| |
| |||||||
Log-Analyse und Auswertung: Gema Trojaner - logfiles im ThreadWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.03.2012, 20:45
| #1 |
 |  Gema Trojaner - logfiles im Thread Vorgeschichte: Vor ein paar Monaten den Gema Virus bei einer "serials"-Seite eingefangen. Sporadisch mit Virenscanner gelöscht. Danach Ruhe gehabt bis vor ein paar Tagen, Gema Virus taucht wieder auf. Wieder sporadisch mit AntiVir und Malwarebytes drangegangen. Soweit alles okay bis nach ein paar Neustarts AntiVir wieder anspringt und Virenmeldungen ausspuckt. LEIDER dann erst auf dieses Forum hier dank google aufmerksam geworden. Logfiles siehe unten. Info: Benutzt wird der Firefox, auch wenn der IE noch installiert ist. Danke im Voraus. Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 20:41:10 on 2012-03-25
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1015.721 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\Nero\Update\NASvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 10.10.0.120:3128
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [EPSON Stylus D78 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibge.exe /fu "c:\windows\temp\E_S82.tmp" /EF "HKLM"
mRun: [<NO NAME>]
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251895251109
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 83.169.185.33 83.169.185.97
TCP: Interfaces\{14DB9B86-AD04-4C6B-B8A7-AD08805058FB} : DhcpNameServer = 83.169.185.33 83.169.185.97
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\administrator\anwendungsdaten\mozilla\firefox\profiles\th6lf7co.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.ftp - 10.10.0.120
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 10.10.0.120
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.10.0.120
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.10.0.120
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\programme\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\microsoft silverlight\4.1.10111.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2011-12-24 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2011-12-24 12464]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-17 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\avira\antivir desktop\sched.exe [2012-3-17 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\programme\avira\antivir desktop\avguard.exe [2012-3-17 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-17 74640]
R2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2012-3-17 652360]
R2 NAUpdate;Nero Update;c:\programme\nero\update\NASvc.exe [2011-11-25 687400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-17 20464]
S2 AntiVirWebService;Avira Browser Schutz;c:\programme\avira\antivir desktop\avwebgrd.exe [2012-3-17 463824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-7-8 135664]
S3 cpudrv;cpudrv;c:\programme\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-7-8 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-17 21:53:10 -------- d-----w- c:\programme\ESET
2012-03-17 21:47:40 -------- d-----w- c:\dokumente und einstellungen\administrator\anwendungsdaten\Malwarebytes
2012-03-17 21:47:31 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2012-03-17 21:47:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 21:47:29 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-03-17 20:20:31 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\gema
2012-03-17 20:20:31 -------- d-----w- c:\dokumente und einstellungen\administrator\anwendungsdaten\gema
2012-03-17 17:18:32 -------- d-----w- c:\dokumente und einstellungen\administrator\anwendungsdaten\Avira
2012-03-17 17:12:58 -------- d-----w- c:\dokumente und einstellungen\administrator\lokale einstellungen\anwendungsdaten\AskToolbar
2012-03-17 15:37:57 -------- d-----w- c:\programme\Ask.com
2012-03-17 15:37:15 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-17 15:37:15 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-17 15:37:11 -------- d-----w- c:\programme\Avira
2012-03-17 15:37:11 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Avira
.
==================== Find3M ====================
.
2012-03-16 11:07:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57:08 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:33 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 20:42:04,01 ===============
|
|
26.03.2012, 19:34
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Gema Trojaner - logfiles im ThreadZitat:
__________________ |
|
27.03.2012, 03:43
| #3 |
| | Gema Trojaner - logfiles im Thread Die habe ich leider nicht mehr.
__________________Lässt sich aus den anderen Logs nichts erkennen? |
|
27.03.2012, 09:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner - logfiles im Thread Ich hoffe für dich nicht, dass du die Logs entsorgt hast. Denn dann ist alles nur noch   Schau mal nach ob die Logs noch hier zu sehen sind in Form von Textdateien. Damit du dir Ordner auch siehst das hier VORHER umsetzen!! => http://www.trojaner-board.de/59624-a...-sichtbar.html Hauptlogs nach Scans (Quick, Full oder Flash):
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.03.2012, 21:34
| #5 |
| | Gema Trojaner - logfiles im Thread Dort waren die Logs noch zu finden. Befinden sich jetzt im Anhang. Danke. |
|
28.03.2012, 09:31
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner - logfiles im Thread Das waren ja alles nur Quickscans Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Gema Trojaner - logfiles im Thread |
|
28.03.2012, 11:16
| #7 |
| | Gema Trojaner - logfiles im Thread Danke, werde mich heute abend ransetzen. Kurze Zwischenfrage: Was genau macht der Gema Trojaner eigentlich? Sammelt er private Daten und sendet sie raus? Oder bringt er wirklich nur die Java Oberfläche und hofft darauf das jmd bezahlt? Also, wie bösartig ist der Trojaner? Sonst müsste ich mich nämlich auch mal daran setzen sämtliche Passwörter zu ändern, die der Trojaner ggf. ausgespäht haben könnte. |
|
28.03.2012, 12:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner - logfiles im Thread Sry aber so eine Frage kann man nicht wirklich beantworten. Es gibt Dutzende von Versionen dieser ransomware, was deine genau macht kann ich ja wohl schlecht sehen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2012, 00:41
| #9 |
| | Gema Trojaner - logfiles im Thread Malewarebytes im Anhang. Eset Log: Code:
ATTFilter C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\7a20eadb-51a648a5 a variant of Java/Exploit.CVE-2012-0507.B trojan
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43\6fa534eb-13aab475 a variant of Java/Exploit.CVE-2012-0507.B trojan
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Main.class a variant of Java/Exploit.CVE-2011-3544.BF trojan
|
|
29.03.2012, 14:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner - logfiles im Thread Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2012, 18:14
| #11 |
| | Gema Trojaner - logfiles im ThreadCode:
ATTFilter OTL logfile created on: 29.03.2012 18:43:31 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,98 Mb Total Physical Memory | 631,99 Mb Available Physical Memory | 62,27% Memory free 1,64 Gb Paging File | 1,24 Gb Available in Paging File | 75,90% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,41 Gb Total Space | 5,57 Gb Free Space | 22,81% Space Free | Partition Type: NTFS Drive D: | 50,11 Gb Total Space | 49,22 Gb Free Space | 98,22% Space Free | Partition Type: NTFS Computer Name: PC01 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.29 18:40:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2012.03.20 16:13:13 | 000,924,600 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2009.04.30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.03.20 16:13:13 | 001,969,080 | ---- | M] () -- D:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.03.16 13:07:34 | 008,527,520 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2012.01.31 09:56:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.01.03 23:52:52 | 007,581,696 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 09:55:53 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.04.30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\MRVW245.sys -- (MRVW245) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.01.31 09:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 09:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.12.01 12:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVol.sys -- (NBVol) DRV - [2011.12.01 12:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVolUp.sys -- (NBVolUp) DRV - [2011.09.16 17:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009.05.01 01:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2009.05.01 01:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC) DRV - [2009.05.01 01:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2009.05.01 01:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009.04.30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2003.11.06 00:14:10 | 000,014,336 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.120:3128 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.120:3128 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-790525478-1500820517-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-790525478-1500820517-725345543-500\..\SearchScopes,DefaultScope = {110B1367-2698-4B84-BA67-0E7841928EB6} IE - HKU\S-1-5-21-790525478-1500820517-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-790525478-1500820517-725345543-500\..\SearchScopes\{110B1367-2698-4B84-BA67-0E7841928EB6}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de IE - HKU\S-1-5-21-790525478-1500820517-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-790525478-1500820517-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.120:3128 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..network.proxy.ftp: "10.10.0.120" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "10.10.0.120" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "10.10.0.120" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "10.10.0.120" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.03.20 16:13:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.01.25 23:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-790525478-1500820517-725345543-500\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found. O3 - HKU\S-1-5-21-790525478-1500820517-725345543-500\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-790525478-1500820517-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251895251109 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14DB9B86-AD04-4C6B-B8A7-AD08805058FB}: DhcpNameServer = 83.169.185.33 83.169.185.97 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.02 11:22:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{46a9a664-df76-11df-a4d6-0030054d7ae5}\Shell\AutoRun\command - "" = G:\start.html O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^0.057193414201380466.exe.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^0.43564412132380503.exe.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^0.7402202161258208.exe.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk - D:\Programme\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NkbMonitor.exe.lnk - D:\Programme\Nikon\PictureProject\NkbMonitor.exe - (Nikon Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Programme\Ask.com\Updater\Updater.exe (Ask) MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: gema - hkey= - key= - File not found MsConfig - StartUpReg: gema. - hkey= - key= - File not found MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IE - hkey= - key= - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - D:\Programme\Logitech\Logitech WebCam Software\LWS.exe () MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750 ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.29 18:40:18 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.03.25 21:36:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2012.03.18 16:25:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.03.17 23:53:10 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.03.17 23:47:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2012.03.17 23:47:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.03.17 23:47:29 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.03.17 23:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.03.17 22:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema [2012.03.17 22:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema [2012.03.17 19:18:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2012.03.17 19:12:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2012.03.17 17:37:57 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2012.03.17 17:37:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012.03.17 17:37:15 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.03.17 17:37:15 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.03.17 17:37:15 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.03.17 17:37:11 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.03.17 17:37:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.03.10 17:32:06 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.29 18:43:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.03.29 18:40:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.03.29 18:35:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.29 18:34:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.25 21:38:57 | 000,004,045 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Logfiles.zip [2012.03.25 21:36:32 | 001,110,476 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\7z920.exe [2012.03.25 15:51:00 | 000,492,750 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.03.25 15:51:00 | 000,473,334 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.03.25 15:51:00 | 000,090,802 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.03.25 15:51:00 | 000,076,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.03.24 19:00:31 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.03.24 19:00:30 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.03.24 14:34:40 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2012.03.18 16:25:37 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.03.17 23:47:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.17 23:42:21 | 000,020,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\virus.JPG [2012.03.15 20:45:02 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.03.14 12:40:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.03.10 17:32:17 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2012.03.05 22:02:06 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLec.DAT [2012.03.05 22:02:06 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLds.DAT [2012.03.04 22:11:12 | 000,776,851 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC_1249.JPG [2012.03.04 22:10:29 | 000,713,338 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC_1248.JPG [2012.03.04 22:09:40 | 000,786,571 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC_1247.JPG [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.25 21:38:57 | 000,004,045 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Logfiles.zip [2012.03.25 21:36:30 | 001,110,476 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\7z920.exe [2012.03.17 23:47:33 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.17 23:42:21 | 000,020,906 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\virus.JPG [2012.03.17 17:38:34 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.03.17 17:38:23 | 000,000,228 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.03.10 17:32:17 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk [2012.03.10 17:32:17 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2012.03.04 22:08:41 | 000,786,571 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC_1247.JPG [2012.03.04 22:08:37 | 000,713,338 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC_1248.JPG [2012.03.04 22:08:34 | 000,776,851 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC_1249.JPG [2012.02.17 10:35:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.07.26 22:30:06 | 000,000,392 | ---- | C] () -- C:\WINDOWS\P2kRotate.ini [2010.10.30 21:30:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat ========== LOP Check ========== [2010.10.24 18:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited [2012.03.17 23:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema [2009.12.06 20:27:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICAClient [2009.12.25 19:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2009.12.07 13:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nikon [2011.01.26 12:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++ [2010.02.13 13:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2010.10.24 18:52:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009.12.06 20:47:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2012.03.18 00:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema [2009.12.06 20:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gems [2009.12.06 20:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2012.03.07 00:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2009.12.06 20:47:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 [2012.03.29 18:48:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.09.09 11:04:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe [2012.03.17 19:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2010.10.24 18:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited [2012.03.17 23:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema [2010.07.08 19:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Google [2009.12.06 20:27:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICAClient [2009.09.02 11:31:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities [2009.12.25 19:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2009.09.10 13:39:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia [2012.03.17 23:47:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2011.06.14 22:10:54 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft [2012.01.25 23:25:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla [2011.12.24 02:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nero [2009.12.07 13:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nikon [2011.01.26 12:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++ [2011.08.08 22:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype [2009.12.25 19:57:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM [2009.09.02 11:25:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun [2010.02.13 13:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2011.12.25 15:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc < %APPDATA%\*.exe /s > [2009.12.07 14:00:12 | 033,604,160 | ---- | M] (InstallShield Software Corporation) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nikon\Message Center\DOWNLOAD_LOG\12668\S-P2____-175WU-EURDE.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.09.02 15:25:26 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009.09.02 15:25:26 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2003.04.02 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2009.09.02 15:25:26 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009.09.02 15:25:26 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 09:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 09:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 09:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 09:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.09.02 13:14:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.09.02 13:14:07 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.09.02 13:14:07 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
29.03.2012, 20:01
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner - logfiles im Thread Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-790525478-1500820517-725345543-500\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-1500820517-725345543-500\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.02 11:22:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{46a9a664-df76-11df-a4d6-0030054d7ae5}\Shell\AutoRun\command - "" = G:\start.html
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^0.057193414201380466.exe.lnk - - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^0.43564412132380503.exe.lnk - - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^0.7402202161258208.exe.lnk - - File not found
MsConfig - StartUpReg: gema - hkey= - key= - File not found
MsConfig - StartUpReg: gema. - hkey= - key= - File not found
[2012.03.17 22:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2012.03.17 22:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2012.03.17 19:12:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2012.03.17 17:37:57 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2012.03.29 18:43:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 07:18
| #13 |
| | Gema Trojaner - logfiles im ThreadCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1500820517-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}\ not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1500820517-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46a9a664-df76-11df-a4d6-0030054d7ae5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46a9a664-df76-11df-a4d6-0030054d7ae5}\ not found.
File G:\start.html not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^0.057193414201380466.exe.lnk\ deleted successfully.
C:\WINDOWS\pss\0.057193414201380466.exe.lnkStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^0.43564412132380503.exe.lnk\ deleted successfully.
C:\WINDOWS\pss\0.43564412132380503.exe.lnkStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^0.7402202161258208.exe.lnk\ deleted successfully.
C:\WINDOWS\pss\0.7402202161258208.exe.lnkStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\gema\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\gema.\ deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar\APNU folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar folder moved successfully.
C:\Programme\Ask.com\Updater folder moved successfully.
C:\Programme\Ask.com\assets\oobe folder moved successfully.
C:\Programme\Ask.com\assets folder moved successfully.
C:\Programme\Ask.com folder moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 2312899126 bytes
->Temporary Internet Files folder emptied: 6420740 bytes
->Java cache emptied: 40506505 bytes
->FireFox cache emptied: 49389995 bytes
->Flash cache emptied: 470 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400807 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: PB
->Temp folder emptied: 178726 bytes
->Temporary Internet Files folder emptied: 681175 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 13898 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8269086 bytes
RecycleBin emptied: 12888634 bytes
Total Files Cleaned = 2.319,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: PB
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03302012_080744
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
30.03.2012, 10:45
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner - logfiles im Thread Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 12:25
| #15 |
| | Gema Trojaner - logfiles im Thread Kurze Info: Nach dem OTL Fix war jmd am PC und hat ein wenig gesurft. Der TDSS Killer wurde also nicht direkt nach dem OTL Fix ausgeführt, dazwischen wurde der PC 1x benutzt. Code:
ATTFilter 13:17:58.0093 3764 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:17:58.0156 3764 ============================================================
13:17:58.0156 3764 Current date / time: 2012/03/30 13:17:58.0156
13:17:58.0156 3764 SystemInfo:
13:17:58.0156 3764
13:17:58.0156 3764 OS Version: 5.1.2600 ServicePack: 3.0
13:17:58.0156 3764 Product type: Workstation
13:17:58.0156 3764 ComputerName: PC01
13:17:58.0156 3764 UserName: Administrator
13:17:58.0156 3764 Windows directory: C:\WINDOWS
13:17:58.0156 3764 System windows directory: C:\WINDOWS
13:17:58.0156 3764 Processor architecture: Intel x86
13:17:58.0156 3764 Number of processors: 1
13:17:58.0156 3764 Page size: 0x1000
13:17:58.0156 3764 Boot type: Normal boot
13:17:58.0156 3764 ============================================================
13:18:00.0140 3764 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:18:00.0140 3764 \Device\Harddisk0\DR0:
13:18:00.0140 3764 MBR used
13:18:00.0140 3764 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
13:18:00.0156 3764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x643A7CF
13:18:00.0421 3764 Initialize success
13:18:00.0421 3764 ============================================================
13:19:11.0421 2188 ============================================================
13:19:11.0421 2188 Scan started
13:19:11.0421 2188 Mode: Manual; SigCheck; TDLFS;
13:19:11.0421 2188 ============================================================
13:19:11.0953 2188 Abiosdsk - ok
13:19:12.0218 2188 abp480n5 - ok
13:19:12.0562 2188 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:19:12.0968 2188 ACPI - ok
13:19:13.0234 2188 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:19:13.0421 2188 ACPIEC - ok
13:19:13.0656 2188 adpu160m - ok
13:19:13.0937 2188 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
13:19:14.0000 2188 aeaudio - ok
13:19:14.0312 2188 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:19:14.0500 2188 aec - ok
13:19:14.0843 2188 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:19:14.0937 2188 AFD - ok
13:19:15.0187 2188 Aha154x - ok
13:19:15.0421 2188 aic78u2 - ok
13:19:15.0671 2188 aic78xx - ok
13:19:15.0890 2188 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:19:16.0093 2188 Alerter - ok
13:19:16.0343 2188 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:19:16.0515 2188 ALG - ok
13:19:16.0781 2188 AliIde - ok
13:19:17.0031 2188 amsint - ok
13:19:17.0171 2188 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
13:19:17.0187 2188 AntiVirSchedulerService - ok
13:19:17.0328 2188 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:19:17.0343 2188 AntiVirService - ok
13:19:17.0593 2188 AntiVirWebService (cc62fdc25725267a702f48c90c5cdf31) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:19:17.0703 2188 AntiVirWebService - ok
13:19:18.0000 2188 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
13:19:18.0234 2188 AppMgmt - ok
13:19:18.0484 2188 asc - ok
13:19:18.0734 2188 asc3350p - ok
13:19:18.0968 2188 asc3550 - ok
13:19:19.0156 2188 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:19:19.0203 2188 aspnet_state - ok
13:19:19.0468 2188 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:19:19.0671 2188 AsyncMac - ok
13:19:19.0984 2188 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:19:20.0171 2188 atapi - ok
13:19:20.0421 2188 Atdisk - ok
13:19:20.0703 2188 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:19:20.0937 2188 Atmarpc - ok
13:19:21.0187 2188 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:19:21.0375 2188 AudioSrv - ok
13:19:21.0656 2188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:19:21.0843 2188 audstub - ok
13:19:22.0140 2188 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:19:22.0156 2188 avgntflt - ok
13:19:22.0437 2188 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:19:22.0468 2188 avipbb - ok
13:19:22.0734 2188 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:19:22.0750 2188 avkmgr - ok
13:19:23.0031 2188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:19:23.0234 2188 Beep - ok
13:19:23.0609 2188 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
13:19:23.0968 2188 BITS - ok
13:19:24.0250 2188 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:19:24.0453 2188 Browser - ok
13:19:24.0750 2188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:19:24.0953 2188 cbidf2k - ok
13:19:25.0250 2188 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:19:25.0468 2188 CCDECODE - ok
13:19:25.0718 2188 cd20xrnt - ok
13:19:25.0984 2188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:19:26.0171 2188 Cdaudio - ok
13:19:26.0453 2188 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:19:26.0656 2188 Cdfs - ok
13:19:26.0968 2188 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:19:27.0203 2188 Cdrom - ok
13:19:27.0437 2188 Changer - ok
13:19:27.0656 2188 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
13:19:27.0859 2188 CiSvc - ok
13:19:28.0109 2188 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:19:28.0343 2188 ClipSrv - ok
13:19:28.0531 2188 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:28.0578 2188 clr_optimization_v2.0.50727_32 - ok
13:19:28.0796 2188 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:19:28.0812 2188 clr_optimization_v4.0.30319_32 - ok
13:19:29.0078 2188 CmdIde - ok
13:19:29.0281 2188 COMSysApp - ok
13:19:29.0546 2188 Cpqarray - ok
13:19:29.0609 2188 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Programme\SystemRequirementsLab\cpudrv.sys
13:19:29.0625 2188 cpudrv - ok
13:19:29.0921 2188 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:19:30.0125 2188 CryptSvc - ok
13:19:30.0390 2188 dac2w2k - ok
13:19:30.0640 2188 dac960nt - ok
13:19:30.0984 2188 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:19:31.0156 2188 DcomLaunch - ok
13:19:31.0468 2188 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:19:31.0671 2188 Dhcp - ok
13:19:31.0953 2188 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:19:32.0171 2188 Disk - ok
13:19:32.0437 2188 dmadmin - ok
13:19:32.0953 2188 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:19:33.0578 2188 dmboot - ok
13:19:33.0906 2188 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:19:34.0140 2188 dmio - ok
13:19:34.0437 2188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:19:34.0640 2188 dmload - ok
13:19:34.0906 2188 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:19:35.0078 2188 dmserver - ok
13:19:35.0375 2188 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:19:35.0578 2188 DMusic - ok
13:19:35.0843 2188 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:19:35.0937 2188 Dnscache - ok
13:19:36.0234 2188 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:19:36.0500 2188 Dot3svc - ok
13:19:36.0750 2188 dpti2o - ok
13:19:37.0000 2188 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:19:37.0171 2188 drmkaud - ok
13:19:37.0500 2188 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:19:37.0562 2188 E100B - ok
13:19:37.0812 2188 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:19:38.0015 2188 EapHost - ok
13:19:38.0265 2188 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:19:38.0468 2188 ERSvc - ok
13:19:38.0765 2188 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:19:38.0781 2188 Eventlog - ok
13:19:39.0125 2188 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
13:19:39.0187 2188 EventSystem - ok
13:19:39.0515 2188 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:19:39.0781 2188 Fastfat - ok
13:19:40.0078 2188 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:19:40.0140 2188 FastUserSwitchingCompatibility - ok
13:19:40.0406 2188 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:19:40.0609 2188 Fdc - ok
13:19:40.0906 2188 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
13:19:40.0937 2188 FilterService - ok
13:19:41.0234 2188 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:19:41.0453 2188 Fips - ok
13:19:41.0718 2188 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:19:41.0921 2188 Flpydisk - ok
13:19:42.0203 2188 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:19:42.0437 2188 FltMgr - ok
13:19:42.0609 2188 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:19:42.0671 2188 FontCache3.0.0.0 - ok
13:19:42.0968 2188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:19:43.0140 2188 Fs_Rec - ok
13:19:43.0437 2188 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:19:43.0656 2188 Ftdisk - ok
13:19:43.0937 2188 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:19:44.0156 2188 Gpc - ok
13:19:44.0296 2188 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
13:19:44.0312 2188 gupdate - ok
13:19:44.0359 2188 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
13:19:44.0390 2188 gupdatem - ok
13:19:44.0515 2188 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:19:44.0734 2188 helpsvc - ok
13:19:44.0953 2188 HidServ - ok
13:19:45.0234 2188 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:19:45.0406 2188 HidUsb - ok
13:19:45.0656 2188 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:19:45.0875 2188 hkmsvc - ok
13:19:46.0140 2188 hpn - ok
13:19:46.0484 2188 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:19:46.0546 2188 HTTP - ok
13:19:46.0796 2188 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:19:46.0968 2188 HTTPFilter - ok
13:19:47.0218 2188 i2omgmt - ok
13:19:47.0421 2188 i2omp - ok
13:19:47.0687 2188 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:19:47.0875 2188 i8042prt - ok
13:19:48.0390 2188 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:19:48.0796 2188 ialm - ok
13:19:49.0234 2188 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:19:49.0796 2188 idsvc - ok
13:19:50.0078 2188 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:19:50.0265 2188 Imapi - ok
13:19:50.0562 2188 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
13:19:50.0765 2188 ImapiService - ok
13:19:51.0031 2188 ini910u - ok
13:19:51.0281 2188 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:19:51.0453 2188 IntelIde - ok
13:19:51.0734 2188 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:19:51.0937 2188 intelppm - ok
13:19:52.0203 2188 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:19:52.0437 2188 ip6fw - ok
13:19:52.0718 2188 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:19:52.0906 2188 IpFilterDriver - ok
13:19:53.0187 2188 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:19:53.0375 2188 IpInIp - ok
13:19:53.0781 2188 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:19:53.0968 2188 IpNat - ok
13:19:54.0281 2188 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:19:54.0515 2188 IPSec - ok
13:19:54.0812 2188 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:19:54.0984 2188 IRENUM - ok
13:19:55.0281 2188 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:19:55.0484 2188 isapnp - ok
13:19:55.0625 2188 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Programme\Java\jre6\bin\jqs.exe
13:19:55.0640 2188 JavaQuickStarterService - ok
13:19:55.0906 2188 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:19:56.0093 2188 Kbdclass - ok
13:19:56.0375 2188 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:19:56.0562 2188 kbdhid - ok
13:19:56.0890 2188 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:19:57.0062 2188 kmixer - ok
13:19:57.0359 2188 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:19:57.0484 2188 KSecDD - ok
13:19:57.0765 2188 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:19:57.0828 2188 lanmanserver - ok
13:19:58.0140 2188 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:19:58.0203 2188 lanmanworkstation - ok
13:19:58.0484 2188 lbrtfdc - ok
13:19:58.0718 2188 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:19:58.0906 2188 LmHosts - ok
13:19:59.0203 2188 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
13:19:59.0265 2188 lvpopflt - ok
13:19:59.0546 2188 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
13:19:59.0562 2188 LVPr2Mon - ok
13:19:59.0671 2188 LVPrcSrv (5c7b88695ce461d8bda4fe0c0e57e71d) C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
13:19:59.0687 2188 LVPrcSrv - ok
13:20:00.0062 2188 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:20:00.0156 2188 LVRS - ok
13:20:02.0578 2188 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
13:20:06.0765 2188 LVUVC - ok
13:20:07.0046 2188 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:20:07.0062 2188 MBAMProtector - ok
13:20:07.0343 2188 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
13:20:07.0531 2188 MBAMService - ok
13:20:07.0781 2188 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:20:07.0968 2188 Messenger - ok
13:20:08.0250 2188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:20:08.0421 2188 mnmdd - ok
13:20:08.0671 2188 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
13:20:08.0875 2188 mnmsrvc - ok
13:20:09.0156 2188 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:20:09.0343 2188 Modem - ok
13:20:09.0640 2188 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:20:09.0859 2188 Mouclass - ok
13:20:10.0125 2188 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:20:10.0296 2188 mouhid - ok
13:20:10.0593 2188 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:20:10.0796 2188 MountMgr - ok
13:20:11.0046 2188 mraid35x - ok
13:20:11.0281 2188 MRVW245 - ok
13:20:11.0609 2188 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:20:11.0781 2188 MRxDAV - ok
13:20:12.0218 2188 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:20:12.0421 2188 MRxSmb - ok
13:20:12.0687 2188 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
13:20:12.0890 2188 MSDTC - ok
13:20:13.0203 2188 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:20:13.0375 2188 Msfs - ok
13:20:13.0625 2188 MSIServer - ok
13:20:13.0890 2188 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:20:14.0062 2188 MSKSSRV - ok
13:20:14.0328 2188 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:20:14.0515 2188 MSPCLOCK - ok
13:20:14.0796 2188 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:20:14.0984 2188 MSPQM - ok
13:20:15.0265 2188 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:20:15.0421 2188 mssmbios - ok
13:20:15.0718 2188 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:20:15.0906 2188 MSTEE - ok
13:20:16.0234 2188 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:20:16.0296 2188 Mup - ok
13:20:16.0625 2188 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:20:16.0843 2188 NABTSFEC - ok
13:20:17.0187 2188 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:20:17.0453 2188 napagent - ok
13:20:17.0765 2188 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Programme\Nero\Update\NASvc.exe
13:20:17.0953 2188 NAUpdate - ok
13:20:18.0234 2188 NBVol (0ae25530894a934c6ca600865c6e9d7c) C:\WINDOWS\system32\DRIVERS\NBVol.sys
13:20:18.0265 2188 NBVol - ok
13:20:18.0531 2188 NBVolUp (1ddcef3039c9d90af3529dee6699967d) C:\WINDOWS\system32\DRIVERS\NBVolUp.sys
13:20:18.0546 2188 NBVolUp - ok
13:20:18.0890 2188 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:20:19.0125 2188 NDIS - ok
13:20:19.0406 2188 ndiscm (33c0ba2979df266e67f5e632f41591bb) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
13:20:19.0468 2188 ndiscm - ok
13:20:19.0781 2188 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:20:19.0984 2188 NdisIP - ok
13:20:20.0250 2188 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:20:20.0312 2188 NdisTapi - ok
13:20:20.0609 2188 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:20:20.0812 2188 Ndisuio - ok
13:20:21.0109 2188 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:20:21.0296 2188 NdisWan - ok
13:20:21.0609 2188 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:20:21.0656 2188 NDProxy - ok
13:20:21.0953 2188 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:20:22.0140 2188 NetBIOS - ok
13:20:22.0468 2188 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:20:22.0687 2188 NetBT - ok
13:20:22.0968 2188 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:20:23.0171 2188 NetDDE - ok
13:20:23.0218 2188 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:20:23.0406 2188 NetDDEdsdm - ok
13:20:23.0656 2188 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
13:20:23.0843 2188 Netlogon - ok
13:20:24.0171 2188 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:20:24.0343 2188 Netman - ok
13:20:24.0546 2188 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:20:24.0609 2188 NetTcpPortSharing - ok
13:20:24.0953 2188 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:20:25.0000 2188 Nla - ok
13:20:25.0265 2188 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:20:25.0453 2188 Npfs - ok
13:20:25.0921 2188 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:20:26.0375 2188 Ntfs - ok
13:20:26.0640 2188 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
13:20:26.0812 2188 NtLmSsp - ok
13:20:27.0187 2188 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:20:27.0625 2188 NtmsSvc - ok
13:20:27.0906 2188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:20:28.0078 2188 Null - ok
13:20:28.0328 2188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:20:28.0515 2188 NwlnkFlt - ok
13:20:28.0828 2188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:20:29.0015 2188 NwlnkFwd - ok
13:20:29.0093 2188 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
13:20:29.0140 2188 ose - ok
13:20:29.0453 2188 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:20:29.0640 2188 Parport - ok
13:20:29.0968 2188 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:20:30.0171 2188 PartMgr - ok
13:20:30.0484 2188 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:20:30.0656 2188 ParVdm - ok
13:20:30.0968 2188 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:20:31.0187 2188 PCI - ok
13:20:31.0453 2188 PCIDump - ok
13:20:31.0734 2188 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:20:31.0890 2188 PCIIde - ok
13:20:32.0203 2188 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:20:32.0421 2188 Pcmcia - ok
13:20:32.0671 2188 PDCOMP - ok
13:20:32.0921 2188 PDFRAME - ok
13:20:33.0156 2188 PDRELI - ok
13:20:33.0390 2188 PDRFRAME - ok
13:20:33.0625 2188 perc2 - ok
13:20:33.0859 2188 perc2hib - ok
13:20:34.0171 2188 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:20:34.0218 2188 PlugPlay - ok
13:20:34.0437 2188 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
13:20:34.0609 2188 PolicyAgent - ok
13:20:34.0937 2188 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:20:35.0093 2188 PptpMiniport - ok
13:20:35.0453 2188 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:20:35.0656 2188 Processor - ok
13:20:35.0921 2188 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:20:36.0062 2188 ProtectedStorage - ok
13:20:36.0390 2188 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:20:36.0593 2188 PSched - ok
13:20:36.0875 2188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:20:37.0031 2188 Ptilink - ok
13:20:37.0281 2188 ql1080 - ok
13:20:37.0546 2188 Ql10wnt - ok
13:20:37.0796 2188 ql12160 - ok
13:20:38.0046 2188 ql1240 - ok
13:20:38.0296 2188 ql1280 - ok
13:20:38.0562 2188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:20:38.0734 2188 RasAcd - ok
13:20:39.0000 2188 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:20:39.0234 2188 RasAuto - ok
13:20:39.0546 2188 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:20:39.0703 2188 Rasl2tp - ok
13:20:40.0031 2188 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:20:40.0218 2188 RasMan - ok
13:20:40.0515 2188 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:20:40.0703 2188 RasPppoe - ok
13:20:41.0000 2188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:20:41.0156 2188 Raspti - ok
13:20:41.0484 2188 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:20:41.0656 2188 Rdbss - ok
13:20:41.0937 2188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:20:42.0093 2188 RDPCDD - ok
13:20:42.0484 2188 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:20:42.0671 2188 rdpdr - ok
13:20:43.0000 2188 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:20:43.0093 2188 RDPWD - ok
13:20:43.0359 2188 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:20:43.0578 2188 RDSessMgr - ok
13:20:43.0890 2188 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:20:44.0062 2188 redbook - ok
13:20:44.0343 2188 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:20:44.0546 2188 RemoteAccess - ok
13:20:44.0796 2188 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
13:20:45.0000 2188 RemoteRegistry - ok
13:20:45.0281 2188 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
13:20:45.0484 2188 RpcLocator - ok
13:20:45.0859 2188 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:20:46.0000 2188 RpcSs - ok
13:20:46.0296 2188 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
13:20:46.0500 2188 RSVP - ok
13:20:46.0750 2188 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:20:46.0921 2188 SamSs - ok
13:20:47.0203 2188 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:20:47.0421 2188 SCardSvr - ok
13:20:47.0734 2188 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:20:47.0921 2188 Schedule - ok
13:20:48.0203 2188 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:20:48.0375 2188 Secdrv - ok
13:20:48.0625 2188 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:20:48.0781 2188 seclogon - ok
13:20:49.0046 2188 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:20:49.0234 2188 SENS - ok
13:20:49.0515 2188 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:20:49.0671 2188 serenum - ok
13:20:49.0968 2188 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:20:50.0156 2188 Serial - ok
13:20:50.0484 2188 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:20:50.0671 2188 Sfloppy - ok
13:20:51.0031 2188 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
13:20:51.0359 2188 SharedAccess - ok
13:20:51.0640 2188 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:20:51.0656 2188 ShellHWDetection - ok
13:20:51.0921 2188 Simbad - ok
13:20:52.0187 2188 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:20:52.0359 2188 SLIP - ok
13:20:52.0828 2188 smwdm (5ac51dba9b3a75d6ca79583edbf23001) C:\WINDOWS\system32\drivers\smwdm.sys
13:20:53.0031 2188 smwdm - ok
13:20:53.0296 2188 Sparrow - ok
13:20:53.0546 2188 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:20:53.0718 2188 splitter - ok
13:20:54.0000 2188 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:20:54.0031 2188 Spooler - ok
13:20:54.0359 2188 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:20:54.0531 2188 sr - ok
13:20:54.0828 2188 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
13:20:55.0000 2188 srservice - ok
13:20:55.0375 2188 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:20:55.0562 2188 Srv - ok
13:20:55.0812 2188 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:20:55.0968 2188 SSDPSRV - ok
13:20:56.0265 2188 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:20:56.0281 2188 ssmdrv - ok
13:20:56.0546 2188 StarOpen - ok
13:20:56.0890 2188 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:20:57.0296 2188 stisvc - ok
13:20:57.0562 2188 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:20:57.0765 2188 streamip - ok
13:20:58.0031 2188 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:20:58.0187 2188 swenum - ok
13:20:58.0515 2188 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:20:58.0703 2188 swmidi - ok
13:20:58.0921 2188 SwPrv - ok
13:20:59.0156 2188 symc810 - ok
13:20:59.0406 2188 symc8xx - ok
13:20:59.0625 2188 sym_hi - ok
13:20:59.0859 2188 sym_u3 - ok
13:21:00.0140 2188 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:21:00.0328 2188 sysaudio - ok
13:21:00.0593 2188 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:21:00.0812 2188 SysmonLog - ok
13:21:01.0125 2188 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:21:01.0343 2188 TapiSrv - ok
13:21:01.0734 2188 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:21:01.0906 2188 Tcpip - ok
13:21:02.0203 2188 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:21:02.0375 2188 TDPIPE - ok
13:21:02.0640 2188 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:21:02.0828 2188 TDTCP - ok
13:21:03.0109 2188 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:21:03.0312 2188 TermDD - ok
13:21:03.0656 2188 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:21:03.0843 2188 TermService - ok
13:21:04.0125 2188 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:21:04.0140 2188 Themes - ok
13:21:04.0421 2188 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
13:21:04.0593 2188 TlntSvr - ok
13:21:04.0843 2188 TosIde - ok
13:21:05.0109 2188 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:21:05.0328 2188 TrkWks - ok
13:21:05.0625 2188 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:21:05.0828 2188 Udfs - ok
13:21:06.0093 2188 ultra - ok
13:21:06.0453 2188 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:21:06.0765 2188 Update - ok
13:21:07.0078 2188 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:21:07.0312 2188 upnphost - ok
13:21:07.0562 2188 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:21:07.0718 2188 UPS - ok
13:21:08.0031 2188 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:21:08.0250 2188 usbaudio - ok
13:21:08.0562 2188 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:21:08.0765 2188 usbccgp - ok
13:21:09.0046 2188 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:21:09.0218 2188 usbehci - ok
13:21:09.0515 2188 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:21:09.0703 2188 usbhub - ok
13:21:09.0984 2188 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:21:10.0171 2188 usbprint - ok
13:21:10.0484 2188 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:21:10.0671 2188 USBSTOR - ok
13:21:10.0968 2188 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:21:11.0140 2188 usbuhci - ok
13:21:11.0453 2188 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:21:11.0640 2188 usbvideo - ok
13:21:11.0937 2188 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:21:12.0093 2188 VgaSave - ok
13:21:12.0343 2188 ViaIde - ok
13:21:12.0625 2188 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:21:12.0812 2188 VolSnap - ok
13:21:13.0156 2188 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:21:13.0437 2188 VSS - ok
13:21:13.0734 2188 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
13:21:13.0921 2188 W32Time - ok
13:21:14.0218 2188 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:21:14.0421 2188 Wanarp - ok
13:21:14.0671 2188 WDICA - ok
13:21:14.0937 2188 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:21:15.0140 2188 wdmaud - ok
13:21:15.0390 2188 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:21:15.0578 2188 WebClient - ok
13:21:15.0906 2188 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:21:16.0062 2188 winmgmt - ok
13:21:16.0343 2188 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:21:16.0437 2188 WmdmPmSN - ok
13:21:16.0890 2188 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
13:21:17.0203 2188 Wmi - ok
13:21:17.0515 2188 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:21:17.0671 2188 WmiApSrv - ok
13:21:18.0062 2188 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
13:21:18.0640 2188 WMPNetworkSvc - ok
13:21:19.0078 2188 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:21:19.0546 2188 WPFFontCache_v0400 - ok
13:21:19.0828 2188 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:21:20.0046 2188 WS2IFSL - ok
13:21:20.0312 2188 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
13:21:20.0500 2188 wscsvc - ok
13:21:20.0781 2188 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:21:20.0968 2188 WSTCODEC - ok
13:21:21.0218 2188 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:21:21.0390 2188 wuauserv - ok
13:21:21.0703 2188 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:21:21.0781 2188 WudfPf - ok
13:21:22.0093 2188 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:21:22.0140 2188 WudfRd - ok
13:21:22.0453 2188 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:21:22.0531 2188 WudfSvc - ok
13:21:22.0968 2188 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:21:23.0359 2188 WZCSVC - ok
13:21:23.0671 2188 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:21:23.0875 2188 xmlprov - ok
13:21:24.0187 2188 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
13:21:24.0468 2188 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:21:24.0781 2188 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
13:21:24.0812 2188 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:21:24.0859 2188 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:21:25.0265 2188 \Device\Harddisk0\DR0 - ok
13:21:25.0312 2188 Boot (0x1200) (3cf7210e6bf67c3c41779cbce31dfd27) \Device\Harddisk0\DR0\Partition0
13:21:25.0312 2188 \Device\Harddisk0\DR0\Partition0 - ok
13:21:25.0312 2188 Boot (0x1200) (c7349c1dce436fbad73ca541c341cdff) \Device\Harddisk0\DR0\Partition1
13:21:25.0328 2188 \Device\Harddisk0\DR0\Partition1 - ok
13:21:25.0328 2188 ============================================================
13:21:25.0328 2188 Scan finished
13:21:25.0328 2188 ============================================================
13:21:25.0453 2280 Detected object count: 0
13:21:25.0453 2280 Actual detected object count: 0
|
|
| Themen zu Gema Trojaner - logfiles im Thread |
| administrator, adobe, antivir, avg, avira, avira searchfree toolbar, desktop, einstellungen, escan, excel, explorer, firefox, gematrojaner, google, helper, mozilla, pdf, plug-in, programme, scan, schutz, svchost, system, temp, trojaner, virus, windows, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
