Windows XP rundll Meldung (wlsidten.dell und wpbt0.dll) nach (erfolglosem?) Clean

OTL logfile created on: 10.01.2013 11:22:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gerhard\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

446,48 Mb Total Physical Memory | 78,13 Mb Available Physical Memory | 17,50% Memory free
1,03 Gb Paging File | 0,77 Gb Available in Paging File | 74,52% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 137,79 Gb Free Space | 92,44% Space Free | Partition Type: NTFS
Drive I: | 966,00 Mb Total Space | 956,20 Mb Free Space | 98,99% Space Free | Partition Type: FAT

Computer Name: NAME-4A57956FD8 | User Name: Gerhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Gerhard\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Programme\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Programme\CyberLink\Power2Go\P2GRC.dll ()
MOD - C:\Programme\CyberLink\Shared Files\richvideops.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (LVPrcSrv) -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (rtl8139) -- system32\DRIVERS\RTL8139.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NTGUARD) -- C:\Programme\aon\aonVirenchecker\GuardNT\NTGUARD.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (hgvux) -- C:\WINDOWS\SYSTEM32\DRIVERS\hgvux.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOKUME~1\Gerhard\LOKALE~1\Temp\catchme.sys File not found
DRV - (6f32c144c993950a) -- C:\WINDOWS\System32\Drivers\6f32c144c993950a.sys File not found
DRV - (27b21) -- C:\WINDOWS\system32\drivers\27b21.sys File not found
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )


========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=6E3484F8-3328-4E1E-BBD7-AA01B0CD8C23&apn_sauid=526A1718-2622-462F-9DC0-01C482D54091
IE - HKCU\..\SearchScopes\{DA149A94-79E3-4F64-9F82-F8EB0222B17F}: URL = http://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()



O1 HOSTS File: ([2013.01.09 16:54:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Power2GoExpress] C:\Programme\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\auto-bit.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBAD44F-3346-43CD-88B0-7CD1F7B89EDD}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\proworx.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\proworx.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.02.19 06:53:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = ComFile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.10 11:21:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gerhard\Desktop\OTL.exe
[2013.01.10 10:25:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.01.10 09:57:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.09 16:13:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.09 16:13:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.09 16:13:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.09 16:13:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.09 16:12:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.09 16:11:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Verwaltung
[2013.01.09 16:11:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.09 16:11:06 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Gerhard\Desktop\ComboFix.exe
[2013.01.09 15:45:07 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Gerhard\Recent
[2013.01.09 12:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013.01.09 10:05:59 | 000,000,000 | ---D | C] -- C:\Firefox
[2013.01.09 10:05:57 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2013.01.09 10:05:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2013.01.09 10:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2013.01.09 09:43:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013.01.08 15:43:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2013.01.08 15:43:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2013.01.08 15:33:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013.01.08 15:24:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013.01.08 14:28:27 | 000,000,000 | ---D | C] -- C:\found.000
[2012.11.02 17:07:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.10 11:21:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.01.10 11:20:25 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard\Desktop\Microsoft Office Excel 2003.lnk
[2013.01.10 11:15:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gerhard\Desktop\OTL.exe
[2013.01.10 10:41:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.10 10:40:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.10 10:40:56 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 09:57:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.01.10 08:50:17 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2013.01.09 16:54:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 16:08:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.09 15:50:05 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.09 15:26:52 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Gerhard\Desktop\ComboFix.exe
[2013.01.09 09:45:05 | 000,321,930 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 09:45:05 | 000,315,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 09:45:05 | 000,050,062 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 09:45:05 | 000,041,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 09:44:35 | 000,001,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\ctfmon.lnk
[2013.01.09 09:44:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013.01.08 15:38:12 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2013.01.08 15:27:02 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.09 16:24:51 | 000,000,327 | ---- | C] () -- C:\Boot.bak
[2013.01.09 16:24:49 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.09 16:13:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.09 16:13:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.09 16:13:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.09 16:13:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.09 16:13:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.09 15:50:05 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.09 10:06:24 | 000,000,230 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.01.09 09:44:12 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Outlook Express.lnk
[2012.07.27 19:15:40 | 000,046,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\dd0488b637655f39.sys
[2012.06.20 16:04:34 | 000,000,334 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2011.10.16 21:07:05 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007.02.05 15:04:38 | 000,012,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.05.05 16:09:33 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
= %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
ThreadingModel = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
= %systemroot%\system32\wbem\fastprox.dll -- [2008.04.14 03:22:10 | 000,472,064 | ---- | M] (Microsoft Corporation)
ThreadingModel = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
= %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
ThreadingModel = Both

< End of report >

OTL Extras logfile created on: 10.01.2013 11:22:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gerhard\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

446,48 Mb Total Physical Memory | 78,13 Mb Available Physical Memory | 17,50% Memory free
1,03 Gb Paging File | 0,77 Gb Available in Paging File | 74,52% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 137,79 Gb Free Space | 92,44% Space Free | Partition Type: NTFS
Drive I: | 966,00 Mb Total Space | 956,20 Mb Free Space | 98,99% Space Free | Partition Type: FAT

Computer Name: NAME-4A57956FD8 | User Name: Gerhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- %1 %*
cmdfile [open] -- %1 %*
comfile [open] -- %1 %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- %1 %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- %1 %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- %1 /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1
UpdatesDisableNotify = 0
AntiVirusOverride = 0
FirewallOverride = 0
AntiVirusDisableNotify = 0
FirewallDisableNotify = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
DisableSR = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
Start = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
Start = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall = 1
DoNotAllowExceptions = 0
DisableNotifications = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
1900:UDP = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
2869:TCP = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
139:TCP = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
445:TCP = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
137:UDP = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
138:UDP = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
11189:UDP = 11189:UDP:*:Enabled:UDP 11189
23584:TCP = 23584:TCP:*:Enabled:TCP 23584

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
C:\Programme\Skype\Plugin Manager\skypePM.exe = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
C:\Programme\Skype\Phone\Skype.exe = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
C:\Programme\Bonjour\mDNSResponder.exe = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabledienst Bonjour -- (Apple Inc.)
C:\Programme\iTunes\iTunes.exe = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
C:\Programme\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe = C:\Programme\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:*:Enabled:Highspeed-Internet-Installation -- (mquadr.at software engineering & consulting GmbH - Web: http://www.mquadr.at - Mail: [email protected])


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{089DD780-DB3F-4CDB-A0C2-111360247298} = PC Connectivity Solution
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} = ATI Control Panel
{1B9B5B3B-28E7-4E59-A80D-D670AA984514} = Nokia Connectivity Cable Driver
{1ED31028-6D65-4CFD-AD03-8E484A052FE7} = aonUpdate
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} = DVD Solution
{20749F76-4228-43AD-8AB5-E7B20D8040C4} = hph_readme
{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E} = Nokia PC Suite
{2376813B-2E5A-4641-B7B3-A0D5ADB55229} = HPPhotoSmartExpress
{2A981294-F14C-4F0F-9627-D793270922F8} = Bonjour
{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3} = HP Update
{308B6AEA-DE50-4666-996D-0FA461719D6B} = Apple Mobile Device Support
{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227} = WebFldrs XP
{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1} = hph_software
{40BF1E83-20EB-11D8-97C5-0009C5020658} = Power2Go 4.0
{45B8A76B-57EC-4242-B019-066400CD8428} = BufferChm
{4767A89A-F6A5-41B1-903C-734483739882} = Highspeed-Internet-Installation
{4EA684E9-5C81-4033-A696-3019EC57AC3A} = HPProductAssistant
{57752979-A1C9-4C02-856B-FBB27AC4E02C} = QuickTime
{66910000-8B30-4973-A159-6371345AFFA5} = WebReg
{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} = eSupportQFolder
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} = PowerDVD
{6909F917-5499-482e-9AA1-FAD06A99F231} = Toolbox
{6994491D-D491-48F1-AE1F-E179C1FFFC2F} = HP Photosmart Essential
{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8} = aonFTP
{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} = MSVC80_x86_v2
{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15} = CustomerResearchQFolder
{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89} = LightScribe 1.4.56.1
{8331C3EA-0C91-43AA-A4D4-27221C631139} = Status
{868F24EB-5CA7-4285-B39B-3617CF37462A} = D2300_Help
{86D4B82A-ABED-442A-BE86-96357B70F4FE} = Ask Toolbar
{881F5DE8-9367-4B81-A325-E91BBC6472F9} = iTunes
{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05} = Unload
{8E2EC824-DC8B-45CD-A839-58FA00EA5953} = Digimax S500
{90110407-6000-11D3-8CFE-0150048383C9} = Microsoft Office Professional Edition 2003
{904B64C4-49D8-4941-A2B6-D13D06C5CD8B} = Controller
{94FB906A-CF42-4128-A509-D353026A607E} = REALTEK Gigabit and Fast Ethernet NIC Driver
{AB5D51AE-EBC3-438D-872C-705C7C2084B0} = DeviceManagementQFolder
{AC76BA86-7AD7-1031-7B44-A70900000002} = Adobe Reader 7.0.9 - Deutsch
{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75} = hph_ProductContext
{AEC0CEBC-0FC7-4716-8222-1C4A742719B1} = Digimax Master
{B19F9155-9337-4807-B5EF-ED471DDB2CCE} = hph_software_req
{B7A0CE06-068E-11D6-97FD-0050BACBF861} = PowerProducer
{C191BE7C-8542-4A61-973A-714EF76C5995} = Logitech QuickCam-Software
{C41300B9-185D-475E-BFEC-39EF732F19B1} = Apple Software Update
{C59C179C-668D-49A9-B6EA-0121CCFC1243} = LabelPrint 1.0
{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476} = SolutionCenter
{D103C4BA-F905-437A-8049-DB24763BBE36} = Skype™ 4.2
{D297A783-A680-4FDB-8882-913EBA36ABC5} = D2300
{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E} = HP Photosmart and Deskjet 7.0 Software (deu)
{D36DD326-7280-11D8-97C8-000129760CBE} = PhotoNow! 1.0
{D5A9B7C0-8751-11D8-9D75-000129760D75} = MediaShow 3.0
{DBC20735-34E6-4E97-A9E5-2066B66B243D} = TrayApp
{E1B80DEE-A795-4258-8445-074C06AE3AB8} = MarketResearch
{EDE721EC-870A-11D8-9D75-000129760D75} = PowerDirector Express
{EE6097DD-05F4-4178-9719-D3170BF098E8} = Apple Application Support
{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
{FB08F381-6533-4108-B7DD-039E11FBC27E} = Realtek AC'97 Audio
34EA302E7F4CBD17A19E33BBCB72363234956D7E = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
504244733D18C8F63FF584AEB290E3904E791693 = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
All ATI Software = ATI - Software Uninstall Utility
aonFTP = aonFTP
aonUpdate = aonUpdate
ATI Display Driver = ATI Display Driver
CCleaner = CCleaner
Controller = Controller
EEEE705096F837B7907659F100C9FE6DA001970F = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
Highspeed-Internet-Installation = Highspeed-Internet-Installation
HP Imaging Device Functions = HP Imaging Device Functions 7.0
HP Solution Center & Imaging Support Tools = HP Solution Center 7.0
HPExtendedCapabilities = HP Customer Participation Program 7.0
IDNMitigationAPIs = Microsoft Internationalized Domain Names Mitigation APIs
ie7 = Windows Internet Explorer 7
NLSDownlevelMapping = Microsoft National Language Support Downlevel APIs
QcDrv = Logitech® Camera-Treiber
Wdf01009 = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Windows Media Format Runtime = Windows Media Format 11 runtime
Windows Media Player = Windows Media Player 11
Windows XP Service Pack = Windows XP Service Pack 3
WMFDist11 = Windows Media Format 11 runtime
wmp11 = Windows Media Player 11
Wudf01009 = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{79A765E1-C399-405B-85AF-466F52E918B0} = Ask Toolbar Updater
OnlineFestplatte = aon Online Festplatte (entfernen)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07.11.2012 17:11:35 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 11.11.2012 16:19:58 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 16.11.2012 17:21:48 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 18.11.2012 16:43:58 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 25.11.2012 15:48:33 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 25.11.2012 17:02:54 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 13.12.2012 11:49:38 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 13.12.2012 11:51:12 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 13.12.2012 11:51:15 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 13.12.2012 12:28:53 | Computer Name = NAME-4A57956FD8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 09.01.2013 11:11:51 | Computer Name = NAME-4A57956FD8 | Source = Service Control Manager | ID = 7034
Description = Dienst Logitech Process Monitor wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error - 09.01.2013 11:56:21 | Computer Name = NAME-4A57956FD8 | Source = Service Control Manager | ID = 7000
Description = Der Dienst hgvux wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 09.01.2013 12:03:22 | Computer Name = NAME-4A57956FD8 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler %1053 aufgetreten, als der Dienst ServiceLayer
mit den Argumenten gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 09.01.2013 12:03:22 | Computer Name = NAME-4A57956FD8 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst ServiceLayer.

Error - 09.01.2013 12:03:22 | Computer Name = NAME-4A57956FD8 | Source = Service Control Manager | ID = 7000
Description = Der Dienst ServiceLayer wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error - 10.01.2013 03:45:52 | Computer Name = NAME-4A57956FD8 | Source = Service Control Manager | ID = 7000
Description = Der Dienst hgvux wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 10.01.2013 03:47:20 | Computer Name = NAME-4A57956FD8 | Source = Service Control Manager | ID = 7034
Description = Dienst Logitech Process Monitor wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error - 10.01.2013 04:28:13 | Computer Name = NAME-4A57956FD8 | Source = Service Control Manager | ID = 7000
Description = Der Dienst hgvux wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 10.01.2013 04:54:56 | Computer Name = NAME-4A57956FD8 | Source = Service Control Manager | ID = 7034
Description = Dienst Logitech Process Monitor wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error - 10.01.2013 05:41:01 | Computer Name = NAME-4A57956FD8 | Source = Service Control Manager | ID = 7000
Description = Der Dienst hgvux wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


< End of report >

ComboFix 13-01-08.01 - Gerhard 09.01.2013 16:46:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.43.1031.18.446.17 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Gerhard\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Gerhard\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\0tbpw.pad
c:\dokumente und einstellungen\All Users\Anwendungsdaten\ISx41.tmp
c:\dokumente und einstellungen\All Users\Anwendungsdaten\netdislw.pad
c:\dokumente und einstellungen\Gerhard\Anwendungsdaten\Adobe\plugs
c:\dokumente und einstellungen\Gerhard\s8kxmrxc7d.exe
C:\Recycle.Bin
c:\windows\system32\kock
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\UAs
c:\windows\system32\UAs\iexplore.exe_UAs001.dat
c:\windows\system32\UAs\msimn.exe_UAs001.dat
c:\windows\system32\xmldm
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-09 bis 2013-01-09 ))))))))))))))))))))))))))))))
.
.
2013-01-09 11:06 . 2013-01-09 11:41 -------- d-----w- c:\windows\system32\NtmsData
2013-01-09 09:12 . 2013-01-09 09:12 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Anwendungsdaten\Avira
2013-01-09 09:05 . 2013-01-09 09:05 -------- d-----w- C:\Firefox
2013-01-09 09:05 . 2013-01-09 09:06 -------- d-----w- c:\programme\Ask.com
2013-01-09 09:05 . 2013-01-09 09:06 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\AskToolbar
2013-01-09 09:05 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-09 09:05 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-09 09:05 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-09 09:05 . 2013-01-09 09:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2013-01-09 09:05 . 2013-01-09 09:05 -------- d-----w- c:\programme\Avira
2013-01-08 14:43 . 2013-01-08 14:43 -------- d-----w- c:\windows\system32\de
2013-01-08 14:43 . 2013-01-08 14:43 -------- d-----w- c:\windows\system32\bits
2013-01-08 14:24 . 2001-08-18 03:22 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-01-08 14:24 . 2001-08-18 03:22 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-01-08 13:28 . 2013-01-08 13:28 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 16:07 . 2012-11-02 16:07 33792 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\lsass.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{00000000-6E41-4FD3-8538-502F5495E5FC}= c:\programme\Ask.com\GenericAskToolbar.dll [2012-08-22 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Power2GoExpress=c:\programme\CyberLink\Power2Go\Power2GoExpress.exe [2005-08-16 2031711]
Skype=c:\programme\Skype\\Phone\Skype.exe [2010-04-06 26102056]
updateMgr=c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
PC Suite Tray=c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA=c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]
RemoteControl=c:\programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
HP Software Update=c:\programme\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]
LVCOMSX=c:\windows\system32\LVCOMSX.EXE [2005-12-09 225280]
LogitechCameraAssistant=c:\programme\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
LogitechVideo[inspector]=c:\programme\Logitech\Video\InstallHelper.exe [2005-12-07 09:33 73728]
LogitechCameraService(E)=c:\windows\system32\ElkCtrl.exe [2004-11-01 262144]
SoundMan=SOUNDMAN.EXE [2004-11-16 77824]
QuickTime Task=c:\programme\QuickTime\qttask.exe [2010-11-29 421888]
iTunesHelper=c:\programme\iTunes\iTunesHelper.exe [2010-12-13 421160]
ApnUpdater=c:\programme\Ask.com\Updater\Updater.exe [2012-08-22 1573584]
avgnt=c:\programme\Avira\AntiVir Desktop\avgnt.exe [2012-12-04 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=c:\windows\system32\CTFMON.EXE [2008-04-14 15360]
.
c:\dokumente und einstellungen\Gerhard\Startmenü\Programme\Autostart\
ctfmon.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33792]
runctf.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33792]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
auto-bit.lnk - c:\sysprep\bit\bit.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\appconf32.exe,
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
%windir%\\system32\\sessmgr.exe=
%windir%\\Network Diagnostic\\xpnetdiag.exe=
c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe=
c:\\Programme\\Skype\\Phone\\Skype.exe=
c:\\Programme\\Bonjour\\mDNSResponder.exe=
c:\\Programme\\iTunes\\iTunes.exe=
c:\\Programme\\Telekom Austria\\Breitband-Internet-Installation\\fixnet installer\\Installer.exe=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
11189:UDP= 11189:UDP:UDP 11189
23584:TCP= 23584:TCP:TCP 23584
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09.01.2013 10:05 36552]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [09.01.2013 10:05 85280]
R2 AntiVirWebService;Avira Browser-Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [09.01.2013 10:05 565024]
S0 6f32c144c993950a;s8kxmrxc7d.exe;\SystemRoot\\SystemRoot\System32\Drivers\6f32c144c993950a.sys --> \SystemRoot\\SystemRoot\System32\Drivers\6f32c144c993950a.sys [?]
S1 27b21;s8kxmrxc7d.exe;\??\c:\windows\system32\drivers\27b21.sys --> c:\windows\system32\drivers\27b21.sys [?]
S2 hgvux;hgvux;\??\c:\windows\SYSTEM32\DRIVERS\hgvux.sys --> c:\windows\SYSTEM32\DRIVERS\hgvux.sys [?]
S3 NTGUARD;NTGUARD;\??\c:\programme\aon\aonVirenchecker\GuardNT\NTGUARD.SYS --> c:\programme\aon\aonVirenchecker\GuardNT\NTGUARD.SYS [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des geplante Tasks Ordners
.
2013-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2013-01-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2012-08-22 15:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-s8kxmrxc7d - c:\dokumente und einstellungen\Gerhard\s8kxmrxc7d.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\programme\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-Nokia PC Suite - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ger_web[1].exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 16:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - >->winlogon.exe'(508)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - >->lsass.exe'(564)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - >->explorer.exe'(4520)
c:\programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\programme\iPod\bin\iPodService.exe
c:\programme\Skype\Phone\Skype.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\PC Connectivity Solution\ServiceLayer.exe
c:\programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-09 17:08:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-09 16:08
.
Vor Suchlauf: 15 Verzeichnis(se), 147.521.544.192 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 147.445.444.608 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=Microsoft Windows Recovery Console /cmdcons
UnsupportedDebug=do not select this /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=Microsoft Windows XP Home Edition /noexecute=optin /fastdetect
.
- - End Of File - - 0558DCA61DE73CE01ACC708D7446A3B7

# AdwCleaner v2.105 - Datei am 15/01/2013 um 15:12:54 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Gerhard - NAME-4A57956FD8
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Gerhard\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.17055

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1442 octets] - [15/01/2013 15:12:22]
AdwCleaner[S1].txt - [1213 octets] - [15/01/2013 15:12:54]

########## EOF - C:\AdwCleaner[S1].txt - [1273 octets] ##########

# AdwCleaner v2.105 - Datei am 15/01/2013 um 15:12:22 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Gerhard - NAME-4A57956FD8
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Gerhard\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKU\S-1-5-21-3235886779-2282215539-1608039641-1005\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.17055

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1313 octets] - [15/01/2013 15:12:22]

########## EOF - C:\AdwCleaner[R1].txt - [1373 octets] ##########

ComboFix 13-01-15.02 - Gerhard 15.01.2013 15:46:21.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.43.1031.18.446.12 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Gerhard\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-15 bis 2013-01-15 ))))))))))))))))))))))))))))))
.
.
2013-01-10 18:52 . 2013-01-10 18:52 0 ----a-w- c:\windows\ativpsrm.bin
2013-01-10 18:50 . 2008-12-01 13:35 593920 ------w- c:\windows\system32\ati2sgag.exe
2013-01-10 18:49 . 2013-01-10 18:49 -------- d-----w- c:\programme\ATI
2013-01-10 16:29 . 2008-04-14 02:23 9728 ----a-w- c:\windows\system32\ativdaxx.ax
2013-01-10 16:29 . 2008-04-14 02:23 23040 ----a-w- c:\windows\system32\ativmvxx.ax
2013-01-10 16:29 . 2008-04-14 02:22 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2013-01-10 16:29 . 2008-04-14 02:22 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2013-01-10 16:29 . 2008-04-14 02:22 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2013-01-10 16:29 . 2008-04-14 02:22 870784 ----a-w- c:\windows\system32\ati3d1ag.dll
2013-01-10 16:29 . 2008-04-14 02:22 377984 -c--a-w- c:\windows\system32\dllcache\ati2dvaa.dll
2013-01-10 16:29 . 2008-04-14 02:22 377984 ----a-w- c:\windows\system32\ati2dvaa.dll
2013-01-09 11:06 . 2013-01-09 11:41 -------- d-----w- c:\windows\system32\NtmsData
2013-01-09 09:05 . 2013-01-10 07:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2013-01-08 14:43 . 2013-01-08 14:43 -------- d-----w- c:\windows\system32\de
2013-01-08 14:43 . 2013-01-08 14:43 -------- d-----w- c:\windows\system32\bits
2013-01-08 14:24 . 2001-08-18 03:22 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-01-08 14:24 . 2001-08-18 03:22 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-01-08 13:28 . 2013-01-08 13:28 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 16:07 . 2012-11-02 16:07 33792 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\lsass.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Power2GoExpress=c:\programme\CyberLink\Power2Go\Power2GoExpress.exe [2005-08-16 2031711]
Skype=c:\programme\Skype\\Phone\Skype.exe [2010-04-06 26102056]
updateMgr=c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
PC Suite Tray=c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RemoteControl=c:\programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
HP Software Update=c:\programme\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]
LVCOMSX=c:\windows\system32\LVCOMSX.EXE [2005-12-09 225280]
LogitechCameraAssistant=c:\programme\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
LogitechVideo[inspector]=c:\programme\Logitech\Video\InstallHelper.exe [2005-12-07 09:33 73728]
LogitechCameraService(E)=c:\windows\system32\ElkCtrl.exe [2004-11-01 262144]
SoundMan=SOUNDMAN.EXE [2004-11-16 77824]
QuickTime Task=c:\programme\QuickTime\qttask.exe [2010-11-29 421888]
iTunesHelper=c:\programme\iTunes\iTunesHelper.exe [2010-12-13 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=c:\windows\system32\CTFMON.EXE [2008-04-14 15360]
.
c:\dokumente und einstellungen\Gerhard\Startmenü\Programme\Autostart\
ctfmon.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33792]
runctf.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33792]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
auto-bit.lnk - c:\sysprep\bit\bit.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
%windir%\\system32\\sessmgr.exe=
%windir%\\Network Diagnostic\\xpnetdiag.exe=
c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe=
c:\\Programme\\Skype\\Phone\\Skype.exe=
c:\\Programme\\Bonjour\\mDNSResponder.exe=
c:\\Programme\\iTunes\\iTunes.exe=
c:\\Programme\\Telekom Austria\\Breitband-Internet-Installation\\fixnet installer\\Installer.exe=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
11189:UDP= 11189:UDP:UDP 11189
23584:TCP= 23584:TCP:TCP 23584
.
S0 6f32c144c993950a;s8kxmrxc7d.exe;\SystemRoot\\SystemRoot\System32\Drivers\6f32c144c993950a.sys --> \SystemRoot\\SystemRoot\System32\Drivers\6f32c144c993950a.sys [?]
S1 27b21;s8kxmrxc7d.exe;\??\c:\windows\system32\drivers\27b21.sys --> c:\windows\system32\drivers\27b21.sys [?]
S2 hgvux;hgvux;\??\c:\windows\SYSTEM32\DRIVERS\hgvux.sys --> c:\windows\SYSTEM32\DRIVERS\hgvux.sys [?]
S3 NTGUARD;NTGUARD;\??\c:\programme\aon\aonVirenchecker\GuardNT\NTGUARD.SYS --> c:\programme\aon\aonVirenchecker\GuardNT\NTGUARD.SYS [?]
.
Inhalt des geplante Tasks Ordners
.
2013-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-15 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - >->winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - >->explorer.exe'(2724)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2013-01-15 15:56:23
ComboFix-quarantined-files.txt 2013-01-15 14:56
ComboFix2.txt 2013-01-10 09:25
ComboFix3.txt 2013-01-10 08:17
.
Vor Suchlauf: 17 Verzeichnis(se), 147.850.317.824 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 147.839.836.160 Bytes frei
.
- - End Of File - - 06DA1E69EF8AE9616907054C225D65EA

ComboFix 13-01-15.02 - Gerhard 16.01.2013 12:59:47.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.43.1031.18.446.6 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Gerhard\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Gerhard\Desktop\CFScript.txt
.
FILE ::
c:\dokumente und einstellungen\All Users\Anwendungsdaten\lsass.exe
c:\dokumente und einstellungen\Gerhard\Startmenü\Programme\Autostart\ctfmon.lnk
c:\dokumente und einstellungen\Gerhard\Startmenü\Programme\Autostart\runctf.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-16 bis 2013-01-16 ))))))))))))))))))))))))))))))
.
.
2013-01-10 18:52 . 2013-01-10 18:52 0 ----a-w- c:\windows\ativpsrm.bin
2013-01-10 18:50 . 2008-12-01 13:35 593920 ------w- c:\windows\system32\ati2sgag.exe
2013-01-10 18:49 . 2013-01-10 18:49 -------- d-----w- c:\programme\ATI
2013-01-10 16:29 . 2008-04-14 02:23 9728 ----a-w- c:\windows\system32\ativdaxx.ax
2013-01-10 16:29 . 2008-04-14 02:23 23040 ----a-w- c:\windows\system32\ativmvxx.ax
2013-01-10 16:29 . 2008-04-14 02:22 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2013-01-10 16:29 . 2008-04-14 02:22 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2013-01-10 16:29 . 2008-04-14 02:22 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2013-01-10 16:29 . 2008-04-14 02:22 870784 ----a-w- c:\windows\system32\ati3d1ag.dll
2013-01-10 16:29 . 2008-04-14 02:22 377984 -c--a-w- c:\windows\system32\dllcache\ati2dvaa.dll
2013-01-10 16:29 . 2008-04-14 02:22 377984 ----a-w- c:\windows\system32\ati2dvaa.dll
2013-01-09 11:06 . 2013-01-09 11:41 -------- d-----w- c:\windows\system32\NtmsData
2013-01-09 09:05 . 2013-01-10 07:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2013-01-08 14:43 . 2013-01-08 14:43 -------- d-----w- c:\windows\system32\de
2013-01-08 14:43 . 2013-01-08 14:43 -------- d-----w- c:\windows\system32\bits
2013-01-08 14:24 . 2001-08-18 03:22 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-01-08 14:24 . 2001-08-18 03:22 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-01-08 13:28 . 2013-01-08 13:28 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 16:07 . 2012-11-02 16:07 33792 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\lsass.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Power2GoExpress=c:\programme\CyberLink\Power2Go\Power2GoExpress.exe [2005-08-16 2031711]
Skype=c:\programme\Skype\\Phone\Skype.exe [2010-04-06 26102056]
updateMgr=c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
PC Suite Tray=c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RemoteControl=c:\programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
HP Software Update=c:\programme\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]
LVCOMSX=c:\windows\system32\LVCOMSX.EXE [2005-12-09 225280]
LogitechCameraAssistant=c:\programme\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
LogitechVideo[inspector]=c:\programme\Logitech\Video\InstallHelper.exe [2005-12-07 09:33 73728]
LogitechCameraService(E)=c:\windows\system32\ElkCtrl.exe [2004-11-01 262144]
SoundMan=SOUNDMAN.EXE [2004-11-16 77824]
QuickTime Task=c:\programme\QuickTime\qttask.exe [2010-11-29 421888]
iTunesHelper=c:\programme\iTunes\iTunesHelper.exe [2010-12-13 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=c:\windows\system32\CTFMON.EXE [2008-04-14 15360]
.
c:\dokumente und einstellungen\Gerhard\Startmenü\Programme\Autostart\
ctfmon.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33792]
runctf.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33792]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
auto-bit.lnk - c:\sysprep\bit\bit.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
%windir%\\system32\\sessmgr.exe=
%windir%\\Network Diagnostic\\xpnetdiag.exe=
c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe=
c:\\Programme\\Skype\\Phone\\Skype.exe=
c:\\Programme\\Bonjour\\mDNSResponder.exe=
c:\\Programme\\iTunes\\iTunes.exe=
c:\\Programme\\Telekom Austria\\Breitband-Internet-Installation\\fixnet installer\\Installer.exe=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
11189:UDP= 11189:UDP:UDP 11189
23584:TCP= 23584:TCP:TCP 23584
.
S0 6f32c144c993950a;s8kxmrxc7d.exe;\SystemRoot\\SystemRoot\System32\Drivers\6f32c144c993950a.sys --> \SystemRoot\\SystemRoot\System32\Drivers\6f32c144c993950a.sys [?]
S1 27b21;s8kxmrxc7d.exe;\??\c:\windows\system32\drivers\27b21.sys --> c:\windows\system32\drivers\27b21.sys [?]
S2 hgvux;hgvux;\??\c:\windows\SYSTEM32\DRIVERS\hgvux.sys --> c:\windows\SYSTEM32\DRIVERS\hgvux.sys [?]
S3 NTGUARD;NTGUARD;\??\c:\programme\aon\aonVirenchecker\GuardNT\NTGUARD.SYS --> c:\programme\aon\aonVirenchecker\GuardNT\NTGUARD.SYS [?]
.
Inhalt des geplante Tasks Ordners
.
2013-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-16 13:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - >->winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - >->explorer.exe'(1232)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2013-01-16 13:09:27
ComboFix-quarantined-files.txt 2013-01-16 12:09
ComboFix2.txt 2013-01-15 14:56
ComboFix3.txt 2013-01-10 09:25
ComboFix4.txt 2013-01-10 08:17
.
Vor Suchlauf: 17 Verzeichnis(se), 147.854.249.984 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 147.843.420.160 Bytes frei
.
- - End Of File - - 0319DF14AE8B082C12868A7C58ECFA88

OTL logfile created on: 17.01.2013 14:04:55 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gerhard\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

446,48 Mb Total Physical Memory | 224,50 Mb Available Physical Memory | 50,28% Memory free
1,03 Gb Paging File | 0,61 Gb Available in Paging File | 59,28% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 137,34 Gb Free Space | 92,14% Space Free | Partition Type: NTFS

Computer Name: NAME-4A57956FD8 | User Name: Gerhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Gerhard\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Programme\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Programme\CyberLink\Power2Go\P2GRC.dll ()
MOD - C:\Programme\CyberLink\Shared Files\richvideops.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (LVPrcSrv) -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (rtl8139) -- system32\DRIVERS\RTL8139.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NTGUARD) -- C:\Programme\aon\aonVirenchecker\GuardNT\NTGUARD.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (hgvux) -- C:\WINDOWS\SYSTEM32\DRIVERS\hgvux.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOKUME~1\Gerhard\LOKALE~1\Temp\catchme.sys File not found
DRV - (6f32c144c993950a) -- C:\WINDOWS\System32\Drivers\6f32c144c993950a.sys File not found
DRV - (27b21) -- C:\WINDOWS\system32\drivers\27b21.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )


========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DA149A94-79E3-4F64-9F82-F8EB0222B17F}: URL = http://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()



O1 HOSTS File: ([2013.01.09 16:54:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Power2GoExpress] C:\Programme\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\hinweis.lnk = C:\Dokumente und Einstellungen\Gerhard\Desktop\hinweis.PNG ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBAD44F-3346-43CD-88B0-7CD1F7B89EDD}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\proworx.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\proworx.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.02.19 06:53:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = ComFile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.17 14:04:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gerhard\Desktop\OTL.exe
[2013.01.17 13:55:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Avira
[2013.01.17 13:49:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013.01.17 13:49:30 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.01.17 13:49:26 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.01.17 13:49:26 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.01.17 13:49:26 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.01.17 13:49:21 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2013.01.17 13:23:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.16 13:09:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.01.10 19:49:59 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2013.01.10 17:29:12 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2013.01.10 17:29:12 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2013.01.10 17:29:12 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2013.01.10 17:29:12 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2013.01.10 17:29:12 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2013.01.10 17:29:12 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2013.01.10 17:29:11 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2013.01.10 17:29:11 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2013.01.10 17:29:11 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2013.01.10 17:29:11 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2013.01.10 09:57:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.09 16:13:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.09 16:13:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.09 16:13:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.09 16:13:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.09 16:12:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.09 16:11:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Verwaltung
[2013.01.09 16:11:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.09 15:45:07 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Gerhard\Recent
[2013.01.09 12:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013.01.09 10:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2013.01.09 09:43:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013.01.08 15:43:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2013.01.08 15:43:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2013.01.08 15:33:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013.01.08 15:24:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013.01.08 14:28:27 | 000,000,000 | ---D | C] -- C:\found.000
[2012.11.02 17:07:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.17 13:39:16 | 000,000,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\hinweis.lnk
[2013.01.17 13:25:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.17 13:25:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.17 13:25:12 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.17 09:49:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gerhard\Desktop\OTL.exe
[2013.01.15 15:14:22 | 000,023,145 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard\Desktop\hinweis.PNG
[2013.01.10 19:52:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013.01.10 17:28:42 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2013.01.10 11:20:25 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard\Desktop\Microsoft Office Excel 2003.lnk
[2013.01.10 09:57:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.01.10 08:50:17 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2013.01.09 16:54:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 16:08:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.09 15:50:05 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.09 09:45:05 | 000,321,930 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 09:45:05 | 000,315,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 09:45:05 | 000,050,062 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 09:45:05 | 000,041,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 09:44:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013.01.08 15:38:12 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2013.01.08 15:27:02 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.17 13:39:16 | 000,000,509 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\hinweis.lnk
[2013.01.15 15:14:22 | 000,023,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard\Desktop\hinweis.PNG
[2013.01.10 19:52:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013.01.10 19:52:06 | 468,242,432 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.10 19:50:37 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2013.01.10 17:28:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013.01.09 16:24:51 | 000,000,327 | ---- | C] () -- C:\Boot.bak
[2013.01.09 16:24:49 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.09 16:13:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.09 16:13:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.09 16:13:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.09 16:13:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.09 16:13:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.09 15:50:05 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.09 09:44:12 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Outlook Express.lnk
[2012.07.27 19:15:40 | 000,046,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\dd0488b637655f39.sys
[2012.06.20 16:04:34 | 000,000,334 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2011.10.16 21:07:05 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007.02.05 15:04:38 | 000,012,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.05.05 16:09:33 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
= %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
ThreadingModel = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
= %systemroot%\system32\wbem\fastprox.dll -- [2008.04.14 03:22:10 | 000,472,064 | ---- | M] (Microsoft Corporation)
ThreadingModel = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
= %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
ThreadingModel = Both

< End of report >

10:05:45.0390 2816 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:05:45.0437 2816 ============================================================
10:05:45.0437 2816 Current date / time: 2013/01/21 10:05:45.0437
10:05:45.0437 2816 SystemInfo:
10:05:45.0437 2816
10:05:45.0437 2816 OS Version: 5.1.2600 ServicePack: 3.0
10:05:45.0437 2816 Product type: Workstation
10:05:45.0437 2816 ComputerName: NAME-4A57956FD8
10:05:45.0437 2816 UserName: Gerhard
10:05:45.0437 2816 Windows directory: C:\WINDOWS
10:05:45.0437 2816 System windows directory: C:\WINDOWS
10:05:45.0437 2816 Processor architecture: Intel x86
10:05:45.0437 2816 Number of processors: 2
10:05:45.0437 2816 Page size: 0x1000
10:05:45.0437 2816 Boot type: Normal boot
10:05:45.0437 2816 ============================================================
10:05:47.0484 2816 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type->K0', Flags 0x00000054
10:05:47.0546 2816 ============================================================
10:05:47.0546 2816 \Device\Harddisk0\DR0:
10:05:47.0546 2816 MBR partitions:
10:05:47.0546 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
10:05:47.0546 2816 ============================================================
10:05:47.0562 2816 C: <-> \Device\Harddisk0\DR0\Partition1
10:05:47.0562 2816 ============================================================
10:05:47.0562 2816 Initialize success
10:05:47.0562 2816 ============================================================
10:05:49.0921 2712 ============================================================
10:05:49.0921 2712 Scan started
10:05:49.0921 2712 Mode: Manual;
10:05:49.0921 2712 ============================================================
10:05:51.0062 2712 ================ Scan system memory ========================
10:05:51.0062 2712 System memory - ok
10:05:51.0062 2712 ================ Scan services =============================
10:05:51.0203 2712 Abiosdsk - ok
10:05:51.0234 2712 abp480n5 - ok
10:05:51.0265 2712 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:05:51.0281 2712 ACPI - ok
10:05:51.0343 2712 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:05:51.0359 2712 ACPIEC - ok
10:05:51.0375 2712 adpu160m - ok
10:05:51.0406 2712 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:05:51.0453 2712 aec - ok
10:05:51.0484 2712 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:05:51.0515 2712 AFD - ok
10:05:51.0546 2712 Aha154x - ok
10:05:51.0562 2712 aic78u2 - ok
10:05:51.0562 2712 aic78xx - ok
10:05:51.0687 2712 [ 933933288DF5ED26D1928215C97D05C7 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
10:05:51.0921 2712 ALCXWDM - ok
10:05:52.0015 2712 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:05:52.0062 2712 Alerter - ok
10:05:52.0093 2712 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
10:05:52.0093 2712 ALG - ok
10:05:52.0093 2712 AliIde - ok
10:05:52.0109 2712 amsint - ok
10:05:52.0296 2712 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
10:05:52.0343 2712 AntiVirSchedulerService - ok
10:05:52.0359 2712 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:05:52.0406 2712 AntiVirService - ok
10:05:52.0515 2712 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:05:52.0562 2712 Apple Mobile Device - ok
10:05:52.0578 2712 AppMgmt - ok
10:05:52.0578 2712 asc - ok
10:05:52.0593 2712 asc3350p - ok
10:05:52.0609 2712 asc3550 - ok
10:05:52.0640 2712 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:05:52.0671 2712 AsyncMac - ok
10:05:52.0703 2712 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:05:52.0703 2712 atapi - ok
10:05:52.0718 2712 Atdisk - ok
10:05:52.0781 2712 [ ECA673779ECD27D674953D692FE070F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:05:52.0906 2712 Ati HotKey Poller - ok
10:05:52.0968 2712 [ 1428C586BB318E1404575834E428ADDD ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
10:05:53.0031 2712 ATI Smart - ok
10:05:53.0171 2712 [ 15B2FE76E2ECEB98C49ED52311A6F26F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:05:53.0359 2712 ati2mtag - ok
10:05:53.0406 2712 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:05:53.0437 2712 Atmarpc - ok
10:05:53.0468 2712 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:05:53.0500 2712 AudioSrv - ok
10:05:53.0546 2712 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:05:53.0562 2712 audstub - ok
10:05:53.0593 2712 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:05:53.0625 2712 avgntflt - ok
10:05:53.0671 2712 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:05:53.0703 2712 avipbb - ok
10:05:53.0718 2712 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:05:53.0750 2712 avkmgr - ok
10:05:53.0796 2712 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:05:53.0828 2712 Beep - ok
10:05:53.0875 2712 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
10:05:53.0937 2712 BITS - ok
10:05:54.0015 2712 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
10:05:54.0093 2712 Bonjour Service - ok
10:05:54.0140 2712 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
10:05:54.0171 2712 Browser - ok
10:05:54.0328 2712 catchme - ok
10:05:54.0375 2712 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:05:54.0390 2712 cbidf2k - ok
10:05:54.0406 2712 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:05:54.0437 2712 CCDECODE - ok
10:05:54.0453 2712 cd20xrnt - ok
10:05:54.0484 2712 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:05:54.0515 2712 Cdaudio - ok
10:05:54.0546 2712 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:05:54.0578 2712 Cdfs - ok
10:05:54.0609 2712 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:05:54.0656 2712 Cdrom - ok
10:05:54.0656 2712 Changer - ok
10:05:54.0703 2712 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:05:54.0718 2712 CiSvc - ok
10:05:54.0734 2712 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:05:54.0765 2712 ClipSrv - ok
10:05:54.0781 2712 CmdIde - ok
10:05:54.0796 2712 COMSysApp - ok
10:05:54.0812 2712 Cpqarray - ok
10:05:54.0859 2712 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:05:54.0890 2712 CryptSvc - ok
10:05:54.0906 2712 dac2w2k - ok
10:05:54.0906 2712 dac960nt - ok
10:05:54.0968 2712 [ E970C2296916BF4A2F958680016FE312 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:05:55.0000 2712 DcomLaunch - ok
10:05:55.0062 2712 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:05:55.0062 2712 Dhcp - ok
10:05:55.0109 2712 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:05:55.0140 2712 Disk - ok
10:05:55.0140 2712 dmadmin - ok
10:05:55.0203 2712 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:05:55.0265 2712 dmboot - ok
10:05:55.0296 2712 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:05:55.0328 2712 dmio - ok
10:05:55.0359 2712 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:05:55.0375 2712 dmload - ok
10:05:55.0406 2712 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:05:55.0421 2712 dmserver - ok
10:05:55.0453 2712 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:05:55.0484 2712 DMusic - ok
10:05:55.0515 2712 [ 8C9ED3B2834AAE63081AB2DA831C6FE9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:05:55.0546 2712 Dnscache - ok
10:05:55.0593 2712 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:05:55.0625 2712 Dot3svc - ok
10:05:55.0640 2712 dpti2o - ok
10:05:55.0671 2712 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:05:55.0703 2712 drmkaud - ok
10:05:55.0750 2712 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:05:55.0781 2712 EapHost - ok
10:05:55.0812 2712 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:05:55.0843 2712 ERSvc - ok
10:05:55.0890 2712 [ 4BB6A83640F1D1792AD21CE767B621C6 ] Eventlog C:\WINDOWS\system32\services.exe
10:05:55.0921 2712 Eventlog - ok
10:05:55.0953 2712 [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C ] EventSystem C:\WINDOWS\system32\es.dll
10:05:56.0000 2712 EventSystem - ok
10:05:56.0046 2712 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:05:56.0078 2712 Fastfat - ok
10:05:56.0125 2712 [ 40602EBFBE06AA075C8E4560743F6883 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:05:56.0156 2712 FastUserSwitchingCompatibility - ok
10:05:56.0187 2712 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:05:56.0203 2712 Fdc - ok
10:05:56.0234 2712 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:05:56.0250 2712 Fips - ok
10:05:56.0281 2712 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:05:56.0312 2712 Flpydisk - ok
10:05:56.0359 2712 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:05:56.0390 2712 FltMgr - ok
10:05:56.0421 2712 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:05:56.0437 2712 Fs_Rec - ok
10:05:56.0484 2712 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:05:56.0515 2712 Ftdisk - ok
10:05:56.0546 2712 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:05:56.0578 2712 GEARAspiWDM - ok
10:05:56.0625 2712 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:05:56.0640 2712 Gpc - ok
10:05:56.0734 2712 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:05:56.0765 2712 helpsvc - ok
10:05:56.0765 2712 hgvux - ok
10:05:56.0781 2712 HidServ - ok
10:05:56.0812 2712 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:05:56.0843 2712 HidUsb - ok
10:05:56.0875 2712 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:05:56.0906 2712 hkmsvc - ok
10:05:56.0921 2712 hpn - ok
10:05:56.0968 2712 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:05:57.0000 2712 HTTP - ok
10:05:57.0031 2712 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:05:57.0062 2712 HTTPFilter - ok
10:05:57.0078 2712 i2omgmt - ok
10:05:57.0078 2712 i2omp - ok
10:05:57.0125 2712 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:05:57.0156 2712 i8042prt - ok
10:05:57.0187 2712 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:05:57.0218 2712 Imapi - ok
10:05:57.0265 2712 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
10:05:57.0265 2712 ImapiService - ok
10:05:57.0281 2712 ini910u - ok
10:05:57.0296 2712 IntelIde - ok
10:05:57.0328 2712 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:05:57.0359 2712 intelppm - ok
10:05:57.0406 2712 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:05:57.0437 2712 Ip6Fw - ok
10:05:57.0468 2712 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:05:57.0484 2712 IpFilterDriver - ok
10:05:57.0515 2712 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:05:57.0531 2712 IpInIp - ok
10:05:57.0578 2712 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:05:57.0578 2712 IpNat - ok
10:05:57.0640 2712 [ 6E27978A4755F4789F912F5F49392F7C ] iPod Service C:\Programme\iPod\bin\iPodService.exe
10:05:57.0671 2712 iPod Service - ok
10:05:57.0718 2712 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:05:57.0750 2712 IPSec - ok
10:05:57.0781 2712 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:05:57.0796 2712 IRENUM - ok
10:05:57.0812 2712 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:05:57.0843 2712 isapnp - ok
10:05:57.0890 2712 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:05:57.0906 2712 Kbdclass - ok
10:05:57.0937 2712 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:05:57.0968 2712 kbdhid - ok
10:05:58.0000 2712 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:05:58.0031 2712 kmixer - ok
10:05:58.0078 2712 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:05:58.0109 2712 KSecDD - ok
10:05:58.0156 2712 [ D6EB4916B203CBE525F8EFF5FD5AB16C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:05:58.0187 2712 lanmanserver - ok
10:05:58.0234 2712 [ C0DB1E9367681ECD7ECCA9615C1D0F9B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:05:58.0281 2712 lanmanworkstation - ok
10:05:58.0296 2712 lbrtfdc - ok
10:05:58.0375 2712 [ 258CACA1DAADE43978E2ECC9BDC94E1C ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:05:58.0406 2712 LightScribeService - ok
10:05:58.0437 2712 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:05:58.0468 2712 LmHosts - ok
10:05:58.0546 2712 [ BD0D8C9E3AEF163DAFA0A3C27106D049 ] Lvckap C:\WINDOWS\system32\drivers\Lvckap.sys
10:05:58.0656 2712 Lvckap - ok
10:05:58.0750 2712 [ C2AD4603075B1C58D92B6BB00E08E958 ] lvmvdrv C:\WINDOWS\system32\drivers\lvmvdrv.sys
10:05:58.0890 2712 lvmvdrv - ok
10:05:58.0921 2712 [ 4FD5A6335FB4FC1F758088B2F90613FE ] LVPrcMon C:\WINDOWS\system32\drivers\LVPrcMon.sys
10:05:58.0937 2712 LVPrcMon - ok
10:05:58.0984 2712 [ 493B1D854F98D611CCA249014C6E631A ] LVPrcSrv c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
10:05:59.0015 2712 LVPrcSrv - ok
10:05:59.0046 2712 [ C0883F7914AFA7FEAA41ADA0D513AC16 ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
10:05:59.0078 2712 LVUSBSta - ok
10:05:59.0125 2712 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:05:59.0140 2712 Messenger - ok
10:05:59.0171 2712 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:05:59.0187 2712 mnmdd - ok
10:05:59.0234 2712 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:05:59.0265 2712 mnmsrvc - ok
10:05:59.0296 2712 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:05:59.0328 2712 Modem - ok
10:05:59.0343 2712 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:05:59.0375 2712 Mouclass - ok
10:05:59.0406 2712 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:05:59.0437 2712 mouhid - ok
10:05:59.0468 2712 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:05:59.0515 2712 MountMgr - ok
10:05:59.0515 2712 mraid35x - ok
10:05:59.0546 2712 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:05:59.0593 2712 MRxDAV - ok
10:05:59.0640 2712 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:05:59.0750 2712 MRxSmb - ok
10:05:59.0781 2712 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:05:59.0812 2712 MSDTC - ok
10:05:59.0828 2712 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:05:59.0859 2712 Msfs - ok
10:05:59.0875 2712 MSIServer - ok
10:05:59.0890 2712 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:05:59.0906 2712 MSKSSRV - ok
10:05:59.0937 2712 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:05:59.0968 2712 MSPCLOCK - ok

10:05:59.0984 2712 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:06:00.0015 2712 MSPQM - ok
10:06:00.0031 2712 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:06:00.0031 2712 mssmbios - ok
10:06:00.0062 2712 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:06:00.0093 2712 MSTEE - ok
10:06:00.0109 2712 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:06:00.0156 2712 Mup - ok
10:06:00.0187 2712 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:06:00.0203 2712 NABTSFEC - ok
10:06:00.0250 2712 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
10:06:00.0328 2712 napagent - ok
10:06:00.0343 2712 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:06:00.0390 2712 NDIS - ok
10:06:00.0421 2712 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:06:00.0421 2712 NdisIP - ok
10:06:00.0468 2712 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:06:00.0500 2712 NdisTapi - ok
10:06:00.0515 2712 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:06:00.0546 2712 Ndisuio - ok
10:06:00.0578 2712 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:06:00.0593 2712 NdisWan - ok
10:06:00.0640 2712 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:06:00.0671 2712 NDProxy - ok
10:06:00.0703 2712 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:06:00.0734 2712 NetBIOS - ok
10:06:00.0750 2712 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:06:00.0796 2712 NetBT - ok
10:06:00.0828 2712 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
10:06:00.0859 2712 NetDDE - ok
10:06:00.0875 2712 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:06:00.0875 2712 NetDDEdsdm - ok
10:06:00.0906 2712 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:06:00.0937 2712 Netlogon - ok
10:06:00.0984 2712 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
10:06:00.0984 2712 Netman - ok
10:06:01.0046 2712 [ F12B9D9A069331877D006CC81B4735F9 ] Nla C:\WINDOWS\System32\mswsock.dll
10:06:01.0062 2712 Nla - ok
10:06:01.0109 2712 [ C3963D85B721A7F80D8A55F4E2867A3A ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
10:06:01.0125 2712 nmwcd - ok
10:06:01.0156 2712 [ 3859C69A77793180548802DAC9F34A38 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
10:06:01.0171 2712 nmwcdc - ok
10:06:01.0218 2712 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:06:01.0281 2712 Npfs - ok
10:06:01.0312 2712 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:06:01.0375 2712 Ntfs - ok
10:06:01.0406 2712 NTGUARD - ok
10:06:01.0437 2712 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:06:01.0437 2712 NtLmSsp - ok
10:06:01.0484 2712 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:06:01.0562 2712 NtmsSvc - ok
10:06:01.0593 2712 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:06:01.0609 2712 Null - ok
10:06:01.0656 2712 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:06:01.0687 2712 NwlnkFlt - ok
10:06:01.0718 2712 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:06:01.0750 2712 NwlnkFwd - ok
10:06:01.0812 2712 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:06:01.0843 2712 ose - ok
10:06:01.0890 2712 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:06:01.0921 2712 Parport - ok
10:06:01.0937 2712 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:06:01.0968 2712 PartMgr - ok
10:06:02.0000 2712 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:06:02.0015 2712 ParVdm - ok
10:06:02.0046 2712 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
10:06:02.0078 2712 pccsmcfd - ok
10:06:02.0125 2712 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:06:02.0156 2712 PCI - ok
10:06:02.0156 2712 PCIDump - ok
10:06:02.0187 2712 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:06:02.0203 2712 PCIIde - ok
10:06:02.0234 2712 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:06:02.0265 2712 Pcmcia - ok
10:06:02.0265 2712 PDCOMP - ok
10:06:02.0281 2712 PDFRAME - ok
10:06:02.0296 2712 PDRELI - ok
10:06:02.0296 2712 PDRFRAME - ok
10:06:02.0312 2712 perc2 - ok
10:06:02.0328 2712 perc2hib - ok
10:06:02.0375 2712 [ 238E89CA013CDD3AC5BE63B144423F5C ] PID_0928 C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
10:06:02.0421 2712 PID_0928 - ok
10:06:02.0437 2712 [ 4BB6A83640F1D1792AD21CE767B621C6 ] PlugPlay C:\WINDOWS\system32\services.exe
10:06:02.0437 2712 PlugPlay - ok
10:06:02.0484 2712 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
10:06:02.0515 2712 Pml Driver HPZ12 - ok
10:06:02.0546 2712 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:06:02.0546 2712 PolicyAgent - ok
10:06:02.0593 2712 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:06:02.0625 2712 PptpMiniport - ok
10:06:02.0625 2712 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:06:02.0625 2712 ProtectedStorage - ok
10:06:02.0640 2712 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:06:02.0656 2712 PSched - ok
10:06:02.0671 2712 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:06:02.0703 2712 Ptilink - ok
10:06:02.0703 2712 ql1080 - ok
10:06:02.0718 2712 Ql10wnt - ok
10:06:02.0734 2712 ql12160 - ok
10:06:02.0750 2712 ql1240 - ok
10:06:02.0750 2712 ql1280 - ok
10:06:02.0796 2712 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:06:02.0812 2712 RasAcd - ok
10:06:02.0843 2712 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:06:02.0890 2712 RasAuto - ok
10:06:02.0906 2712 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:06:02.0937 2712 Rasl2tp - ok
10:06:02.0968 2712 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:06:03.0031 2712 RasMan - ok
10:06:03.0062 2712 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:06:03.0078 2712 RasPppoe - ok
10:06:03.0125 2712 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:06:03.0140 2712 Raspti - ok
10:06:03.0171 2712 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:06:03.0218 2712 Rdbss - ok
10:06:03.0250 2712 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:06:03.0281 2712 RDPCDD - ok
10:06:03.0328 2712 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:06:03.0359 2712 RDPWD - ok
10:06:03.0390 2712 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:06:03.0421 2712 RDSessMgr - ok
10:06:03.0437 2712 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:06:03.0484 2712 redbook - ok
10:06:03.0500 2712 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:06:03.0531 2712 RemoteAccess - ok
10:06:03.0640 2712 [ A76CDDB6D1F25797843E2557A2118E2E ] RichVideo C:\Programme\CyberLink\Shared Files\RichVideo.exe
10:06:03.0687 2712 RichVideo - ok
10:06:03.0718 2712 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
10:06:03.0765 2712 RpcLocator - ok
10:06:03.0812 2712 [ E970C2296916BF4A2F958680016FE312 ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:06:03.0812 2712 RpcSs - ok
10:06:03.0843 2712 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:06:03.0875 2712 RSVP - ok
10:06:03.0906 2712 [ 31C3EBB3A71FE56B8109BFB4ED20AE69 ] RTL8023 C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
10:06:03.0937 2712 RTL8023 - ok
10:06:03.0953 2712 rtl8139 - ok
10:06:03.0968 2712 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
10:06:03.0968 2712 SamSs - ok
10:06:04.0000 2712 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:06:04.0031 2712 SCardSvr - ok
10:06:04.0078 2712 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:06:04.0125 2712 Schedule - ok
10:06:04.0171 2712 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:06:04.0187 2712 Secdrv - ok
10:06:04.0234 2712 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
10:06:04.0265 2712 seclogon - ok
10:06:04.0281 2712 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
10:06:04.0296 2712 SENS - ok
10:06:04.0312 2712 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:06:04.0343 2712 serenum - ok
10:06:04.0359 2712 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:06:04.0390 2712 Serial - ok
10:06:04.0468 2712 [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
10:06:04.0484 2712 ServiceLayer - ok
10:06:04.0515 2712 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
10:06:04.0531 2712 Sfloppy - ok
10:06:04.0562 2712 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:06:04.0578 2712 SharedAccess - ok
10:06:04.0625 2712 [ 40602EBFBE06AA075C8E4560743F6883 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:06:04.0625 2712 ShellHWDetection - ok
10:06:04.0640 2712 Simbad - ok
10:06:04.0671 2712 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:06:04.0687 2712 SLIP - ok
10:06:04.0703 2712 Sparrow - ok
10:06:04.0734 2712 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:06:04.0750 2712 splitter - ok
10:06:04.0796 2712 [ 39356A9CDB6753A6D13A4072A9F5A4BB ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:06:04.0843 2712 Spooler - ok
10:06:04.0875 2712 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:06:04.0906 2712 sr - ok
10:06:04.0953 2712 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
10:06:05.0000 2712 srservice - ok
10:06:05.0031 2712 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:06:05.0062 2712 Srv - ok
10:06:05.0109 2712 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:06:05.0125 2712 SSDPSRV - ok
10:06:05.0156 2712 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:06:05.0171 2712 ssmdrv - ok
10:06:05.0218 2712 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:06:05.0312 2712 stisvc - ok
10:06:05.0328 2712 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:06:05.0359 2712 streamip - ok
10:06:05.0406 2712 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:06:05.0437 2712 swenum - ok
10:06:05.0453 2712 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:06:05.0484 2712 swmidi - ok
10:06:05.0500 2712 SwPrv - ok
10:06:05.0515 2712 symc810 - ok
10:06:05.0531 2712 symc8xx - ok
10:06:05.0546 2712 sym_hi - ok
10:06:05.0546 2712 sym_u3 - ok
10:06:05.0578 2712 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:06:05.0609 2712 sysaudio - ok
10:06:05.0656 2712 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:06:05.0703 2712 SysmonLog - ok
10:06:05.0750 2712 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:06:05.0812 2712 TapiSrv - ok
10:06:05.0859 2712 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:06:05.0937 2712 Tcpip - ok
10:06:05.0968 2712 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:06:05.0984 2712 TDPIPE - ok

10:06:06.0015 2712 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:06:06.0031 2712 TDTCP - ok
10:06:06.0062 2712 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:06:06.0078 2712 TermDD - ok
10:06:06.0125 2712 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
10:06:06.0218 2712 TermService - ok
10:06:06.0234 2712 [ 40602EBFBE06AA075C8E4560743F6883 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:06:06.0234 2712 Themes - ok
10:06:06.0250 2712 TosIde - ok
10:06:06.0296 2712 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:06:06.0328 2712 TrkWks - ok
10:06:06.0359 2712 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:06:06.0390 2712 Udfs - ok
10:06:06.0406 2712 ultra - ok
10:06:06.0453 2712 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:06:06.0531 2712 Update - ok
10:06:06.0593 2712 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:06:06.0656 2712 upnphost - ok
10:06:06.0703 2712 [ 0CCADC7391021376EDBB8AA649D04E68 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
10:06:06.0718 2712 upperdev - ok
10:06:06.0750 2712 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
10:06:06.0765 2712 UPS - ok
10:06:06.0796 2712 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:06:06.0828 2712 USBAAPL - ok
10:06:06.0843 2712 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:06:06.0890 2712 usbccgp - ok
10:06:06.0921 2712 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:06:06.0953 2712 usbehci - ok
10:06:06.0984 2712 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:06:07.0015 2712 usbhub - ok
10:06:07.0046 2712 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:06:07.0078 2712 usbohci - ok
10:06:07.0093 2712 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:06:07.0109 2712 usbprint - ok
10:06:07.0140 2712 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:06:07.0156 2712 usbscan - ok
10:06:07.0187 2712 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
10:06:07.0218 2712 usbser - ok
10:06:07.0250 2712 [ 68B4F83CCCF70A2FF32EE142C234332A ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
10:06:07.0265 2712 UsbserFilt - ok
10:06:07.0296 2712 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:06:07.0328 2712 USBSTOR - ok
10:06:07.0359 2712 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:06:07.0375 2712 VgaSave - ok
10:06:07.0390 2712 ViaIde - ok
10:06:07.0421 2712 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:06:07.0453 2712 VolSnap - ok
10:06:07.0484 2712 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
10:06:07.0531 2712 VSS - ok
10:06:07.0578 2712 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
10:06:07.0625 2712 W32Time - ok
10:06:07.0656 2712 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:06:07.0687 2712 Wanarp - ok
10:06:07.0718 2712 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
10:06:07.0828 2712 Wdf01000 - ok
10:06:07.0828 2712 WDICA - ok
10:06:07.0859 2712 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:06:07.0890 2712 wdmaud - ok
10:06:07.0921 2712 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:06:07.0953 2712 WebClient - ok
10:06:08.0031 2712 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:06:08.0062 2712 winmgmt - ok
10:06:08.0109 2712 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:06:08.0125 2712 WmdmPmSN - ok
10:06:08.0171 2712 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:06:08.0171 2712 WmiApSrv - ok
10:06:08.0265 2712 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
10:06:08.0359 2712 WMPNetworkSvc - ok
10:06:08.0390 2712 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:06:08.0421 2712 WS2IFSL - ok
10:06:08.0468 2712 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:06:08.0484 2712 wscsvc - ok
10:06:08.0515 2712 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:06:08.0546 2712 WSTCODEC - ok
10:06:08.0593 2712 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:06:08.0593 2712 wuauserv - ok
10:06:08.0640 2712 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:06:08.0656 2712 WudfPf - ok
10:06:08.0703 2712 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:06:08.0734 2712 WudfRd - ok
10:06:08.0781 2712 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:06:08.0812 2712 WudfSvc - ok
10:06:08.0875 2712 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:06:08.0890 2712 WZCSVC - ok
10:06:08.0937 2712 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:06:08.0968 2712 xmlprov - ok
10:06:08.0968 2712 ================ Scan global ===============================
10:06:09.0015 2712 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
10:06:09.0078 2712 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
10:06:09.0140 2712 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
10:06:09.0171 2712 [ 4BB6A83640F1D1792AD21CE767B621C6 ] C:\WINDOWS\system32\services.exe
10:06:09.0171 2712 [Global] - ok
10:06:09.0171 2712 ================ Scan MBR ==================================
10:06:09.0187 2712 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:06:09.0562 2712 \Device\Harddisk0\DR0 - ok
10:06:09.0562 2712 ================ Scan VBR ==================================
10:06:09.0578 2712 [ 7460879A98D547E94B26C5380E147EF4 ] \Device\Harddisk0\DR0\Partition1
10:06:09.0578 2712 \Device\Harddisk0\DR0\Partition1 - ok
10:06:09.0578 2712 ============================================================
10:06:09.0578 2712 Scan finished
10:06:09.0578 2712 ============================================================
10:06:09.0593 2852 Detected object count: 0
10:06:09.0593 2852 Actual detected object count: 0
10:06:17.0046 2796 Deinitialize success