:59.0390 2200  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

16:52:59.0468 2200  ShellHWDetection - ok

16:52:59.0468 2200  Simbad - ok

16:52:59.0468 2200  Sparrow - ok

16:52:59.0500 2200  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys

16:52:59.0609 2200  splitter - ok

16:52:59.0656 2200  [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler         C:\WINDOWS\system32\spoolsv.exe

16:52:59.0781 2200  Spooler - ok

16:52:59.0828 2200  [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser      c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

16:52:59.0921 2200  SQLBrowser - ok

16:52:59.0937 2200  [ 54902536AAD0E9B99BC65F89C0CAF93F ] SQLWriter       c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

16:53:00.0046 2200  SQLWriter - ok

16:53:00.0078 2200  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys

16:53:00.0187 2200  sr - ok

16:53:00.0234 2200  [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice       C:\WINDOWS\system32\srsvc.dll

16:53:00.0312 2200  srservice - ok

16:53:00.0328 2200  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll

16:53:00.0406 2200  SSDPSRV - ok

16:53:00.0453 2200  [ 6DB0676E502995C59053683817C94286 ] SSIPDDP         C:\WINDOWS\system32\Drivers\SSIPDDP.SYS

16:53:00.0531 2200  SSIPDDP ( UnsignedFile.Multi.Generic ) - warning

16:53:00.0531 2200  SSIPDDP - detected UnsignedFile.Multi.Generic (1)

16:53:00.0593 2200  [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc          C:\WINDOWS\system32\wiaservc.dll

16:53:00.0796 2200  stisvc - ok

16:53:00.0843 2200  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys

16:53:00.0953 2200  swenum - ok

16:53:00.0968 2200  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys

16:53:01.0109 2200  swmidi - ok

16:53:01.0109 2200  SwPrv - ok

16:53:01.0140 2200  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys

16:53:01.0250 2200  symc810 - ok

16:53:01.0250 2200  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys

16:53:01.0359 2200  symc8xx - ok

16:53:01.0390 2200  [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi          C:\WINDOWS\system32\DRIVERS\symmpi.sys

16:53:01.0421 2200  Symmpi ( UnsignedFile.Multi.Generic ) - warning

16:53:01.0421 2200  Symmpi - detected UnsignedFile.Multi.Generic (1)

16:53:01.0421 2200  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys

16:53:01.0562 2200  sym_hi - ok

16:53:01.0562 2200  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys

16:53:01.0687 2200  sym_u3 - ok

16:53:01.0718 2200  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys

16:53:01.0828 2200  sysaudio - ok

16:53:01.0875 2200  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe

16:53:02.0046 2200  SysmonLog - ok

16:53:02.0093 2200  [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll

16:53:02.0203 2200  TapiSrv - ok

16:53:02.0218 2200  [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:53:02.0437 2200  Tcpip - ok

16:53:02.0468 2200  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys

16:53:02.0578 2200  TDPIPE - ok

16:53:02.0593 2200  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys

16:53:02.0703 2200  TDTCP - ok

16:53:02.0718 2200  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys

16:53:02.0812 2200  TermDD - ok

16:53:02.0859 2200  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     C:\WINDOWS\System32\termsrv.dll

16:53:02.0968 2200  TermService - ok

16:53:02.0968 2200  TetaSCDevice - ok

16:53:02.0984 2200  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes          C:\WINDOWS\System32\shsvcs.dll

16:53:03.0046 2200  Themes - ok

16:53:03.0078 2200  [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe

16:53:03.0218 2200  TlntSvr - ok

16:53:03.0218 2200  TosIde - ok

16:53:03.0234 2200  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll

16:53:03.0359 2200  TrkWks - ok

16:53:03.0390 2200  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys

16:53:03.0531 2200  Udfs - ok

16:53:03.0531 2200  ultra - ok

16:53:03.0578 2200  [ B2AF2BA8A3205A8458B61F638FB431DD ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys

16:53:03.0656 2200  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning

16:53:03.0656 2200  UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)

16:53:03.0687 2200  [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost        C:\WINDOWS\System32\upnphost.dll

16:53:03.0781 2200  upnphost - ok

16:53:03.0796 2200  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             C:\WINDOWS\System32\ups.exe

16:53:03.0937 2200  UPS - ok

16:53:03.0953 2200  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:53:04.0093 2200  usbehci - ok

16:53:04.0140 2200  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:53:04.0296 2200  usbhub - ok

16:53:04.0312 2200  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:53:04.0453 2200  USBSTOR - ok

16:53:04.0484 2200  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:53:04.0625 2200  usbuhci - ok

16:53:04.0687 2200  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys

16:53:04.0812 2200  VgaSave - ok

16:53:04.0843 2200  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys

16:53:04.0984 2200  ViaIde - ok

16:53:05.0031 2200  [ DB3BFE98C445D240F0FD7F307E11CC22 ] VirtualCom      C:\WINDOWS\system32\DRIVERS\glvsp.sys

16:53:05.0109 2200  VirtualCom ( UnsignedFile.Multi.Generic ) - warning

16:53:05.0109 2200  VirtualCom - detected UnsignedFile.Multi.Generic (1)

16:53:05.0125 2200  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys

16:53:05.0312 2200  VolSnap - ok

16:53:05.0359 2200  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             C:\WINDOWS\System32\vssvc.exe

16:53:05.0593 2200  VSS - ok

16:53:05.0609 2200  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         C:\WINDOWS\system32\w32time.dll

16:53:05.0718 2200  W32Time - ok

16:53:05.0718 2200  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:53:05.0875 2200  Wanarp - ok

16:53:05.0875 2200  WDICA - ok

16:53:05.0890 2200  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys

16:53:06.0031 2200  wdmaud - ok

16:53:06.0078 2200  [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient       C:\WINDOWS\System32\webclnt.dll

16:53:06.0171 2200  WebClient - ok

16:53:06.0234 2200  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll

16:53:06.0359 2200  winmgmt - ok

16:53:06.0390 2200  [ D68CC4EBF7B03FD770D5962295AD814E ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll

16:53:06.0484 2200  WmdmPmSN - ok

16:53:06.0546 2200  [ 9CBB06E4438D6A0D52A46E0B44796D37 ] Wmi             C:\WINDOWS\System32\advapi32.dll

16:53:06.0640 2200  Wmi - ok

16:53:06.0671 2200  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

16:53:06.0796 2200  WmiAcpi - ok

16:53:06.0843 2200  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe

16:53:07.0078 2200  WmiApSrv - ok

16:53:07.0125 2200  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll

16:53:07.0218 2200  wscsvc - ok

16:53:07.0234 2200  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll

16:53:07.0312 2200  wuauserv - ok

16:53:07.0328 2200  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll

16:53:07.0531 2200  WZCSVC - ok

16:53:07.0546 2200  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         C:\WINDOWS\System32\xmlprov.dll

16:53:07.0671 2200  xmlprov - ok

16:53:07.0671 2200  ================ Scan global ===============================

16:53:07.0718 2200  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll

16:53:07.0765 2200  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll

16:53:07.0796 2200  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll

16:53:07.0828 2200  [ EDB6B81761BD60F32F740BBC40AFB676 ] C:\WINDOWS\system32\services.exe

16:53:07.0828 2200  [Global] - ok

16:53:07.0828 2200  ================ Scan MBR ==================================

16:53:07.0859 2200  [ DF9769DBAFC477636448AB0154B8BBC9 ] \Device\Harddisk0\DR0

16:53:08.0078 2200  \Device\Harddisk0\DR0 - ok

16:53:08.0078 2200  ================ Scan VBR ==================================

16:53:08.0078 2200  [ 26195953BEDE9070652B8DE3AB4A2B40 ] \Device\Harddisk0\DR0\Partition1

16:53:08.0078 2200  \Device\Harddisk0\DR0\Partition1 - ok

16:53:08.0078 2200  ============================================================

16:53:08.0078 2200  Scan finished

16:53:08.0078 2200  ============================================================

16:53:08.0187 2368  Detected object count: 24

16:53:08.0187 2368  Actual detected object count: 24

16:53:42.0203 2368  adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0203 2368  b57w2k ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  b57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0203 2368  DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0203 2368  DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0203 2368  DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0203 2368  DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0203 2368  DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0203 2368  DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0203 2368  DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0203 2368  DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0203 2368  DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  MDM ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  NormanZfr ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  NormanZfr ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  npdrv ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  npdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  SSIPDDP ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  SSIPDDP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0218 2368  Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0218 2368  Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0234 2368  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0234 2368  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:53:42.0234 2368  VirtualCom ( UnsignedFile.Multi.Generic ) - skipped by user

16:53:42.0234 2368  VirtualCom ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:54:02.0484 3676  Deinitialize success