Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware on old Windows XP SP2 inhibts automatic upgrade to SP3?

Started by Phom , Jan 31 2013 08:03 AM

  • Please log in to reply

#1
Phom
Posted 31 January 2013 - 08:03 AM

Phom

    Member

  • Member
  • PipPip
  • 30 posts
Hello!
I want to use a new USB-UMTS stick on an old Laptop Windows XP SP2 (german) system. While the old stick was recognized, the new one is not (the supplier states it can be used on XP SP2). In another forum it was suggested to upgrade to SP3, but Windows automatic upgrade responded with an error window. It was suggested to install XP anew. This I do not want to do for several reasons beyond the scope here. The otl is shown below.

OTL logfile created on: 31.01.2013 14:20:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

510,92 Mb Total Physical Memory | 53,87 Mb Available Physical Memory | 10,54% Memory free
1,22 Gb Paging File | 0,84 Gb Available in Paging File | 68,71% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,44 Gb Total Space | 10,11 Gb Free Space | 36,86% Space Free | Partition Type: NTFS
Drive D: | 6,56 Gb Total Space | 6,34 Gb Free Space | 96,56% Space Free | Partition Type: NTFS
Drive E: | 309,45 Mb Total Space | 307,34 Mb Free Space | 99,32% Space Free | Partition Type: FAT32

Computer Name: AKS23 | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.31 13:50:25 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.01.30 17:25:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.08.24 02:29:16 | 000,186,880 | ---- | M] (TuneUp Software GmbH) -- C:\Programme\TuneUp Utilities 2006\StartUpManager.exe
PRC - [2004.08.04 13:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2003.06.24 13:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.03.27 02:06:02 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2003.01.24 15:36:42 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003.01.17 09:02:18 | 000,831,549 | ---- | M] (Xpoint Technologies) -- C:\Programme\xpoint\EEClient\Xpclient.exe
PRC - [2003.01.17 09:01:02 | 000,028,672 | ---- | M] () -- C:\Programme\xpoint\xpadmin\xpadmin.exe
PRC - [2001.06.15 17:18:30 | 000,020,549 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\javaw.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.31 13:50:23 | 003,022,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.01.31 01:02:21 | 002,049,536 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\13013003\algo.dll
MOD - [2012.02.12 14:59:00 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\717cce3690d643df19d6a4117283048e\System.Xml.ni.dll
MOD - [2012.02.12 14:58:43 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9d25b8eabd8203e4d0490363140c4526\System.Windows.Forms.ni.dll
MOD - [2012.02.12 14:58:10 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e58e83951091f2616344c5d2a6787660\System.Drawing.ni.dll
MOD - [2012.02.12 14:56:58 | 008,310,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ccfeb59f4a9b75909eb2d1121232a769\System.ni.dll
MOD - [2012.02.12 14:56:39 | 011,436,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\fee8c8ba9b84a7832274adcbfc9d5ca4\mscorlib.ni.dll
MOD - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.08.23 21:41:22 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008.07.03 15:59:50 | 008,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008.07.03 15:59:49 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2008.07.03 15:59:48 | 000,216,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll
MOD - [2007.05.11 01:31:33 | 000,921,600 | ---- | M] () -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
MOD - [2005.12.09 09:11:06 | 000,136,704 | ---- | M] () -- C:\Programme\7-Zip\7-zip.dll
MOD - [2005.08.24 02:27:52 | 000,155,136 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\CommonForms.bpl
MOD - [2005.08.24 02:27:46 | 000,114,688 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\TUBasic.bpl
MOD - [2005.08.24 02:27:36 | 000,462,848 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\MSI_D6.bpl
MOD - [2005.08.24 02:27:34 | 000,491,008 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\VirtualTreesD6.bpl
MOD - [2005.08.24 02:27:30 | 000,258,560 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\DEC.bpl
MOD - [2005.08.24 02:27:26 | 000,435,712 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\Html.bpl
MOD - [2005.08.24 02:27:26 | 000,053,760 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\ehs_d6.bpl
MOD - [2005.08.24 02:27:24 | 000,397,824 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\GR32_D6.bpl
MOD - [2005.08.24 02:27:20 | 000,082,432 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\ThemeManager.bpl
MOD - [2005.07.04 00:45:02 | 000,045,568 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\XMLComponents.bpl
MOD - [2005.06.10 21:49:18 | 000,386,560 | ---- | M] () -- C:\Programme\TuneUp Utilities 2006\ntrtl60.bpl
MOD - [2004.08.04 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003.03.27 02:06:02 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
MOD - [2003.01.17 10:37:24 | 000,180,224 | ---- | M] () -- C:\Programme\xpoint\pe\xpView.dll
MOD - [2003.01.17 09:01:02 | 000,028,672 | ---- | M] () -- C:\Programme\xpoint\xpadmin\xpadmin.exe
MOD - [2001.06.15 17:18:34 | 000,053,326 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\zip.dll
MOD - [2001.06.15 17:18:34 | 000,053,319 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\verify.dll
MOD - [2001.06.15 17:18:32 | 000,032,841 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\net.dll
MOD - [2001.06.15 17:18:30 | 000,086,093 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\java.dll
MOD - [2001.06.15 17:18:30 | 000,028,753 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\hpi.dll
MOD - [2001.06.15 17:18:30 | 000,020,549 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\javaw.exe
MOD - [2001.06.15 17:18:28 | 000,765,952 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\hotspot\jvm.dll
MOD - [1999.08.10 17:32:22 | 000,017,920 | ---- | M] () -- C:\Programme\xpoint\pe\Implode.dll
MOD - [1999.08.10 17:32:22 | 000,017,920 | ---- | M] () -- C:\Programme\xpoint\EEClient\Implode.dll


========== Services (SafeList) ==========

SRV - [2013.01.31 13:50:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.11 16:13:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.08.24 02:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.03.27 02:06:02 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2003.01.24 15:37:32 | 000,299,075 | ---- | M] (Intel Corporation ) [On_Demand | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003.01.24 15:36:42 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003.01.17 09:05:44 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Programme\xpoint\pe\pcradmin.exe -- (PCRadminServer)
SRV - [2003.01.17 09:01:02 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Programme\xpoint\xpadmin\xpadmin.exe -- (XPadminServer)
SRV - [2002.08.12 02:17:04 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\Psasrv.exe -- (PsaSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.06.01 06:48:26 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CESG502.SYS -- (PVUSB)
DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.09.25 14:10:05 | 000,034,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV5C.sys -- (SSHDRV5C)
DRV - [2009.09.24 18:48:13 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Leonard\Lokale Einstellungen\Temp\kbeepm.sys -- (kbeepm)
DRV - [2009.08.23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.15 14:40:51 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.01.05 20:39:47 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.10.31 13:42:12 | 000,024,064 | ---- | M] (Sophos plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccess Filter)
DRV - [2007.10.31 13:41:46 | 000,080,128 | ---- | M] (Sophos plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccess Control)
DRV - [2007.02.28 18:54:30 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.04.04 14:17:40 | 000,054,144 | ---- | M] (ULi Electronics Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9206T02Q.sys -- (M9207)
DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004.08.04 13:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.08.04 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.03.11 05:15:00 | 000,023,168 | R--- | M] (Knobloch GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftusb.sys -- (ftusb)
DRV - [2003.12.05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.04.29 22:01:06 | 000,542,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.03.27 02:06:02 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2003.03.12 14:16:44 | 002,390,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51)
DRV - [2003.01.17 01:32:00 | 000,015,360 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2003.01.12 16:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2002.12.26 02:10:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2002.12.26 01:32:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002.12.26 01:32:00 | 000,008,830 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002.11.20 14:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002.10.18 11:07:34 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002.09.19 18:41:28 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002.09.13 07:04:42 | 000,006,003 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2002.07.15 13:45:28 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001.08.17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 13:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [2000.03.22 21:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [1999.11.11 09:23:02 | 000,029,788 | ---- | M] (Xpoint Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\srntflt.sys -- (SRFilter)
DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...de-DE:official"
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: %7BCE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B%7D:3.8
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.8


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.12.16 12:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.31 13:50:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.31 13:50:01 | 000,000,000 | ---D | M]

[2008.07.03 16:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Extensions
[2012.12.16 12:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions
[2010.02.06 20:32:05 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.12.16 12:17:47 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\[email protected]
[2012.12.16 12:18:10 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\[email protected]
[2012.12.16 12:18:10 | 000,328,449 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2012.12.15 15:53:02 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.03 15:13:06 | 000,434,392 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.01.31 13:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.31 13:49:50 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.12.16 12:40:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.01.31 13:50:25 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.09.15 10:03:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.01.16 13:48:05 | 000,002,058 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2003.10.07 06:36:00 | 000,001,043 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 134.169.44.164 aks1.org-chem.nat.tu-bs.de aks1
O1 - Hosts: 134.169.44.165 aks2.org-chem.nat.tu-bs.de aks2
O1 - Hosts: 134.169.44.168 aks4.org-chem.nat.tu-bs.de aks4
O1 - Hosts: 134.169.44.169 aks5.org-chem.nat.tu-bs.de aks5
O1 - Hosts: 134.169.44.170 aks6.org-chem.nat.tu-bs.de aks6
O1 - Hosts: 133.169.44.175 aks7.org-chem.nat.tu-bs.de aks8
O1 - Hosts: 134.169.44.176 aks8.org-chem.nat.tu-bs.de aks9
O1 - Hosts: 134.169.44.177 aks9.org-chem.nat.tu-bs.de aks10
O1 - Hosts: 134.169.44.178 aks10.org-chem.nat.tu-bs.de aks11
O1 - Hosts: 134.169.44.179 aks11.org-chem.nat.tu-bs.de aks12
O1 - Hosts: 134.169.44.187 aks12.org-chem.nat.tu-bs.de aks13
O1 - Hosts: 134.169.44.119 aks13.org-chem.nat.tu-bs.de aks14
O1 - Hosts: 134.169.44.91 aks14.org-chem.nat.tu-bs.de aks15
O1 - Hosts: 134.169.44.92 aks15.org-chem.nat.tu-bs.de aks16
O1 - Hosts: 134.169.44.89 aks16.org-chem.nat.tu-bs.de aks17
O1 - Hosts: 134.169.44.3 aks17.org-chem.nat.tu-bs.de andreas
O1 - Hosts: 134.169.44.76 andreas.org-chem.nat.tu-bs.de andreas
O1 - Hosts: 134.169.44.183 greg.org-chem.nat.tu-bs.de greg
O1 - Hosts: 134.169.44.79 jeroen.org-chem.nat.tu-bs.de jeroen
O1 - Hosts: 134.169.44.180 laptop.org-chem.nat.tu-bs.de laptop
O1 - Hosts: 134.169.44.134 pc322.org-chem.nat.tu-bs.de pc322
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 16
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Programme\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz)
O15 - HKCU\..Trusted Domains: bahn.de ([reiseauskunft] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: lomarengas.fi ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1083585491781 (MSSecurityAdvisor Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-18.cab (EPUImageControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1238155695616 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8019.0130092593 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = org-chem.nat.tu-bs.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141AD400-7912-43B6-BD07-6B5186324C44}: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.04 17:20:47 | 000,000,077 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002.09.24 11:43:10 | 000,000,114 | ---- | M] () - E:\AUTOEXEC.BBB -- [ FAT32 ]
O32 - AutoRun File - [2002.09.24 11:43:12 | 000,000,114 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002.09.24 11:43:12 | 000,000,114 | ---- | M] () - E:\AUTOEXEC.ccc -- [ FAT32 ]
O33 - MountPoints2\{2d43ab30-1a40-11de-bafb-000d6036cc19}\Shell - "" = AutoRun
O33 - MountPoints2\{2d43ab30-1a40-11de-bafb-000d6036cc19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d43ab30-1a40-11de-bafb-000d6036cc19}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{2d43ab32-1a40-11de-bafb-000d6036cc19}\Shell - "" = AutoRun
O33 - MountPoints2\{2d43ab32-1a40-11de-bafb-000d6036cc19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d43ab32-1a40-11de-bafb-000d6036cc19}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{48e63570-c321-11df-bd3c-000d6036cc19}\Shell - "" = AutoRun
O33 - MountPoints2\{48e63570-c321-11df-bd3c-000d6036cc19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{48e63570-c321-11df-bd3c-000d6036cc19}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{67dad090-9668-11de-bb92-000d6036cc19}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{67dad090-9668-11de-bb92-000d6036cc19}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\{a57db8e0-1aa2-11de-bafc-000d6036cc19}\Shell - "" = AutoRun
O33 - MountPoints2\{a57db8e0-1aa2-11de-bafc-000d6036cc19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a57db8e0-1aa2-11de-bafc-000d6036cc19}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{ba41fca0-2371-11de-bb19-000d6036cc19}\Shell - "" = AutoRun
O33 - MountPoints2\{ba41fca0-2371-11de-bb19-000d6036cc19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba41fca0-2371-11de-bb19-000d6036cc19}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cec2ad00-3561-11dc-b7ff-000d6036cc19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cec2ad00-3561-11dc-b7ff-000d6036cc19}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{cec2ad00-3561-11dc-b7ff-000d6036cc19}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe
O33 - MountPoints2\{d8395560-1d36-11de-bb11-000d6036cc19}\Shell - "" = AutoRun
O33 - MountPoints2\{d8395560-1d36-11de-bb11-000d6036cc19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d8395560-1d36-11de-bb11-000d6036cc19}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dd3adfd0-0a45-11dd-b94a-000d6036cc19}\Shell - "" = AutoRun
O33 - MountPoints2\{dd3adfd0-0a45-11dd-b94a-000d6036cc19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dd3adfd0-0a45-11dd-b94a-000d6036cc19}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f89f05a0-1d37-11de-bb12-000d6036cc19}\Shell - "" = AutoRun
O33 - MountPoints2\{f89f05a0-1d37-11de-bb12-000d6036cc19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f89f05a0-1d37-11de-bb12-000d6036cc19}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.31 13:49:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.30 17:10:04 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes
[2013.01.30 16:25:36 | 000,000,000 | ---D | C] -- C:\UserData
[2013.01.30 14:44:10 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2013.01.30 14:44:10 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2013.01.30 14:44:10 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2013.01.30 14:44:10 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2013.01.30 14:43:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\1&1 Surf-Stick
[2013.01.30 14:43:08 | 000,000,000 | ---D | C] -- C:\Programme\1&1 Surf-Stick
[2013.01.26 19:53:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\XSManager
[2013.01.26 19:53:33 | 000,000,000 | ---D | C] -- C:\Programme\XSManager
[1410 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.31 13:58:37 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.31 13:58:36 | 000,002,300 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.31 13:57:58 | 000,000,104 | ---- | M] () -- C:\WINDOWS\IBMVPD.INI
[2013.01.31 13:57:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.31 13:55:22 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\dllcache\ctfmon.exe
[2013.01.31 13:55:22 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\ctfmon.exe
[2013.01.31 13:53:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.30 16:30:20 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.01.30 14:44:00 | 000,001,613 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\1&1 Surf-Stick.lnk
[1410 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.30 14:43:20 | 000,001,613 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\1&1 Surf-Stick.lnk
[2012.11.07 10:09:43 | 000,000,104 | ---- | C] () -- C:\WINDOWS\IBMVPD.INI
[2012.09.26 11:32:37 | 000,317,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.26 15:29:37 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.10.31 14:42:32 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.06.29 18:31:49 | 000,000,406 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2006.09.20 17:10:58 | 000,173,860 | ---- | C] () -- C:\Programme\20.09.2006leo.saf
[2006.09.20 17:00:18 | 000,518,992 | ---- | C] () -- C:\Programme\2 9 2006.saf
[2006.09.07 18:46:36 | 000,563,080 | ---- | C] () -- C:\Programme\9 9 2006.saf
[2006.09.04 19:49:12 | 000,538,200 | ---- | C] () -- C:\Programme\i3 9 2006.saf
[2006.08.29 18:03:18 | 000,524,796 | ---- | C] () -- C:\Programme\leoletzterferientag2006.saf
[2006.05.17 18:55:57 | 000,382,096 | ---- | C] () -- C:\Programme\10.5.06.saf
[2005.01.19 10:58:24 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.12.06 14:30:11 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe
[2003.12.23 19:42:24 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003.11.07 12:01:21 | 000,008,595 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\gsview32.ini
[2003.10.31 22:38:08 | 000,000,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\sversion.ini

========== ZeroAccess Check ==========

[2005.01.19 10:02:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 16:35:16 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:18:19 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 08:57:37 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.12.16 12:37:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2009.08.21 08:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CambridgeSoft
[2011.07.26 15:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.09.25 22:06:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2005.11.26 15:29:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cornelsen
[2010.05.31 09:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX
[2003.09.11 14:07:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ibm
[2009.03.15 14:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Klett
[2009.11.03 17:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Seagate
[2006.09.15 12:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
[2006.01.08 18:26:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Terzio
[2012.09.25 22:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007.06.29 18:31:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zeon
[2012.09.25 22:22:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.09.25 22:22:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2012.09.25 22:22:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2008.07.03 16:07:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Academic Software Zurich
[2005.01.07 14:32:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\AOMrec
[2006.05.20 14:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\FUJIFILM
[2010.05.31 09:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\GMX
[2003.10.31 22:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\IBM
[2003.12.23 21:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\InterVideo
[2009.12.16 12:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\IObit
[2009.12.21 09:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Leadertech
[2004.11.11 17:27:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Nikon
[2009.09.02 20:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Opera
[2008.04.15 23:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\ScanSoft
[2010.05.31 09:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\SmartSurfer
[2012.10.01 13:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TuneUp Software
[2010.01.05 09:21:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Uniblue
[2003.12.23 21:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\VERITAS
[2007.07.02 12:37:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Zeon

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 31 January 2013 - 12:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

O33 - MountPoints2\{cec2ad00-3561-11dc-b7ff-000d6036cc19}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{cec2ad00-3561-11dc-b7ff-000d6036cc19}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe


This looks like malware to me. Nothing else tries to run from a Folder called recycled. I think you got it from an infected USB drive.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************

Start, Run, cmd, OK to bring up a new Command Prompt window. Rightclick and select Paste and the above text should appear. Make sure you got it all and then hit Enter.

Close the Command Prompt window.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
You might want to install AutoRun Eater v2.6
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.

Let's run a few scans to see if there is anything more:


Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\Recycled\*.*
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
ctfmon.exe
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Phom
Posted 01 February 2013 - 10:29 AM

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello!
First of all, many thanks your your suggestions.
I am now at the combofix portion. It seems to me that the computer is in an endless loop because the systems runs for hours. The line said only 10 or 20 minutes. Because of the long time the disabled avast started again, so I had manuyll interfered again. This is obviously against your suggestion not to do anything during combofix. Anyway, I have to leave here until Monday soon, so I can see monday morning what happened.

Best regards
  • 0

#4
RKinner
Posted 01 February 2013 - 10:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
IF Combofix is hung go ahead and reboot. You may need to reboot twice. Then try it in Safe Mode with Networking.

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)
  • 0

#5
Phom
Posted 04 February 2013 - 03:44 AM

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello!
This morning the computer was frozen. Restart was without problems, no Safe mode needed.

The aswMBR.txt file is shown below.

I am uncertain about combofix. Shall I try it again, or should I skip it and proceed with the next steps?

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-01 15:04:19
-----------------------------
15:04:19.752 OS Version: Windows 5.1.2600 Service Pack 2
15:04:19.752 Number of processors: 1 586 0x905
15:04:19.752 ComputerName: AKS23 UserName:
15:04:22.867 Initialize success
15:04:25.571 AVAST engine defs: 13020100
15:04:45.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:04:45.089 Disk 0 Vendor: IC25N040ATCS05-0 CS4OA61A Size: 35127MB BusType: 3
15:04:45.109 Disk 0 MBR read successfully
15:04:45.109 Disk 0 MBR scan
15:04:45.109 Disk 0 unknown MBR code
15:04:45.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28098 MB offset 63
15:04:45.159 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6718 MB offset 57546720
15:04:45.169 Disk 0 Partition 3 00 0C FAT32 LBA XPOINTSP 310 MB offset 71305920
15:04:45.199 Disk 0 scanning sectors +71940960
15:04:45.309 Disk 0 scanning C:\WINDOWS\system32\drivers
15:05:10.796 Service scanning
15:05:48.821 Modules scanning
15:06:05.274 AVAST engine scan C:\WINDOWS
15:06:14.277 AVAST engine scan C:\WINDOWS\system32
15:10:29.484 AVAST engine scan C:\WINDOWS\system32\drivers
15:10:43.344 AVAST engine scan C:\Dokumente und Einstellungen\Stefan
15:12:58.559 AVAST engine scan C:\Dokumente und Einstellungen\All Users
15:13:37.685 Scan finished successfully
15:14:41.156 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Stefan\Desktop\MBR.dat"
15:14:41.186 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Stefan\Desktop\aswMBR.txt"
  • 0

#6
Phom
Posted 04 February 2013 - 10:16 AM

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Dear Ron!
I have now completed all the steps after combofix without running combofix again. Here are th elogs. aswr.txt is in the previous post.

TDSSKiller:
13:00:58.0223 2416 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:00:58.0363 2416 ============================================================
13:00:58.0363 2416 Current date / time: 2013/02/04 13:00:58.0363
13:00:58.0363 2416 SystemInfo:
13:00:58.0363 2416
13:00:58.0363 2416 OS Version: 5.1.2600 ServicePack: 2.0
13:00:58.0363 2416 Product type: Workstation
13:00:58.0363 2416 ComputerName: AKS23
13:00:58.0363 2416 UserName: Stefan
13:00:58.0363 2416 Windows directory: C:\WINDOWS
13:00:58.0363 2416 System windows directory: C:\WINDOWS
13:00:58.0363 2416 Processor architecture: Intel x86
13:00:58.0363 2416 Number of processors: 1
13:00:58.0363 2416 Page size: 0x1000
13:00:58.0363 2416 Boot type: Normal boot
13:00:58.0363 2416 ============================================================
13:01:01.0197 2416 Drive \Device\Harddisk0\DR0 - Size: 0x89377E400 (34.30 Gb), SectorSize: 0x200, Cylinders: 0x1296, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
13:01:01.0227 2416 ============================================================
13:01:01.0227 2416 \Device\Harddisk0\DR0:
13:01:01.0257 2416 MBR partitions:
13:01:01.0267 2416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36E17A1
13:01:01.0267 2416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36E17E0, BlocksNum 0xD1F2E0
13:01:01.0267 2416 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4400AC0, BlocksNum 0x9B0A0
13:01:01.0267 2416 ============================================================
13:01:01.0307 2416 C: <-> \Device\Harddisk0\DR0\Partition1
13:01:01.0327 2416 E: <-> \Device\Harddisk0\DR0\Partition3
13:01:01.0387 2416 D: <-> \Device\Harddisk0\DR0\Partition2
13:01:01.0387 2416 ============================================================
13:01:01.0387 2416 Initialize success
13:01:01.0387 2416 ============================================================
14:47:57.0223 0308 ============================================================
14:47:57.0223 0308 Scan started
14:47:57.0223 0308 Mode: Manual;
14:47:57.0223 0308 ============================================================
14:47:59.0416 0308 ================ Scan system memory ========================
14:47:59.0426 0308 System memory - ok
14:47:59.0426 0308 ================ Scan services =============================
14:47:59.0686 0308 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
14:47:59.0696 0308 Aavmker4 - ok
14:47:59.0706 0308 Abiosdsk - ok
14:47:59.0756 0308 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
14:47:59.0767 0308 abp480n5 - ok
14:47:59.0817 0308 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
14:47:59.0827 0308 ac97intc - ok
14:47:59.0887 0308 [ 0A1E97197609F92D2425B67DA0BB0A7F ] ACEDRV05 C:\WINDOWS\system32\drivers\ACEDRV05.sys
14:47:59.0897 0308 ACEDRV05 - ok
14:47:59.0927 0308 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:47:59.0927 0308 ACPI - ok
14:47:59.0957 0308 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:47:59.0957 0308 ACPIEC - ok
14:48:00.0007 0308 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
14:48:00.0007 0308 adpu160m - ok
14:48:00.0057 0308 [ B2886807AC2543DA273765CEF4D82D68 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
14:48:00.0057 0308 aeaudio - ok
14:48:00.0127 0308 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
14:48:00.0127 0308 aec - ok
14:48:00.0197 0308 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:48:00.0197 0308 AFD - ok
14:48:00.0307 0308 [ ED5C8B22DE2021339A7C7FCCFE5C5D7E ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:48:00.0337 0308 AgereSoftModem - ok
14:48:00.0357 0308 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:48:00.0367 0308 agp440 - ok
14:48:00.0397 0308 [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
14:48:00.0397 0308 agpCPQ - ok
14:48:00.0447 0308 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
14:48:00.0447 0308 Aha154x - ok
14:48:00.0468 0308 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
14:48:00.0478 0308 aic78u2 - ok
14:48:00.0498 0308 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
14:48:00.0498 0308 aic78xx - ok
14:48:00.0568 0308 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:48:00.0568 0308 Alerter - ok
14:48:00.0628 0308 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
14:48:00.0628 0308 ALG - ok
14:48:00.0648 0308 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
14:48:00.0648 0308 AliIde - ok
14:48:00.0658 0308 [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
14:48:00.0668 0308 alim1541 - ok
14:48:00.0708 0308 [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
14:48:00.0708 0308 amdagp - ok
14:48:00.0728 0308 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
14:48:00.0728 0308 amsint - ok
14:48:00.0768 0308 [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:48:00.0778 0308 AppMgmt - ok
14:48:00.0818 0308 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
14:48:00.0818 0308 asc - ok
14:48:00.0838 0308 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
14:48:00.0848 0308 asc3350p - ok
14:48:00.0868 0308 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
14:48:00.0868 0308 asc3550 - ok
14:48:00.0948 0308 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
14:48:00.0948 0308 Aspi32 - ok
14:48:01.0068 0308 [ 4EABF511B1AF176A971C3271E48FA3A8 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:48:01.0219 0308 aspnet_state - ok
14:48:01.0269 0308 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:48:01.0279 0308 aswFsBlk - ok
14:48:01.0299 0308 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
14:48:01.0299 0308 aswMon2 - ok
14:48:01.0329 0308 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
14:48:01.0329 0308 AswRdr - ok
14:48:01.0389 0308 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
14:48:01.0399 0308 aswSnx - ok
14:48:01.0449 0308 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
14:48:01.0459 0308 aswSP - ok
14:48:01.0489 0308 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
14:48:01.0499 0308 aswTdi - ok
14:48:01.0569 0308 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:48:01.0569 0308 AsyncMac - ok
14:48:01.0589 0308 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:48:01.0589 0308 atapi - ok
14:48:01.0609 0308 Atdisk - ok
14:48:01.0669 0308 [ A3AA4BB72B3661F92DCEDADCF792E415 ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
14:48:01.0669 0308 Ati HotKey Poller - ok
14:48:01.0769 0308 [ 96854F30878B41BFAE5AD5C6D83042EF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:48:01.0779 0308 ati2mtag - ok
14:48:01.0809 0308 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:48:01.0829 0308 Atmarpc - ok
14:48:01.0890 0308 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:48:01.0890 0308 AudioSrv - ok
14:48:01.0910 0308 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:48:01.0920 0308 audstub - ok
14:48:02.0090 0308 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
14:48:02.0090 0308 avast! Antivirus - ok
14:48:02.0130 0308 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:48:02.0130 0308 Beep - ok
14:48:02.0200 0308 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
14:48:02.0270 0308 BITS - ok
14:48:02.0340 0308 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
14:48:02.0340 0308 Browser - ok
14:48:02.0480 0308 catchme - ok
14:48:02.0561 0308 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
14:48:02.0571 0308 cbidf - ok
14:48:02.0591 0308 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:48:02.0591 0308 cbidf2k - ok
14:48:02.0751 0308 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:48:02.0771 0308 CCDECODE - ok
14:48:02.0801 0308 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
14:48:02.0811 0308 cd20xrnt - ok
14:48:02.0841 0308 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:48:02.0851 0308 Cdaudio - ok
14:48:02.0861 0308 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:48:02.0871 0308 Cdfs - ok
14:48:02.0921 0308 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:48:02.0931 0308 Cdrom - ok
14:48:02.0941 0308 Changer - ok
14:48:02.0991 0308 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:48:02.0991 0308 CiSvc - ok
14:48:03.0041 0308 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:48:03.0051 0308 ClipSrv - ok
14:48:03.0081 0308 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:48:03.0292 0308 clr_optimization_v2.0.50727_32 - ok
14:48:03.0322 0308 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:48:03.0322 0308 CmBatt - ok
14:48:03.0382 0308 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
14:48:03.0382 0308 CmdIde - ok
14:48:03.0432 0308 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:48:03.0432 0308 Compbatt - ok
14:48:03.0452 0308 COMSysApp - ok
14:48:03.0502 0308 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
14:48:03.0502 0308 Cpqarray - ok
14:48:03.0562 0308 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:48:03.0562 0308 CryptSvc - ok
14:48:03.0622 0308 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:48:03.0632 0308 CVirtA - ok
14:48:03.0772 0308 [ EA4300E53E5D4D1912AD04985F6264F0 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
14:48:03.0842 0308 CVPND - ok
14:48:03.0902 0308 [ 34C345AAF390C12AE6E51B75198E8564 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
14:48:03.0912 0308 CVPNDRVA - ok
14:48:03.0973 0308 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
14:48:03.0983 0308 dac2w2k - ok
14:48:04.0003 0308 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
14:48:04.0013 0308 dac960nt - ok
14:48:04.0093 0308 [ D45BBCDDC74A1B0259A0C4B00C190D20 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:48:04.0113 0308 DcomLaunch - ok
14:48:04.0173 0308 [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:48:04.0173 0308 Dhcp - ok
14:48:04.0203 0308 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:48:04.0203 0308 Disk - ok
14:48:04.0223 0308 dmadmin - ok
14:48:04.0263 0308 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:48:04.0283 0308 dmboot - ok
14:48:04.0333 0308 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:48:04.0333 0308 dmio - ok
14:48:04.0383 0308 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:48:04.0383 0308 dmload - ok
14:48:04.0433 0308 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
14:48:04.0443 0308 dmserver - ok
14:48:04.0483 0308 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:48:04.0483 0308 DMusic - ok
14:48:04.0553 0308 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
14:48:04.0563 0308 DNE - ok
14:48:04.0623 0308 [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:48:04.0623 0308 Dnscache - ok
14:48:04.0664 0308 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
14:48:04.0664 0308 dpti2o - ok
14:48:04.0704 0308 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:48:04.0704 0308 drmkaud - ok
14:48:04.0764 0308 [ 9CA623CAE513AC8B1FDAAFB780B8B84C ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
14:48:04.0774 0308 drvmcdb - ok
14:48:04.0794 0308 [ 8A68A047ECC4C3A7BACFD9D41E3C2C62 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
14:48:04.0804 0308 drvnddm - ok
14:48:04.0824 0308 [ 01E9CBF441800228391BDEAA41449430 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:48:04.0854 0308 E100B - ok
14:48:04.0884 0308 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:48:04.0894 0308 ERSvc - ok
14:48:04.0954 0308 [ 65F6B774819BD727358157CEDEA67B8E ] Eventlog C:\WINDOWS\system32\services.exe
14:48:04.0964 0308 Eventlog - ok
14:48:05.0054 0308 [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem C:\WINDOWS\system32\es.dll
14:48:05.0054 0308 EventSystem - ok
14:48:05.0074 0308 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:48:05.0084 0308 Fastfat - ok
14:48:05.0134 0308 [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:48:05.0164 0308 FastUserSwitchingCompatibility - ok
14:48:05.0214 0308 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:48:05.0224 0308 Fdc - ok
14:48:05.0244 0308 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:48:05.0244 0308 Fips - ok
14:48:05.0365 0308 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:48:05.0385 0308 FLEXnet Licensing Service - ok
14:48:05.0415 0308 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:48:05.0415 0308 Flpydisk - ok
14:48:05.0485 0308 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:48:05.0485 0308 FltMgr - ok
14:48:05.0505 0308 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:48:05.0505 0308 Fs_Rec - ok
14:48:05.0605 0308 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:48:05.0625 0308 Ftdisk - ok
14:48:05.0675 0308 [ EF0072B33C27EB63A0AAEF9E06C885D9 ] ftusb C:\WINDOWS\system32\Drivers\ftusb.sys
14:48:05.0705 0308 ftusb - ok
14:48:05.0725 0308 GEARAspiWDM - ok
14:48:05.0775 0308 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:48:05.0785 0308 Gpc - ok
14:48:05.0895 0308 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
14:48:05.0905 0308 gupdate - ok
14:48:05.0925 0308 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
14:48:05.0925 0308 gupdatem - ok
14:48:05.0985 0308 [ F0A0041644A2E026044C6EEEC42B7241 ] gv3 C:\WINDOWS\system32\DRIVERS\gv3.sys
14:48:05.0985 0308 gv3 - ok
14:48:06.0076 0308 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:48:06.0096 0308 helpsvc - ok
14:48:06.0146 0308 [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ C:\WINDOWS\System32\hidserv.dll
14:48:06.0156 0308 HidServ - ok
14:48:06.0216 0308 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:48:06.0226 0308 HidUsb - ok
14:48:06.0266 0308 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
14:48:06.0276 0308 hpn - ok
14:48:06.0326 0308 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:48:06.0336 0308 HTTP - ok
14:48:06.0366 0308 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:48:06.0436 0308 HTTPFilter - ok
14:48:06.0496 0308 [ 200AB8DAF659C7324601FCC824D7F910 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:48:06.0496 0308 hwdatacard - ok
14:48:06.0556 0308 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:48:06.0556 0308 i2omgmt - ok
14:48:06.0616 0308 [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
14:48:06.0616 0308 i2omp - ok
14:48:06.0646 0308 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:48:06.0646 0308 i8042prt - ok
14:48:06.0696 0308 [ 293131C1DA5F53CB05F75D637739D79C ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:48:06.0696 0308 IBMPMDRV - ok
14:48:06.0727 0308 [ 91FA023C5203503776BCCC9CF96A0C59 ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
14:48:06.0737 0308 IBMPMSVC - ok
14:48:06.0767 0308 [ 28DEEBA2E29CB0E91B641CA95F7740FD ] IBMTPCHK C:\WINDOWS\system32\drivers\IBMBLDID.SYS
14:48:06.0777 0308 IBMTPCHK - ok
14:48:06.0927 0308 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:48:07.0047 0308 IDriverT - ok
14:48:07.0087 0308 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:48:07.0087 0308 Imapi - ok
14:48:07.0137 0308 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
14:48:07.0147 0308 ImapiService - ok
14:48:07.0207 0308 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
14:48:07.0207 0308 ini910u - ok
14:48:07.0247 0308 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
14:48:07.0247 0308 IntelIde - ok
14:48:07.0327 0308 [ C1C2CC1DA79C5EE10457EF0A3B8568C7 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:48:07.0327 0308 intelppm - ok
14:48:07.0357 0308 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:48:07.0367 0308 Ip6Fw - ok
14:48:07.0397 0308 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:48:07.0397 0308 IpFilterDriver - ok
14:48:07.0438 0308 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:48:07.0438 0308 IpInIp - ok
14:48:07.0498 0308 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:48:07.0498 0308 IpNat - ok
14:48:07.0578 0308 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:48:07.0588 0308 IPSec - ok
14:48:07.0648 0308 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
14:48:07.0648 0308 irda - ok
14:48:07.0668 0308 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:48:07.0678 0308 IRENUM - ok
14:48:07.0728 0308 [ 5AB3BAD0AAD5EBBA5359A02BCC4F80F8 ] Irmon C:\WINDOWS\System32\irmon.dll
14:48:07.0728 0308 Irmon - ok
14:48:07.0788 0308 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:48:07.0788 0308 isapnp - ok
14:48:07.0808 0308 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:48:07.0818 0308 Kbdclass - ok
14:48:07.0838 0308 [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:48:07.0838 0308 kbdhid - ok
14:48:07.0968 0308 [ 5012F080FCCF701E2CD6B045AC7814D9 ] kbeepm C:\DOKUME~1\Leonard\LOKALE~1\Temp\kbeepm.sys
14:48:08.0038 0308 kbeepm - ok
14:48:08.0098 0308 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:48:08.0109 0308 kmixer - ok
14:48:08.0169 0308 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:48:08.0179 0308 KSecDD - ok
14:48:08.0239 0308 [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:48:08.0259 0308 lanmanserver - ok
14:48:08.0339 0308 [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:48:08.0359 0308 lanmanworkstation - ok
14:48:08.0379 0308 lbrtfdc - ok
14:48:08.0439 0308 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:48:08.0439 0308 LmHosts - ok
14:48:08.0529 0308 [ DD226891303D5118648AD4B911F37822 ] LucentSoftModem C:\WINDOWS\system32\DRIVERS\LTSM.sys
14:48:08.0559 0308 LucentSoftModem - ok
14:48:08.0629 0308 [ 59CD13AFF67342D2F101EE38B06DAC31 ] M9207 C:\WINDOWS\system32\DRIVERS\M9206T02Q.sys
14:48:08.0629 0308 M9207 - ok
14:48:08.0679 0308 [ 09721F2C56681A83C93ECDFAB8B102A9 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
14:48:08.0689 0308 massfilter - ok
14:48:08.0729 0308 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:48:08.0739 0308 Messenger - ok
14:48:08.0799 0308 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:48:08.0799 0308 mnmdd - ok
14:48:08.0850 0308 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
14:48:08.0860 0308 mnmsrvc - ok
14:48:08.0900 0308 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:48:08.0910 0308 Modem - ok
14:48:08.0940 0308 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:48:08.0940 0308 Mouclass - ok
14:48:08.0990 0308 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:48:08.0990 0308 mouhid - ok
14:48:09.0050 0308 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:48:09.0050 0308 MountMgr - ok
14:48:09.0130 0308 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:48:09.0130 0308 MozillaMaintenance - ok
14:48:09.0170 0308 [ 55A9A7E6BB297BF0F5B144029DCB79CC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
14:48:09.0170 0308 MPE - ok
14:48:09.0220 0308 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
14:48:09.0230 0308 mraid35x - ok
14:48:09.0290 0308 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:48:09.0300 0308 MRxDAV - ok
14:48:09.0370 0308 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:48:09.0380 0308 MRxSmb - ok
14:48:09.0440 0308 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:48:09.0440 0308 MSDTC - ok
14:48:09.0480 0308 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:48:09.0480 0308 Msfs - ok
14:48:09.0501 0308 MSIServer - ok
14:48:09.0571 0308 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:48:09.0571 0308 MSKSSRV - ok
14:48:09.0641 0308 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:48:09.0641 0308 MSPCLOCK - ok
14:48:09.0661 0308 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:48:09.0661 0308 MSPQM - ok
14:48:09.0711 0308 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:48:09.0711 0308 mssmbios - ok
14:48:09.0731 0308 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:48:09.0731 0308 MSTEE - ok
14:48:09.0751 0308 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:48:09.0761 0308 Mup - ok
14:48:09.0791 0308 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:48:09.0811 0308 NABTSFEC - ok
14:48:09.0831 0308 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:48:09.0841 0308 NDIS - ok
14:48:09.0881 0308 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:48:09.0901 0308 NdisIP - ok
14:48:09.0931 0308 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:48:09.0941 0308 NdisTapi - ok
14:48:09.0961 0308 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:48:09.0971 0308 Ndisuio - ok
14:48:09.0991 0308 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:48:09.0991 0308 NdisWan - ok
14:48:10.0011 0308 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:48:10.0011 0308 NDProxy - ok
14:48:10.0041 0308 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:48:10.0041 0308 NetBIOS - ok
14:48:10.0081 0308 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:48:10.0091 0308 NetBT - ok
14:48:10.0141 0308 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
14:48:10.0151 0308 NetDDE - ok
14:48:10.0171 0308 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:48:10.0171 0308 NetDDEdsdm - ok
14:48:10.0232 0308 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:48:10.0242 0308 Netlogon - ok
14:48:10.0302 0308 [ 1E5218FBE323C375B488318950E10FB4 ] Netman C:\WINDOWS\System32\netman.dll
14:48:10.0322 0308 Netman - ok
14:48:10.0392 0308 [ 774274C487493452DF3B0126DBE7FF3B ] Nla C:\WINDOWS\System32\mswsock.dll
14:48:10.0402 0308 Nla - ok
14:48:10.0502 0308 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
14:48:10.0512 0308 NMSAccess - ok
14:48:10.0572 0308 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:48:10.0582 0308 Npfs - ok
14:48:10.0642 0308 [ 6216798D29C3BA9D0D6F40BBBAB694A5 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:48:10.0642 0308 NSCIRDA - ok
14:48:10.0752 0308 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:48:10.0772 0308 Ntfs - ok
14:48:10.0782 0308 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:48:10.0802 0308 NtLmSsp - ok
14:48:10.0862 0308 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:48:10.0882 0308 NtmsSvc - ok
14:48:10.0903 0308 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:48:10.0903 0308 Null - ok
14:48:10.0963 0308 [ 7C555C8D873C758213DA618853B665FD ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
14:48:10.0973 0308 NWCWorkstation - ok
14:48:11.0023 0308 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:48:11.0023 0308 NwlnkFlt - ok
14:48:11.0063 0308 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:48:11.0073 0308 NwlnkFwd - ok
14:48:11.0153 0308 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
14:48:11.0153 0308 NwlnkIpx - ok
14:48:11.0183 0308 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
14:48:11.0193 0308 NwlnkNb - ok
14:48:11.0293 0308 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
14:48:11.0373 0308 NwlnkSpx - ok
14:48:11.0393 0308 [ 3F18D9365BE71C7B2E43B7CF4A0C1A10 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
14:48:11.0403 0308 NWRDR - ok
14:48:11.0543 0308 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
14:48:11.0634 0308 odserv - ok
14:48:11.0744 0308 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:48:11.0774 0308 ose - ok
14:48:11.0824 0308 [ 118C1004E38FDDB5F832A182E6EF6F40 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
14:48:11.0824 0308 P3 - ok
14:48:11.0864 0308 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:48:11.0864 0308 Parport - ok
14:48:11.0894 0308 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:48:11.0894 0308 PartMgr - ok
14:48:11.0954 0308 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:48:11.0954 0308 ParVdm - ok
14:48:11.0974 0308 PCAMPR5 - ok
14:48:12.0024 0308 [ 2F9806B52CB3748B1E49222744B28E3C ] PCANDIS5 C:\WINDOWS\System32\PCANDIS5.SYS
14:48:12.0024 0308 PCANDIS5 - ok
14:48:12.0094 0308 PCDRDRV - ok
14:48:12.0134 0308 [ 231F133B4A5A04307ABD95CAC80FD063 ] PcdrNt C:\WINDOWS\System32\drivers\PcdrNt.sys
14:48:12.0134 0308 PcdrNt - ok
14:48:12.0214 0308 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:48:12.0264 0308 PCI - ok
14:48:12.0274 0308 PCIDump - ok
14:48:12.0355 0308 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:48:12.0355 0308 PCIIde - ok
14:48:12.0375 0308 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:48:12.0375 0308 Pcmcia - ok
14:48:12.0475 0308 [ B46BDF6DBE86A00FBBB649F38A59E946 ] PCRadminServer C:\PROGRA~1\xpoint\pe\pcradmin.exe
14:48:12.0495 0308 PCRadminServer - ok
14:48:12.0515 0308 PDCOMP - ok
14:48:12.0535 0308 PDFRAME - ok
14:48:12.0555 0308 PDRELI - ok
14:48:12.0575 0308 PDRFRAME - ok
14:48:12.0625 0308 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
14:48:12.0625 0308 perc2 - ok
14:48:12.0665 0308 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
14:48:12.0675 0308 perc2hib - ok
14:48:12.0745 0308 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys
14:48:12.0755 0308 pfc - ok
14:48:12.0785 0308 [ 65F6B774819BD727358157CEDEA67B8E ] PlugPlay C:\WINDOWS\system32\services.exe
14:48:12.0805 0308 PlugPlay - ok
14:48:12.0865 0308 [ FA292805788528C083F416E151B60AB6 ] PMEM C:\WINDOWS\system32\drivers\PMEMNT.SYS
14:48:12.0865 0308 PMEM - ok
14:48:12.0875 0308 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:48:12.0885 0308 PolicyAgent - ok
14:48:12.0935 0308 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:48:12.0945 0308 PptpMiniport - ok
14:48:12.0965 0308 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:48:12.0965 0308 ProtectedStorage - ok
14:48:13.0016 0308 [ 0A8CED9C4B19CFA82593E476D6A46BAE ] psadd C:\WINDOWS\system32\Drivers\psadd.sys
14:48:13.0026 0308 psadd - ok
14:48:13.0046 0308 [ C2EB87F0A9FE823D7B90919F97FE5D06 ] PsaSrv C:\WINDOWS\system32\PsaSrv.exe
14:48:13.0056 0308 PsaSrv - ok
14:48:13.0086 0308 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:48:13.0096 0308 PSched - ok
14:48:13.0126 0308 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:48:13.0126 0308 Ptilink - ok
14:48:13.0176 0308 [ 5039A4F67F781E03B79A4FD0CAE27FC8 ] PVUSB C:\WINDOWS\system32\DRIVERS\CESG502.sys
14:48:13.0176 0308 PVUSB - ok
14:48:13.0226 0308 [ FAA729E2E2FD3AFB8DF7A45DE8769CC3 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
14:48:13.0236 0308 PxHelp20 - ok
14:48:13.0296 0308 [ 15D8E86E9F5047F925BA3AD5AF9F94D7 ] QCONSVC C:\WINDOWS\system32\QCONSVC.EXE
14:48:13.0306 0308 QCONSVC - ok
14:48:13.0356 0308 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
14:48:13.0356 0308 ql1080 - ok
14:48:13.0396 0308 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
14:48:13.0406 0308 Ql10wnt - ok
14:48:13.0436 0308 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
14:48:13.0446 0308 ql12160 - ok
14:48:13.0486 0308 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
14:48:13.0496 0308 ql1240 - ok
14:48:13.0526 0308 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
14:48:13.0536 0308 ql1280 - ok
14:48:13.0616 0308 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:48:13.0616 0308 RasAcd - ok
14:48:13.0687 0308 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:48:13.0697 0308 RasAuto - ok
14:48:13.0767 0308 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:48:13.0767 0308 Rasirda - ok
14:48:13.0827 0308 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:48:13.0827 0308 Rasl2tp - ok
14:48:13.0897 0308 [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:48:13.0907 0308 RasMan - ok
14:48:13.0927 0308 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:48:13.0937 0308 RasPppoe - ok
14:48:13.0957 0308 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:48:13.0957 0308 Raspti - ok
14:48:14.0037 0308 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:48:14.0037 0308 Rdbss - ok
14:48:14.0087 0308 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:48:14.0087 0308 RDPCDD - ok
14:48:14.0137 0308 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:48:14.0147 0308 rdpdr - ok
14:48:14.0207 0308 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:48:14.0217 0308 RDPWD - ok
14:48:14.0257 0308 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:48:14.0267 0308 RDSessMgr - ok
14:48:14.0317 0308 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:48:14.0317 0308 redbook - ok
14:48:14.0378 0308 [ F3FD3182D34DF48D9025CEF3CFC5E3B9 ] RegSrvc C:\WINDOWS\System32\RegSrvc.exe
14:48:14.0388 0308 RegSrvc - ok
14:48:14.0458 0308 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:48:14.0468 0308 RemoteAccess - ok
14:48:14.0508 0308 [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:48:14.0518 0308 RemoteRegistry - ok
14:48:14.0598 0308 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
14:48:14.0598 0308 RpcLocator - ok
14:48:14.0668 0308 [ D45BBCDDC74A1B0259A0C4B00C190D20 ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:48:14.0688 0308 RpcSs - ok
14:48:14.0748 0308 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:48:14.0758 0308 RSVP - ok
14:48:14.0818 0308 [ 723CEA35FF32BB9366540979BCFE9580 ] S24EventMonitor C:\WINDOWS\System32\S24EvMon.exe
14:48:14.0838 0308 S24EventMonitor - ok
14:48:14.0888 0308 [ 3D99BA73CEE82E665948415AE1C6104B ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:48:14.0938 0308 s24trans - ok
14:48:14.0968 0308 [ A94AA8161DD4711BC6F732F21D6407D6 ] S3SSavage C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
14:48:14.0978 0308 S3SSavage - ok
14:48:15.0018 0308 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
14:48:15.0018 0308 SamSs - ok
14:48:15.0079 0308 [ 99BD9EC6207991BAC6D6B4BF0E857DB0 ] SAVOnAccess Control C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
14:48:15.0079 0308 SAVOnAccess Control - ok
14:48:15.0099 0308 [ 75AAE7670A87D7C9C17DB13AE39B9CBE ] SAVOnAccess Filter C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
14:48:15.0109 0308 SAVOnAccess Filter - ok
14:48:15.0149 0308 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:48:15.0159 0308 SCardSvr - ok
14:48:15.0219 0308 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:48:15.0239 0308 Schedule - ok
14:48:15.0289 0308 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:48:15.0289 0308 Secdrv - ok
14:48:15.0339 0308 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
14:48:15.0349 0308 seclogon - ok
14:48:15.0389 0308 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
14:48:15.0399 0308 SENS - ok
14:48:15.0449 0308 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:48:15.0449 0308 serenum - ok
14:48:15.0469 0308 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:48:15.0469 0308 Serial - ok
14:48:15.0509 0308 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
14:48:15.0519 0308 sfdrv01 - ok
14:48:15.0599 0308 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
14:48:15.0599 0308 sfhlp02 - ok
14:48:15.0699 0308 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:48:15.0699 0308 Sfloppy - ok
14:48:15.0719 0308 [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
14:48:15.0729 0308 sfvfs02 - ok
14:48:15.0800 0308 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:48:15.0820 0308 SharedAccess - ok
14:48:15.0850 0308 [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:48:15.0870 0308 ShellHWDetection - ok
14:48:15.0890 0308 Simbad - ok
14:48:15.0930 0308 [ 732D859B286DA692119F286B21A2A114 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
14:48:15.0940 0308 sisagp - ok
14:48:15.0960 0308 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:48:15.0970 0308 SLIP - ok
14:48:16.0030 0308 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
14:48:16.0030 0308 Smapint - ok
14:48:16.0090 0308 [ 66AAA895B7F2337B5C52611241455614 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:48:16.0110 0308 smwdm - ok
14:48:16.0160 0308 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
14:48:16.0190 0308 Sparrow - ok
14:48:16.0220 0308 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:48:16.0220 0308 splitter - ok
14:48:16.0280 0308 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:48:16.0310 0308 Spooler - ok
14:48:16.0370 0308 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:48:16.0370 0308 sr - ok
14:48:16.0430 0308 [ AB5581DF6AA501281B34A03E345484C9 ] SRFilter C:\WINDOWS\system32\drivers\srntflt.sys
14:48:16.0430 0308 SRFilter - ok
14:48:16.0501 0308 [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice C:\WINDOWS\system32\srsvc.dll
14:48:16.0521 0308 srservice - ok
14:48:16.0551 0308 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:48:16.0571 0308 Srv - ok
14:48:16.0611 0308 [ 03C111A71A00812EB89B9F42C8CA673F ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:48:16.0611 0308 sscdbhk5 - ok
14:48:16.0691 0308 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:48:16.0711 0308 SSDPSRV - ok
14:48:16.0751 0308 [ EA8925B4FF94B307D9A9B20FD664D543 ] SSHDRV5C C:\WINDOWS\system32\drivers\SSHDRV5C.sys
14:48:16.0761 0308 SSHDRV5C - ok
14:48:16.0791 0308 [ B9E31F2A3640403B0EA3A867BB73B9F4 ] SSHDRV86 C:\WINDOWS\system32\drivers\SSHDRV86.sys
14:48:16.0801 0308 SSHDRV86 - ok
14:48:16.0841 0308 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:48:16.0851 0308 ssmdrv - ok
14:48:16.0871 0308 [ 78C88430AB1D6DFF67380FA10174C152 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
14:48:16.0871 0308 ssrtln - ok
14:48:16.0931 0308 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
14:48:16.0931 0308 StarOpen - ok
14:48:17.0001 0308 [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:48:17.0031 0308 stisvc - ok
14:48:17.0061 0308 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:48:17.0071 0308 streamip - ok
14:48:17.0121 0308 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:48:17.0131 0308 swenum - ok
14:48:17.0152 0308 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:48:17.0162 0308 swmidi - ok
14:48:17.0172 0308 SwPrv - ok
14:48:17.0232 0308 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
14:48:17.0242 0308 symc810 - ok
14:48:17.0282 0308 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
14:48:17.0282 0308 symc8xx - ok
14:48:17.0352 0308 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
14:48:17.0352 0308 sym_hi - ok
14:48:17.0372 0308 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
14:48:17.0382 0308 sym_u3 - ok
14:48:17.0442 0308 [ 1CDE0A5C0416187B9B89E03980C6E8DE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:48:17.0452 0308 SynTP - ok
14:48:17.0472 0308 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:48:17.0482 0308 sysaudio - ok
14:48:17.0532 0308 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:48:17.0552 0308 SysmonLog - ok
14:48:17.0652 0308 [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:48:17.0682 0308 TapiSrv - ok
14:48:17.0722 0308 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:48:17.0742 0308 Tcpip - ok
14:48:17.0792 0308 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:48:17.0792 0308 TDPIPE - ok
14:48:17.0802 0308 [ E64DA7318ACADDF0A4400BAA921E8AC1 ] TDSMAPI C:\WINDOWS\system32\drivers\TDSMAPI.SYS
14:48:17.0822 0308 TDSMAPI - ok
14:48:17.0863 0308 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:48:17.0883 0308 TDTCP - ok
14:48:17.0933 0308 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:48:17.0933 0308 TermDD - ok
14:48:18.0013 0308 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
14:48:18.0033 0308 TermService - ok
14:48:18.0123 0308 [ 2880EBA882A311C37B42ECB1322F98E2 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
14:48:18.0123 0308 tfsnboio - ok
14:48:18.0143 0308 [ F5CEDE196C20DC30FA7B813EB6274C7F ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
14:48:18.0143 0308 tfsncofs - ok
14:48:18.0173 0308 [ 9AE5A9008054CA98BE95D07A5FF40830 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
14:48:18.0173 0308 tfsndrct - ok
14:48:18.0193 0308 [ DAE3FC06BA21B4F4AF6597233F2B61F8 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
14:48:18.0203 0308 tfsndres - ok
14:48:18.0233 0308 [ 49F18241DA285DB903F4C7683774CA60 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
14:48:18.0233 0308 tfsnifs - ok
14:48:18.0243 0308 [ 7CD9A98437F6C6B114E71DC07A69ECBD ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
14:48:18.0253 0308 tfsnopio - ok
14:48:18.0283 0308 [ 67F3A57F24359CA961FB08F7E2D88BE9 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
14:48:18.0293 0308 tfsnpool - ok
14:48:18.0313 0308 [ 7396A56B50AFE368A79BAB2B62E34F82 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
14:48:18.0323 0308 tfsnudf - ok
14:48:18.0353 0308 [ 901F2D599CEB2514964714F69D45351D ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
14:48:18.0353 0308 tfsnudfa - ok
14:48:18.0393 0308 [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes C:\WINDOWS\System32\shsvcs.dll
14:48:18.0413 0308 Themes - ok
14:48:18.0463 0308 [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
14:48:18.0483 0308 TlntSvr - ok
14:48:18.0533 0308 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
14:48:18.0574 0308 TosIde - ok
14:48:18.0634 0308 [ 1CED468858A1A4611961A24CF9DD05EF ] TPHKDRV C:\WINDOWS\system32\drivers\TPHKDRV.sys
14:48:18.0634 0308 TPHKDRV - ok
14:48:18.0644 0308 [ 970AB1AEF38DB6F5E1AAE277A6843D54 ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
14:48:18.0654 0308 TPPWR - ok
14:48:18.0734 0308 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:48:18.0754 0308 TrkWks - ok
14:48:18.0774 0308 [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
14:48:18.0794 0308 TSMAPIP - ok
14:48:18.0874 0308 [ 8F5D673617D0101FC85DD30A27FC20C4 ] TUWinStylerThemeSvc C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
14:48:18.0964 0308 TUWinStylerThemeSvc - ok
14:48:18.0994 0308 [ 17687545F77A648AF7F9F1064EB61191 ] TwoTrack C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
14:48:19.0004 0308 TwoTrack - ok
14:48:19.0064 0308 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:48:19.0074 0308 Udfs - ok
14:48:19.0184 0308 [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Programme\1&1 Surf-Stick\AssistantServices.exe
14:48:19.0204 0308 UI Assistant Service - ok
14:48:19.0235 0308 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
14:48:19.0235 0308 ultra - ok
14:48:19.0305 0308 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:48:19.0325 0308 Update - ok
14:48:19.0345 0308 [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:48:19.0345 0308 uploadmgr - ok
14:48:19.0415 0308 [ 855790C1BACED245A6B210AF430ED17B ] upnphost C:\WINDOWS\System32\upnphost.dll
14:48:19.0435 0308 upnphost - ok
14:48:19.0485 0308 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
14:48:19.0505 0308 UPS - ok
14:48:19.0525 0308 USBAAPL - ok
14:48:19.0595 0308 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:48:19.0605 0308 usbaudio - ok
14:48:19.0675 0308 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:48:19.0675 0308 usbccgp - ok
14:48:19.0735 0308 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:48:19.0735 0308 usbehci - ok
14:48:19.0755 0308 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:48:19.0755 0308 usbhub - ok
14:48:19.0825 0308 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:48:19.0825 0308 usbprint - ok
14:48:19.0855 0308 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:48:19.0855 0308 usbscan - ok
14:48:19.0895 0308 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:48:19.0895 0308 USBSTOR - ok
14:48:19.0925 0308 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:48:19.0925 0308 usbuhci - ok
14:48:19.0986 0308 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
14:48:19.0986 0308 VClone - ok
14:48:20.0026 0308 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:48:20.0036 0308 VgaSave - ok
14:48:20.0086 0308 [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
14:48:20.0086 0308 viaagp - ok
14:48:20.0116 0308 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
14:48:20.0126 0308 ViaIde - ok
14:48:20.0156 0308 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:48:20.0156 0308 VolSnap - ok
14:48:20.0226 0308 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
14:48:20.0256 0308 vsdatant - ok
14:48:20.0326 0308 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
14:48:20.0346 0308 VSS - ok
14:48:20.0406 0308 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
14:48:20.0426 0308 W32Time - ok
14:48:20.0677 0308 [ 7EB4838A24BF8EB142377DFA87E4CC1F ] w70n51 C:\WINDOWS\system32\DRIVERS\w70n51.sys
14:48:20.0777 0308 w70n51 - ok
14:48:20.0807 0308 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:48:20.0817 0308 Wanarp - ok
14:48:20.0837 0308 WDICA - ok
14:48:20.0897 0308 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:48:20.0897 0308 wdmaud - ok
14:48:20.0957 0308 [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:48:20.0977 0308 WebClient - ok
14:48:21.0057 0308 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:48:21.0057 0308 winmgmt - ok
14:48:21.0157 0308 [ 36678803A8030EE9A771935CFC1848BD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:48:21.0167 0308 WmdmPmSN - ok
14:48:21.0237 0308 [ 80D811741505365B79CBDB1254D5C98B ] Wmi C:\WINDOWS\System32\advapi32.dll
14:48:21.0257 0308 Wmi - ok
14:48:21.0317 0308 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:48:21.0328 0308 WmiApSrv - ok
14:48:21.0358 0308 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:48:21.0368 0308 WS2IFSL - ok
14:48:21.0428 0308 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:48:21.0448 0308 wscsvc - ok
14:48:21.0488 0308 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:48:21.0488 0308 WSTCODEC - ok
14:48:21.0518 0308 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:48:21.0568 0308 wuauserv - ok
14:48:21.0638 0308 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:48:21.0658 0308 WZCSVC - ok
14:48:21.0708 0308 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:48:21.0728 0308 xmlprov - ok
14:48:21.0788 0308 [ 5FA22A19DB86C93F8639D8BC9F831D91 ] XPadminServer C:\PROGRA~1\xpoint\xpadmin\xpadmin.exe
14:48:21.0788 0308 XPadminServer - ok
14:48:21.0848 0308 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
14:48:21.0848 0308 ZTEusbmdm6k - ok
14:48:21.0888 0308 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
14:48:21.0888 0308 ZTEusbnmea - ok
14:48:21.0928 0308 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
14:48:21.0928 0308 ZTEusbser6k - ok
14:48:21.0958 0308 ================ Scan global ===============================
14:48:22.0029 0308 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
14:48:22.0099 0308 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:48:22.0149 0308 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:48:22.0199 0308 [ 65F6B774819BD727358157CEDEA67B8E ] C:\WINDOWS\system32\services.exe
14:48:22.0209 0308 [Global] - ok
14:48:22.0209 0308 ================ Scan MBR ==================================
14:48:22.0239 0308 [ CB7B36094044B83F612A608EAEB099C8 ] \Device\Harddisk0\DR0
14:48:22.0519 0308 \Device\Harddisk0\DR0 - ok
14:48:22.0529 0308 ================ Scan VBR ==================================
14:48:22.0529 0308 [ F1683922B60286A9FE177ACB7DD86D30 ] \Device\Harddisk0\DR0\Partition1
14:48:22.0539 0308 \Device\Harddisk0\DR0\Partition1 - ok
14:48:22.0579 0308 [ 766F9E1D7E8C02A7A22C2FDB4E62AB1E ] \Device\Harddisk0\DR0\Partition2
14:48:22.0579 0308 \Device\Harddisk0\DR0\Partition2 - ok
14:48:22.0629 0308 [ 3074A1AB544F9AB597DF11F29612DD20 ] \Device\Harddisk0\DR0\Partition3
14:48:22.0629 0308 \Device\Harddisk0\DR0\Partition3 - ok
14:48:22.0639 0308 ============================================================
14:48:22.0639 0308 Scan finished
14:48:22.0639 0308 ============================================================
14:48:22.0669 1324 Detected object count: 0
14:48:22.0669 1324 Actual detected object count: 0
14:48:52.0933 3696 ============================================================
14:48:52.0933 3696 Scan started
14:48:52.0933 3696 Mode: Manual; SigCheck; TDLFS;
14:48:52.0933 3696 ============================================================
14:48:53.0193 3696 ================ Scan system memory ========================
14:48:53.0193 3696 System memory - ok
14:48:53.0203 3696 ================ Scan services =============================
14:48:53.0454 3696 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
14:48:53.0944 3696 Aavmker4 - ok
14:48:53.0964 3696 Abiosdsk - ok
14:48:54.0025 3696 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
14:48:57.0870 3696 abp480n5 - ok
14:48:57.0920 3696 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
14:48:58.0341 3696 ac97intc - ok
14:48:58.0401 3696 [ 0A1E97197609F92D2425B67DA0BB0A7F ] ACEDRV05 C:\WINDOWS\system32\drivers\ACEDRV05.sys
14:48:58.0431 3696 ACEDRV05 ( UnsignedFile.Multi.Generic ) - warning
14:48:58.0431 3696 ACEDRV05 - detected UnsignedFile.Multi.Generic (1)
14:48:58.0511 3696 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:48:58.0731 3696 ACPI - ok
14:48:58.0791 3696 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:48:59.0022 3696 ACPIEC - ok
14:48:59.0082 3696 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
14:48:59.0362 3696 adpu160m - ok
14:48:59.0422 3696 [ B2886807AC2543DA273765CEF4D82D68 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
14:48:59.0452 3696 aeaudio - ok
14:48:59.0522 3696 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
14:49:00.0324 3696 aec - ok
14:49:00.0384 3696 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:49:00.0414 3696 AFD - ok
14:49:00.0534 3696 [ ED5C8B22DE2021339A7C7FCCFE5C5D7E ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:49:00.0694 3696 AgereSoftModem - ok
14:49:00.0754 3696 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:49:00.0995 3696 agp440 - ok
14:49:01.0045 3696 [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
14:49:01.0275 3696 agpCPQ - ok
14:49:01.0355 3696 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
14:49:01.0525 3696 Aha154x - ok
14:49:01.0575 3696 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
14:49:01.0866 3696 aic78u2 - ok
14:49:01.0896 3696 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
14:49:02.0116 3696 aic78xx - ok
14:49:02.0176 3696 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:49:02.0377 3696 Alerter - ok
14:49:02.0487 3696 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
14:49:02.0687 3696 ALG - ok
14:49:02.0697 3696 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
14:49:02.0987 3696 AliIde - ok
14:49:03.0007 3696 [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
14:49:03.0218 3696 alim1541 - ok
14:49:03.0248 3696 [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
14:49:03.0458 3696 amdagp - ok
14:49:03.0558 3696 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
14:49:03.0698 3696 amsint - ok
14:49:03.0738 3696 [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:49:03.0929 3696 AppMgmt - ok
14:49:03.0969 3696 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
14:49:04.0219 3696 asc - ok
14:49:04.0259 3696 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
14:49:04.0389 3696 asc3350p - ok
14:49:04.0399 3696 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
14:49:04.0630 3696 asc3550 - ok
14:49:04.0700 3696 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
14:49:04.0710 3696 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
14:49:04.0710 3696 Aspi32 - detected UnsignedFile.Multi.Generic (1)
14:49:04.0830 3696 [ 4EABF511B1AF176A971C3271E48FA3A8 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:49:04.0840 3696 aspnet_state - ok
14:49:04.0890 3696 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:49:04.0900 3696 aswFsBlk - ok
14:49:04.0930 3696 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
14:49:04.0940 3696 aswMon2 - ok
14:49:05.0000 3696 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
14:49:05.0010 3696 AswRdr - ok
14:49:05.0070 3696 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
14:49:05.0130 3696 aswSnx - ok
14:49:05.0181 3696 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
14:49:05.0211 3696 aswSP - ok
14:49:05.0231 3696 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
14:49:05.0261 3696 aswTdi - ok
14:49:05.0301 3696 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:49:05.0501 3696 AsyncMac - ok
14:49:05.0521 3696 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:49:05.0721 3696 atapi - ok
14:49:05.0741 3696 Atdisk - ok
14:49:05.0862 3696 [ A3AA4BB72B3661F92DCEDADCF792E415 ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
14:49:05.0912 3696 Ati HotKey Poller - ok
14:49:06.0002 3696 [ 96854F30878B41BFAE5AD5C6D83042EF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:49:06.0102 3696 ati2mtag - ok
14:49:06.0122 3696 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:49:06.0332 3696 Atmarpc - ok
14:49:06.0382 3696 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:49:06.0593 3696 AudioSrv - ok
14:49:06.0703 3696 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:49:06.0953 3696 audstub - ok
14:49:07.0123 3696 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
14:49:07.0143 3696 avast! Antivirus - ok
14:49:07.0203 3696 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:49:07.0444 3696 Beep - ok
14:49:07.0524 3696 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
14:49:07.0794 3696 BITS - ok
14:49:07.0854 3696 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
14:49:08.0055 3696 Browser - ok
14:49:08.0265 3696 catchme - ok
14:49:08.0335 3696 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
14:49:08.0565 3696 cbidf - ok
14:49:08.0575 3696 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:49:08.0836 3696 cbidf2k - ok
14:49:08.0876 3696 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:49:09.0076 3696 CCDECODE - ok
14:49:09.0166 3696 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
14:49:09.0307 3696 cd20xrnt - ok
14:49:09.0357 3696 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:49:09.0617 3696 Cdaudio - ok
14:49:09.0637 3696 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:49:09.0857 3696 Cdfs - ok
14:49:09.0937 3696 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:49:10.0148 3696 Cdrom - ok
14:49:10.0168 3696 Changer - ok
14:49:10.0218 3696 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:49:10.0408 3696 CiSvc - ok
14:49:10.0458 3696 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:49:10.0658 3696 ClipSrv - ok
14:49:10.0699 3696 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:49:10.0709 3696 clr_optimization_v2.0.50727_32 - ok
14:49:10.0749 3696 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:49:10.0959 3696 CmBatt - ok
14:49:11.0039 3696 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
14:49:11.0289 3696 CmdIde - ok
14:49:11.0359 3696 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:49:11.0590 3696 Compbatt - ok
14:49:11.0610 3696 COMSysApp - ok
14:49:11.0670 3696 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
14:49:11.0930 3696 Cpqarray - ok
14:49:11.0980 3696 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:49:12.0191 3696 CryptSvc - ok
14:49:12.0231 3696 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:49:12.0261 3696 CVirtA - ok
14:49:12.0411 3696 [ EA4300E53E5D4D1912AD04985F6264F0 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
14:49:12.0541 3696 CVPND - ok
14:49:12.0601 3696 [ 34C345AAF390C12AE6E51B75198E8564 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
14:49:12.0611 3696 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
14:49:12.0611 3696 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
14:49:12.0681 3696 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
14:49:12.0942 3696 dac2w2k - ok
14:49:12.0962 3696 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
14:49:13.0212 3696 dac960nt - ok
14:49:13.0292 3696 [ D45BBCDDC74A1B0259A0C4B00C190D20 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:49:13.0503 3696 DcomLaunch - ok
14:49:13.0563 3696 [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:49:14.0424 3696 Dhcp - ok
14:49:14.0454 3696 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:49:14.0654 3696 Disk - ok
14:49:14.0674 3696 dmadmin - ok
14:49:14.0734 3696 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:49:14.0995 3696 dmboot - ok
14:49:15.0015 3696 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:49:15.0235 3696 dmio - ok
14:49:15.0335 3696 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:49:15.0555 3696 dmload - ok
14:49:15.0646 3696 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
14:49:15.0846 3696 dmserver - ok
14:49:15.0906 3696 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:49:16.0096 3696 DMusic - ok
14:49:16.0166 3696 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
14:49:16.0216 3696 DNE - ok
14:49:16.0317 3696 [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:49:17.0058 3696 Dnscache - ok
14:49:17.0178 3696 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
14:49:17.0418 3696 dpti2o - ok
14:49:17.0468 3696 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:49:17.0679 3696 drmkaud - ok
14:49:17.0719 3696 [ 9CA623CAE513AC8B1FDAAFB780B8B84C ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
14:49:17.0729 3696 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
14:49:17.0729 3696 drvmcdb - detected UnsignedFile.Multi.Generic (1)
14:49:17.0759 3696 [ 8A68A047ECC4C3A7BACFD9D41E3C2C62 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
14:49:17.0779 3696 drvnddm ( UnsignedFile.Multi.Generic ) - warning
14:49:17.0779 3696 drvnddm - detected UnsignedFile.Multi.Generic (1)
14:49:17.0829 3696 [ 01E9CBF441800228391BDEAA41449430 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:49:17.0869 3696 E100B - ok
14:49:17.0939 3696 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:49:18.0139 3696 ERSvc - ok
14:49:18.0199 3696 [ 65F6B774819BD727358157CEDEA67B8E ] Eventlog C:\WINDOWS\system32\services.exe
14:49:18.0329 3696 Eventlog - ok
14:49:18.0400 3696 [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem C:\WINDOWS\system32\es.dll
14:49:18.0440 3696 EventSystem - ok
14:49:18.0450 3696 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:49:18.0670 3696 Fastfat - ok
14:49:18.0720 3696 [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:49:19.0521 3696 FastUserSwitchingCompatibility - ok
14:49:19.0581 3696 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:49:19.0782 3696 Fdc - ok
14:49:19.0802 3696 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:49:20.0042 3696 Fips - ok
14:49:20.0272 3696 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:49:20.0322 3696 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:49:20.0322 3696 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:49:20.0362 3696 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:49:20.0563 3696 Flpydisk - ok
14:49:20.0653 3696 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:49:21.0434 3696 FltMgr - ok
14:49:21.0454 3696 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:49:21.0664 3696 Fs_Rec - ok
14:49:21.0734 3696 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:49:21.0945 3696 Ftdisk - ok
14:49:22.0025 3696 [ EF0072B33C27EB63A0AAEF9E06C885D9 ] ftusb C:\WINDOWS\system32\Drivers\ftusb.sys
14:49:22.0045 3696 ftusb ( UnsignedFile.Multi.Generic ) - warning
14:49:22.0045 3696 ftusb - detected UnsignedFile.Multi.Generic (1)
14:49:22.0065 3696 GEARAspiWDM - ok
14:49:22.0145 3696 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:49:22.0375 3696 Gpc - ok
14:49:22.0526 3696 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
14:49:22.0536 3696 gupdate - ok
14:49:22.0546 3696 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
14:49:22.0566 3696 gupdatem - ok
14:49:22.0646 3696 [ F0A0041644A2E026044C6EEEC42B7241 ] gv3 C:\WINDOWS\system32\DRIVERS\gv3.sys
14:49:22.0796 3696 gv3 - ok
14:49:22.0876 3696 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:49:23.0076 3696 helpsvc - ok
14:49:23.0166 3696 [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ C:\WINDOWS\System32\hidserv.dll
14:49:23.0357 3696 HidServ - ok
14:49:23.0417 3696 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:49:23.0667 3696 HidUsb - ok
14:49:23.0697 3696 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
14:49:23.0918 3696 hpn - ok
14:49:24.0028 3696 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:49:24.0088 3696 HTTP - ok
14:49:24.0128 3696 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:49:24.0358 3696 HTTPFilter - ok
14:49:24.0458 3696 [ 200AB8DAF659C7324601FCC824D7F910 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:49:24.0659 3696 hwdatacard - ok
14:49:24.0719 3696 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:49:24.0949 3696 i2omgmt - ok
14:49:25.0029 3696 [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
14:49:25.0229 3696 i2omp - ok
14:49:25.0289 3696 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:49:25.0500 3696 i8042prt - ok
14:49:25.0610 3696 [ 293131C1DA5F53CB05F75D637739D79C ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:49:25.0690 3696 IBMPMDRV - ok
14:49:25.0720 3696 [ 91FA023C5203503776BCCC9CF96A0C59 ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
14:49:25.0750 3696 IBMPMSVC - ok
14:49:25.0790 3696 [ 28DEEBA2E29CB0E91B641CA95F7740FD ] IBMTPCHK C:\WINDOWS\system32\drivers\IBMBLDID.SYS
14:49:25.0820 3696 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
14:49:25.0820 3696 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
14:49:25.0980 3696 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:49:26.0011 3696 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:49:26.0011 3696 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:49:26.0041 3696 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:49:26.0231 3696 Imapi - ok
14:49:26.0311 3696 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
14:49:26.0531 3696 ImapiService - ok
14:49:26.0611 3696 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
14:49:26.0882 3696 ini910u - ok
14:49:26.0902 3696 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
14:49:27.0122 3696 IntelIde - ok
14:49:27.0212 3696 [ C1C2CC1DA79C5EE10457EF0A3B8568C7 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:49:27.0403 3696 intelppm - ok
14:49:27.0473 3696 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:49:27.0673 3696 Ip6Fw - ok
14:49:27.0723 3696 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:49:27.0953 3696 IpFilterDriver - ok
14:49:27.0993 3696 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:49:28.0194 3696 IpInIp - ok
14:49:28.0324 3696 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:49:29.0115 3696 IpNat - ok
14:49:29.0175 3696 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:49:29.0385 3696 IPSec - ok
14:49:29.0405 3696 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
14:49:29.0606 3696 irda - ok
14:49:29.0626 3696 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:49:29.0886 3696 IRENUM - ok
14:49:30.0006 3696 [ 5AB3BAD0AAD5EBBA5359A02BCC4F80F8 ] Irmon C:\WINDOWS\System32\irmon.dll
14:49:30.0197 3696 Irmon - ok
14:49:30.0277 3696 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:49:30.0507 3696 isapnp - ok
14:49:30.0547 3696 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:49:30.0747 3696 Kbdclass - ok
14:49:30.0777 3696 [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:49:30.0978 3696 kbdhid - ok
14:49:31.0098 3696 [ 5012F080FCCF701E2CD6B045AC7814D9 ] kbeepm C:\DOKUME~1\Leonard\LOKALE~1\Temp\kbeepm.sys
14:49:31.0098 3696 kbeepm ( UnsignedFile.Multi.Generic ) - warning
14:49:31.0098 3696 kbeepm - detected UnsignedFile.Multi.Generic (1)
14:49:31.0168 3696 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:49:31.0959 3696 kmixer - ok
14:49:32.0029 3696 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:49:32.0089 3696 KSecDD - ok
14:49:32.0149 3696 [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:49:32.0951 3696 lanmanserver - ok
14:49:33.0021 3696 [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:49:33.0071 3696 lanmanworkstation - ok
14:49:33.0091 3696 lbrtfdc - ok
14:49:33.0161 3696 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:49:33.0371 3696 LmHosts - ok
14:49:33.0441 3696 [ DD226891303D5118648AD4B911F37822 ] LucentSoftModem C:\WINDOWS\system32\DRIVERS\LTSM.sys
14:49:33.0732 3696 LucentSoftModem - ok
14:49:33.0782 3696 [ 59CD13AFF67342D2F101EE38B06DAC31 ] M9207 C:\WINDOWS\system32\DRIVERS\M9206T02Q.sys
14:49:33.0802 3696 M9207 ( UnsignedFile.Multi.Generic ) - warning
14:49:33.0802 3696 M9207 - detected UnsignedFile.Multi.Generic (1)
14:49:33.0862 3696 [ 09721F2C56681A83C93ECDFAB8B102A9 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
14:49:33.0902 3696 massfilter - ok
14:49:33.0952 3696 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:49:34.0162 3696 Messenger - ok
14:49:34.0232 3696 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:49:34.0463 3696 mnmdd - ok
14:49:34.0513 3696 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
14:49:34.0733 3696 mnmsrvc - ok
14:49:34.0773 3696 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:49:34.0973 3696 Modem - ok
14:49:34.0993 3696 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:49:35.0194 3696 Mouclass - ok
14:49:35.0294 3696 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:49:35.0524 3696 mouhid - ok
14:49:35.0604 3696 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:49:35.0805 3696 MountMgr - ok
14:49:35.0965 3696 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:49:35.0995 3696 MozillaMaintenance - ok
14:49:36.0025 3696 [ 55A9A7E6BB297BF0F5B144029DCB79CC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
14:49:36.0215 3696 MPE - ok
14:49:36.0295 3696 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
14:49:36.0536 3696 mraid35x - ok
14:49:36.0616 3696 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:49:37.0467 3696 MRxDAV - ok
14:49:37.0567 3696 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:49:37.0717 3696 MRxSmb - ok
14:49:37.0797 3696 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:49:38.0008 3696 MSDTC - ok
14:49:38.0068 3696 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:49:38.0268 3696 Msfs - ok
14:49:38.0278 3696 MSIServer - ok
14:49:38.0368 3696 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:49:38.0559 3696 MSKSSRV - ok
14:49:38.0609 3696 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:49:38.0819 3696 MSPCLOCK - ok
14:49:38.0869 3696 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:49:39.0069 3696 MSPQM - ok
14:49:39.0099 3696 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:49:39.0300 3696 mssmbios - ok
14:49:39.0360 3696 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:49:39.0570 3696 MSTEE - ok
14:49:39.0600 3696 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:49:39.0800 3696 Mup - ok
14:49:39.0880 3696 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:49:40.0091 3696 NABTSFEC - ok
14:49:40.0171 3696 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:49:40.0361 3696 NDIS - ok
14:49:40.0391 3696 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:49:40.0571 3696 NdisIP - ok
14:49:40.0612 3696 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:49:40.0842 3696 NdisTapi - ok
14:49:40.0872 3696 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:49:41.0062 3696 Ndisuio - ok
14:49:41.0082 3696 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:49:41.0282 3696 NdisWan - ok
14:49:41.0363 3696 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:49:41.0593 3696 NDProxy - ok
14:49:41.0613 3696 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:49:41.0803 3696 NetBIOS - ok
14:49:41.0873 3696 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:49:42.0074 3696 NetBT - ok
14:49:42.0184 3696 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
14:49:42.0404 3696 NetDDE - ok
14:49:42.0424 3696 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:49:42.0624 3696 NetDDEdsdm - ok
14:49:42.0705 3696 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:49:42.0905 3696 Netlogon - ok
14:49:43.0005 3696 [ 1E5218FBE323C375B488318950E10FB4 ] Netman C:\WINDOWS\System32\netman.dll
14:49:43.0806 3696 Netman - ok
14:49:43.0906 3696 [ 774274C487493452DF3B0126DBE7FF3B ] Nla C:\WINDOWS\System32\mswsock.dll
14:49:44.0036 3696 Nla - ok
14:49:44.0127 3696 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
14:49:44.0137 3696 NMSAccess - ok
14:49:44.0207 3696 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:49:44.0417 3696 Npfs - ok
14:49:44.0457 3696 [ 6216798D29C3BA9D0D6F40BBBAB694A5 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:49:44.0647 3696 NSCIRDA - ok
14:49:44.0747 3696 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:49:45.0589 3696 Ntfs - ok
14:49:45.0609 3696 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:49:45.0809 3696 NtLmSsp - ok
14:49:45.0909 3696 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:49:46.0220 3696 NtmsSvc - ok
14:49:46.0230 3696 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:49:46.0460 3696 Null - ok
14:49:46.0520 3696 [ 7C555C8D873C758213DA618853B665FD ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
14:49:47.0371 3696 NWCWorkstation - ok
14:49:47.0421 3696 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:49:47.0642 3696 NwlnkFlt - ok
14:49:47.0702 3696 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:49:47.0942 3696 NwlnkFwd - ok
14:49:47.0992 3696 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
14:49:48.0192 3696 NwlnkIpx - ok
14:49:48.0253 3696 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
14:49:48.0483 3696 NwlnkNb - ok
14:49:48.0573 3696 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
14:49:48.0803 3696 NwlnkSpx - ok
14:49:48.0883 3696 [ 3F18D9365BE71C7B2E43B7CF4A0C1A10 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
14:49:49.0775 3696 NWRDR - ok
14:49:49.0965 3696 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
14:49:50.0005 3696 odserv - ok
14:49:50.0065 3696 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:49:50.0085 3696 ose - ok
14:49:50.0125 3696 [ 118C1004E38FDDB5F832A182E6EF6F40 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
14:49:50.0315 3696 P3 - ok
14:49:50.0346 3696 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:49:50.0546 3696 Parport - ok
14:49:50.0566 3696 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:49:50.0786 3696 PartMgr - ok
14:49:50.0876 3696 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:49:51.0087 3696 ParVdm - ok
14:49:51.0107 3696 PCAMPR5 - ok
14:49:51.0167 3696 [ 2F9806B52CB3748B1E49222744B28E3C ] PCANDIS5 C:\WINDOWS\System32\PCANDIS5.SYS
14:49:51.0197 3696 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
14:49:51.0197 3696 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
14:49:51.0267 3696 PCDRDRV - ok
14:49:51.0297 3696 [ 231F133B4A5A04307ABD95CAC80FD063 ] PcdrNt C:\WINDOWS\System32\drivers\PcdrNt.sys
14:49:51.0327 3696 PcdrNt ( UnsignedFile.Multi.Generic ) - warning
14:49:51.0327 3696 PcdrNt - detected UnsignedFile.Multi.Generic (1)
14:49:51.0387 3696 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:49:51.0587 3696 PCI - ok
14:49:51.0597 3696 PCIDump - ok
14:49:51.0677 3696 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:49:51.0898 3696 PCIIde - ok
14:49:51.0958 3696 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:49:52.0148 3696 Pcmcia - ok
14:49:52.0238 3696 [ B46BDF6DBE86A00FBBB649F38A59E946 ] PCRadminServer C:\PROGRA~1\xpoint\pe\pcradmin.exe
14:49:52.0258 3696 PCRadminServer ( UnsignedFile.Multi.Generic ) - warning
14:49:52.0258 3696 PCRadminServer - detected UnsignedFile.Multi.Generic (1)
14:49:52.0268 3696 PDCOMP - ok
14:49:52.0288 3696 PDFRAME - ok
14:49:52.0298 3696 PDRELI - ok
14:49:52.0318 3696 PDRFRAME - ok
14:49:52.0368 3696 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
14:49:52.0599 3696 perc2 - ok
14:49:52.0629 3696 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
14:49:52.0839 3696 perc2hib - ok
14:49:52.0919 3696 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys
14:49:52.0949 3696 pfc ( UnsignedFile.Multi.Generic ) - warning
14:49:52.0949 3696 pfc - detected UnsignedFile.Multi.Generic (1)
14:49:52.0969 3696 [ 65F6B774819BD727358157CEDEA67B8E ] PlugPlay C:\WINDOWS\system32\services.exe
14:49:53.0109 3696 PlugPlay - ok
14:49:53.0160 3696 [ FA292805788528C083F416E151B60AB6 ] PMEM C:\WINDOWS\system32\drivers\PMEMNT.SYS
14:49:53.0170 3696 PMEM ( UnsignedFile.Multi.Generic ) - warning
14:49:53.0170 3696 PMEM - detected UnsignedFile.Multi.Generic (1)
14:49:53.0180 3696 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:49:53.0380 3696 PolicyAgent - ok
14:49:53.0470 3696 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:49:53.0680 3696 PptpMiniport - ok
14:49:53.0690 3696 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:49:53.0891 3696 ProtectedStorage - ok
14:49:53.0971 3696 [ 0A8CED9C4B19CFA82593E476D6A46BAE ] psadd C:\WINDOWS\system32\Drivers\psadd.sys
14:49:54.0001 3696 psadd ( UnsignedFile.Multi.Generic ) - warning
14:49:54.0001 3696 psadd - detected UnsignedFile.Multi.Generic (1)
14:49:54.0031 3696 [ C2EB87F0A9FE823D7B90919F97FE5D06 ] PsaSrv C:\WINDOWS\system32\PsaSrv.exe
14:49:54.0041 3696 PsaSrv ( UnsignedFile.Multi.Generic ) - warning
14:49:54.0041 3696 PsaSrv - detected UnsignedFile.Multi.Generic (1)
14:49:54.0091 3696 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:49:54.0281 3696 PSched - ok
14:49:54.0341 3696 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:49:54.0582 3696 Ptilink - ok
14:49:54.0682 3696 [ 5039A4F67F781E03B79A4FD0CAE27FC8 ] PVUSB C:\WINDOWS\system32\DRIVERS\CESG502.sys
14:49:54.0692 3696 PVUSB ( UnsignedFile.Multi.Generic ) - warning
14:49:54.0692 3696 PVUSB - detected UnsignedFile.Multi.Generic (1)
14:49:54.0752 3696 [ FAA729E2E2FD3AFB8DF7A45DE8769CC3 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
14:49:54.0772 3696 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:49:54.0772 3696 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:49:54.0822 3696 [ 15D8E86E9F5047F925BA3AD5AF9F94D7 ] QCONSVC C:\WINDOWS\system32\QCONSVC.EXE
14:49:54.0852 3696 QCONSVC ( UnsignedFile.Multi.Generic ) - warning
14:49:54.0852 3696 QCONSVC - detected UnsignedFile.Multi.Generic (1)
14:49:54.0902 3696 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
14:49:55.0132 3696 ql1080 - ok
14:49:55.0172 3696 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
14:49:55.0393 3696 Ql10wnt - ok
14:49:55.0453 3696 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
14:49:55.0683 3696 ql12160 - ok
14:49:55.0723 3696 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
14:49:55.0934 3696 ql1240 - ok
14:49:55.0974 3696 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
14:49:56.0204 3696 ql1280 - ok
14:49:56.0264 3696 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:49:56.0464 3696 RasAcd - ok
14:49:56.0564 3696 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:49:56.0785 3696 RasAuto - ok
14:49:56.0835 3696 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:49:56.0975 3696 Rasirda - ok
14:49:57.0035 3696 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:49:57.0235 3696 Rasl2tp - ok
14:49:57.0296 3696 [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:49:58.0177 3696 RasMan - ok
14:49:58.0207 3696 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:49:58.0397 3696 RasPppoe - ok
14:49:58.0437 3696 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:49:58.0647 3696 Raspti - ok
14:49:58.0718 3696 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:49:59.0589 3696 Rdbss - ok
14:49:59.0619 3696 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:49:59.0829 3696 RDPCDD - ok
14:49:59.0879 3696 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:50:00.0069 3696 rdpdr - ok
14:50:00.0160 3696 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:50:01.0031 3696 RDPWD - ok
14:50:01.0091 3696 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:50:01.0311 3696 RDSessMgr - ok
14:50:01.0371 3696 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:50:01.0552 3696 redbook - ok
14:50:01.0652 3696 [ F3FD3182D34DF48D9025CEF3CFC5E3B9 ] RegSrvc C:\WINDOWS\System32\RegSrvc.exe
14:50:01.0672 3696 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
14:50:01.0672 3696 RegSrvc - detected UnsignedFile.Multi.Generic (1)
14:50:01.0742 3696 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:50:01.0972 3696 RemoteAccess - ok
14:50:02.0052 3696 [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:50:02.0263 3696 RemoteRegistry - ok
14:50:02.0353 3696 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
14:50:02.0563 3696 RpcLocator - ok
14:50:02.0633 3696 [ D45BBCDDC74A1B0259A0C4B00C190D20 ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:50:02.0793 3696 RpcSs - ok
14:50:02.0853 3696 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:50:03.0074 3696 RSVP - ok
14:50:03.0154 3696 [ 723CEA35FF32BB9366540979BCFE9580 ] S24EventMonitor C:\WINDOWS\System32\S24EvMon.exe
14:50:03.0174 3696 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
14:50:03.0174 3696 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
14:50:03.0214 3696 [ 3D99BA73CEE82E665948415AE1C6104B ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:50:03.0244 3696 s24trans ( UnsignedFile.Multi.Generic ) - warning
14:50:03.0244 3696 s24trans - detected UnsignedFile.Multi.Generic (1)
14:50:03.0274 3696 [ A94AA8161DD4711BC6F732F21D6407D6 ] S3SSavage C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
14:50:03.0324 3696 S3SSavage - ok
14:50:03.0354 3696 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
14:50:03.0544 3696 SamSs - ok
14:50:03.0655 3696 [ 99BD9EC6207991BAC6D6B4BF0E857DB0 ] SAVOnAccess Control C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
14:50:03.0735 3696 SAVOnAccess Control - ok
14:50:03.0755 3696 [ 75AAE7670A87D7C9C17DB13AE39B9CBE ] SAVOnAccess Filter C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
14:50:03.0785 3696 SAVOnAccess Filter - ok
14:50:03.0825 3696 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:50:04.0035 3696 SCardSvr - ok
14:50:04.0095 3696 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:50:04.0316 3696 Schedule - ok
14:50:04.0376 3696 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:50:05.0167 3696 Secdrv - ok
14:50:05.0217 3696 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
14:50:05.0417 3696 seclogon - ok
14:50:05.0447 3696 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
14:50:05.0678 3696 SENS - ok
14:50:05.0768 3696 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:50:05.0958 3696 serenum - ok
14:50:05.0978 3696 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:50:06.0218 3696 Serial - ok
14:50:06.0278 3696 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
14:50:06.0288 3696 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
14:50:06.0288 3696 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
14:50:06.0339 3696 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
14:50:06.0349 3696 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
14:50:06.0349 3696 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
14:50:06.0419 3696 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:50:06.0619 3696 Sfloppy - ok
14:50:06.0639 3696 [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
14:50:06.0659 3696 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
14:50:06.0659 3696 sfvfs02 - detected UnsignedFile.Multi.Generic (1)
14:50:06.0759 3696 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:50:06.0999 3696 SharedAccess - ok
14:50:07.0040 3696 [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:50:07.0941 3696 ShellHWDetection - ok
14:50:07.0951 3696 Simbad - ok
14:50:08.0001 3696 [ 732D859B286DA692119F286B21A2A114 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
14:50:08.0211 3696 sisagp - ok
14:50:08.0261 3696 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:50:08.0452 3696 SLIP - ok
14:50:08.0562 3696 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
14:50:08.0582 3696 Smapint ( UnsignedFile.Multi.Generic ) - warning
14:50:08.0582 3696 Smapint - detected UnsignedFile.Multi.Generic (1)
14:50:08.0642 3696 [ 66AAA895B7F2337B5C52611241455614 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:50:08.0702 3696 smwdm - ok
14:50:08.0762 3696 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
14:50:08.0942 3696 Sparrow - ok
14:50:09.0022 3696 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:50:09.0834 3696 splitter - ok
14:50:09.0954 3696 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:50:10.0845 3696 Spooler - ok
14:50:10.0945 3696 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:50:11.0145 3696 sr - ok
14:50:11.0246 3696 [ AB5581DF6AA501281B34A03E345484C9 ] SRFilter C:\WINDOWS\system32\drivers\srntflt.sys
14:50:11.0266 3696 SRFilter ( UnsignedFile.Multi.Generic ) - warning
14:50:11.0266 3696 SRFilter - detected UnsignedFile.Multi.Generic (1)
14:50:11.0326 3696 [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice C:\WINDOWS\system32\srsvc.dll
14:50:11.0546 3696 srservice - ok
14:50:11.0646 3696 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:50:11.0766 3696 Srv - ok
14:50:11.0786 3696 [ 03C111A71A00812EB89B9F42C8CA673F ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:50:11.0806 3696 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
14:50:11.0806 3696 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
14:50:11.0856 3696 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:50:12.0097 3696 SSDPSRV - ok
14:50:12.0147 3696 [ EA8925B4FF94B307D9A9B20FD664D543 ] SSHDRV5C C:\WINDOWS\system32\drivers\SSHDRV5C.sys
14:50:12.0167 3696 SSHDRV5C ( UnsignedFile.Multi.Generic ) - warning
14:50:12.0167 3696 SSHDRV5C - detected UnsignedFile.Multi.Generic (1)
14:50:12.0217 3696 [ B9E31F2A3640403B0EA3A867BB73B9F4 ] SSHDRV86 C:\WINDOWS\system32\drivers\SSHDRV86.sys
14:50:12.0237 3696 SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
14:50:12.0237 3696 SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
14:50:12.0307 3696 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:50:12.0317 3696 ssmdrv - ok
14:50:12.0337 3696 [ 78C88430AB1D6DFF67380FA10174C152 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
14:50:12.0347 3696 ssrtln ( UnsignedFile.Multi.Generic ) - warning
14:50:12.0347 3696 ssrtln - detected UnsignedFile.Multi.Generic (1)
14:50:12.0407 3696 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
14:50:12.0427 3696 StarOpen ( UnsignedFile.Multi.Generic ) - warning
14:50:12.0427 3696 StarOpen - detected UnsignedFile.Multi.Generic (1)
14:50:12.0507 3696 [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:50:13.0409 3696 stisvc - ok
14:50:13.0439 3696 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:50:13.0629 3696 streamip - ok
14:50:13.0749 3696 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:50:13.0949 3696 swenum - ok
14:50:14.0000 3696 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:50:14.0210 3696 swmidi - ok
14:50:14.0230 3696 SwPrv - ok
14:50:14.0290 3696 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
14:50:14.0500 3696 symc810 - ok
14:50:14.0560 3696 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
14:50:14.0801 3696 symc8xx - ok
14:50:14.0841 3696 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
14:50:15.0071 3696 sym_hi - ok
14:50:15.0091 3696 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
14:50:15.0301 3696 sym_u3 - ok
14:50:15.0371 3696 [ 1CDE0A5C0416187B9B89E03980C6E8DE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:50:15.0442 3696 SynTP - ok
14:50:15.0462 3696 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:50:15.0672 3696 sysaudio - ok
14:50:15.0752 3696 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:50:15.0982 3696 SysmonLog - ok
14:50:16.0052 3696 [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:50:16.0964 3696 TapiSrv - ok
14:50:17.0014 3696 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:50:17.0194 3696 Tcpip - ok
14:50:17.0244 3696 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:50:17.0465 3696 TDPIPE - ok
14:50:17.0475 3696 [ E64DA7318ACADDF0A4400BAA921E8AC1 ] TDSMAPI C:\WINDOWS\system32\drivers\TDSMAPI.SYS
14:50:17.0485 3696 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
14:50:17.0485 3696 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
14:50:17.0545 3696 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:50:17.0805 3696 TDTCP - ok
14:50:17.0835 3696 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:50:18.0035 3696 TermDD - ok
14:50:18.0145 3696 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
14:50:18.0366 3696 TermService - ok
14:50:18.0466 3696 [ 2880EBA882A311C37B42ECB1322F98E2 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
14:50:18.0476 3696 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
14:50:18.0486 3696 tfsnboio - detected UnsignedFile.Multi.Generic (1)
14:50:18.0506 3696 [ F5CEDE196C20DC30FA7B813EB6274C7F ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
14:50:18.0516 3696 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
14:50:18.0516 3696 tfsncofs - detected UnsignedFile.Multi.Generic (1)
14:50:18.0546 3696 [ 9AE5A9008054CA98BE95D07A5FF40830 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
14:50:18.0556 3696 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
14:50:18.0556 3696 tfsndrct - detected UnsignedFile.Multi.Generic (1)
14:50:18.0616 3696 [ DAE3FC06BA21B4F4AF6597233F2B61F8 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
14:50:18.0636 3696 tfsndres ( UnsignedFile.Multi.Generic ) - warning
14:50:18.0636 3696 tfsndres - detected UnsignedFile.Multi.Generic (1)
14:50:18.0666 3696 [ 49F18241DA285DB903F4C7683774CA60 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
14:50:18.0676 3696 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
14:50:18.0676 3696 tfsnifs - detected UnsignedFile.Multi.Generic (1)
14:50:18.0696 3696 [ 7CD9A98437F6C6B114E71DC07A69ECBD ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
14:50:18.0736 3696 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
14:50:18.0736 3696 tfsnopio - detected UnsignedFile.Multi.Generic (1)
14:50:18.0756 3696 [ 67F3A57F24359CA961FB08F7E2D88BE9 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
14:50:18.0766 3696 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
14:50:18.0766 3696 tfsnpool - detected UnsignedFile.Multi.Generic (1)
14:50:18.0786 3696 [ 7396A56B50AFE368A79BAB2B62E34F82 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
14:50:18.0806 3696 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
14:50:18.0806 3696 tfsnudf - detected UnsignedFile.Multi.Generic (1)
14:50:18.0857 3696 [ 901F2D599CEB2514964714F69D45351D ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
14:50:18.0867 3696 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
14:50:18.0867 3696 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
14:50:18.0907 3696 [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes C:\WINDOWS\System32\shsvcs.dll
14:50:19.0778 3696 Themes - ok
14:50:19.0828 3696 [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
14:50:20.0028 3696 TlntSvr - ok
14:50:20.0138 3696 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
14:50:20.0349 3696 TosIde - ok
14:50:20.0429 3696 [ 1CED468858A1A4611961A24CF9DD05EF ] TPHKDRV C:\WINDOWS\system32\drivers\TPHKDRV.sys
14:50:20.0449 3696 TPHKDRV ( UnsignedFile.Multi.Generic ) - warning
14:50:20.0449 3696 TPHKDRV - detected UnsignedFile.Multi.Generic (1)
14:50:20.0469 3696 [ 970AB1AEF38DB6F5E1AAE277A6843D54 ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
14:50:20.0489 3696 TPPWR ( UnsignedFile.Multi.Generic ) - warning
14:50:20.0489 3696 TPPWR - detected UnsignedFile.Multi.Generic (1)
14:50:20.0549 3696 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:50:20.0779 3696 TrkWks - ok
14:50:20.0839 3696 [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
14:50:20.0859 3696 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
14:50:20.0859 3696 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
14:50:20.0970 3696 [ 8F5D673617D0101FC85DD30A27FC20C4 ] TUWinStylerThemeSvc C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
14:50:21.0000 3696 TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - warning
14:50:21.0000 3696 TUWinStylerThemeSvc - detected UnsignedFile.Multi.Generic (1)
14:50:21.0030 3696 [ 17687545F77A648AF7F9F1064EB61191 ] TwoTrack C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
14:50:21.0240 3696 TwoTrack - ok
14:50:21.0320 3696 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:50:21.0510 3696 Udfs - ok
14:50:21.0661 3696 [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Programme\1&1 Surf-Stick\AssistantServices.exe
14:50:21.0681 3696 UI Assistant Service - ok
14:50:21.0751 3696 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
14:50:21.0891 3696 ultra - ok
14:50:21.0971 3696 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:50:22.0872 3696 Update - ok
14:50:22.0902 3696 [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:50:23.0103 3696 uploadmgr - ok
14:50:23.0223 3696 [ 855790C1BACED245A6B210AF430ED17B ] upnphost C:\WINDOWS\System32\upnphost.dll
14:50:24.0154 3696 upnphost - ok
14:50:24.0214 3696 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
14:50:24.0445 3696 UPS - ok
14:50:24.0455 3696 USBAAPL - ok
14:50:24.0525 3696 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:50:24.0725 3696 usbaudio - ok
14:50:24.0865 3696 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:50:25.0055 3696 usbccgp - ok
14:50:25.0085 3696 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:50:25.0286 3696 usbehci - ok
14:50:25.0316 3696 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:50:25.0506 3696 usbhub - ok
14:50:25.0626 3696 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:50:25.0827 3696 usbprint - ok
14:50:25.0897 3696 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:50:26.0087 3696 usbscan - ok
14:50:26.0137 3696 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:50:26.0337 3696 USBSTOR - ok
14:50:26.0377 3696 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:50:26.0578 3696 usbuhci - ok
14:50:26.0628 3696 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
14:50:26.0638 3696 VClone ( UnsignedFile.Multi.Generic ) - warning
14:50:26.0638 3696 VClone - detected UnsignedFile.Multi.Generic (1)
14:50:26.0678 3696 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:50:26.0858 3696 VgaSave - ok
14:50:26.0898 3696 [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
14:50:27.0078 3696 viaagp - ok
14:50:27.0108 3696 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
14:50:27.0319 3696 ViaIde - ok
14:50:27.0389 3696 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:50:27.0569 3696 VolSnap - ok
14:50:27.0649 3696 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
14:50:27.0709 3696 vsdatant - ok
14:50:27.0779 3696 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
14:50:27.0990 3696 VSS - ok
14:50:28.0120 3696 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
14:50:28.0340 3696 W32Time - ok
14:50:28.0560 3696 [ 7EB4838A24BF8EB142377DFA87E4CC1F ] w70n51 C:\WINDOWS\system32\DRIVERS\w70n51.sys
14:50:28.0781 3696 w70n51 - ok
14:50:28.0801 3696 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:50:29.0011 3696 Wanarp - ok
14:50:29.0021 3696 WDICA - ok
14:50:29.0111 3696 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:50:29.0922 3696 wdmaud - ok
14:50:30.0013 3696 [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:50:30.0924 3696 WebClient - ok
14:50:31.0044 3696 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:50:31.0254 3696 winmgmt - ok
14:50:31.0334 3696 [ 36678803A8030EE9A771935CFC1848BD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:50:31.0385 3696 WmdmPmSN - ok
14:50:31.0445 3696 [ 80D811741505365B79CBDB1254D5C98B ] Wmi C:\WINDOWS\System32\advapi32.dll
14:50:31.0595 3696 Wmi - ok
14:50:31.0665 3696 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:50:31.0875 3696 WmiApSrv - ok
14:50:31.0915 3696 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:50:32.0136 3696 WS2IFSL - ok
14:50:32.0216 3696 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:50:32.0436 3696 wscsvc - ok
14:50:32.0496 3696 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:50:32.0696 3696 WSTCODEC - ok
14:50:32.0746 3696 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:50:32.0967 3696 wuauserv - ok
14:50:33.0017 3696 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:50:33.0267 3696 WZCSVC - ok
14:50:33.0317 3696 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:50:33.0518 3696 xmlprov - ok
14:50:33.0608 3696 [ 5FA22A19DB86C93F8639D8BC9F831D91 ] XPadminServer C:\PROGRA~1\xpoint\xpadmin\xpadmin.exe
14:50:33.0628 3696 XPadminServer ( UnsignedFile.Multi.Generic ) - warning
14:50:33.0628 3696 XPadminServer - detected UnsignedFile.Multi.Generic (1)
14:50:33.0698 3696 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
14:50:33.0768 3696 ZTEusbmdm6k - ok
14:50:33.0828 3696 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
14:50:33.0848 3696 ZTEusbnmea - ok
14:50:33.0888 3696 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
14:50:33.0908 3696 ZTEusbser6k - ok
14:50:33.0938 3696 ================ Scan global ===============================
14:50:33.0998 3696 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
14:50:34.0068 3696 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:50:34.0118 3696 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:50:34.0169 3696 [ 65F6B774819BD727358157CEDEA67B8E ] C:\WINDOWS\system32\services.exe
14:50:34.0179 3696 [Global] - ok
14:50:34.0179 3696 ================ Scan MBR ==================================
14:50:34.0209 3696 [ CB7B36094044B83F612A608EAEB099C8 ] \Device\Harddisk0\DR0
14:50:34.0549 3696 \Device\Harddisk0\DR0 - ok
14:50:34.0559 3696 ================ Scan VBR ==================================
14:50:34.0579 3696 [ F1683922B60286A9FE177ACB7DD86D30 ] \Device\Harddisk0\DR0\Partition1
14:50:34.0589 3696 \Device\Harddisk0\DR0\Partition1 - ok
14:50:34.0619 3696 [ 766F9E1D7E8C02A7A22C2FDB4E62AB1E ] \Device\Harddisk0\DR0\Partition2
14:50:34.0619 3696 \Device\Harddisk0\DR0\Partition2 - ok
14:50:34.0649 3696 [ 3074A1AB544F9AB597DF11F29612DD20 ] \Device\Harddisk0\DR0\Partition3
14:50:34.0649 3696 \Device\Harddisk0\DR0\Partition3 - ok
14:50:34.0649 3696 ============================================================
14:50:34.0649 3696 Scan finished
14:50:34.0649 3696 ============================================================
14:50:34.0809 3572 Detected object count: 50
14:50:34.0809 3572 Actual detected object count: 50
14:52:52.0097 3572 ACEDRV05 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0097 3572 ACEDRV05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0117 3572 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0117 3572 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0117 3572 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0117 3572 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0127 3572 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0127 3572 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0127 3572 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0127 3572 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0137 3572 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0137 3572 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0147 3572 ftusb ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0147 3572 ftusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0147 3572 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0147 3572 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0157 3572 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0157 3572 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0167 3572 kbeepm ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0167 3572 kbeepm ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0167 3572 M9207 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0167 3572 M9207 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0177 3572 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0177 3572 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0177 3572 PcdrNt ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0177 3572 PcdrNt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0187 3572 PCRadminServer ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0187 3572 PCRadminServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0197 3572 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0197 3572 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0197 3572 PMEM ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0197 3572 PMEM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0207 3572 psadd ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0207 3572 psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0207 3572 PsaSrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0207 3572 PsaSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0217 3572 PVUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0217 3572 PVUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0227 3572 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0227 3572 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0227 3572 QCONSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0227 3572 QCONSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0237 3572 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0237 3572 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0237 3572 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0237 3572 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0247 3572 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0247 3572 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0257 3572 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0257 3572 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0257 3572 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0257 3572 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0267 3572 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0267 3572 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0267 3572 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0267 3572 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0277 3572 SRFilter ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0277 3572 SRFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0287 3572 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0287 3572 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0287 3572 SSHDRV5C ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0287 3572 SSHDRV5C ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0297 3572 SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0297 3572 SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0297 3572 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0297 3572 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0307 3572 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0307 3572 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0317 3572 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0317 3572 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0317 3572 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0317 3572 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0327 3572 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0327 3572 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0337 3572 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0337 3572 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0337 3572 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0337 3572 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0347 3572 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0347 3572 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0347 3572 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0347 3572 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0357 3572 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0357 3572 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0367 3572 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0367 3572 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0367 3572 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0367 3572 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0377 3572 TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0377 3572 TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0377 3572 TPPWR ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0387 3572 TPPWR ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0387 3572 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0387 3572 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0397 3572 TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0397 3572 TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0397 3572 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0397 3572 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:52.0407 3572 XPadminServer ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:52.0407 3572 XPadminServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:57:25.0420 3180 Deinitialize success


Malwarebyte log:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Stefan :: AKS23 [Administrator]

04.02.2013 15:39:27
mbam-log-2013-02-04 (15-39-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 323341
Laufzeit: 20 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\WINDOWS\system32\wins\SVCHOST.EXE (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

vew system

Vino's Event Viewer v01c run on Windows XP in German
Report run at 04/02/2013 16:22:26

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fehler Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/02/2013 16:17:41
Type: Fehler Category: 0
Event: 7026 Source: Service Control Manager
Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Cdrom Imapi redbook

Log: 'System' Date/Time: 04/02/2013 16:17:38
Type: Fehler Category: 0
Event: 7000 Source: Service Control Manager
Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: Das für diesen Dienst angegebene Konto unterscheidet sich von dem für andere Dienste angegebenen Konto, die in diesem Prozess ausgeführt werden.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warnung Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

vew application

Vino's Event Viewer v01c run on Windows XP in German
Report run at 04/02/2013 16:22:26

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fehler Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/02/2013 16:17:41
Type: Fehler Category: 0
Event: 7026 Source: Service Control Manager
Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Cdrom Imapi redbook

Log: 'System' Date/Time: 04/02/2013 16:17:38
Type: Fehler Category: 0
Event: 7000 Source: Service Control Manager
Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: Das für diesen Dienst angegebene Konto unterscheidet sich von dem für andere Dienste angegebenen Konto, die in diesem Prozess ausgeführt werden.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warnung Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL.txt

OTL logfile created on: 04.02.2013 16:27:14 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

510,92 Mb Total Physical Memory | 107,85 Mb Available Physical Memory | 21,11% Memory free
1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,72% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,44 Gb Total Space | 9,92 Gb Free Space | 36,16% Space Free | Partition Type: NTFS
Drive D: | 6,56 Gb Total Space | 6,34 Gb Free Space | 96,56% Space Free | Partition Type: NTFS
Drive E: | 309,45 Mb Total Space | 307,34 Mb Free Space | 99,32% Space Free | Partition Type: FAT32

Computer Name: AKS23 | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.31 13:50:25 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.01.30 17:25:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.17 18:53:28 | 000,522,720 | ---- | M] (Old McDonald's Farm) -- C:\Programme\Autorun Eater\oldmcdonald.exe
PRC - [2012.02.17 17:52:52 | 000,425,250 | ---- | M] (Old McDonald's Farm) -- C:\Programme\Autorun Eater\billy.exe
PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.08.04 13:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2003.06.24 13:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.03.27 02:06:02 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2003.01.24 15:36:42 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003.01.17 09:02:18 | 000,831,549 | ---- | M] (Xpoint Technologies) -- C:\Programme\xpoint\EEClient\Xpclient.exe
PRC - [2003.01.17 09:01:02 | 000,028,672 | ---- | M] () -- C:\Programme\xpoint\xpadmin\xpadmin.exe
PRC - [2001.06.15 17:18:30 | 000,020,549 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\javaw.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.04 10:24:06 | 002,050,560 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\13020400\algo.dll
MOD - [2013.01.31 13:50:23 | 003,022,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.12 14:59:00 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\717cce3690d643df19d6a4117283048e\System.Xml.ni.dll
MOD - [2012.02.12 14:58:43 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9d25b8eabd8203e4d0490363140c4526\System.Windows.Forms.ni.dll
MOD - [2012.02.12 14:58:10 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e58e83951091f2616344c5d2a6787660\System.Drawing.ni.dll
MOD - [2012.02.12 14:56:58 | 008,310,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ccfeb59f4a9b75909eb2d1121232a769\System.ni.dll
MOD - [2012.02.12 14:56:39 | 011,436,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\fee8c8ba9b84a7832274adcbfc9d5ca4\mscorlib.ni.dll
MOD - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.08.23 21:41:22 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008.07.03 15:59:50 | 008,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008.07.03 15:59:49 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2008.07.03 15:59:48 | 000,216,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll
MOD - [2007.05.11 01:31:33 | 000,921,600 | ---- | M] () -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
MOD - [2004.08.04 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003.03.27 02:06:02 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
MOD - [2003.01.17 09:01:02 | 000,028,672 | ---- | M] () -- C:\Programme\xpoint\xpadmin\xpadmin.exe
MOD - [2001.06.15 17:18:34 | 000,053,326 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\zip.dll
MOD - [2001.06.15 17:18:34 | 000,053,319 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\verify.dll
MOD - [2001.06.15 17:18:32 | 000,032,841 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\net.dll
MOD - [2001.06.15 17:18:30 | 000,086,093 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\java.dll
MOD - [2001.06.15 17:18:30 | 000,028,753 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\hpi.dll
MOD - [2001.06.15 17:18:30 | 000,020,549 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\javaw.exe
MOD - [2001.06.15 17:18:28 | 000,765,952 | ---- | M] () -- C:\Programme\xpoint\SAS\JRE\bin\hotspot\jvm.dll
MOD - [1999.08.10 17:32:22 | 000,017,920 | ---- | M] () -- C:\Programme\xpoint\EEClient\Implode.dll


========== Services (SafeList) ==========

SRV - [2013.01.31 13:50:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.11 16:13:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.08.24 02:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.03.27 02:06:02 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2003.01.24 15:37:32 | 000,299,075 | ---- | M] (Intel Corporation ) [On_Demand | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003.01.24 15:36:42 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003.01.17 09:05:44 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Programme\xpoint\pe\pcradmin.exe -- (PCRadminServer)
SRV - [2003.01.17 09:01:02 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Programme\xpoint\xpadmin\xpadmin.exe -- (XPadminServer)
SRV - [2002.08.12 02:17:04 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\Psasrv.exe -- (PsaSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Stefan\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.06.01 06:48:26 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CESG502.SYS -- (PVUSB)
DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.09.25 14:10:05 | 000,034,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV5C.sys -- (SSHDRV5C)
DRV - [2009.09.24 18:48:13 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Leonard\Lokale Einstellungen\Temp\kbeepm.sys -- (kbeepm)
DRV - [2009.08.23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.15 14:40:51 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.01.05 20:39:47 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.10.31 13:42:12 | 000,024,064 | ---- | M] (Sophos plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccess Filter)
DRV - [2007.10.31 13:41:46 | 000,080,128 | ---- | M] (Sophos plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccess Control)
DRV - [2007.02.28 18:54:30 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.04.04 14:17:40 | 000,054,144 | ---- | M] (ULi Electronics Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9206T02Q.sys -- (M9207)
DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004.08.04 13:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.08.04 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.03.11 05:15:00 | 000,023,168 | R--- | M] (Knobloch GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftusb.sys -- (ftusb)
DRV - [2003.12.05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.04.29 22:01:06 | 000,542,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.03.27 02:06:02 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2003.03.12 14:16:44 | 002,390,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51)
DRV - [2003.01.17 01:32:00 | 000,015,360 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2003.01.12 16:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2002.12.26 02:10:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2002.12.26 01:32:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002.12.26 01:32:00 | 000,008,830 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002.11.20 14:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002.10.18 11:07:34 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002.09.19 18:41:28 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002.09.13 07:04:42 | 000,006,003 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2002.07.15 13:45:28 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001.08.17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 13:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [2000.03.22 21:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [1999.11.11 09:23:02 | 000,029,788 | ---- | M] (Xpoint Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\srntflt.sys -- (SRFilter)
DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...de-DE:official"
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: %7BCE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B%7D:3.8
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.8


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.12.16 12:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.31 13:50:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.31 13:50:01 | 000,000,000 | ---D | M]

[2008.07.03 16:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Extensions
[2013.01.31 16:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions
[2010.02.06 20:32:05 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.12.16 12:17:47 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\[email protected]
[2012.12.16 12:18:10 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\[email protected]
[2012.12.16 12:18:10 | 000,328,449 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013.01.31 16:12:02 | 000,817,973 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.03 15:13:06 | 000,434,392 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\lb3zs4px.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.01.31 13:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.31 13:49:50 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.12.16 12:40:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.01.31 13:50:25 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.09.15 10:03:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.01.16 13:48:05 | 000,002,058 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2003.10.07 06:36:00 | 000,001,043 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 134.169.44.164 aks1.org-chem.nat.tu-bs.de aks1
O1 - Hosts: 134.169.44.165 aks2.org-chem.nat.tu-bs.de aks2
O1 - Hosts: 134.169.44.168 aks4.org-chem.nat.tu-bs.de aks4
O1 - Hosts: 134.169.44.169 aks5.org-chem.nat.tu-bs.de aks5
O1 - Hosts: 134.169.44.170 aks6.org-chem.nat.tu-bs.de aks6
O1 - Hosts: 133.169.44.175 aks7.org-chem.nat.tu-bs.de aks8
O1 - Hosts: 134.169.44.176 aks8.org-chem.nat.tu-bs.de aks9
O1 - Hosts: 134.169.44.177 aks9.org-chem.nat.tu-bs.de aks10
O1 - Hosts: 134.169.44.178 aks10.org-chem.nat.tu-bs.de aks11
O1 - Hosts: 134.169.44.179 aks11.org-chem.nat.tu-bs.de aks12
O1 - Hosts: 134.169.44.187 aks12.org-chem.nat.tu-bs.de aks13
O1 - Hosts: 134.169.44.119 aks13.org-chem.nat.tu-bs.de aks14
O1 - Hosts: 134.169.44.91 aks14.org-chem.nat.tu-bs.de aks15
O1 - Hosts: 134.169.44.92 aks15.org-chem.nat.tu-bs.de aks16
O1 - Hosts: 134.169.44.89 aks16.org-chem.nat.tu-bs.de aks17
O1 - Hosts: 134.169.44.3 aks17.org-chem.nat.tu-bs.de andreas
O1 - Hosts: 134.169.44.76 andreas.org-chem.nat.tu-bs.de andreas
O1 - Hosts: 134.169.44.183 greg.org-chem.nat.tu-bs.de greg
O1 - Hosts: 134.169.44.79 jeroen.org-chem.nat.tu-bs.de jeroen
O1 - Hosts: 134.169.44.180 laptop.org-chem.nat.tu-bs.de laptop
O1 - Hosts: 134.169.44.134 pc322.org-chem.nat.tu-bs.de pc322
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Autorun Eater] C:\Programme\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 16
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Citavi Picker... - C:\Programme\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz)
O15 - HKCU\..Trusted Domains: bahn.de ([reiseauskunft] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: lomarengas.fi ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1083585491781 (MSSecurityAdvisor Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-18.cab (EPUImageControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1238155695616 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8019.0130092593 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = org-chem.nat.tu-bs.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141AD400-7912-43B6-BD07-6B5186324C44}: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.04 17:20:47 | 000,000,077 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013.02.01 14:47:33 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013.02.01 14:47:33 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002.09.24 11:43:10 | 000,000,114 | ---- | M] () - E:\AUTOEXEC.BBB -- [ FAT32 ]
O32 - AutoRun File - [2002.09.24 11:43:12 | 000,000,114 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002.09.24 11:43:12 | 000,000,114 | ---- | M] () - E:\AUTOEXEC.ccc -- [ FAT32 ]
O32 - AutoRun File - [2013.02.01 14:47:36 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SAVService - service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SAVService - service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.02.04 16:08:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.02.04 15:33:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Malwarebytes
[2013.02.04 15:33:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.02.04 15:33:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.02.04 15:33:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.02.04 15:33:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.02.01 15:22:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.01 15:19:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.01 15:19:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.01 15:19:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.01 15:19:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.01 15:19:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.02.01 15:19:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.01 15:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.01 15:17:10 | 005,030,042 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Stefan\Desktop\ComboFix.exe
[2013.02.01 15:02:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autorun Eater
[2013.02.01 15:02:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autorun Eater
[2013.02.01 15:02:10 | 000,000,000 | ---D | C] -- C:\Programme\Autorun Eater
[2013.02.01 14:47:33 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2013.01.31 14:41:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup
[2013.01.31 13:49:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.30 17:10:04 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes
[2013.01.30 16:25:36 | 000,000,000 | ---D | C] -- C:\UserData
[2013.01.30 14:44:10 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2013.01.30 14:44:10 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2013.01.30 14:44:10 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2013.01.30 14:44:10 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2013.01.30 14:43:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\1&1 Surf-Stick
[2013.01.30 14:43:08 | 000,000,000 | ---D | C] -- C:\Programme\1&1 Surf-Stick
[2013.01.26 19:53:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\XSManager
[2013.01.26 19:53:33 | 000,000,000 | ---D | C] -- C:\Programme\XSManager
[1410 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.04 16:18:54 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.02.04 16:18:51 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.04 16:17:47 | 000,000,104 | ---- | M] () -- C:\WINDOWS\IBMVPD.INI
[2013.02.04 16:17:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.04 16:07:31 | 000,002,300 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.04 15:53:30 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.04 15:33:19 | 000,000,769 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.01 15:22:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.02.01 15:17:14 | 005,030,042 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Stefan\Desktop\ComboFix.exe
[2013.02.01 15:14:41 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\MBR.dat
[2013.02.01 15:02:13 | 000,000,663 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Autorun Eater.lnk
[2013.01.31 14:41:44 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\dllcache\ctfmon.exe
[2013.01.31 14:41:44 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\ctfmon.exe
[2013.01.30 14:44:00 | 000,001,613 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\1&1 Surf-Stick.lnk
[1410 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.04 15:33:19 | 000,000,769 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.01 15:22:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.02.01 15:22:22 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.02.01 15:19:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.01 15:19:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.01 15:19:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.01 15:19:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.01 15:19:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.02.01 15:14:41 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\MBR.dat
[2013.02.01 15:02:13 | 000,000,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Autorun Eater.lnk
[2013.01.30 14:43:20 | 000,001,613 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\1&1 Surf-Stick.lnk
[2012.11.07 10:09:43 | 000,000,104 | ---- | C] () -- C:\WINDOWS\IBMVPD.INI
[2012.09.26 11:32:37 | 000,317,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.26 15:29:37 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.10.31 14:42:32 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.06.29 18:31:49 | 000,000,406 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2006.09.20 17:10:58 | 000,173,860 | ---- | C] () -- C:\Programme\20.09.2006leo.saf
[2006.09.20 17:00:18 | 000,518,992 | ---- | C] () -- C:\Programme\2 9 2006.saf
[2006.09.07 18:46:36 | 000,563,080 | ---- | C] () -- C:\Programme\9 9 2006.saf
[2006.09.04 19:49:12 | 000,538,200 | ---- | C] () -- C:\Programme\i3 9 2006.saf
[2006.08.29 18:03:18 | 000,524,796 | ---- | C] () -- C:\Programme\leoletzterferientag2006.saf
[2006.05.17 18:55:57 | 000,382,096 | ---- | C] () -- C:\Programme\10.5.06.saf
[2005.01.19 10:58:24 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.12.06 14:30:11 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe
[2003.12.23 19:42:24 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003.11.07 12:01:21 | 000,008,595 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\gsview32.ini
[2003.10.31 22:38:08 | 000,000,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\sversion.ini

========== ZeroAccess Check ==========

[2005.01.19 10:02:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 16:35:16 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:18:19 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 08:57:37 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: IC25N040ATCS05-0
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 27,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7,00GB
Starting Offset: 29463920640
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 310,00MB
Starting Offset: 36508631040
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %SYSTEMDRIVE%\Recycled\*.* >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2008.07.03 16:07:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Academic Software Zurich
[2010.09.01 18:52:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Adobe
[2007.02.20 11:42:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\AdobeUM
[2004.12.06 16:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Ahead
[2005.01.07 14:32:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\AOMrec
[2010.09.01 18:49:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Apple Computer
[2005.05.09 19:25:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Creative
[2005.04.16 18:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\CyberLink
[2006.05.20 14:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\FUJIFILM
[2010.05.31 09:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\GMX
[2006.04.24 21:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Google
[2003.12.23 21:26:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Help
[2003.10.31 22:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\IBM
[2002.10.01 09:59:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Identities
[2003.12.23 21:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\InterVideo
[2009.12.16 12:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\IObit
[2009.12.21 09:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Leadertech
[2005.07.03 12:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Macromedia
[2013.02.04 15:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Malwarebytes
[2010.05.02 14:32:13 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Microsoft
[2008.07.03 16:13:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla
[2008.02.27 19:48:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\MSN6
[2004.11.11 17:27:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Nikon
[2009.09.02 20:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Opera
[2007.07.04 14:27:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Real
[2008.04.15 23:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\ScanSoft
[2012.03.01 19:44:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Skype
[2010.05.31 09:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\SmartSurfer
[2003.10.31 22:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun
[2004.11.15 13:17:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Talkback
[2012.10.01 13:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TuneUp Software
[2008.04.14 18:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\U3
[2010.01.05 09:21:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Uniblue
[2003.12.23 21:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\VERITAS
[2007.07.02 12:37:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Zeon

< MD5 for: ATAPI.SYS >
[2002.08.29 05:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2004.08.04 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=219581FAF8244984032FDB4F673DC1D5 -- C:\WINDOWS\system32\csrss.exe
[2004.08.04 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=219581FAF8244984032FDB4F673DC1D5 -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: CTFMON.EXE >
[2013.01.31 14:41:44 | 000,024,064 | ---- | M] (Gerhard Schlager) MD5=C3A2915C71AE6F225EB906C25CCD29B5 -- C:\WINDOWS\system32\ctfmon.exe
[2013.01.31 14:41:44 | 000,024,064 | ---- | M] (Gerhard Schlager) MD5=C3A2915C71AE6F225EB906C25CCD29B5 -- C:\WINDOWS\system32\dllcache\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008.06.20 18:39:48 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=774274C487493452DF3B0126DBE7FF3B -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008.06.20 18:39:48 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=774274C487493452DF3B0126DBE7FF3B -- C:\WINDOWS\system32\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2006.10.13 13:35:14 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=9BB97D06915B82CE56CC1DCCC4177F05 -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2006.10.13 13:35:14 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=9BB97D06915B82CE56CC1DCCC4177F05 -- C:\WINDOWS\system32\nwprovau.dll
[2006.10.13 13:41:39 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=BD7DECF88F0FF821C355FFECDEFD0430 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004.08.04 13:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=1029FC315DA372898ACFB56AAFE0297D -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2004.08.04 13:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=1029FC315DA372898ACFB56AAFE0297D -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 11:04:47 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=65F6B774819BD727358157CEDEA67B8E -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 11:04:47 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=65F6B774819BD727358157CEDEA67B8E -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004.08.04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=65A819B121EB6FDAB4400EA42BDFFE64 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=65A819B121EB6FDAB4400EA42BDFFE64 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004.08.04 13:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A3AA79ED12B796BE28558DC5978CEA5F -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2004.08.04 13:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A3AA79ED12B796BE28558DC5978CEA5F -- C:\WINDOWS\system32\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.01.31 13:50:19 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.01.31 13:50:19 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.01.31 13:50:19 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2013.01.31 13:50:25 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2013.01.31 13:50:25 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2013.01.31 13:50:25 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004.08.04 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004.08.04 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004.08.04 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Programme\Internet Explorer\iexplore.exe" [2004.08.04 08:57:57 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Programme\MSN\MSNCoreFiles\MSN6.EXE" [2002.08.29 05:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.01.31 13:50:19 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.01.31 13:50:19 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.01.31 13:50:19 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2013.01.31 13:50:25 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2013.01.31 13:50:25 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2013.01.31 13:50:25 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004.08.04 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004.08.04 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004.08.04 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Programme\Internet Explorer\iexplore.exe" [2004.08.04 08:57:57 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Programme\MSN\MSNCoreFiles\MSN6.EXE" [2002.08.29 05:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1410 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL extra

OTL Extras logfile created on: 04.02.2013 16:27:14 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

510,92 Mb Total Physical Memory | 107,85 Mb Available Physical Memory | 21,11% Memory free
1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,72% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,44 Gb Total Space | 9,92 Gb Free Space | 36,16% Space Free | Partition Type: NTFS
Drive D: | 6,56 Gb Total Space | 6,34 Gb Free Space | 96,56% Space Free | Partition Type: NTFS
Drive E: | 309,45 Mb Total Space | 307,34 Mb Free Space | 99,32% Space Free | Partition Type: FAT32

Computer Name: AKS23 | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\EXCEL.EXE" = C:\Programme\Microsoft Office\Office12\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- (Microsoft Corporation)
"C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\ChemDraw.exe" = C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\ChemDraw.exe:*:Enabled:ChemBioDraw Ultra 12.0 -- (CambridgeSoft Corp.)
"C:\Programme\CambridgeSoft\ChemOffice2010\ChemFinder\CFWord.exe" = C:\Programme\CambridgeSoft\ChemOffice2010\ChemFinder\CFWord.exe:*:Enabled:ChemBioFinder for Office 12.0 -- (CambridgeSoft Corp.)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\CambridgeSoft\ChemOffice2010\Chem3D\Chem3D.exe" = C:\Programme\CambridgeSoft\ChemOffice2010\Chem3D\Chem3D.exe:*:Enabled:Chem3D Pro 12.0 -- (CambridgeSoft Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" = Sophos Anti-Virus
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = IBM RecordNow Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor für Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{34245C50-792C-437D-A4AF-645FF041739B}" = Connection Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{4ACACD51-8CD6-4752-A780-79B29F55836F}" = Physikus
"{5EAF9A83-3B91-45BF-8F2D-990BBEBDC9AB}" = Intel® Sebring API
"{626B7EA2-B7C2-4277-AE30-A8B452A92B6C}" = Phonetik
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad-UltraNav-Assistent
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ONENOTE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ONENOTE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ONENOTE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ONENOTE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ONENOTE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ONENOTE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = alm
"{E70C67ED-4592-11D6-85CC-00A0CC603DBA}" = Löwenzahn 6
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "IBM TrackPoint-Eingabehilfen"
"{EB6FB6A8-646D-4FAD-9878-8EF72EED498E}" = Loewenzahn Optik-Mechanik
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.32
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.6 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"Autorun Eater_is1" = Autorun Eater v2.6
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Citavi" = Citavi 2.4.7.1
"Defraggler" = Defraggler
"EasyEject Utility" = Dienstprogramm 'IBM ThinkPad EasyEject'
"IBM Rapid Restore PC" = IBM Rapid Restore PC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MassLibUninstall.exe" = MassLib 8.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MiKTeX" = MiKTeX
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuVo Driver" = MuVo Driver
"NSchach_is1" = N Schach 2.3
"Office8.0" = Microsoft Office 97, Professional Edition
"ONENOTE" = Microsoft Office OneNote 2007
"Pegasus Mail" = Pegasus Mail
"Power Features" = IBM ThinkPad 'Akku-MaxiMiser' und Stromsparfunktionen
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad 'Präsentationsdirektor'
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"SequoiaView" = SequoiaView
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThinkPad Configuration" = IBM ThinkPad-Konfiguration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Installationsprogramm für ThinkPad-Software
"WinEdt" = WinEdt
"WinRAR archiver" = WinRAR 4.00 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"StarOffice 7" = StarOffice 7

========== Last 20 Event Log Errors ==========

[ OSession Events ]
Error - 30.01.2009 17:14:28 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6424
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 26.02.2009 07:04:06 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 6196 seconds with 2280 seconds of active time. This session ended with a
crash.

Error - 12.03.2009 14:09:05 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9206
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 23.03.2009 07:06:26 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6544
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23.03.2009 07:06:31 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6537
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 11.07.2009 12:57:46 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 496
seconds with 120 seconds of active time. This session ended with a crash.

Error - 21.08.2009 07:09:14 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13886
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21.08.2009 07:09:15 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13810
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.09.2009 06:06:14 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 712
seconds with 540 seconds of active time. This session ended with a crash.

Error - 26.01.2011 16:29:29 | Computer Name = AKS23 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 153
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04.02.2013 11:17:38 | Computer Name = AKS23 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079

Error - 04.02.2013 11:17:41 | Computer Name = AKS23 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Cdrom Imapi redbook

[ TuneUp Events ]
Error - 28.12.2008 13:30:34 | Computer Name = AKS23 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 28.12.2008 13:30:54 | Computer Name = AKS23 | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >

Many thanks for your effort.
  • 0

#7
RKinner
Posted 04 February 2013 - 12:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall:
Sophos Anti-Virus
PC-Doctor für Windows
Java™ 6 Update 17
TuneUp Utilities 2006

You may need to use the free Revo uninstaller to get rid of Sophos as it appears to be broken.
http://www.revounins...e_download.html
If you must use java the latest version is at java.com . Do not let them foist any toolbars or security scans on you. We are recommending that if you need Java for some sites that you run Firefox or Chrome with the No-Script/Script-No add-ons and only allow sites that really need Java to use it. Java just has too many security problems.


Upgrade:
Adobe Acrobat 8.1.6 Professional

We are getting an error that Upload Manager service is not starting. Odd thing is I can't see how it starts. See if you can find it in the services window:

Start, Run, services.msc , OK. Then see if it shows up in the right pane. Right click on it and change the Startup Type: to Disabled.

If you can't find it let me know and we will try something else.

TDSSKiller found this:

14:48:07.0968 0308 [ 5012F080FCCF701E2CD6B045AC7814D9 ] kbeepm C:\DOKUME~1\Leonard\LOKALE~1\Temp\kbeepm.sys
14:48:08.0038 0308 kbeepm - ok

but didn't flag it. I don't trust files that run from temp folders. I suspect it is a program to keep you from copying a game. Doubt that you need it since I don't see any games on your Uninstall list.

Start, Run, devmgmt.msc , OK.

Click on View then on Show Hidden Devices. It's probably under Non-plug and play devices. If you find it. Right click on it and Uninstall.

While you are in device manager you have three other device drivers which are not working for some reason:

Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Cdrom Imapi redbook

See if you can find them. They should have a yellow mark if they didn't load. Right click on them and Uninstall. If XP needs them it will reinstall them (hopefully correctly) on the next reboot.

Let's check a few more things:

Since Combofix is not cooperating let's run DDS:
Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Also since you have Avast we might as well try a boot-time scan. This is something you should let it do while you sleep as it takes a long time. (Good idea to mute the speakers so it doesn't wake you up.)

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Where it says Heuristic Sensitivity, click on the vertical bar on the far right so that it changes to High. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find? If it found anything see if you can find aswboot.txt at C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswboot.txt. If you can find it copy and paste the file.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#8
Phom
Posted 05 February 2013 - 04:51 AM

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Uninstall done

Upgrade Acrobat 8.1.6 Pro not possible, program says it is latest version

kbeepm unistalled

Cdrom uninstalled, but I could not find: Imapi, redbook, although I looked at very place. no other item with yellow dot.

DDS froze: I don not know how to disable or enable script blocking. I stopped avast for 10 minutes and disabled pop-blockers in Firefox and Windows explorer. No program was running during DDS. Still DDS froze.

aswboot

02/05/2013 09:42
Prüfung aller lokalen Laufwerke

Datei C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads\Vortrag.zip.part|>MedSysKickoff.ppt Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Dokumente und Einstellungen\Vinzent\Lokale Einstellungen\Anwendungsdaten\Adobe\Updater5\Install\acrobat8pro-EFG\AcrobatReaderUpd812_SU1_all.msi|>Data1.cab|>Annots.api Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Dokumente und Einstellungen\Vinzent\Lokale Einstellungen\Anwendungsdaten\Adobe\Updater5\Install\acrobat8pro-EFG\AcrobatReaderUpd812_SU1_all.msi|>Data1.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei C:\WINDOWS\system32\SBUtils\SBWebCtl.dll ist infiziert von Win32:PUP-gen [PUP], In Container verschoben
Anzahl durchsuchter Ordner: 9883
Anzahl der geprüften Dateien: 421969
Anzahl infizierter Dateien: 1

Speccy

Zusammenfassung
Betriebssystem
Microsoft Windows XP Professional 32-bit SP2
CPU
Intel Pentium M
Banias 0.13um Technologie
RAM
512 MB DDR @ 132MHz (2.5-3-3-6)
Motherboard
IBM 237322G (None) 44 °C
Grafik
(Standardmonitor) (1024x768@60Hz)
32 MBATI MOBILITY RADEON 7500 (IBM)
Festplatten
34,3GB IC25N040ATCS05-0 (PATA) 38 °C
Optische Laufwerke
Keine optischen Laufwerke gefunden
Audio
SoundMAX Integrated Digital Audio
Betriebssystem
Microsoft Windows XP Professional 32-bit SP2
Computer type: Notebook
Installation Date : 27.03.2009 11:41:42

Windows Sicherheits Center
Firewall Aktiviert
Windows Update
AutoUpdate Automatisch herunterladen und zum gesetzten Zeitpunkt installieren
Ablaufplan Frequenz Täglich
Plan-Zeit 03:00
Antivirus
Antivirus Aktiviert
Firmenname AVAST Software
Display Name avast! Antivirus
Produktversion 7.0.1474.0
Virus Signature Database Up to date
.NET Frameworks installed
v2.0 SP1
v1.1 SP1
Internet Explorer
Version 6.0.2900.2180
Umgebungsvariabeln
USERPROFILE C:\Dokumente und Einstellungen\Stefan
SystemRoot C:\WINDOWS
Benutzervariabeln
DBCONFIG C:\Programme\Adabas\sql
DBROOT C:\Programme\Adabas
DBWORK C:\Programme\Adabas\sql
Path %DBROOT%\bin
%DBROOT%\pgm
TEMP C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp
TMP C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp
Systemvariabeln
ComSpec C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK NO
NUMBER_OF_PROCESSORS 1
OS Windows_NT
Path C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\system32\wbem
C:\texmf\miktex\bin
C:\PROGRAMME\THINKPAD\UTILITIES
C:\Programme\ATI Technologies\ATI Control Panel
C:\Programme\Bio-Rad Laboratories\Bin
C:\Programme\Winbib3
C:\Programme\Microsoft SQL Server\80\Tools\Binn
D:\winbibdata
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE x86
PROCESSOR_IDENTIFIER x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL 6
PROCESSOR_REVISION 0905
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
windir C:\WINDOWS
Akku
Stromleitung Online
Akkuladung 100 %
Akkustatus Hoch
Verbleibende Zeit Unbekannt
Strom Profil
Aktives Strom-Profil Hohe Systemleistung
Ruhezustand Deaktiviert
Bildschirm ausschalten nach: (bei Netzbetrieb) Nie
Bildschirm ausschalten nach: (bei Akkubetrieb) 60 min
Festplatte ausschalten nach: (bei Netzbetrieb) Nie
Festplatte ausschalten nach: (bei Akkubetrieb) 20 min
Ruhezustand nach: (bei Netzbetrieb) Nie
Ruhezustand nach: (bei Akkubetrieb) 60 min
Bildschirmschoner Aktiviert
Uptime
Aktive Sitzung
Aktuelle Zeit 05.02.2013 09:30:41
Aktuelle Laufzeit 1.019 sec (0 d, 00 h, 16 m, 59 s)
Letzter Computerstart 05.02.2013 09:13:42
Zeitzone
Zeitzone GMT +1:00 Stunden
Sprache Deutsch (Deutschland)
Location Deutschland
Land Deutsch (Deutschland)
Währung €
Datumsformat dd.MM.yyyy
Zeitformat HH:mm:ss
Prozess Liste
alg.exe
Prozess ID 2100
Pfad C:\WINDOWS\System32\alg.exe
Speicherverbrauch 3,66 MB
Speicherverbrauch Höchstwert 3,68 MB
assistantservices.exe
Prozess ID 1836
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\Programme\1&1 Surf-Stick\AssistantServices.exe
Speicherverbrauch 2,88 MB
Speicherverbrauch Höchstwert 2,88 MB
ati2evxx.exe
Prozess ID 1572
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\System32\Ati2evxx.exe
Speicherverbrauch 2,01 MB
Speicherverbrauch Höchstwert 2,01 MB
avastsvc.exe
Prozess ID 1624
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\Programme\AVAST Software\Avast\AvastSvc.exe
Speicherverbrauch 30 MB
Speicherverbrauch Höchstwert 61 MB
avastui.exe
Prozess ID 2616
Benutzer Stefan
Domain AKS23
Pfad C:\Programme\AVAST Software\Avast\avastUI.exe
Speicherverbrauch 2,52 MB
Speicherverbrauch Höchstwert 7,54 MB
billy.exe
Prozess ID 3744
Benutzer Stefan
Domain AKS23
Pfad C:\Programme\Autorun Eater\billy.exe
Speicherverbrauch 1,47 MB
Speicherverbrauch Höchstwert 8,43 MB
cmd.exe
Prozess ID 2648
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\system32\cmd.exe
Speicherverbrauch 2,75 MB
Speicherverbrauch Höchstwert 2,79 MB
csrss.exe
Prozess ID 2004
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad \??\C:\WINDOWS\system32\csrss.exe
Speicherverbrauch 3,96 MB
Speicherverbrauch Höchstwert 4,46 MB
cvpnd.exe
Prozess ID 1644
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
Speicherverbrauch 5,59 MB
Speicherverbrauch Höchstwert 5,66 MB
explorer.exe
Prozess ID 4004
Benutzer Stefan
Domain AKS23
Pfad C:\WINDOWS\Explorer.EXE
Speicherverbrauch 15 MB
Speicherverbrauch Höchstwert 15 MB
firefox.exe
Prozess ID 3896
Benutzer Stefan
Domain AKS23
Pfad C:\Programme\Mozilla Firefox\firefox.exe
Speicherverbrauch 198MB
Speicherverbrauch Höchstwert 229MB
firefox.exe
Prozess ID 1136
Benutzer Stefan
Domain AKS23
Pfad C:\Programme\Mozilla Firefox\firefox.exe
Speicherverbrauch 25 MB
Speicherverbrauch Höchstwert 25 MB
ibmpmsvc.exe
Prozess ID 496
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\system32\ibmpmsvc.exe
Speicherverbrauch 1,13 MB
Speicherverbrauch Höchstwert 1,13 MB
javaw.exe
Prozess ID 2736
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\PROGRA~1\xpoint\SAS\jre\bin\javaw.exe
Speicherverbrauch 12 MB
Speicherverbrauch Höchstwert 12 MB
lsass.exe
Prozess ID 176
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\system32\lsass.exe
Speicherverbrauch 1,52 MB
Speicherverbrauch Höchstwert 5,86 MB
nmsaccessu.exe
Prozess ID 908
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\Programme\CDBurnerXP\NMSAccessU.exe
Speicherverbrauch 1,98 MB
Speicherverbrauch Höchstwert 1,98 MB
oldmcdonald.exe
Prozess ID 1148
Benutzer Stefan
Domain AKS23
Pfad C:\Programme\Autorun Eater\oldmcdonald.exe
Speicherverbrauch 1,75 MB
Speicherverbrauch Höchstwert 11 MB
qconsvc.exe
Prozess ID 1120
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\System32\QCONSVC.EXE
Speicherverbrauch 3,17 MB
Speicherverbrauch Höchstwert 7,09 MB
regsrvc.exe
Prozess ID 1168
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\System32\RegSrvc.exe
Speicherverbrauch 3,43 MB
Speicherverbrauch Höchstwert 3,44 MB
services.exe
Prozess ID 248
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\system32\services.exe
Speicherverbrauch 4,13 MB
Speicherverbrauch Höchstwert 4,19 MB
smss.exe
Prozess ID 1812
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad \SystemRoot\System32\smss.exe
Speicherverbrauch 400KB
Speicherverbrauch Höchstwert 492KB
speccy.exe
Prozess ID 1364
Benutzer Stefan
Domain AKS23
Pfad C:\Programme\Speccy\Speccy.exe
Speicherverbrauch 31 MB
Speicherverbrauch Höchstwert 31 MB
spoolsv.exe
Prozess ID 1724
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\system32\spoolsv.exe
Speicherverbrauch 5,36 MB
Speicherverbrauch Höchstwert 5,39 MB
svchost.exe
Prozess ID 1260
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\system32\svchost.exe
Speicherverbrauch 4,28 MB
Speicherverbrauch Höchstwert 4,33 MB
svchost.exe
Prozess ID 668
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\system32\svchost.exe
Speicherverbrauch 4,57 MB
Speicherverbrauch Höchstwert 4,64 MB
svchost.exe
Prozess ID 780
Pfad C:\WINDOWS\system32\svchost.exe
Speicherverbrauch 4,02 MB
Speicherverbrauch Höchstwert 4,02 MB
svchost.exe
Prozess ID 924
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\System32\svchost.exe
Speicherverbrauch 24 MB
Speicherverbrauch Höchstwert 25 MB
svchost.exe
Prozess ID 1080
Pfad C:\WINDOWS\system32\svchost.exe
Speicherverbrauch 3,47 MB
Speicherverbrauch Höchstwert 3,54 MB
svchost.exe
Prozess ID 1352
Pfad C:\WINDOWS\system32\svchost.exe
Speicherverbrauch 3,00 MB
Speicherverbrauch Höchstwert 3,00 MB
syntpenh.exe
Prozess ID 2500
Benutzer Stefan
Domain AKS23
Pfad C:\Programme\Synaptics\SynTP\SynTPEnh.exe
Speicherverbrauch 3,98 MB
Speicherverbrauch Höchstwert 4,03 MB
syntplpr.exe
Prozess ID 2204
Benutzer Stefan
Domain AKS23
Pfad C:\Programme\Synaptics\SynTP\SynTPLpr.exe
Speicherverbrauch 2,07 MB
Speicherverbrauch Höchstwert 2,07 MB
system
Prozess ID 4
Speicherverbrauch 228KB
Speicherverbrauch Höchstwert 1,99 MB
system idle process
Prozess ID 0
uiexec.exe
Prozess ID 2760
Benutzer Stefan
Domain AKS23
Pfad C:\Programme\1&1 Surf-Stick\UIExec.exe
Speicherverbrauch 2,21 MB
Speicherverbrauch Höchstwert 2,34 MB
winlogon.exe
Prozess ID 132
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad \??\C:\WINDOWS\system32\winlogon.exe
Speicherverbrauch 1,86 MB
Speicherverbrauch Höchstwert 12 MB
wmiprvse.exe
Prozess ID 3072
Pfad C:\WINDOWS\system32\wbem\wmiprvse.exe
Speicherverbrauch 7,91 MB
Speicherverbrauch Höchstwert 8,14 MB
wmiprvse.exe
Prozess ID 1044
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\WINDOWS\system32\wbem\wmiprvse.exe
Speicherverbrauch 5,04 MB
Speicherverbrauch Höchstwert 5,04 MB
xpadmin.exe
Prozess ID 948
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\PROGRA~1\xpoint\xpadmin\xpadmin.exe
Speicherverbrauch 2,45 MB
Speicherverbrauch Höchstwert 2,51 MB
xpclient.exe
Prozess ID 2228
Benutzer SYSTEM
Domain NT-AUTORITÄT
Pfad C:\PROGRA~1\xpoint\EEClient\xpclient.exe
Speicherverbrauch 3,90 MB
Speicherverbrauch Höchstwert 4,04 MB
Aufgabenplanung
05.02.2013 09:53;Alle 1 Stunde(n) ab 18:53. Dauer: 24 Stunde(n) täglich, ab dem 16.12.2012 GoogleUpdateTaskMachineUA
05.02.2013 12:41;Alle 12 Stunde(n) ab 00:41. Dauer: 24 Stunde(n) täglich, ab dem 17.12.2012 avast! Emergency Update
05.02.2013 18:53;Bei Anmeldung des Benutzers starten GoogleUpdateTaskMachineCore
Hotfixes
Systemordner
Path for burning CD C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Microsoft\CD Burning
Application Data C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
Public Desktop C:\Dokumente und Einstellungen\All Users\Desktop
Documents C:\Dokumente und Einstellungen\All Users\Dokumente
Global Favorites C:\Dokumente und Einstellungen\All Users\Favoriten
Music C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik
Pictures C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder
Start Menu Programs C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
Start Menu C:\Dokumente und Einstellungen\All Users\Startmenü
Startup C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Templates C:\Dokumente und Einstellungen\All Users\Vorlagen
Videos C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
Cookies C:\Dokumente und Einstellungen\Stefan\Cookies
Desktop C:\Dokumente und Einstellungen\Stefan\Desktop
Physical Desktop C:\Dokumente und Einstellungen\Stefan\Desktop
User Favorites C:\Dokumente und Einstellungen\Stefan\Favoriten
Fonts C:\WINDOWS\Fonts
Internet History C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Verlauf
Temporary Internet Files C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temporary Internet Files
Local Application Data C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten
Windows Directory C:\WINDOWS
Windows/System C:\WINDOWS\system32
Program Files C:\Programme
Dienste
Gestartet Arbeitsstationsdienst
Gestartet Ati HotKey Poller
Gestartet Automatic Updates
Gestartet avast! Antivirus
Gestartet Cisco Systems, Inc. VPN Service
Gestartet Client Service für NetWare
Gestartet COM+-Ereignissystem
Gestartet Computerbrowser
Gestartet CryptSvc
Gestartet DCOM-Server-Prozessstart
Gestartet Designs
Gestartet DHCP-Client
Gestartet DNS-Client
Gestartet Druckwarteschlange
Gestartet Ereignisprotokoll
Gestartet Fehlerberichterstattungsdienst
Gestartet Gatewaydienst auf Anwendungsebene
Gestartet Geschützter Speicher
Gestartet HID Input Service
Gestartet Hilfe und Support
Gestartet IBM PM Service
Gestartet Infrarotüberwachung
Gestartet IPSEC-Dienste
Gestartet Kompatibilität für schnelle Benutzerumschaltung
Gestartet Konfigurationsfreie drahtlose Verbindung
Gestartet Netzwerkverbindungen
Gestartet NLA (Network Location Awareness)
Gestartet NMSAccess
Gestartet Plug & Play
Gestartet QCONSVC
Gestartet RAS-Verbindungsverwaltung
Gestartet RegSrvc
Gestartet Remoteprozeduraufruf (RPC)
Gestartet Secondary Logon
Gestartet Server
Gestartet Shellhardwareerkennung
Gestartet Sicherheitscenter
Gestartet Sicherheitskontenverwaltung
Gestartet Systemereignisbenachrichtigung
Gestartet Systemwiederherstellungsdienst
Gestartet Taskplaner
Gestartet TCP/IP-NetBIOS-Hilfsprogramm
Gestartet Telefonie
Gestartet Terminaldienste
Gestartet UI Assistant Service
Gestartet Windows Audio
Gestartet Windows-Bilderfassung (WIA)
Gestartet Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
Gestartet Windows-Verwaltungsinstrumentation
Gestartet Windows-Zeitgeber
Gestartet Xpoint Admin Server
Gestartet Überwachung verteilter Verknüpfungen (Client)
Beendet .NET Runtime Optimization Service v2.0.50727_X86
Beendet Ablagemappe
Beendet Anmeldedienst
Beendet Anwendungsverwaltung
Beendet ASP.NET State Service
Beendet BITS
Beendet COM+-Systemanwendung
Beendet Dienst für Seriennummern der tragbaren Medien
Beendet Distributed Transaction Coordinator
Beendet FLEXnet Licensing Service
Beendet Google Update-Dienst (gupdate)
Beendet Google Update-Dienst (gupdatem)
Beendet HTTP-SSL
Beendet IBM PSA Access Driver Control
Beendet IMAPI-CD-Brenn-COM-Dienste
Beendet Indexdienst
Beendet InstallDriver Table Manager
Beendet Leistungsdatenprotokolle und Warnungen
Beendet Microsoft Office Diagnostics Service
Beendet Mozilla Maintenance Service
Beendet MS Software Shadow Copy Provider
Beendet Nachrichtendienst
Beendet NetMeeting-Remotedesktop-Freigabe
Beendet Netzwerk-DDE-Dienst
Beendet Netzwerk-DDE-Serverdienst
Beendet Netzwerkversorgungsdienst
Beendet NT-LM-Sicherheitsdienst
Beendet Office Source Engine
Beendet QoS-RSVP
Beendet Remote-Registrierung
Beendet Routing und RAS
Beendet RPC-Locator
Beendet Sitzungs-Manager für Remotedesktophilfe
Beendet Smartcard
Beendet Spectrum24 Event Monitor
Beendet SSDP-Suchdienst
Beendet Telnet
Beendet Treibererweiterungen für Windows-Verwaltungsinstrumentation
Beendet Universeller Plug & Play-Gerätehost
Beendet Unterbrechungsfreie Stromversorgung
Beendet Upload-Manager
Beendet Verwaltung für automatische RAS-Verbindung
Beendet Verwaltung logischer Datenträger
Beendet Verwaltungsdienst für die Verwaltung logischer Datenträger
Beendet Volumeschattenkopie
Beendet Warndienst
Beendet WebClient
Beendet Wechselmedien
Beendet Windows Installer
Beendet WMI-Leistungsadapter
Beendet Xpoint PCRadmin Server
Security Options
DCOM: Computerstarteinschränkungen in Security Descriptor Definition Language (SDDL)-Syntax Nicht definiert
DCOM: Computerzugriffseinschränkungen in Security Descriptor Definition Language (SDDL)-Syntax Nicht definiert
Domänencontroller: Änderungen von Computerkontenkennwörtern verweigern Nicht definiert
Domänencontroller: Serveroperatoren das Einrichten von geplanten Tasks erlauben Nicht definiert
Domänencontroller: Signaturanforderungen für LDAP-Server Nicht definiert
Domänenmitglied: Änderungen von Computerkontenkennwörtern deaktivieren Deaktiviert
Domänenmitglied: Daten des sicheren Kanals digital signieren (wenn möglich) Aktiviert
Domänenmitglied: Daten des sicheren Kanals digital verschlüsseln (wenn möglich) Aktiviert
Domänenmitglied: Daten des sicheren Kanals digital verschlüsseln oder signieren (immer) Aktiviert
Domänenmitglied: Maximalalter von Computerkontenkennwörtern 30 Tage
Domänenmitglied: Starker Sitzungsschlüssel erforderlich (Windows 2000 oder höher) Deaktiviert
Geräte: Anwendern das Installieren von Druckertreibern nicht erlauben Deaktiviert
Geräte: Entfernen ohne vorherige Anmeldung erlauben Aktiviert
Geräte: Formatieren und Auswerfen von Wechselmedien zulassen Administratoren
Geräte: Verhalten bei der Installation von nichtsignierten Treibern Warnen, aber Installation erlauben
Geräte: Zugriff auf CD-ROM-Laufwerke auf lokal angemeldete Benutzer beschränken Deaktiviert
Geräte: Zugriff auf Diskettenlaufwerke auf lokal angemeldete Benutzer beschränken Deaktiviert
Herunterfahren: Auslagerungsdatei des virtuellen Arbeitspeichers löschen Deaktiviert
Herunterfahren: Herunterfahren des Systems ohne Anmeldung zulassen Aktiviert
Interaktive Anmeldung: Anwender vor Ablauf des Kennworts zum Ändern des Kennworts auffordern 14 Tage
Interaktive Anmeldung: Anzahl zwischenzuspeichernder vorheriger Anmeldungen (für den Fall, dass der Domänencontroller nicht verfügbar ist) 10 Anmeldungen
Interaktive Anmeldung: Domänencontrollerauthentifizierung zum Aufheben der Sperrung der Arbeitsstation erforderlich Deaktiviert
Interaktive Anmeldung: Kein STRG+ALT+ENTF erforderlich Nicht definiert
Interaktive Anmeldung: Letzten Benutzernamen nicht anzeigen Deaktiviert
Interaktive Anmeldung: Nachricht für Benutzer, die sich anmelden wollen
Interaktive Anmeldung: Nachrichtentitel für Benutzer, die sich anmelden wollen
Interaktive Anmeldung: Smartcard erforderlich Nicht definiert
Interaktive Anmeldung: Verhalten beim Entfernen von Smartcards Keine Aktion
Konten: Administrator umbenennen Administrator
Konten: Administratorkontostatus Aktiviert
Konten: Gastkontenstatus Aktiviert
Konten: Gastkonto umbenennen Gast
Konten: Lokale Kontenverwendung von leeren Kennwörtern auf Konsolenanmeldung beschränken Aktiviert
Microsoft-Netzwerk (Client): Kommunikation digital signieren (immer) Deaktiviert
Microsoft-Netzwerk (Client): Kommunikation digital signieren (wenn Server zustimmt) Aktiviert
Microsoft-Netzwerk (Client): Unverschlüsseltes Kennwort an SMB-Server von Drittanbietern senden Deaktiviert
Microsoft-Netzwerk (Server): Clientverbindungen aufheben, wenn die Anmeldezeit überschritten wird Aktiviert
Microsoft-Netzwerk (Server): Kommunikation digital signieren (immer) Deaktiviert
Microsoft-Netzwerk (Server): Kommunikation digital signieren (wenn Client zustimmt) Deaktiviert
Microsoft-Netzwerk (Server): Leerlaufzeitspanne bis zum Anhalten der Sitzung 15 Minuten
Netzwerksicherheit: Abmeldung nach Ablauf der Anmeldezeit erzwingen Deaktiviert
Netzwerksicherheit: Keine LAN Manager-Hashwerte für nächste Kennwortänderung speichern Deaktiviert
Netzwerksicherheit: LAN Manager-Authentifizierungsebene LM- und NTLM-Anworten senden
Netzwerksicherheit: Minimale Sitzungssicherheit für NTLM-SSP-basierte Clients (einschließlich sicherer RPC-Clients) Kein Minimum
Netzwerksicherheit: Minimale Sitzungssicherheit für NTLM-SSP-basierte Server (einschließlich sicherer RPC-Server) Kein Minimum
Netzwerksicherheit: Signaturanforderungen für LDAP-Clients Signatur aushandeln
Netzwerkzugriff: Anonyme Aufzählung von SAM-Konten nicht erlauben Aktiviert
Netzwerkzugriff: Anonyme Aufzählung von SAM-Konten und Freigaben nicht erlauben Deaktiviert
Netzwerkzugriff: Die Verwendung von 'Jeder'-Berechtigungen für anonyme Benutzer ermöglichen Deaktiviert
Netzwerkzugriff: Freigaben, auf die anonym zugegriffen werden kann COMCFG,DFS$
Netzwerkzugriff: Modell für gemeinsame Nutzung und Sicherheitsmodell für lokale Konten Klassisch - lokale Benutzer authentifizieren sich als sie selbst
Netzwerkzugriff: Named Pipes, auf die anonym zugegriffen werden kann COMNAP,COMNODE,SQL\QUERY,SPOOLSS,LLSRPC,EPMAPPER,LOCATOR,TrkWks,TrkSvr
Netzwerkzugriff: Registrierungspfade, auf die von anderen Computern aus zugegriffen werden kann System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Netzwerkzugriff: Speicherung von Anmeldeinformationen oder .NET-Passports für die Netzwerkauthentifikation nicht erlauben Deaktiviert
Systemkryptografie: FIPS-konformen Algorithmus für Verschlüsselung, Hashing und Signatur verwenden Deaktiviert
Systemobjekte: Groß-/Kleinschreibung für Nicht-Windows-Subsysteme ignorieren Aktiviert
Systemobjekte: Standardberechtigungen interner Systemobjekte (z. B. symbolischer Verknüpfungen) verstärken Aktiviert
Systemobjekte: Standardbesitzer für Objekte, die von Mitgliedern der Administratorengruppe erstellt werden Objektersteller
Überwachung: Die Verwendung des Sicherungs- und Wiederherstellungsrechts überprüfen Deaktiviert
Überwachung: System sofort herunterfahren, wenn Sicherheitsüberprüfungen nicht protokolliert werden können Deaktiviert
Überwachung: Zugriff auf globale Systemobjekte prüfen Deaktiviert
Wiederherstellungskonsole: Automatische administrative Anmeldungen zulassen Aktiviert
Wiederherstellungskonsole: Kopieren von Disketten und Zugriff auf alle Laufwerke und alle Ordner zulassen Aktiviert
Gerätebaum
ACPI-PC (Advanced Configuration and Power Interface)
Microsoft ACPI-konformes System
Intel Pentium M processor 1300MHz
Systemplatine
ACPI-Deckel
ACPI-Sleepknopf
ACPI-Thermozone
ACPI-Schalter
PCI-Bus
Intel 82855PM Processor to I/O Controller - 3340
Intel 82801DB/DBM SMBus Controller - 24C3
SoundMAX Integrated Digital Audio
Agere Systems AC'97 Modem
Intel® 82855PM Processor to AGP Controller - 3341
ATI MOBILITY RADEON 7500
(Standardmonitor)
Standardfernseher
(Standardmonitor)
IBM ThinkPad 1024x768 LCD panel
Intel® 82801DB/DBM USB universeller Hostcontroller - 24C2
USB-Root-Hub
Intel® 82801DB/DBM USB universeller Hostcontroller - 24C4
USB-Root-Hub
Intel® 82801DB/DBM USB universeller Hostcontroller - 24C7
USB-Root-Hub
Intel® 82801DB/DBM USB 2.0 erweiterter Hostcontroller - 24CD
USB-Root-Hub
Intel® 82801DBM PCI Bridge - 2448
Texas Instruments PCI-1520 CardBus-Controller
Texas Instruments PCI-1520 CardBus-Controller
Intel PRO/Wireless LAN 2100 3B Mini PCI Adapter
Intel PRO/100 VE Network Connection
Intel® 82801DBM LPC Interface Controller - 24CC
ISAPnP-Datenleseport
Hauptplatinenressourcen
Programmierbarer Interruptcontroller
Systemzeitgeber
DMA-Controller
Systemlautsprecher
Numerischer Coprozessor
System CMOS/Echtzeituhr
Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
IBM ThinkPad UltraNav Pointing Device
Standard-Diskettenlaufwerkcontroller
Kommunikationsanschluss (COM1)
IBM-ThinkPad-Schneller Infrarotanschluss
Druckeranschluss (LPT1)
Logische Schnittstelle für Druckeranschluss
Eingebetteter, Microsoft ACPI-konformer Controller
Microsoft ACPI-konforme Kontrollmethodenbatterie
Microsoft-Netzteil
IBM PM Device
Intel® 82801DBM Ultra ATA Storage Controller - 24CA
Primärer IDE-Kanal
IC25N040ATCS05-0
Sekundärer IDE-Kanal
MATSHITA UJDA745 DVD/CDRW
CPU
Intel Pentium M
Kerne 1
Threads 1
Name Intel Pentium M
Codename Banias
Sockel Socket 479 mPGA
Technologie 0.13um
Spezifikation Intel Pentium M processor 1300MHz
Familie 6
Erweiterte Familie 6
Model 9
Erweitertes Model 9
Stepping 5
Revision B1
Befehle MMX, SSE, SSE2
Virtualisierung Nicht unterstützt
Hyper-Threading Nicht unterstützt
Bus Takt 99,7 MHz
Rated Bus Speed 398,7 MHz
Kern Frequenz 1300 MHz
Bus Frequenz 100 MHz
Caches
L1 Cache 32 KByte
L1 Befehlscache 32 KByte
L2 Unified Cache Size 1024 KByte
Kern 0
Kern Takt 1295,9 MHz
Multiplikator x 13,0
Bus Takt 99,7 MHz
Rated Bus Speed 398,7 MHz
Thread 1
APIC ID 0
RAM
Speicherbänke
Gesamte Speicherbänke 2
Genutzte Speicherbänke 2
Freie Speicherbänke 0
Speicher
Typ DDR
Größe 512 Mbyte
DRAM Frequenz 132,9 MHz
CAS# Latenz (CL) 2.5 clocks
RAS# zu CAS# Verzögerung (tRCD) 3 clocks
RAS# Precharge (tRP) 3 clocks
Cycle Time (tRAS) 6 clocks
Pysischer Speicher
Speichernutzung 89 %
Pysisch insgesamt 510MB
Physisch verfügbar 52 MB
Virtuell insgesamt 1,22 GB
Virtuell verfügbar 822MB
SPD
Anzahl an SPD Modulen 2
Slot #1
Typ DDR
Größe 256 Mbyte
Hersteller MOSEL
Max Bandbreite PC2100 (133 MHz)
P/N V826632B24SATG-B0
Seriennummer 34030101
Woche/Jahr 30 / 03
SPD Ext. EPP
JEDEC #2
Frequenz 133,3 MHz
CAS# Latenz 2,5
RAS# zu CAS# 3
RAS #Precharge 3
tRAS 6
Spannung 2,500 V
JEDEC #1
Frequenz 100,0 MHz
CAS# Latenz 2,0
RAS# zu CAS# 2
RAS #Precharge 2
tRAS 5
Spannung 2,500 V
Slot #2
Typ DDR
Größe 256 Mbyte
Hersteller Kingston
Max Bandbreite PC2100 (133 MHz)
P/N KVR266X64SC25/256
Seriennummer 630F7A1C
Woche/Jahr 40 / 03
SPD Ext. EPP
JEDEC #2
Frequenz 133,3 MHz
CAS# Latenz 2,5
RAS# zu CAS# 3
RAS #Precharge 3
tRAS 6
Spannung 2,500 V
JEDEC #1
Frequenz 100,0 MHz
CAS# Latenz 2,0
RAS# zu CAS# 2
RAS #Precharge 2
tRAS 5
Spannung 2,500 V
Motherboard
Hersteller IBM
Model 237322G (None)
Version Not Available
Chipsatzhersteller Intel
Chipsatzmodel i855GM
Chipsatzrevision A3
Southbridgehersteller Intel
Southbridgemodel 82801DB (ICH4-M)
Southbridgerevision 01
Systemtemperatur 44 °C
BIOS
Marke IBM
Version 1RET36WW (1.07 )
Datum 25.06.2003
PCI Daten
Steckplatz UNBEKANNT
Slot-Typ UNBEKANNT
Slot-Benutzung Verfügbar
BUS Breite 32 bit
Slot-Bezeichnung CardBus Slot 1
Slot-Nummer 0
Steckplatz UNBEKANNT
Slot-Typ UNBEKANNT
Slot-Benutzung Verfügbar
BUS Breite 32 bit
Slot-Bezeichnung CardBus Slot 2
Slot-Nummer 1
Steckplatz PCI
Slot-Typ PCI
Slot-Benutzung Verfügbar
BUS Breite 32 bit
Slot-Bezeichnung Mini-PCI Slot 1
Slot-Nummer 2
Grafik
Bildschirm
Name (Standardmonitor) an ATI MOBILITY RADEON 7500
Aktuelle Auflösung 1024x768 Pixel
Arbeits Auflösung 1024x738 Pixel
Status aktiviert, Primär, Ausgabegeräte Support
Monitor Breite 1024
Monitor Höhe 768
Monitor BpP 16 bit pro Pixel
Monitor Frequenz 60 Hz
Gerät \\.\DISPLAY1\Monitor0
ATI MOBILITY RADEON 7500
GPU M7
Geräte ID 1002-4C57
Händler IBM (1014)
Aktuelle Performance-Stufe Level 1
Erscheinungs-Datum 2002
DirectX Support 7.0
OpenGL Support 1.3
BIOS Kern-Takt 260,00
BIOS Speicher-Takt 183,00
Treiber-Version 6.13.10.6344
BIOS Version BK5.0.0 VR006.005.007.007.002.001.001.001 j
ROPs 2
Shader Vertex 2/Pixel 2
Speicher-Typ DDR
Speicher 32 MB
Anzahl an Performance-Stufen : 1
Level 1
OpenGL
Version 1.3.3425 WinXP Release
Hersteller ATI Technologies Inc.
Renderer Radeon 7500 DDR x86/SSE2
GLU Version 1.2.2.0 Microsoft Corporation
Werte
GL_MAX_LIGHTS 8
GL_MAX_TEXTURE_SIZE 2048
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_ARB_multitexture
GL_EXT_texture_env_add
GL_EXT_compiled_vertex_array
GL_S3_s3tc
GL_ARB_texture_border_clamp
GL_ARB_texture_compression
GL_ARB_texture_cube_map
GL_ARB_texture_env_add
GL_ARB_texture_env_combine
GL_ARB_texture_env_crossbar
GL_ARB_texture_env_dot3
GL_ARB_texture_mirrored_repeat
GL_ARB_transpose_matrix
GL_ARB_vertex_blend
GL_ARB_window_pos
GL_ATI_envmap_bumpmap
GL_ATI_map_object_buffer
GL_ATI_texture_env_combine3
GL_ATI_texture_mirror_once
GL_ATI_vertex_array_object
GL_ATI_vertex_streams
GL_ATIX_texture_env_combine3
GL_ATIX_texture_env_route
GL_EXT_abgr
GL_EXT_bgra
GL_EXT_clip_volume_hint
GL_EXT_draw_range_elements
GL_EXT_fog_coord
GL_EXT_multi_draw_arrays
GL_EXT_packed_pixels
GL_EXT_point_parameters
GL_EXT_rescale_normal
GL_EXT_secondary_color
GL_EXT_separate_specular_color
GL_EXT_stencil_wrap
GL_EXT_texgen_reflection
GL_EXT_texture3D
GL_EXT_texture_compression_s3tc
GL_EXT_texture_cube_map
GL_EXT_texture_edge_clamp
GL_EXT_texture_env_combine
GL_EXT_texture_env_dot3
GL_EXT_texture_filter_anisotropic
GL_EXT_texture_lod_bias
GL_EXT_texture_object
GL_EXT_texture_rectangle
GL_EXT_vertex_array
GL_HP_occlusion_test
GL_KTX_buffer_region
GL_NV_texgen_reflection
GL_NV_blend_square
GL_SGI_texture_edge_clamp
GL_SGIS_texture_border_clamp
GL_SGIS_texture_lod
GL_SGIS_generate_mipmap
GL_SGIS_multitexture
GL_SUN_multi_draw_arrays
GL_WIN_swap_hint
WGL_EXT_extensions_string
WGL_EXT_swap_control
GL_EXT_bgra
Festplatten
IC25N040ATCS05-0
Hersteller Unbekannter Hersteller
Köpfe 16
Zylinder 16.383
Geräte-Typ Fest
ATA Standard ATA/ATAPI-5
Seriennummer CLP429F4HZ726A
LBA-Größe 28-Bit-LBA
Power On Count 3856 times
Power On Time 140,4 days
Funktionen S.M.A.R.T., APM
Übertragungsmodus Ultra DMA/100
Schnittstelle PATA
Kapazität 34,3GB
Reale Größe 36.833.846.272 Byte
RAID-Typ None
S.M.A.R.T
01 Lesefehler Rate 100 (100am schlimmsten) Daten 0000000000
02 Durchsatz 100 (100) Daten 0000000000
03 Spin-Up Zeit 177 (177) Daten 0000000001
04 Start/Stopp Zähler 098 (098) Daten 0000001072
05 Neu zugeteilte Sektoren Anzahl 100 (100) Daten 0000000000
07 Suchfehler Rate 100 (100) Daten 0000000000
08 Such Performance 100 (100) Daten 0000000000
09 Power-On Stunden (POS) 093 (093) Daten 0000000D29
0A Spin Retry Anzahl 100 (100) Daten 0000000000
0C Device Power Cycle Count 098 (098) Daten 0000000F10
BF G-sense Fehlerrate 100 (100) Daten 0000000000
C0 Power-off Einfahren Anzahl 100 (100) Daten 0000000037
C1 Load/Unload Cycle Count 083 (083) Daten 000002A684
C2 Temperatur 148 (148) Daten 00000B0025
C4 Reallocation Event Anzahl 100 (100) Daten 0000000000
C5 Aktuell wartende Sektoren Anzahl 100 (100) Daten 0000000000
C6 Unkorrigierbare Sektoren Anzahl 100 (100) Daten 0000000000
C7 UltraDMA CRC Fehler Anzahl 200 (200) Daten 0000000000
D2 100 (100) Daten 0000000000
Temperatur 38 °C
Temperaturbereich ok (weniger als 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Laufwerksbuchstabe C:
Dateisystem NTFS
Laufwerks Seriennummer 4CACD219
Größe 27,4GB
Genutzter Speicher 17,7GB (65%)
Freier Speicher 9,77GB (35%)
Partition 1
Partition ID Disk #0, Partition #1
Laufwerksbuchstabe D:
Dateisystem NTFS
Laufwerks Seriennummer 083744BB
Größe 6,56GB
Genutzter Speicher 230MB (4%)
Freier Speicher 6,33GB (96%)
Partition 2
Partition ID Disk #0, Partition #2
Laufwerksbuchstabe E:
Dateisystem FAT32
Laufwerks Seriennummer AF530000
Größe 309MB
Genutzter Speicher 2MB (1%)
Freier Speicher 307MB (99%)
Optische Laufwerke
Keine optischen Laufwerke gefunden
Audio
Soundkarte
SoundMAX Integrated Digital Audio
Abspielgerät
SoundMAX Digital Audio
Aufnahmegerät
SoundMAX Digital Audio
Lautsprecher Konfiguration
Lautsprecher Konfiguration
Lautsprecher Typ Stereo
Peripherie
Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
Geräte-Art Tastatur
Gerätename Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
Hersteller (Standardtastaturen)
Ort eingesteckt in Tastaturanschluss
Treiber
Datum 7-1-2001
Version 5.1.2600.2180
Datei C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Datei C:\WINDOWS\system32\DRIVERS\kbdclass.sys
IBM ThinkPad UltraNav Pointing Device
Geräte-Art Maus
Gerätename IBM ThinkPad UltraNav Pointing Device
Hersteller IBM Corporation
Ort eingesteckt in PS/2-Mausanschluss
Treiber
Datum 6-24-2003
Version 7.2.3.10
Datei C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Datei C:\WINDOWS\system32\DRIVERS\mouclass.sys
Datei C:\WINDOWS\system32\DRIVERS\SynTP.sys
Datei C:\WINDOWS\system32\SynTPAPI.dll
Datei C:\WINDOWS\system32\SynTPFcs.dll
Datei C:\WINDOWS\system32\SynCOM.dll
Datei C:\WINDOWS\system32\SynCtrl.dll
Datei C:\Programme\Synaptics\SynTP\SynTPLpr.exe
Datei C:\Programme\Synaptics\SynTP\SynTPCpl.dll
Datei C:\Programme\Synaptics\SynTP\SynTPCpl.exe
Datei C:\Programme\Synaptics\SynTP\SynCntxt.rtf
Datei C:\Programme\Synaptics\SynTP\SynZMetr.exe
Datei C:\Programme\Synaptics\SynTP\SynMood.exe
Datei C:\Programme\Synaptics\SynTP\SynTPEnh.exe
Datei C:\Programme\Synaptics\SynTP\SynTPEnh.ini
Datei C:\Programme\Synaptics\SynTP\SynTPCOM.dll
Datei C:\Programme\Synaptics\SynTP\Tutorial.exe
Datei C:\Programme\Synaptics\SynTP\InstNT.exe
Datei C:\Programme\Synaptics\SynTP\SynISDLL.dll
Datei C:\Programme\Synaptics\SynTP\SynUnst.ini
Datei C:\WINDOWS\system32\SynTPCoI.dll
Drucker
\\http://aks25.org-chem.nat.tu-bs.de:631\CLP550N
Druckeranschluss http://aks25.org-chem.nat.tu-bs.de:631
Druckprozessor WinPrint
Verfügbarkeit Immer
Priorität 1
Duplexdruck None
Druckqualität 600 * 600 dpi Farbe
Status Unbekannt
Treiber
Treibername Samsung CLP-550 Series PS (v5.02)
Treiberpfad C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
Adobe PDF
Druckeranschluss Eigene Dateien\*.pdf
Druckprozessor WinPrint
Verfügbarkeit Immer
Priorität 1
Duplexdruck None
Druckqualität 1200 * 1200 dpi Farbe
Status Unbekannt
Treiber
Treibername Adobe PDF Converter (v5.02)
Treiberpfad C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
An OneNote 2007 senden
Druckeranschluss Send To Microsoft OneNote Port:
Druckprozessor OneNotePrint2007
Verfügbarkeit Immer
Priorität 1
Duplexdruck None
Druckqualität 300 * 300 dpi Farbe
Status Unbekannt
Treiber
Treibername Send To Microsoft OneNote Driver (v4.00)
Treiberpfad C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpdrv.dll
Automatisch Adobe PDF auf MAZIK2
Druckeranschluss \\MAZIK2\Drucker3
Druckprozessor WinPrint
Verfügbarkeit Immer
Priorität 1
Duplexdruck None
Druckqualität 1200 * 1200 dpi Farbe
Status Unbekannt
Treiber
Treibername Adobe PDF Converter (v5.02)
Treiberpfad C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
Automatisch HP LaserJet III auf AKS4
Druckeranschluss \\AKS4\HPLJIII
Druckprozessor WinPrint
Verfügbarkeit Immer
Priorität 1
Duplexdruck None
Druckqualität 300 * 300 dpi Farbe
Status Unbekannt
Treiber
Treibername HP LaserJet III (v5.00)
Treiberpfad C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Brother HL-5040 hl1250
Druckeranschluss \\AKS7\HL5040
Druckprozessor WinPrint
Verfügbarkeit Immer
Priorität 1
Duplexdruck None
Druckqualität 300 * 300 dpi Schwarz-Weiß
Status Unbekannt
Treiber
Treibername AdobePS Brother HL-5040 hl1250 (v5.02)
Treiberpfad C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
DesignJet 5500PS
Druckeranschluss \\AKS7\HP5500PS
Druckprozessor WinPrint
Verfügbarkeit Immer
Priorität 1
Duplexdruck None
Druckqualität 600 * 600 dpi Farbe
Status Unbekannt
Treiber
Treibername AdobePS DesignJet 5500PS (v5.02)
Treiberpfad C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
HP DeskJet 500
Share Name HPDeskJe
Druckeranschluss LPT1:
Druckprozessor WinPrint
Verfügbarkeit Immer
Priorität 1
Duplexdruck None
Druckqualität 300 * 300 dpi Schwarz-Weiß
Status Unbekannt
Treiber
Treibername HP DeskJet 500 (v5.00)
Treiberpfad C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
HP LaserJet 6P/6MP PostScript (Standarddrucker)
Share Name HPLaserJ
Druckeranschluss LPT1:
Druckprozessor HPPRN02
Verfügbarkeit Immer
Priorität 1
Duplexdruck None
Druckqualität 600 * 600 dpi Schwarz-Weiß
Status Unbekannt
Treiber
Treibername HP LaserJet 6P/6MP PostScript (v5.02)
Treiberpfad C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
Netzwerk
Sie sind mit dem Internet verbunden
Verbunden über Intel PRO/100 VE Network Connection - Paketplaner-Miniport
IP Adresse 134.169.44.172
Subnetzmaske 255.255.255.0
Gateway Server 134.169.44.254
Bevorzugter DNS Server 134.169.9.152
Alternativ DNS Server 134.169.9.151
Alternativ DNS Server 134.169.9.150
DHCP Aktiviert
DHCP Server 134.169.9.93
externe IP Adresse 134.169.44.172
Adapter Typ Ethernet
NetBIOS über TCP/IP Via DHCP aktiviert
NETBIOS Knoten Typ Hybrid Knoten
Verbindungsgeschwindigkeit 0 Bps
Computer Name
NetBIOS Name AKS23
DNS Name aks23.org-chem.nat.tu-bs.de
Membership Part of workgroup
Workgroup AK-SCHULZ
Remotedesktopverbindung
Deaktiviert
Console
Status Aktiv
Domain AKS23
WinInet Info
LAN-Verbindung
Das System nutzt ein lokales Netzwerk zur Verbindung ins Internet
Das System nutzt RAS zur Verbindung ins Internet
Wi-Fi Info
Wi-Fi nicht vorhanden
WinHTTPInfo
WinHTTPSessionProxyType Kein Proxy
Session Proxy
Session Proxy Bypass
Verbindungsversuche 5
Verbindungs-Timeout 60.000
HTTP Version HTTP 1.1
Max Verbindungen pro 1.0 Server UNBEGRENZT
Max Verbindungen pro Server UNBEGRENZT
Max HTTP automatic redirects 10
Max HTTP status continue 10
Sende Timeout 30.000
IEProxy Autoerkennung Nein
IEProxy automatische Einstellung
IEProxy
IEProxy Bypass
Standard Proxy Konfigurations Zugriffs-Typ Kein Proxy
Standard Config Proxy
Standard Config Proxy Bypass
Sharing und Discovery
File and printer sharing service Aktiviert
Simple File Sharing Deaktiviert
Administrative Shares Deaktiviert
Netzwerkzugriff: Modell für gemeinsame Nutzung und Sicherheitsmodell für lokale Konten Klassisch - lokale Benutzer authentifizieren sich als sie selbst
Adapter-Liste
Intel® PRO/100 VE Network Connection - Paketplaner-Miniport
IP Adresse 134.169.44.172
Subnetzmaske 255.255.255.0
Gateway Server 134.169.44.254
Netzwerkfreigaben
HPLaserJ HP LaserJet 6P/6MP PostScript,LocalsplOnly
HPDeskJe HP DeskJet 500,LocalsplOnly
Aktuelle TCP-Verbindungen
C:\PROGRA~1\xpoint\EEClient\xpclient.exe (2228)
Lokal 0.0.0.0:7777 LISTEN
C:\PROGRA~1\xpoint\SAS\jre\bin\javaw.exe (2736)
Lokal 0.0.0.0:8201 LISTEN
Lokal 0.0.0.0:8500 LISTEN
Lokal 0.0.0.0:8200 LISTEN
Lokal 0.0.0.0:2001 LISTEN
C:\PROGRA~1\xpoint\xpadmin\xpadmin.exe (948)
Lokal 0.0.0.0:8886 LISTEN
C:\Programme\AVAST Software\Avast\AvastSvc.exe (1624)
Lokal 127.0.0.1:12025 LISTEN
Lokal 134.169.44.172:1025 ESTABLISHED Remote 77.234.41.52:80 (Abfragen... ) (HTTP)
Lokal 127.0.0.1:12110 LISTEN
Lokal 127.0.0.1:12119 LISTEN
Lokal 127.0.0.1:12143 LISTEN
Lokal 127.0.0.1:12993 LISTEN
Lokal 127.0.0.1:12465 LISTEN
Lokal 127.0.0.1:12563 LISTEN
Lokal 127.0.0.1:12995 LISTEN
Lokal 127.0.0.1:27275 LISTEN
Lokal 127.0.0.1:12080 LISTEN
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (1644)
Lokal 127.0.0.1:62514 LISTEN
C:\Programme\Mozilla Firefox\firefox.exe (3896)
Lokal 127.0.0.1:1085 ESTABLISHED Remote 127.0.0.1:1086 (Abfragen... )
Lokal 127.0.0.1:1086 ESTABLISHED Remote 127.0.0.1:1085 (Abfragen... )
C:\WINDOWS\System32\alg.exe (2100)
Lokal 127.0.0.1:1036 LISTEN
System Process
Lokal 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:1720 (Abfragen... )
Lokal 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:1719 (Abfragen... )
Lokal 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:1717 (Abfragen... )
Lokal 134.169.44.172:1703 TIME-WAIT Remote 108.171.164.205:80 (Abfragen... ) (HTTP)
Lokal 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:1713 (Abfragen... )
Lokal 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:1712 (Abfragen... )
Lokal 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:1716 (Abfragen... )
Lokal 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:1715 (Abfragen... )
Lokal 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:1704 (Abfragen... )
Lokal 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:1714 (Abfragen... )
Lokal 134.169.44.172:1507 TIME-WAIT Remote 69.171.224.42:80 (Abfragen... ) (HTTP)
Lokal 134.169.44.172:1490 TIME-WAIT Remote 173.194.69.113:80 (Abfragen... ) (HTTP)
Lokal 134.169.44.172:1497 TIME-WAIT Remote 54.240.184.2:80 (Abfragen... ) (HTTP)
Lokal 134.169.44.172:1501 TIME-WAIT Remote 173.194.69.157:80 (Abfragen... ) (HTTP)
Lokal 134.169.44.172:1519 TIME-WAIT Remote 23.63.127.144:80 (Abfragen... ) (HTTP)
Lokal 134.169.44.172:1527 TIME-WAIT Remote 173.194.69.157:80 (Abfragen... ) (HTTP)
Lokal 134.169.44.172:1530 TIME-WAIT Remote 173.194.69.155:80 (Abfragen... ) (HTTP)
Lokal 134.169.44.172:1553 TIME-WAIT Remote 212.201.100.144:80 (Abfragen... ) (HTTP)
System Process
Lokal 0.0.0.0:445 (Windows shares) LISTEN
Lokal 134.169.44.172:139 (NetBIOS session service) LISTEN
svchost.exe (780)
Lokal 0.0.0.0:135 (DCE) LISTEN

Process Explorer

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 99.00 0 K 16 K
procexp.exe 2536 1.00 23.316 K 28.932 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
Xpclient.exe 2228 1.540 K 2.240 K Uptime Xpoint Technologies (Unable to verify) Xpoint Technologies
xpadmin.exe 948 800 K 1.068 K (Unable to verify) (null)
wmiprvse.exe 1044 1.900 K 3.628 K WMI Microsoft Corporation (Unable to verify) Microsoft Corporation
winlogon.exe 132 6.736 K 1.480 K Windows NT-Anmeldung Microsoft Corporation (Unable to verify) Microsoft Corporation
UIExec.exe 2760 688 K 1.168 K (Verified) ZTE CORPORATION
System 4 0 K 120 K
SynTPLpr.exe 2204 796 K 772 K TouchPad Driver Helper Application Synaptics, Inc. (Unable to verify) Synaptics, Inc.
SynTPEnh.exe 2500 1.716 K 2.628 K Synaptics TouchPad Enhancements Synaptics, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 668 2.960 K 2.448 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 780 1.788 K 2.800 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 924 13.996 K 13.580 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1080 1.344 K 2.344 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1352 1.140 K 1.204 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1260 2.616 K 1.516 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 1724 3.628 K 3.468 K Spooler SubSystem App Microsoft Corporation (Unable to verify) Microsoft Corporation
smss.exe 1812 172 K 192 K Windows NT-Sitzungs-Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 248 4.376 K 2.896 K Anwendung für Dienste und Controller Microsoft Corporation (Unable to verify) Microsoft Corporation
RegSrvc.exe 1168 1.232 K 1.624 K RegSrvc Module Intel Corporation (Unable to verify) Intel Corporation
QCONSVC.EXE 1120 1.096 K 1.328 K (Unable to verify) (null)
plugin-container.exe 3792 22.520 K 17.216 K Plugin Container for Firefox Mozilla Corporation (Verified) Mozilla Corporation
oldmcdonald.exe 1148 8.056 K 1.440 K Old McDonald Old McDonald's Farm (Unable to verify) Old McDonald's Farm
NMSAccessU.exe 908 688 K 1.116 K (Verified) Numedia Soft
lsass.exe 176 3.736 K 1.252 K LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Publisher
javaw.exe 2736 10.960 K 9.416 K (Unable to verify) (null)
ibmpmsvc.exe 496 352 K 496 K (Verified) Microsoft Windows Hardware Compatibility Publisher
firefox.exe 3896 183.488 K 165.336 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
explorer.exe 4004 8.636 K 5.576 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
cvpnd.exe 1644 4.220 K 3.148 K Cisco Systems VPN Client Cisco Systems, Inc. (Verified) Cisco Systems
csrss.exe 2004 1.692 K 2.692 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
cmd.exe 2648 2.192 K 1.368 K Windows-Befehlsprozessor Microsoft Corporation (Unable to verify) Microsoft Corporation
billy.exe 3744 6.372 K 1.152 K Billy The Goat Old McDonald's Farm (Unable to verify) Old McDonald's Farm
AvastUI.exe 2616 4.980 K 1.720 K avast! Antivirus AVAST Software (Verified) AVAST Software
AvastSvc.exe 1624 16.652 K 1.244 K avast! Service AVAST Software (Verified) AVAST Software
ati2evxx.exe 1572 608 K 1.320 K ATI External Event Utility EXE Module ATI Technologies Inc. (Unable to verify) ATI Technologies Inc.
AssistantServices.exe 1836 984 K 1.300 K (Verified) ZTE CORPORATION
alg.exe 2100 1.320 K 2.012 K Application Layer Gateway Service Microsoft Corporation (Unable to verify) Microsoft Corporation
  • 0

#9
RKinner
Posted 05 February 2013 - 11:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK. You can uninstall Speccy now. We don't need it any more. I wanted to see what temperature we had and what CPU. (SP3 has a problem with AMD and requires an extra patch first but you have Intel so no problem there.)

Sometimes Combofix and DDS will not run because of a problem on the hard drive.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check,

Reboot.

The disk check will run and will probably take an hour or more to finish.





If we can't get Combofix or DDS to run let's try Autoruns.

from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program. Once it finishes scanning File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.

Process Explorer doesn't show anything running that should not be. It should be relatively quick responding. I do see from Speccy that you only have 512 MB. Once we get SP3 installed the boot time will be much longer but it should run OK once it boots. I usually like to see 1 GB as a minimum for SP3.

Let's see if we can get it to install SP3. First go to:

http://wiki.lunarsof...wiki/Dial-a-fix

The warning only applies if you have folder called c:\Documents which most people do not have.

Download and save the file then right click and Extract All.

Run Dial-a-fix.exe

First click on Flush SoftwareDistribution under WU/WUAU. It will ask you if you want to keep your history. I would say no.

Then check the boxes by MSI and also by WU/WUAU. Then click on GO.

Close Dial-A-Fix.

Download SP3 from:


http://www.microsoft...ails.aspx?id=24 You probably want to change the language before downloading.

Does SP3 install?
  • 0

#10
Phom
Posted 06 February 2013 - 07:50 AM

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
The autoruns file is attached.

The fix worked and asked for permission to change access restrictions which I allowed. I ran autofix again, now without problems.

SP3 installation failed. It ran halfway through and stopped while trying to copy a file beethov...wm_. I could skip this point, but the next stop was at a beethoven(Scherzo) wma file. I could not skip; the only possibility was to cancel installation at that point.
  • 0

Advertisements

#11
RKinner
Posted 06 February 2013 - 01:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
This is a known problem. See if this helps:


open Windows Explorer and go to C:\Documents and Settings\All
Users\Documents, then right-click on Documents and bring up Properties, then
the Sharing tab. Check the box "Allow Network Users to Change My Files".
Retry SP3.
  • 0

#12
Phom
Posted 07 February 2013 - 01:24 AM

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I probably forgot to attach the autoruns file. Here it is again.Attached File  AutoRuns.zip   48.16KB   95 downloads
  • 0

#13
Phom
Posted 07 February 2013 - 08:16 AM

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Now SP3 was successfully installed. Shall I uncheck the Checkbox "Allow Network Users to Change My Files" now?
  • 0

#14
RKinner
Posted 07 February 2013 - 10:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
There are a lot of updates after SP3 so make sure you get them too.

I don't really know what to tell you about Network Users. I guess you should uncheck it since that is the way it was.

Looking at your Autoruns:

kbeepm c:\dokumente und einstellungen\leonard\lokale einstellungen\temp\kbeepm.sys

is probably some game's copy protection. I'm pretty sure you can uncheck it tho the game will probably reinstall it.


GEARAspiWDM File not found: System32\Drivers\GEARAspiWDM.sys Can be unchecked as it appears to be truly gone.


Also:
JQSIEStartDetectorImpl Class File not found: C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

USBAAPL File not found: System32\Drivers\usbaapl.sys
catchme File not found: C:\DOKUME~1\Stefan\LOKALE~1\Temp\catchme.sys

The rest of the File Not Founds are found in all autoruns logs these days and the recommendation is just to ignore them.

File not found: C:\WINDOWS\System32\Drivers\Changer.sys
File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
File not found: C:\WINDOWS\System32\Drivers\WDICA.sys



I don't see any reason why dds or combofix wouldn't run unless it was kbeepm.sys. You might try dds after unchecking kbeepm.sys, closing autoruns and rebooting. Sometimes Combofix and DDS are sensitive to hard drive errors but if disk check runs OK then I think we will give up on them.
  • 0

#15
Phom
Posted 07 February 2013 - 11:22 AM

Phom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I just have to leave until tomorrow, but I will do the changes you suggested. After installing SP3 I try to run Automatic updates again, but it failed again. First a new installer was downloaded, but then the website said again it could not do any update. Maybe I should try again with the Network set as in SP3 installation?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP