Trojaner-Board - System 32 Fehlermeldung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - System 32 Fehlermeldung (https://www.trojaner-board.de/104334-system-32-fehlermeldung.html)

System 32 Fehlermeldung

Hallo leute ich hab seit ein paar Wochen ein Problem und weiß nicht wie ichs wieder loswerd. Mein PC stürzte ab und als ich ihn wieder hochgefahren hab, kamen ungefähr 10 Fehlermeldungen nacheinander, eigentlich alle bezogen sich auf den dateipfad C:Benutzer/Windows/System32/oledlg.dll und sagten mir das irgendwelche Programme oder Autostarts nicht für die Benutzung unter Windows gedacht sind und nicht starten können. Dazu kommt dass ich weder Programme startn noch installiernen kann und der einizge Browser der funktioniert ist der Internet Explorer, ich kann auch nichts als Administrator ausführen da eine Fehlermeldung erscheint die besagt dass die "Shellexecuted exe nicht ausführbar sei. Somit ist der PC recht unbrauchbar da eigentlich nichts ausder der IE funktioniert. Habe schon system recovery und reperatur mit einer WindowsDVD versucht und auch etliche virenprogramme haben nichts gefunden. Hoffe ihr könnt mir helfen und schon mal danke im Vorraus.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Danke für die schnelle Antwort jedoch kann ich den Scanner nicht starten da nur eine Fehlermeldung mit "C:/Users/.../Desktop/OTL.exe Dateisystemfehler (-1073741792)" erscheint, außerdem eine Microsoft Windows Meldung "Zustimmungsbenutzeroberfläche für Verwaltungsanwendungen wurde beendet und geschlossen. Die Anwendung wird aufgrund eines Problems nicht mehr reichtig ausgeführt. Sie erhalten Nachricht wenn eine Lösung verfügbar ist." Die angebliche Lösung kommt auch gleich nämlich Windows Updates zu installiern, was allerdings auch nicht funktioniert.

Funktioniert es im abgesicherten Modus?
Evtl solltest du dich hierschonmal drauf vorbereiten => Artikel zur Neuinstallation von Windows

Ist jetzt vll ne doofe frage aber wie startet man den abgesicherten modus? Ja mit einer neuinstallation habe ich auch schon gerechnet..

So im abgesichterten modus hats dann funktioniert ;) hänge den scan dann mal an.

Code:

OTL logfile created on: 25.10.2011 17:00:16 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\philipp\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,10% Memory free

6,20 Gb Paging File | 5,89 Gb Available in Paging File | 95,07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 173,99 Gb Total Space | 36,30 Gb Free Space | 20,86% Space Free | Partition Type: NTFS

Drive D: | 45,22 Gb Total Space | 21,54 Gb Free Space | 47,64% Space Free | Partition Type: NTFS

 

Computer Name: PHILIPP | User Name: philipp | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\philipp\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)

PRC - C:\Programme\Lavasoft\Ad-Aware\AWSC.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SRV - (AntiVirScheduler) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)

SRV - (TeamViewer) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe ()

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (KtmRm) -- C:\Windows\System32\msdtckrm.dll ()

SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)

DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)

DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)

DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)

DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys ()

DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://googel.de/"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.01 23:43:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.28 04:36:34 | 000,000,000 | ---D | M]

 

[2008.09.13 13:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Extensions

[2011.09.18 12:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions

[2009.09.07 12:53:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.08.29 15:18:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.01.09 12:42:07 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}

[2011.09.18 12:56:49 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

[2011.06.04 19:08:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009.06.27 13:01:48 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\battlefieldheroespatcher@ea.com

[2010.05.26 13:17:17 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com

[2011.09.18 12:56:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com

[2011.08.28 04:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp

[2010.05.26 13:17:10 | 000,002,059 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\daemon-search.xml

[2011.09.19 17:20:18 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-1.xml

[2009.12.29 23:04:14 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-2.xml

[2010.02.16 00:36:23 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-3.xml

[2010.05.17 15:04:50 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-4.xml

[2009.09.20 19:02:56 | 000,000,944 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin.xml

[2011.08.28 04:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.08.14 18:39:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.08.03 09:59:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011.08.25 12:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.09.01 23:43:49 | 000,000,000 | ---- | M] () -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll ()

O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Vendio Services, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll ()

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79A80240-1282-48E1-AA54-1A3DB4EF6D58}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A298ED5-674B-4843-934D-2F1FD3ACE865}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Remix_by_K3nzuS.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Remix_by_K3nzuS.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\Shell - "" = AutoRun

O33 - MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\Shell\AutoRun\command - "" = G:\pushinst.exe

O33 - MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\Shell - "" = AutoRun

O33 - MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\Shell\AutoRun\command - "" = F:\Autorun.exe

O33 - MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\Shell - "" = AutoRun

O33 - MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\Shell\AutoRun\command - "" = F:\pushinst.exe

O33 - MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\Shell - "" = AutoRun

O33 - MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\Shell\AutoRun\command - "" = G:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig - StartUpReg: GAINWARD - hkey= - key= - C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

Drivers32: VIDC.MKVC - C:\Windows\System32\KMVIDC32.DLL ()

Drivers32: vidc.VP31 - C:\Windows\System32\vp31vfw.dll (On2.com)

Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.10.22 13:40:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\philipp\Desktop\OTL.exe

[2011.10.09 01:39:24 | 000,000,000 | ---D | C] -- C:\Users\philipp\Desktop\BBou - Guad und Fesch

[2011.10.04 22:30:37 | 000,000,000 | ---D | C] -- C:\Users\philipp\Desktop\Vll wichtig

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.10.25 16:59:11 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011.10.25 16:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.10.25 16:57:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.10.25 16:57:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.10.24 18:38:33 | 000,000,147 | ---- | M] () -- C:\Users\philipp\Desktop\olepro32.dll free download - DLL-files.com.url

[2011.10.23 18:09:46 | 000,628,124 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.10.23 18:09:46 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.10.23 18:09:46 | 000,127,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.10.23 18:09:46 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.10.22 14:16:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat

[2011.10.22 14:16:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat

[2011.10.22 13:40:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\philipp\Desktop\OTL.exe

[2011.10.14 22:23:15 | 000,000,131 | ---- | M] () -- C:\Users\philipp\Desktop\Blood by Days - Fire walk with me (Official Music Video) - YouTube.url

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.10.25 16:59:07 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011.10.24 18:38:33 | 000,000,147 | ---- | C] () -- C:\Users\philipp\Desktop\olepro32.dll free download - DLL-files.com.url

[2011.10.14 22:23:15 | 000,000,131 | ---- | C] () -- C:\Users\philipp\Desktop\Blood by Days - Fire walk with me (Official Music Video) - YouTube.url

[2011.08.30 16:21:37 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011.08.30 16:21:37 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011.04.27 17:27:04 | 000,000,004 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\steam_md4.dat

[2011.04.27 17:14:03 | 000,000,110 | ---- | C] () -- C:\Windows\System32\alterIWnet.ini

[2010.05.25 20:21:05 | 000,026,340 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\UserTile.png

[2009.07.12 20:01:35 | 000,860,211 | --S- | C] () -- C:\Windows\System32\XSIFtk-3.6.2.1.dll

[2009.05.19 19:08:31 | 000,000,041 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Spin Chat Preferences

[2009.02.26 15:06:39 | 000,000,024 | ---- | C] () -- C:\Users\philipp\AppData\Local\.ipc_copyrecord

[2009.02.26 15:03:30 | 000,000,024 | ---- | C] () -- C:\Users\philipp\AppData\Local\84756-11986-27475-00TC1-94865

[2009.01.25 16:17:34 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat

[2008.11.18 17:54:08 | 000,139,152 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\PnkBstrK.sys

[2008.11.18 17:54:08 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2008.11.18 17:53:53 | 000,189,640 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2008.11.18 17:53:49 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2008.11.18 17:53:47 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2008.10.21 12:14:30 | 000,007,718 | ---- | C] () -- C:\Windows\cadx2.ini

[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.10.04 14:08:16 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008.09.13 13:15:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.06.04 14:14:36 | 000,001,530 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\EasyToolz.ini

[2008.05.29 16:12:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\CertEnroll.dll

[2008.05.29 16:12:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msdtckrm.dll

[2008.05.29 16:11:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\zipfldr.dll

[2008.05.29 16:11:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SearchProtocolHost.exe

[2008.05.29 16:11:26 | 000,017,408 | ---- | C] () -- C:\Windows\System32\wscisvif.dll

[2008.05.29 16:11:19 | 000,192,000 | ---- | C] () -- C:\Windows\System32\wsqmcons.exe

[2008.05.29 16:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dssenh.dll

[2008.05.29 16:10:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\oledlg.dll

[2008.05.29 16:09:50 | 000,076,800 | ---- | C] () -- C:\Windows\System32\SearchFilterHost.exe

[2008.05.29 16:09:49 | 000,205,824 | ---- | C] () -- C:\Windows\System32\msoeacct.dll

[2008.05.29 16:09:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xactsrv.dll

[2008.05.29 16:09:36 | 000,127,488 | ---- | C] () -- C:\Windows\System32\aclui.dll

[2008.05.29 16:09:36 | 000,088,576 | ---- | C] () -- C:\Windows\System32\olepro32.dll

[2008.05.29 16:09:23 | 000,009,728 | ---- | C] () -- C:\Windows\System32\wscproxystub.dll

[2008.05.29 16:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wmpshell.dll

[2008.05.29 16:08:57 | 000,020,480 | ---- | C] () -- C:\Windows\System32\RacAgent.exe

[2008.05.29 16:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\MsCtfMonitor.dll

[2008.05.29 16:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\vss_ps.dll

[2008.05.29 16:08:55 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2008.05.29 16:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsock32.dll

[2008.05.29 16:08:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wiarpc.dll

[2008.05.29 16:08:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\HotStartUserAgent.dll

[2008.05.23 12:09:16 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL

[2008.05.10 16:02:06 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini

[2008.02.28 13:12:39 | 000,000,095 | ---- | C] () -- C:\Users\philipp\AppData\Local\fusioncache.dat

[2007.12.07 15:39:49 | 000,002,032 | ---- | C] () -- C:\Users\philipp\AppData\Local\d3d9caps.dat

[2007.12.04 15:16:29 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin

[2007.12.03 19:25:51 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2007.12.03 19:25:50 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2007.10.02 17:07:50 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys

[2007.10.02 17:07:50 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys

[2007.09.19 17:23:49 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html

[2007.09.06 14:04:40 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll

[2007.09.06 14:04:40 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll

[2007.08.15 19:45:21 | 000,000,343 | ---- | C] () -- C:\Windows\ask.ini

[2007.08.11 17:35:57 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin

[2007.07.01 18:21:37 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2007.07.01 18:21:35 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2007.06.28 20:37:37 | 000,038,912 | ---- | C] () -- C:\Users\philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007.06.28 20:22:39 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2007.05.16 09:35:44 | 002,071,552 | ---- | C] () -- C:\Windows\setup_rangers_2.exe

[2007.02.14 11:18:27 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll

[2006.11.02 17:33:31 | 000,628,124 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 17:33:31 | 000,127,032 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,318,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 14:34:41 | 000,198,144 | ---- | C] () -- C:\Windows\System32\sti.dll

[2006.11.02 12:33:01 | 000,595,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,742 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

 
 ========== LOP Check ==========

 

[2011.08.29 02:49:19 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\.minecraft

[2008.06.24 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Acreon

[2009.06.06 14:37:59 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Armagetron

[2011.09.18 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Babylon

[2007.07.21 09:24:27 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\CrystalSpace

[2011.08.24 23:36:24 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\DAEMON Tools Lite

[2008.07.24 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ

[2008.08.24 13:22:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ Toolbar

[2009.06.06 10:44:03 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Lexware

[2010.02.27 00:37:46 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenOffice.org

[2010.05.25 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\PeerNetworking

[2008.09.02 14:09:04 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\SPORE Creature Creator

[2008.11.18 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\TeamViewer

[2009.02.26 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Teeworlds

[2009.08.05 11:23:08 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ubisoft

[2011.05.01 00:57:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Uduc

[2011.09.18 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\uTorrent

[2011.05.03 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Zegoyt

[2011.10.25 16:59:11 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2011.10.25 16:57:51 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.08.29 02:49:19 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\.minecraft

[2008.06.24 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Acreon

[2008.09.12 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Adobe

[2007.07.05 18:16:08 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ahead

[2010.09.08 22:46:45 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Apple Computer

[2009.06.06 14:37:59 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Armagetron

[2011.09.18 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Babylon

[2007.07.21 09:24:27 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\CrystalSpace

[2011.08.24 23:36:24 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\DAEMON Tools Lite

[2008.03.06 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\DivX

[2011.04.27 18:01:45 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Hamachi

[2008.07.24 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ

[2008.08.24 13:22:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ Toolbar

[2007.06.28 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Identities

[2007.09.21 14:19:01 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\InstallShield

[2009.06.06 10:44:03 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Lexware

[2007.09.23 11:20:26 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Macromedia

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Media Center Programs

[2010.04.12 16:00:17 | 000,000,000 | --SD | M] -- C:\Users\philipp\AppData\Roaming\Microsoft

[2011.09.18 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Microsoft Games

[2008.09.13 13:07:10 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Mozilla

[2008.09.22 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\NCH Software

[2010.02.27 00:37:46 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenOffice.org

[2010.02.26 13:45:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenOffice.org2

[2010.05.25 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\PeerNetworking

[2009.09.29 18:58:53 | 000,000,000 | RH-D | M] -- C:\Users\philipp\AppData\Roaming\SecuROM

[2008.09.02 14:09:04 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\SPORE Creature Creator

[2007.09.26 20:06:29 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Sun

[2008.05.28 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\teamspeak2

[2008.11.18 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\TeamViewer

[2009.02.26 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Teeworlds

[2009.08.05 11:23:08 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ubisoft

[2011.05.01 00:57:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Uduc

[2011.09.18 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\uTorrent

[2008.11.18 17:09:10 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\WinRAR

[2008.03.06 15:33:41 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Yahoo!

[2011.05.03 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Zegoyt

 
 < %APPDATA%\*.exe /s >

[2008.08.30 18:09:12 | 000,272,384 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe

[2011.08.18 00:43:39 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\philipp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2009.06.06 19:28:34 | 000,010,134 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{2CEA7E55-D41E-4D58-91FB-E14F1FD690AE}\ARPPRODUCTICON.exe

[2011.07.06 13:28:28 | 000,000,000 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_004EBF16C80993592B6C1D.exe

[2011.07.06 13:28:28 | 000,010,134 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_67065D20704EA8E571DEE5.exe

[2011.07.06 13:28:28 | 000,070,717 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_853F67D554F05449430E7E.exe

[2011.07.06 13:28:28 | 000,070,717 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_B5C0DF6A09AC406A73DBB3.exe

[2011.05.07 18:22:57 | 000,010,134 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe

[2009.10.07 18:36:30 | 000,010,134 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe

[2011.05.25 15:17:10 | 000,280,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe

[2011.05.25 15:17:10 | 000,035,552 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_registrar.exe

[2009.06.25 16:36:16 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe

[2011.05.25 15:17:10 | 000,280,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp\content\getPlusPlus_Adobe.exe

[2011.05.25 15:17:10 | 000,035,552 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp\content\getPlus_registrar.exe

[2008.02.13 08:07:36 | 000,393,216 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2007.02.14 11:50:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys

[2007.02.14 11:50:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys

[2007.02.14 11:50:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2007.02.14 11:50:51 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys

[2007.02.14 11:50:51 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys

[2007.02.14 11:50:51 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\drivers\iaStor.sys

[2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c3369af\iaStor.sys

[2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0d20ce62\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVATABUS.SYS  >

[2006.07.14 14:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\drivers\nvatabus.sys

[2006.07.14 14:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_27229839\nvatabus.sys

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.08.12 09:50:44 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2007.08.12 09:50:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll

[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: VIAMRAID.SYS  >

[2006.03.31 02:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\drivers\viamraid.sys

[2006.03.31 02:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_2d6a7e3a\viamraid.sys

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe

[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2007.02.14 11:18:56 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2007.02.14 11:18:53 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2007.02.14 11:18:56 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2007.02.14 11:19:13 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2007.02.14 11:19:16 | 006,017,024 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://googel.de/"

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

[2011.08.29 15:18:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.01.09 12:42:07 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}

[2011.09.18 12:56:49 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

[2010.05.26 13:17:17 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com

[2011.09.18 12:56:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com

[2011.08.28 04:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp

[2010.05.26 13:17:10 | 000,002,059 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\daemon-search.xml

[2011.09.19 17:20:18 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-1.xml

[2009.12.29 23:04:14 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-2.xml

[2010.02.16 00:36:23 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-3.xml

[2010.05.17 15:04:50 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-4.xml

[2009.09.20 19:02:56 | 000,000,944 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin.xml

[2011.08.28 04:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.08.14 18:39:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\Shell - "" = AutoRun

O33 - MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\Shell\AutoRun\command - "" = G:\pushinst.exe

O33 - MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\Shell - "" = AutoRun

O33 - MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\Shell\AutoRun\command - "" = F:\Autorun.exe

O33 - MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\Shell - "" = AutoRun

O33 - MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\Shell\AutoRun\command - "" = F:\pushinst.exe

O33 - MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\Shell - "" = AutoRun

O33 - MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\Shell\AutoRun\command - "" = G:\pushinst.exe

[2011.09.18 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Babylon

[2008.08.24 13:22:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ Toolbar

[2011.05.01 00:57:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Uduc

[2011.05.03 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Zegoyt

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So hab im abgesicherten Modus den Fix laufen lassn (das im normalen wegn der Administartor Fehlermeldung nicht geht) und nach dem Neustart des Pcs kamen immer noch die selben Fehlermeldungen und ich habe im moment auch noch keine Verbesserung bemerkt. Hier das neue Logfile. Das Einzige was mir aufgefallen wäre ist dass meine IE Startseite gelöscht wurde.

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.

C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.

C:\Programme\Search Settings\kb127\SearchSettings.dll moved successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "Google" removed from browser.search.selectedEngine

Prefs.js: "hxxp://googel.de/" removed from browser.startup.homepage

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL

Prefs.js: "*.local" removed from network.proxy.no_proxies_on

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}\defaults\preferences folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}\defaults folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}\content folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7} folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\modules folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\components folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp\plugins folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp\content folder moved successfully.

C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp folder moved successfully.

C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\daemon-search.xml moved successfully.

C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin.xml moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Programme\Mozilla Firefox\extensions folder moved successfully.

Folder C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.

C:\Programme\PriceGong\2.5.0\PriceGongIE.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.

File C:\Programme\Search Settings\kb127\SearchSettings.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.

C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{253e8769-481f-11dc-999d-001a9250b66c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{253e8769-481f-11dc-999d-001a9250b66c}\ not found.

File G:\pushinst.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\ not found.

File F:\Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7f24e9-551b-11df-9179-001a9250b66c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7f24e9-551b-11df-9179-001a9250b66c}\ not found.

File F:\pushinst.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd252f6d-a2e6-11df-8885-86c9b9560560}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd252f6d-a2e6-11df-8885-86c9b9560560}\ not found.

File G:\pushinst.exe not found.

C:\Users\philipp\AppData\Roaming\Babylon folder moved successfully.

C:\Users\philipp\AppData\Roaming\ICQ Toolbar folder moved successfully.

C:\Users\philipp\AppData\Roaming\Uduc folder moved successfully.

C:\Users\philipp\AppData\Roaming\Zegoyt folder moved successfully.

ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: philipp

->Temp folder emptied: 37802033 bytes

->Temporary Internet Files folder emptied: 1557746393 bytes

->Java cache emptied: 59424 bytes

->FireFox cache emptied: 144048704 bytes

->Apple Safari cache emptied: 99001344 bytes

->Flash cache emptied: 3121245 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 8145892 bytes

RecycleBin emptied: 2657599382 bytes

 

Total Files Cleaned = 4.299,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 10252011_214912
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hab den Scan gemacht, ab wann sollte ich den unhide.exe laden und ausführen? Hätte keine der beschriebenen Probleme bemerkt?

Code:

iproxy.sys

17:37:46.0343 1704        nsiproxy - ok

17:37:46.0546 1704        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

17:37:46.0656 1704        Ntfs - ok

17:37:46.0734 1704        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:37:46.0812 1704        ntrigdigi - ok

17:37:46.0859 1704        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:37:46.0906 1704        Null - ok

17:37:46.0953 1704        nvatabus        (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys

17:37:46.0984 1704        nvatabus - ok

17:37:47.0765 1704        nvlddmkm        (484844c0d892b42ecc5e6b063d072a38) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:37:48.0421 1704        nvlddmkm - ok

17:37:48.0531 1704        nvraid          (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys

17:37:48.0546 1704        nvraid - ok

17:37:48.0750 1704        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

17:37:48.0781 1704        nvstor - ok

17:37:48.0953 1704        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

17:37:48.0953 1704        nv_agp - ok

17:37:49.0203 1704        NwlnkFlt - ok

17:37:49.0375 1704        NwlnkFwd - ok

17:37:49.0468 1704        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

17:37:49.0531 1704        ohci1394 - ok

17:37:49.0625 1704        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

17:37:49.0718 1704        Parport - ok

17:37:49.0859 1704        partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

17:37:49.0859 1704        partmgr - ok

17:37:50.0000 1704        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

17:37:50.0078 1704        Parvdm - ok

17:37:50.0140 1704        pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

17:37:50.0156 1704        pci - ok

17:37:50.0187 1704        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

17:37:50.0187 1704        pciide - ok

17:37:50.0234 1704        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

17:37:50.0250 1704        pcmcia - ok

17:37:50.0312 1704        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:37:50.0437 1704        PEAUTH - ok

17:37:50.0562 1704        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:37:50.0609 1704        PptpMiniport - ok

17:37:50.0656 1704        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

17:37:50.0734 1704        Processor - ok

17:37:50.0875 1704        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

17:37:50.0937 1704        PSched - ok

17:37:51.0015 1704        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

17:37:51.0562 1704        ql2300 - ok

17:37:51.0609 1704        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:37:51.0625 1704        ql40xx - ok

17:37:51.0718 1704        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:37:51.0750 1704        QWAVEdrv - ok

17:37:51.0812 1704        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:37:51.0859 1704        RasAcd - ok

17:37:51.0953 1704        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:37:52.0015 1704        Rasl2tp - ok

17:37:52.0187 1704        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

17:37:52.0250 1704        RasPppoe - ok

17:37:52.0312 1704        RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

17:37:52.0375 1704        RasSstp - ok

17:37:52.0468 1704        rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

17:37:52.0500 1704        rdbss - ok

17:37:52.0531 1704        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:37:52.0593 1704        RDPCDD - ok

17:37:52.0843 1704        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

17:37:52.0906 1704        rdpdr - ok

17:37:53.0015 1704        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:37:53.0062 1704        RDPENCDD - ok

17:37:53.0140 1704        RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

17:37:53.0203 1704        RDPWD - ok

17:37:53.0328 1704        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:37:53.0359 1704        rspndr - ok

17:37:53.0421 1704        RTL8023xp       (f7a8c9024e82534cec50613d87e88645) C:\Windows\system32\DRIVERS\Rtnicxp.sys

17:37:53.0515 1704        RTL8023xp - ok

17:37:53.0546 1704        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:37:53.0593 1704        sbp2port - ok

17:37:53.0796 1704        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:37:53.0875 1704        secdrv - ok

17:37:53.0984 1704        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

17:37:54.0046 1704        Serenum - ok

17:37:54.0171 1704        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

17:37:54.0218 1704        Serial - ok

17:37:54.0281 1704        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:37:54.0312 1704        sermouse - ok

17:37:54.0437 1704        sfdrv01         (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys

17:37:54.0500 1704        sfdrv01 - ok

17:37:54.0765 1704        sfdrv01a        (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys

17:37:54.0796 1704        sfdrv01a - ok

17:37:54.0843 1704        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

17:37:54.0906 1704        sffdisk - ok

17:37:54.0937 1704        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

17:37:55.0000 1704        sffp_mmc - ok

17:37:55.0062 1704        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

17:37:55.0125 1704        sffp_sd - ok

17:37:55.0187 1704        sfhlp02         (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys

17:37:55.0187 1704        sfhlp02 - ok

17:37:55.0218 1704        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:37:55.0281 1704        sfloppy - ok

17:37:55.0359 1704        sfsync02        (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys

17:37:55.0375 1704        sfsync02 - ok

17:37:55.0421 1704        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

17:37:55.0437 1704        sisagp - ok

17:37:55.0468 1704        SiSRaid2        (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys

17:37:55.0531 1704        SiSRaid2 - ok

17:37:55.0562 1704        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

17:37:55.0562 1704        SiSRaid4 - ok

17:37:55.0625 1704        Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

17:37:55.0671 1704        Smb - ok

17:37:55.0734 1704        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:37:55.0734 1704        spldr - ok

17:37:55.0921 1704        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

17:37:55.0953 1704        sptd - ok

17:37:56.0046 1704        srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

17:37:56.0156 1704        srv - ok

17:37:56.0265 1704        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

17:37:56.0359 1704        srv2 - ok

17:37:56.0406 1704        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

17:37:56.0453 1704        srvnet - ok

17:37:56.0531 1704        ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys

17:37:56.0546 1704        ssmdrv ( UnsignedFile.Multi.Generic ) - warning

17:37:56.0546 1704        ssmdrv - detected UnsignedFile.Multi.Generic (1)

17:37:56.0609 1704        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:37:56.0609 1704        swenum - ok

17:37:56.0687 1704        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:37:56.0703 1704        Symc8xx - ok

17:37:56.0765 1704        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:37:56.0796 1704        Sym_hi - ok

17:37:56.0875 1704        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:37:56.0875 1704        Sym_u3 - ok

17:37:57.0046 1704        tandpl          (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys

17:37:57.0078 1704        tandpl ( UnsignedFile.Multi.Generic ) - warning

17:37:57.0078 1704        tandpl - detected UnsignedFile.Multi.Generic (1)

17:37:57.0187 1704        TBPanel         (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys

17:37:57.0203 1704        TBPanel - ok

17:37:57.0281 1704        Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

17:37:57.0328 1704        Tcpip - ok

17:37:57.0593 1704        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

17:37:57.0625 1704        Tcpip6 - ok

17:37:57.0734 1704        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

17:37:57.0765 1704        tcpipreg - ok

17:37:57.0843 1704        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:37:57.0890 1704        TDPIPE - ok

17:37:57.0921 1704        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:37:57.0968 1704        TDTCP - ok

17:37:58.0015 1704        tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

17:37:58.0046 1704        tdx - ok

17:37:58.0093 1704        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

17:37:58.0093 1704        TermDD - ok

17:37:58.0156 1704        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:37:58.0203 1704        tssecsrv - ok

17:37:58.0250 1704        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:37:58.0312 1704        tunmp - ok

17:37:58.0359 1704        tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

17:37:58.0421 1704        tunnel - ok

17:37:58.0453 1704        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

17:37:58.0468 1704        uagp35 - ok

17:37:58.0546 1704        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

17:37:58.0593 1704        udfs - ok

17:37:58.0703 1704        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

17:37:58.0734 1704        uliagpkx - ok

17:37:58.0765 1704        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

17:37:58.0781 1704        uliahci - ok

17:37:58.0796 1704        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:37:58.0812 1704        UlSata - ok

17:37:58.0843 1704        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:37:58.0859 1704        ulsata2 - ok

17:37:58.0906 1704        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:37:58.0921 1704        umbus - ok

17:37:58.0968 1704        USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

17:37:59.0031 1704        USBAAPL - ok

17:37:59.0062 1704        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

17:37:59.0109 1704        usbccgp - ok

17:37:59.0187 1704        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:37:59.0265 1704        usbcir - ok

17:37:59.0312 1704        usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

17:37:59.0328 1704        usbehci - ok

17:37:59.0359 1704        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

17:37:59.0375 1704        usbhub - ok

17:37:59.0406 1704        usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

17:37:59.0453 1704        usbohci - ok

17:37:59.0656 1704        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

17:37:59.0750 1704        usbprint - ok

17:37:59.0906 1704        USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:37:59.0937 1704        USBSTOR - ok

17:37:59.0968 1704        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

17:38:00.0015 1704        usbuhci - ok

17:38:00.0062 1704        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

17:38:00.0125 1704        vga - ok

17:38:00.0171 1704        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:38:00.0203 1704        VgaSave - ok

17:38:00.0265 1704        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

17:38:00.0265 1704        viaagp - ok

17:38:00.0312 1704        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

17:38:00.0375 1704        ViaC7 - ok

17:38:00.0421 1704        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

17:38:00.0421 1704        viaide - ok

17:38:00.0453 1704        viamraid        (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys

17:38:00.0515 1704        viamraid - ok

17:38:00.0546 1704        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:38:00.0546 1704        volmgr - ok

17:38:00.0593 1704        volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

17:38:00.0609 1704        volmgrx - ok

17:38:00.0671 1704        volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

17:38:00.0671 1704        volsnap - ok

17:38:00.0718 1704        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

17:38:00.0718 1704        vsmraid - ok

17:38:00.0765 1704        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:38:00.0843 1704        WacomPen - ok

17:38:00.0890 1704        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:38:00.0906 1704        Wanarp - ok

17:38:00.0906 1704        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:38:00.0921 1704        Wanarpv6 - ok

17:38:00.0968 1704        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

17:38:00.0968 1704        Wd - ok

17:38:01.0015 1704        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

17:38:01.0046 1704        Wdf01000 - ok

17:38:01.0265 1704        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

17:38:01.0359 1704        WmiAcpi - ok

17:38:01.0437 1704        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

17:38:01.0453 1704        WpdUsb - ok

17:38:01.0484 1704        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:38:01.0531 1704        ws2ifsl - ok

17:38:01.0625 1704        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:38:01.0671 1704        WUDFRd - ok

17:38:01.0750 1704        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:38:01.0781 1704        \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:38:01.0781 1704        \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:38:01.0796 1704        Boot (0x1200)   (1a4e59b52b4ddc3e7083f257fd761a36) \Device\Harddisk0\DR0\Partition0

17:38:01.0796 1704        \Device\Harddisk0\DR0\Partition0 - ok

17:38:01.0828 1704        Boot (0x1200)   (96288a61c20efaeb71380a61c6081881) \Device\Harddisk0\DR0\Partition1

17:38:01.0828 1704        \Device\Harddisk0\DR0\Partition1 - ok

17:38:01.0828 1704        ============================================================

17:38:01.0828 1704        Scan finished

17:38:01.0828 1704        ============================================================

17:38:01.0843 1696        Detected object count: 4

17:38:01.0843 1696        Actual detected object count: 4

17:38:19.0281 1696        enodpl ( UnsignedFile.Multi.Generic ) - skipped by user

17:38:19.0281 1696        enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:38:19.0281 1696        ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user

17:38:19.0281 1696        ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:38:19.0281 1696        tandpl ( UnsignedFile.Multi.Generic ) - skipped by user

17:38:19.0281 1696        tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:38:19.0281 1696        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:38:19.0281 1696        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Zitat:

Hätte keine der beschriebenen Probleme bemerkt?

Da steht ja auch falls du die Probleme mit versteckten/unsichtbaren Problemen hast und nicht dass du auf jeden Fall das ausführen sollst!

Zitat:

17:38:19.0281 1696 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:38:19.0281 1696 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Bitte das - und wirklich NUR DIESE Einträge - mit dem TDSS-Killer entfernen!

Ja gut dann hab ich das schon richtig verstanden. Die TDSS-Datei habe ich jetzt mit dem Killer gelöscht, gebracht hat das aber noch nichts, hab ich vll irgendwas falsch gemacht? Hier mal die neue LogDatei.

Code:

23:26:22.0562 1772        TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21

23:26:22.0562 1772        ============================================================

23:26:22.0562 1772        Current date / time: 2011/10/26 23:26:22.0562

23:26:22.0562 1772        SystemInfo:

23:26:22.0562 1772        

23:26:22.0562 1772        OS Version: 6.0.6001 ServicePack: 1.0

23:26:22.0562 1772        Product type: Workstation

23:26:22.0562 1772        ComputerName: PHILIPP

23:26:22.0578 1772        UserName: philipp

23:26:22.0578 1772        Windows directory: C:\Windows

23:26:22.0578 1772        System windows directory: C:\Windows

23:26:22.0578 1772        Processor architecture: Intel x86

23:26:22.0578 1772        Number of processors: 2

23:26:22.0578 1772        Page size: 0x1000

23:26:22.0578 1772        Boot type: Safe boot

23:26:22.0578 1772        ============================================================

23:26:24.0187 1772        Initialize success

23:26:27.0890 1796        ============================================================

23:26:27.0890 1796        Scan started

23:26:27.0890 1796        Mode: Manual; SigCheck; TDLFS; 

23:26:27.0890 1796        ============================================================

23:26:29.0453 1796        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

23:26:29.0562 1796        ACPI - ok

23:26:29.0640 1796        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

23:26:29.0671 1796        adp94xx - ok

23:26:29.0750 1796        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

23:26:29.0765 1796        adpahci - ok

23:26:29.0796 1796        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

23:26:29.0812 1796        adpu160m - ok

23:26:29.0843 1796        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

23:26:29.0843 1796        adpu320 - ok

23:26:29.0937 1796        AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

23:26:30.0125 1796        AFD - ok

23:26:30.0187 1796        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

23:26:30.0218 1796        agp440 - ok

23:26:30.0281 1796        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

23:26:30.0296 1796        aic78xx - ok

23:26:30.0437 1796        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

23:26:30.0468 1796        aliide - ok

23:26:30.0531 1796        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

23:26:30.0546 1796        amdagp - ok

23:26:30.0578 1796        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

23:26:30.0578 1796        amdide - ok

23:26:30.0625 1796        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

23:26:31.0250 1796        AmdK7 - ok

23:26:31.0343 1796        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

23:26:31.0406 1796        AmdK8 - ok

23:26:31.0593 1796        AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys

23:26:31.0656 1796        AmdLLD - ok

23:26:32.0140 1796        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

23:26:32.0156 1796        arc - ok

23:26:32.0234 1796        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

23:26:32.0250 1796        arcsas - ok

23:26:32.0468 1796        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

23:26:32.0531 1796        AsyncMac - ok

23:26:32.0593 1796        atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

23:26:32.0593 1796        atapi - ok

23:26:32.0843 1796        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

23:26:32.0937 1796        atksgt - ok

23:26:33.0109 1796        avgio           (87828ecd657f81503465ac705e845076) C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys

23:26:33.0125 1796        avgio - ok

23:26:33.0156 1796        avgntflt        (fcb30820bed1d3feb55e3dd55a3f947f) C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys

23:26:33.0156 1796        avgntflt - ok

23:26:33.0203 1796        avipbb          (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys

23:26:33.0234 1796        avipbb - ok

23:26:33.0359 1796        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

23:26:33.0406 1796        Beep - ok

23:26:33.0468 1796        blbdrive - ok

23:26:33.0546 1796        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

23:26:33.0625 1796        bowser - ok

23:26:33.0687 1796        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

23:26:33.0781 1796        BrFiltLo - ok

23:26:33.0843 1796        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

23:26:33.0890 1796        BrFiltUp - ok

23:26:33.0968 1796        Bridge          (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys

23:26:34.0015 1796        Bridge - ok

23:26:34.0031 1796        BridgeMP        (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys

23:26:34.0062 1796        BridgeMP - ok

23:26:34.0156 1796        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

23:26:34.0234 1796        Brserid - ok

23:26:34.0250 1796        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

23:26:34.0328 1796        BrSerWdm - ok

23:26:34.0359 1796        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

23:26:34.0437 1796        BrUsbMdm - ok

23:26:34.0468 1796        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

23:26:34.0546 1796        BrUsbSer - ok

23:26:34.0562 1796        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

23:26:34.0640 1796        BTHMODEM - ok

23:26:34.0687 1796        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

23:26:34.0734 1796        cdfs - ok

23:26:34.0781 1796        cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

23:26:34.0828 1796        cdrom - ok

23:26:34.0906 1796        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

23:26:34.0984 1796        circlass - ok

23:26:35.0046 1796        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

23:26:35.0109 1796        CLFS - ok

23:26:35.0187 1796        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

23:26:35.0187 1796        cmdide - ok

23:26:35.0218 1796        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

23:26:35.0234 1796        Compbatt - ok

23:26:35.0296 1796        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

23:26:35.0328 1796        crcdisk - ok

23:26:35.0375 1796        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

23:26:35.0437 1796        Crusoe - ok

23:26:35.0515 1796        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

23:26:35.0578 1796        DfsC - ok

23:26:35.0703 1796        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

23:26:35.0734 1796        disk - ok

23:26:35.0859 1796        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

23:26:35.0906 1796        drmkaud - ok

23:26:35.0968 1796        DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

23:26:36.0046 1796        DXGKrnl - ok

23:26:36.0109 1796        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

23:26:36.0203 1796        E1G60 - ok

23:26:36.0296 1796        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

23:26:36.0312 1796        Ecache - ok

23:26:36.0375 1796        ElbyCDIO        (b5326548762bfaae7a42d5b0898dfeac) C:\Windows\system32\Drivers\ElbyCDIO.sys

23:26:36.0375 1796        ElbyCDIO - ok

23:26:36.0453 1796        ElbyDelay       (20d3b81663b3dfd5e32b0af8640aaf50) C:\Windows\system32\Drivers\ElbyDelay.sys

23:26:36.0468 1796        ElbyDelay - ok

23:26:36.0515 1796        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

23:26:36.0546 1796        elxstor - ok

23:26:36.0671 1796        enodpl          (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys

23:26:36.0703 1796        enodpl ( UnsignedFile.Multi.Generic ) - warning

23:26:36.0703 1796        enodpl - detected UnsignedFile.Multi.Generic (1)

23:26:36.0781 1796        exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

23:26:36.0859 1796        exfat - ok

23:26:36.0937 1796        fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

23:26:36.0984 1796        fastfat - ok

23:26:37.0062 1796        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

23:26:37.0156 1796        fdc - ok

23:26:37.0281 1796        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

23:26:37.0296 1796        FileInfo - ok

23:26:37.0328 1796        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

23:26:37.0359 1796        Filetrace - ok

23:26:37.0453 1796        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

23:26:37.0593 1796        flpydisk - ok

23:26:37.0671 1796        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

23:26:37.0671 1796        FltMgr - ok

23:26:37.0718 1796        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

23:26:37.0750 1796        Fs_Rec - ok

23:26:37.0812 1796        FWLANUSB        (b45f1df1cce34e2af422f0ed78cd70ef) C:\Windows\system32\DRIVERS\fwlanusb.sys

23:26:37.0875 1796        FWLANUSB - ok

23:26:37.0968 1796        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

23:26:37.0968 1796        gagp30kx - ok

23:26:38.0046 1796        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

23:26:38.0046 1796        GEARAspiWDM - ok

23:26:38.0187 1796        hamachi         (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys

23:26:38.0187 1796        hamachi - ok

23:26:38.0312 1796        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

23:26:38.0390 1796        HdAudAddService - ok

23:26:38.0453 1796        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:26:38.0515 1796        HDAudBus - ok

23:26:38.0546 1796        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

23:26:38.0609 1796        HidBth - ok

23:26:38.0656 1796        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

23:26:38.0718 1796        HidIr - ok

23:26:38.0812 1796        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

23:26:38.0859 1796        HidUsb - ok

23:26:38.0953 1796        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

23:26:38.0968 1796        HpCISSs - ok

23:26:39.0093 1796        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

23:26:39.0156 1796        HTTP - ok

23:26:39.0203 1796        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

23:26:39.0203 1796        i2omp - ok

23:26:39.0265 1796        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

23:26:39.0312 1796        i8042prt - ok

23:26:39.0390 1796        iaStor          (294110966cedd127629c5be48367c8cf) C:\Windows\system32\drivers\iastor.sys

23:26:39.0437 1796        iaStor - ok

23:26:39.0500 1796        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

23:26:39.0515 1796        iaStorV - ok

23:26:39.0640 1796        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

23:26:39.0640 1796        iirsp - ok

23:26:39.0781 1796        IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys

23:26:39.0921 1796        IntcAzAudAddService - ok

23:26:40.0015 1796        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

23:26:40.0031 1796        intelide - ok

23:26:40.0062 1796        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

23:26:40.0140 1796        intelppm - ok

23:26:40.0203 1796        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:26:40.0265 1796        IpFilterDriver - ok

23:26:40.0359 1796        IpInIp - ok

23:26:40.0421 1796        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

23:26:40.0500 1796        IPMIDRV - ok

23:26:40.0546 1796        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

23:26:40.0562 1796        IPNAT - ok

23:26:40.0609 1796        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

23:26:40.0640 1796        IRENUM - ok

23:26:40.0687 1796        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

23:26:40.0703 1796        isapnp - ok

23:26:40.0796 1796        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

23:26:40.0796 1796        iScsiPrt - ok

23:26:40.0906 1796        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

23:26:40.0921 1796        iteatapi - ok

23:26:41.0000 1796        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

23:26:41.0031 1796        iteraid - ok

23:26:41.0093 1796        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

23:26:41.0109 1796        kbdclass - ok

23:26:41.0156 1796        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

23:26:41.0218 1796        kbdhid - ok

23:26:41.0281 1796        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

23:26:41.0328 1796        KSecDD - ok

23:26:41.0484 1796        Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

23:26:41.0484 1796        Lavasoft Kernexplorer - ok

23:26:41.0609 1796        Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

23:26:41.0609 1796        Lbd - ok

23:26:41.0671 1796        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

23:26:41.0703 1796        lirsgt - ok

23:26:41.0750 1796        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

23:26:41.0781 1796        lltdio - ok

23:26:41.0828 1796        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

23:26:41.0828 1796        LSI_FC - ok

23:26:41.0859 1796        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

23:26:41.0875 1796        LSI_SAS - ok

23:26:41.0937 1796        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

23:26:41.0968 1796        LSI_SCSI - ok

23:26:42.0000 1796        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

23:26:42.0046 1796        luafv - ok

23:26:42.0078 1796        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

23:26:42.0093 1796        megasas - ok

23:26:42.0187 1796        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

23:26:42.0250 1796        Modem - ok

23:26:42.0296 1796        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

23:26:42.0359 1796        monitor - ok

23:26:42.0453 1796        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

23:26:42.0468 1796        mouclass - ok

23:26:42.0484 1796        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

23:26:42.0546 1796        mouhid - ok

23:26:42.0593 1796        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

23:26:42.0609 1796        MountMgr - ok

23:26:42.0703 1796        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

23:26:42.0734 1796        mpio - ok

23:26:42.0765 1796        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

23:26:42.0828 1796        mpsdrv - ok

23:26:42.0859 1796        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

23:26:42.0890 1796        Mraid35x - ok

23:26:42.0937 1796        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

23:26:43.0187 1796        MRxDAV - ok

23:26:43.0328 1796        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:26:43.0390 1796        mrxsmb - ok

23:26:43.0468 1796        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:26:43.0484 1796        mrxsmb10 - ok

23:26:43.0515 1796        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:26:43.0562 1796        mrxsmb20 - ok

23:26:43.0640 1796        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

23:26:43.0656 1796        msahci - ok

23:26:43.0687 1796        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

23:26:43.0718 1796        msdsm - ok

23:26:43.0765 1796        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

23:26:43.0828 1796        Msfs - ok

23:26:43.0875 1796        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

23:26:43.0890 1796        msisadrv - ok

23:26:43.0937 1796        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

23:26:43.0984 1796        MSKSSRV - ok

23:26:44.0062 1796        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

23:26:44.0125 1796        MSPCLOCK - ok

23:26:44.0187 1796        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

23:26:44.0218 1796        MSPQM - ok

23:26:44.0265 1796        MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

23:26:44.0281 1796        MsRPC - ok

23:26:44.0296 1796        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

23:26:44.0312 1796        mssmbios - ok

23:26:44.0328 1796        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

23:26:44.0375 1796        MSTEE - ok

23:26:44.0453 1796        Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

23:26:44.0453 1796        Mup - ok

23:26:44.0500 1796        NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

23:26:44.0531 1796        NativeWifiP - ok

23:26:44.0640 1796        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

23:26:44.0687 1796        NDIS - ok

23:26:44.0796 1796        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

23:26:44.0859 1796        NdisTapi - ok

23:26:44.0906 1796        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

23:26:44.0968 1796        Ndisuio - ok

23:26:45.0000 1796        NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

23:26:45.0031 1796        NdisWan - ok

23:26:45.0093 1796        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

23:26:45.0187 1796        NDProxy - ok

23:26:45.0312 1796        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

23:26:45.0359 1796        NetBIOS - ok

23:26:45.0406 1796        netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

23:26:45.0453 1796        netbt - ok

23:26:45.0562 1796        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

23:26:45.0593 1796        nfrd960 - ok

23:26:45.0625 1796        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

23:26:45.0671 1796        Npfs - ok

23:26:45.0718 1796        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

23:26:45.0750 1796        nsiproxy - ok

23:26:45.0921 1796        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

23:26:45.0968 1796        Ntfs - ok

23:26:46.0046 1796        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

23:26:46.0125 1796        ntrigdigi - ok

23:26:46.0265 1796        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

23:26:46.0312 1796        Null - ok

23:26:46.0406 1796        nvatabus        (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys

23:26:46.0453 1796        nvatabus - ok

23:26:46.0921 1796        nvlddmkm        (484844c0d892b42ecc5e6b063d072a38) C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:26:47.0359 1796        nvlddmkm - ok

23:26:47.0500 1796        nvraid          (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys

23:26:47.0515 1796        nvraid - ok

23:26:47.0562 1796        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

23:26:47.0578 1796        nvstor - ok

23:26:47.0625 1796        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

23:26:47.0640 1796        nv_agp - ok

23:26:47.0640 1796        NwlnkFlt - ok

23:26:47.0656 1796        NwlnkFwd - ok

23:26:47.0718 1796        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

23:26:47.0765 1796        ohci1394 - ok

23:26:47.0812 1796        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

23:26:47.0859 1796        Parport - ok

23:26:47.0890 1796        partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

23:26:47.0906 1796        partmgr - ok

23:26:47.0921 1796        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

23:26:48.0000 1796        Parvdm - ok

23:26:48.0046 1796        pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

23:26:48.0062 1796        pci - ok

23:26:48.0093 1796        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

23:26:48.0093 1796        pciide - ok

23:26:48.0140 1796        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

23:26:48.0156 1796        pcmcia - ok

23:26:48.0218 1796        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

23:26:48.0343 1796        PEAUTH - ok

23:26:48.0515 1796        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

23:26:48.0562 1796        PptpMiniport - ok

23:26:48.0609 1796        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

23:26:48.0671 1796        Processor - ok

23:26:48.0765 1796        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

23:26:48.0828 1796        PSched - ok

23:26:48.0890 1796        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

23:26:48.0937 1796        ql2300 - ok

23:26:48.0984 1796        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

23:26:49.0000 1796        ql40xx - ok

23:26:49.0062 1796        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

23:26:49.0062 1796        QWAVEdrv - ok

23:26:49.0109 1796        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

23:26:49.0156 1796        RasAcd - ok

23:26:49.0218 1796        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:26:49.0281 1796        Rasl2tp - ok

23:26:49.0343 1796        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

23:26:49.0390 1796        RasPppoe - ok

23:26:49.0484 1796        RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

23:26:49.0531 1796        RasSstp - ok

23:26:49.0578 1796        rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

23:26:49.0609 1796        rdbss - ok

23:26:49.0656 1796        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:26:49.0671 1796        RDPCDD - ok

23:26:49.0718 1796        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

23:26:49.0781 1796        rdpdr - ok

23:26:49.0828 1796        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

23:26:49.0843 1796        RDPENCDD - ok

23:26:49.0890 1796        RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

23:26:49.0953 1796        RDPWD - ok

23:26:50.0015 1796        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

23:26:50.0046 1796        rspndr - ok

23:26:50.0078 1796        RTL8023xp       (f7a8c9024e82534cec50613d87e88645) C:\Windows\system32\DRIVERS\Rtnicxp.sys

23:26:50.0125 1796        RTL8023xp - ok

23:26:50.0156 1796        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

23:26:50.0156 1796        sbp2port - ok

23:26:50.0218 1796        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

23:26:50.0296 1796        secdrv - ok

23:26:50.0328 1796        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

23:26:50.0390 1796        Serenum - ok

23:26:50.0421 1796        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

23:26:50.0468 1796        Serial - ok

23:26:50.0578 1796        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

23:26:50.0609 1796        sermouse - ok

23:26:50.0687 1796        sfdrv01         (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys

23:26:50.0687 1796        sfdrv01 - ok

23:26:50.0718 1796        sfdrv01a        (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys

23:26:50.0734 1796        sfdrv01a - ok

23:26:50.0765 1796        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

23:26:50.0812 1796        sffdisk - ok

23:26:50.0843 1796        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

23:26:50.0921 1796        sffp_mmc - ok

23:26:50.0937 1796        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

23:26:50.0984 1796        sffp_sd - ok

23:26:51.0125 1796        sfhlp02         (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys

23:26:51.0140 1796        sfhlp02 - ok

23:26:51.0250 1796        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

23:26:51.0296 1796        sfloppy - ok

23:26:51.0546 1796        sfsync02        (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys

23:26:51.0562 1796        sfsync02 - ok

23:26:51.0734 1796        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

23:26:51.0750 1796        sisagp - ok

23:26:51.0843 1796        SiSRaid2        (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys

23:26:51.0937 1796        SiSRaid2 - ok

23:26:52.0000 1796        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

23:26:52.0000 1796        SiSRaid4 - ok

23:26:52.0062 1796        Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

23:26:52.0078 1796        Smb - ok

23:26:52.0140 1796        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

23:26:52.0156 1796        spldr - ok

23:26:52.0234 1796        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

23:26:52.0265 1796        sptd - ok

23:26:52.0375 1796        srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

23:26:52.0453 1796        srv - ok

23:26:52.0484 1796        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

23:26:52.0546 1796        srv2 - ok

23:26:52.0578 1796        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

23:26:52.0625 1796        srvnet - ok

23:26:52.0687 1796        ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys

23:26:52.0718 1796        ssmdrv ( UnsignedFile.Multi.Generic ) - warning

23:26:52.0718 1796        ssmdrv - detected UnsignedFile.Multi.Generic (1)

23:26:52.0765 1796        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

23:26:52.0765 1796        swenum - ok

23:26:52.0812 1796        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

23:26:52.0812 1796        Symc8xx - ok

23:26:52.0875 1796        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

23:26:52.0875 1796        Sym_hi - ok

23:26:52.0906 1796        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

23:26:52.0921 1796        Sym_u3 - ok

23:26:53.0000 1796        tandpl          (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys

23:26:53.0031 1796        tandpl ( UnsignedFile.Multi.Generic ) - warning

23:26:53.0031 1796        tandpl - detected UnsignedFile.Multi.Generic (1)

23:26:53.0109 1796        TBPanel         (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys

23:26:53.0125 1796        TBPanel - ok

23:26:53.0187 1796        Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

23:26:53.0234 1796        Tcpip - ok

23:26:53.0328 1796        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

23:26:53.0359 1796        Tcpip6 - ok

23:26:53.0421 1796        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

23:26:53.0437 1796        tcpipreg - ok

23:26:53.0484 1796        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

23:26:53.0531 1796        TDPIPE - ok

23:26:53.0578 1796        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

23:26:53.0625 1796        TDTCP - ok

23:26:53.0671 1796        tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

23:26:53.0687 1796        tdx - ok

23:26:53.0734 1796        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

23:26:53.0750 1796        TermDD - ok

23:26:53.0812 1796        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:26:53.0859 1796        tssecsrv - ok

23:26:53.0937 1796        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

23:26:53.0984 1796        tunmp - ok

23:26:54.0031 1796        tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

23:26:54.0078 1796        tunnel - ok

23:26:54.0125 1796        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

23:26:54.0125 1796        uagp35 - ok

23:26:54.0171 1796        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

23:26:54.0187 1796        udfs - ok

23:26:54.0234 1796        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

23:26:54.0234 1796        uliagpkx - ok

23:26:54.0265 1796        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

23:26:54.0281 1796        uliahci - ok

23:26:54.0312 1796        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

23:26:54.0312 1796        UlSata - ok

23:26:54.0343 1796        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

23:26:54.0359 1796        ulsata2 - ok

23:26:54.0390 1796        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

23:26:54.0421 1796        umbus - ok

23:26:54.0453 1796        USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

23:26:54.0515 1796        USBAAPL - ok

23:26:54.0546 1796        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

23:26:54.0593 1796        usbccgp - ok

23:26:54.0640 1796        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

23:26:54.0703 1796        usbcir - ok

23:26:54.0781 1796        usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

23:26:54.0796 1796        usbehci - ok

23:26:54.0843 1796        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

23:26:54.0859 1796        usbhub - ok

23:26:54.0906 1796        usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

23:26:54.0953 1796        usbohci - ok

23:26:55.0015 1796        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

23:26:55.0062 1796        usbprint - ok

23:26:55.0109 1796        USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:26:55.0156 1796        USBSTOR - ok

23:26:55.0203 1796        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

23:26:55.0250 1796        usbuhci - ok

23:26:55.0296 1796        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

23:26:55.0359 1796        vga - ok

23:26:55.0406 1796        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

23:26:55.0421 1796        VgaSave - ok

23:26:55.0453 1796        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

23:26:55.0468 1796        viaagp - ok

23:26:55.0484 1796        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

23:26:55.0562 1796        ViaC7 - ok

23:26:55.0593 1796        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

23:26:55.0593 1796        viaide - ok

23:26:55.0640 1796        viamraid        (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys

23:26:55.0703 1796        viamraid - ok

23:26:55.0765 1796        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

23:26:55.0765 1796        volmgr - ok

23:26:55.0812 1796        volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

23:26:55.0828 1796        volmgrx - ok

23:26:55.0890 1796        volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

23:26:55.0906 1796        volsnap - ok

23:26:55.0921 1796        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

23:26:55.0921 1796        vsmraid - ok

23:26:55.0968 1796        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

23:26:56.0031 1796        WacomPen - ok

23:26:56.0078 1796        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:26:56.0093 1796        Wanarp - ok

23:26:56.0109 1796        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:26:56.0125 1796        Wanarpv6 - ok

23:26:56.0156 1796        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

23:26:56.0156 1796        Wd - ok

23:26:56.0218 1796        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

23:26:56.0250 1796        Wdf01000 - ok

23:26:56.0312 1796        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

23:26:56.0390 1796        WmiAcpi - ok

23:26:56.0468 1796        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

23:26:56.0484 1796        WpdUsb - ok

23:26:56.0515 1796        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

23:26:56.0562 1796        ws2ifsl - ok

23:26:56.0656 1796        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:26:56.0703 1796        WUDFRd - ok

23:26:56.0781 1796        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:26:56.0843 1796        \Device\Harddisk0\DR0 - ok

23:26:56.0859 1796        Boot (0x1200)   (1a4e59b52b4ddc3e7083f257fd761a36) \Device\Harddisk0\DR0\Partition0

23:26:56.0859 1796        \Device\Harddisk0\DR0\Partition0 - ok

23:26:56.0875 1796        Boot (0x1200)   (96288a61c20efaeb71380a61c6081881) \Device\Harddisk0\DR0\Partition1

23:26:56.0875 1796        \Device\Harddisk0\DR0\Partition1 - ok

23:26:56.0875 1796        ============================================================

23:26:56.0875 1796        Scan finished

23:26:56.0875 1796        ============================================================

23:26:56.0890 1788        Detected object count: 3

23:26:56.0890 1788        Actual detected object count: 3

23:27:06.0078 1788        enodpl ( UnsignedFile.Multi.Generic ) - skipped by user

23:27:06.0078 1788        enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:27:06.0078 1788        ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user

23:27:06.0078 1788        ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:27:06.0093 1788        tandpl ( UnsignedFile.Multi.Generic ) - skipped by user

23:27:06.0093 1788        tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier der ComboFix log:

Code:

ComboFix 11-10-27.04 - philipp 27.10.2011  16:40:56.1.2 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3070.2602 [GMT 2:00]

ausgeführt von:: c:\users\philipp\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\Search Settings

c:\program files\Search Settings\kb127\SearchSettingsRes409.dll

c:\program files\Search Settings\SearchSettings.exe

c:\users\philipp\AppData\Local\._Revolution_

c:\windows\IsUn0407.exe

c:\windows\iun6002.exe

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-09-27 bis 2011-10-27  ))))))))))))))))))))))))))))))

.

.

2011-10-27 14:51 . 2011-10-27 14:52        --------        d-----w-        c:\users\philipp\AppData\Local\temp

2011-10-27 14:51 . 2011-10-27 14:51        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-10-25 19:49 . 2011-10-25 19:49        --------        d-----w-        C:\_OTL

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-25 10:20 . 2006-11-02 10:32        101888        ----a-w-        c:\windows\system32\ifxcardm.dll

2011-08-25 10:19 . 2006-11-02 10:32        82432        ----a-w-        c:\windows\system32\axaltocm.dll

2011-08-24 12:28 . 2011-08-24 12:28        101720        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys

2011-08-17 22:47 . 2011-08-17 22:47        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-12 02:44 . 2011-09-24 11:22        7152464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C667E537-B5B9-4B0B-9640-761E1EA3574D}\mpengine.dll

2011-09-01 21:43 . 2011-08-28 02:36        0        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-04-11 06:28 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6002.18005_none_3bff339efed611ca\olepro32.dll

[-] 2008-01-19 07:36 . 6FE06C401E5B69A155CE6EAA67A9A28D . 88576 . . [------] . . c:\windows\System32\olepro32.dll

[-] 2008-01-19 07:36 . 6FE06C401E5B69A155CE6EAA67A9A28D . 88576 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6001.18000_none_3a13ba9301b4467e\olepro32.dll

[7] 2006-11-02 09:46 . DF54915B3DD106854F18C678BEB2977D . 88576 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6000.16386_none_37dcf89704c935aa\olepro32.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute        REG_MULTI_SZ           \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16        357696        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]

2008-10-21 15:12        2177576        ----a-w-        c:\program files\EXPERTool\TBPANEL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 10:17        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-26 691696]

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-07-31 264704]

R3 HRService;Haufe iDesk-Service in c:\program files\Haufe\iDesk\iDeskService\Zope;c:\program files\Haufe\iDesk\iDeskService\iDeskService.exe [2008-08-20 70336]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - ECACHE

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 07:40]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

mLocal Page = 

FF - ProfilePath - c:\users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - 

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

------- Dateityp-Verknüpfung -------

.

regedit=regedit.exe "%1"

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{1631550F-191D-4826-B069-D9439253D926} - (no file)

BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

AddRemove-Worms2 - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-10-27 16:52

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec /V"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI]

"ImagePath"="system32\drivers\acpi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx]

"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci]

"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m]

"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320]

"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc]

"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\system32\drivers\afd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440]

"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx]

"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide]

"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp]

"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide]

"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7]

"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8]

"ImagePath"="system32\DRIVERS\amdk8.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdLLD]

"ImagePath"="system32\DRIVERS\AmdLLD.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirScheduler]

"ImagePath"="\"c:\program files\AntiVir PersonalEdition Classic\sched.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirService]

"ImagePath"="\"c:\program files\AntiVir PersonalEdition Classic\avguard.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo]

"ServiceDll"="%SystemRoot%\System32\appinfo.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Apple Mobile Device]

"ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc]

"ImagePath"="\SystemRoot\system32\drivers\arc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas]

"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]

"ImagePath"="system32\drivers\atapi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atksgt]

"ImagePath"="system32\DRIVERS\atksgt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgio]

"ImagePath"="\??\c:\program files\AntiVir PersonalEdition Classic\avgio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgntflt]

"ImagePath"="\??\c:\program files\AntiVir PersonalEdition Classic\avgntflt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avipbb]

"ImagePath"="system32\DRIVERS\avipbb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVM WLAN Connection Service]

"ImagePath"="c:\program files\avmwlanstick\WlanNetService.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC]

"MofImagePath"="system32\drivers\battc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]

"ServiceDll"="%SystemRoot%\System32\bfe.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS]

"ServiceDll"="%SystemRoot%\System32\qmgr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive]

"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser]

"ImagePath"="system32\DRIVERS\bowser.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo]

"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp]

"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Bridge]

"ImagePath"="system32\DRIVERS\bridge.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BridgeMP]

"ImagePath"="system32\DRIVERS\bridge.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid]

"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm]

"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm]

"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer]

"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM]

"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\users\philipp\AppData\Local\Temp\catchme.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs]

"ImagePath"="system32\DRIVERS\cdfs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass]

"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS]

"ImagePath"="System32\CLFS.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide]

"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt]

"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk]

"ImagePath"="system32\drivers\crcdisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe]

"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR]

"ImagePath"="%SystemRoot%\system32\DFSR.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk]

"ImagePath"="system32\drivers\disk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60]

"ImagePath"="system32\DRIVERS\E1G60I32.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache]

"ImagePath"="System32\drivers\ecache.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehstart]

"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ElbyCDIO]

"ImagePath"="System32\Drivers\ElbyCDIO.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ElbyDelay]

"ImagePath"="System32\Drivers\ElbyDelay.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor]

"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt]

"ServiceDll"="%systemroot%\system32\emdmgmt.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\enodpl]

"ImagePath"="System32\drivers\enodpl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc]

"ImagePath"="system32\DRIVERS\fdc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk]

"ImagePath"="system32\DRIVERS\flpydisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FWLANUSB]

"ImagePath"="system32\DRIVERS\fwlanusb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx]

"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GEARAspiWDM]

"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hamachi]

"ImagePath"="system32\DRIVERS\hamachi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService]

"ImagePath"="system32\drivers\HdAudio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus]

"ImagePath"="system32\DRIVERS\HDAudBus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth]

"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr]

"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs]

"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HRService]

"ImagePath"="\"c:\program files\Haufe\iDesk\iDeskService\iDeskService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp]

"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStor]

"ImagePath"="\SystemRoot\system32\drivers\iastor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV]

"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IDriverT]

"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp]

"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RTKVHDA.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide]

"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT]

"ImagePath"="system32\DRIVERS\ipnat.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp]

"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt]

"ImagePath"="system32\DRIVERS\msiscsi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi]

"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid]

"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lavasoft Ad-Aware Service]

"ImagePath"="\"c:\program files\Lavasoft\Ad-Aware\AAWService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lavasoft Kernexplorer]

"ImagePath"="\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lbd]

"ImagePath"="system32\DRIVERS\Lbd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lirsgt]

"ImagePath"="system32\DRIVERS\lirsgt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC]

"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mcx2Svc]

"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas]

"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem]

"ImagePath"="system32\drivers\modem.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr]

"ImagePath"="System32\drivers\mountmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio]

"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv]

"ImagePath"="System32\drivers\mpsdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x]

"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci]

"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm]

"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv]

"ImagePath"="system32\drivers\msisadrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec /V"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt]

"ImagePath"="System32\DRIVERS\netbt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon]

"ImagePath"="%systemroot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960]

"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi]

"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvatabus]

"ImagePath"="\SystemRoot\system32\drivers\nvatabus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvlddmkm]

"ImagePath"="system32\DRIVERS\nvlddmkm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid]

"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor]

"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvsvc]

"ImagePath"="%SystemRoot%\system32\nvvsvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp]

"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394]

"ImagePath"="system32\DRIVERS\ohci1394.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]

"ImagePath"="\SystemRoot\system32\drivers\parport.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm]

"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci]

"ImagePath"="system32\drivers\pci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide]

"ImagePath"="system32\drivers\pciide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia]

"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PnkBstrA]

"ImagePath"="c:\windows\system32\PnkBstrA.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor]

"ImagePath"="\SystemRoot\system32\drivers\processr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\pacer.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300]

"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx]

"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr]

"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTL8023xp]

"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port]

"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SBSDWSCService]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\System32\sens.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse]

"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfdrv01]

"ImagePath"="System32\drivers\sfdrv01.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfdrv01a]

"ImagePath"="System32\drivers\sfdrv01a.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk]

"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd]

"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfhlp02]

"ImagePath"="System32\drivers\sfhlp02.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy]

"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfsync02]

"ImagePath"="System32\drivers\sfsync02.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp]

"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc]

"ImagePath"="%SystemRoot%\system32\SLsvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify]

"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sptd]

"ImagePath"="System32\Drivers\sptd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ssmdrv]

"ImagePath"="system32\DRIVERS\ssmdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx]

"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi]

"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3]

"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tandpl]

"ImagePath"="System32\drivers\tandpl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBPanel]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TeamViewer]

"ImagePath"="\"c:\program files\TeamViewer3\TeamViewer_Service.exe\" -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TestHandler]

"ImagePath"="c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp]

"ImagePath"="system32\DRIVERS\tunmp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35]

"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx]

"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci]

"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata]

"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2]

"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus]

"ImagePath"="system32\DRIVERS\umbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBAAPL]

"ImagePath"="System32\Drivers\usbaapl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir]

"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]

"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7]

"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide]

"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viamraid]

"ImagePath"="\SystemRoot\system32\drivers\viamraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr]

"ImagePath"="system32\drivers\volmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap]

"ImagePath"="system32\drivers\volsnap.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid]

"ImagePath"="system32\drivers\vsmraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen]

"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd]

"ImagePath"="\SystemRoot\system32\drivers\wd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi]

"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb]

"ImagePath"="system32\DRIVERS\wpdusb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{2DE49F84-109C-4E97-B9FC-30727990B278}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{3F975C1D-5284-43D1-9A1E-C813BC89BFAB}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{79A80240-1282-48E1-AA54-1A3DB4EF6D58}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{9A298ED5-674B-4843-934D-2F1FD3ACE865}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{9C21FC01-24D2-4219-9A3B-AC3E553DF273}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B7C5D548-6893-4D15-AFE4-2C1FB1E655F9}]

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2086985829-3942022371-379819149-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b4,6a,82,cf,6b,bc,f4,99,2b,3a,a9,f0,d8,0c,da,92,18,85,df,ac,f3,a1,87,

   eb,35,f5,b5,4b,9a,a1,77,1a,85,70,93,3d,49,c4,4e,fd,cb,4f,02,2e,7c,14,69,66,\

"??"=hex:3d,03,cc,53,87,43,f7,50,5b,a9,63,73,f3,15,be,cc

.

[HKEY_USERS\S-1-5-21-2086985829-3942022371-379819149-1000\Software\SecuROM\License information*]

"datasecu"=hex:5c,19,94,bc,01,a4,88,b9,4c,70,29,6e,2f,50,ea,f5,6c,cd,b7,48,be,

   40,c4,ac,2a,1a,51,32,88,43,18,4f,2d,31,6d,38,10,9c,7c,9f,b3,06,f6,e0,0d,d3,\

"rkeysecu"=hex:41,7a,4e,c7,2f,71,66,c6,99,35,57,84,f1,c1,39,88

.

Zeit der Fertigstellung: 2011-10-27  16:55:15

ComboFix-quarantined-files.txt  2011-10-27 14:54

.

Vor Suchlauf: 15 Verzeichnis(se), 43.183.779.840 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 45.808.893.952 Bytes frei

.

- - End Of File - - D064D597DC7EECB8330F90B20854F723