| |
| |||||||
Log-Analyse und Auswertung: Infizierte RegistrierungsschlüsselWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.04.2012, 11:16
| #1 |
 |  Infizierte Registrierungsschlüssel Hi Habe hier schon ein thema mit dem laptop von meinen bruder. Dachte mir ich kann mal über meinen gamer-pc Malwarebytes laufen lassen und habe auch 13 einträge bekommen unter anderem im Registrierungsschlüssel. Hier mal der ganze bericht. Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.07.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Jagger :: JAEGER [Administrator] Schutz: Aktiviert 06.10.2007 22:59:14 mbam-log-2007-10-06 (22-59-14).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291712 Laufzeit: 47 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.Mongoose) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 5 C:\Programme\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Programme\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Application Data\SalesMon (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 O:\System Volume Information\_restore{76F88FA9-22F7-4C86-BEF8-3B814320775E}\RP192\A0428247.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Programme\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Programme\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. O:\Nicht verwendete Desktopverknüpfungen\setup.exe (Adware.Mongoose) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Was ist zu tun? Denke mal ist nicht ok so. Danke schon mal Jagger |
|
07.04.2012, 19:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infizierte Registrierungsschlüssel Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
07.04.2012, 19:50
| #3 |
| | Infizierte Registrierungsschlüssel Hi
__________________Ja hatte vor 3-4 Jahren schon mal probleme mit den ich hier war. Leider habe ich keine log berichte mehr von den weil ich Malwarebytes neu insterlieren muste weil ich es nicht akualisieren konnte. Hier der link vom alten post http://www.trojaner-board.de/52981-v...ging-loss.html . |
|
07.04.2012, 19:51
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.04.2012, 20:33
| #5 |
| | Infizierte Registrierungsschlüssel Hi Bekomme von der eset seite nicht runter. Wenn ich auf starten klick beomme ich immer die meldung Diese Webseite wurde geschlossen, um den Computer zu schützen. avast ist aus. fierwall auch Jagger Hi Habe es doch noch geschaft. Die add-ons waren schuld. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1928483cf8d5144c945ab7d46ae31f44 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-04-08 07:48:34 # local_time=2012-04-08 09:48:34 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 50677208 50677208 0 0 # compatibility_mode=1280 16777195 100 0 0 0 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 185 185 0 0 # scanned=81842 # found=9 # cleaned=0 # scan_time=2026 C:\Dokumente und Einstellungen\Jagger\Eigene Dateien\ComboFix.exe probably a variant of Win32/Agent.NMHEITL trojan (unable to clean) 00000000000000000000000000000000 I C:\QooBox\Quarantine\C\WINDOWS\system32\allcqwcb.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I C:\QooBox\Quarantine\C\WINDOWS\system32\hjfuwhym.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I C:\QooBox\Quarantine\C\WINDOWS\system32\kRCdNqru.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I C:\QooBox\Quarantine\C\WINDOWS\system32\kRCdNqru.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I C:\QooBox\Quarantine\C\WINDOWS\system32\rgvibvwn.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I O:\Everest_Poker.exe a variant of Win32/Casino application (unable to clean) 00000000000000000000000000000000 I O:\SoftonicDownloader14297.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I O:\SoftonicDownloader85222.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I Jagger |
|
08.04.2012, 16:13
| #6 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte RegistrierungsschlüsselZitat:
Zitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Infizierte Registrierungsschlüssel |
|
09.04.2012, 11:59
| #7 |
| | Infizierte Registrierungsschlüssel Hi Hier der erste log. Code:
ATTFilter OTL logfile created on: 09.04.2012 12:53:02 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Jagger\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,72% Memory free 5,34 Gb Paging File | 5,02 Gb Available in Paging File | 94,14% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 3,98 Gb Free Space | 8,15% Space Free | Partition Type: NTFS Drive O: | 195,31 Gb Total Space | 2,16 Gb Free Space | 1,11% Space Free | Partition Type: NTFS Drive W: | 221,62 Gb Total Space | 1,89 Gb Free Space | 0,85% Space Free | Partition Type: NTFS Computer Name: JAEGER | User Name: Jagger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Jagger\desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Alwil Software\Avast5\defs\12040900\algo.dll () MOD - C:\Programme\Alwil Software\Avast5\defs\12040800\algo.dll () MOD - C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe () MOD - C:\Programme\Delux\PS2 Keyboard English Edition\Deluxkbd.dll () ========== Win32 Services (SafeList) ========== SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (StarOpen) -- File not found DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.sys File not found DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS File not found DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NETFRITZ) -- System32\DRIVERS\NETFRITZ.SYS File not found DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found DRV - (LXARScan) -- System32\Drivers\Lxarscan.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.) DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software) DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (DAdderFltr) -- C:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (usb2vcom) -- C:\WINDOWS\system32\drivers\usb2vcom.sys () DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron ) DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) DRV - (AVMPORT) -- C:\WINDOWS\system32\drivers\avmport.sys (AVM Berlin) DRV - (DIGIRPS) -- C:\WINDOWS\system32\drivers\digirlpt.sys (Digi International, Inc.) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.biut.de/ IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVDX2&o=14642&src=crm&q={searchTerms}&locale=de_DE IE - HKCU\..\SearchScopes\{45598712-1ED3-4F4E-9848-132393493C78}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Programme\RelevantKnowledge ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2008.05.25 15:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PS2 Keyboard English Edition.lnk = C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O15 - HKCU\..Trusted Domains: eset.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: internet ([]about in Lokales Intranet) O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.) O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} hxxp://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8984FBF3-2C22-4454-A416-8F56993FD9BE}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABB1E62E-D031-4642-985A-B2F80FC3E540}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jagger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jagger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.03.19 03:48:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{24f57d01-f9f7-11de-a276-806d6172696f}\Shell\AutoRun\command - "" = E:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2100.02.08 17:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Programme\ACMonitor_X73.exe [2012.04.09 12:45:17 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jagger\Desktop\OTL.exe [2012.04.08 09:11:43 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.04.08 09:04:09 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [2012.04.08 09:03:38 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2012.04.08 09:02:39 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.09 12:49:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.09 12:45:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jagger\Desktop\OTL.exe [2012.04.09 12:42:10 | 000,004,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.04.09 12:42:08 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.09 12:42:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.09 12:36:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.08 10:25:29 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.04.08 10:23:17 | 000,451,126 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.08 10:23:17 | 000,434,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.08 10:23:17 | 000,081,656 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.08 10:23:17 | 000,068,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.08 10:19:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.03.21 10:32:18 | 000,638,784 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Jagger\Desktop\autoruns.exe [2012.03.21 10:32:18 | 000,557,888 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Jagger\Desktop\autorunsc.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2100.02.23 15:35:34 | 000,000,768 | ---- | C] () -- C:\Programme\x73_lut.dat [2100.02.08 16:53:34 | 000,001,437 | ---- | C] () -- C:\Programme\gtx73.ini [2012.04.08 10:11:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.04.08 09:03:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.04.08 09:03:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2010.08.31 18:07:43 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wiso.ini ========== LOP Check ========== [2009.10.03 10:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1Click DVD Copy Pro [2010.08.30 15:25:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2008.12.11 19:39:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2010.08.31 18:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009.01.01 15:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2009.01.04 18:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2009.01.28 20:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GraphicRemedy [2009.07.20 17:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.06.18 11:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.10.05 18:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2007.10.07 01:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2007.10.07 07:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2009.07.05 10:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.02.15 21:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2008.05.10 11:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2008.05.10 11:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\acccore [2008.12.11 19:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Ashampoo [2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Canneverbe Limited [2008.11.29 13:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2011.03.15 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DC++ [2008.03.30 14:05:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DeepBurner [2009.02.11 20:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FileZilla [2008.11.14 10:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FRITZ! [2009.01.28 20:43:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gDEBugger [2009.10.03 09:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GetRightToGo [2007.01.01 00:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GlarySoft [2008.09.14 13:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gtk-2.0 [2007.03.20 05:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze [2008.03.30 13:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InfraRecorder [2008.11.08 09:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Kazaa Lite [2009.06.18 12:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Nokia [2011.03.09 14:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Paltalk [2009.06.18 12:27:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PC Suite [2008.07.20 20:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Pegasys Inc [2009.08.13 18:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PingTesterDataBas [2011.05.21 13:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong [2008.05.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht [2007.10.07 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Vso ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 111 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 < End of report > Und der zweite log nach dem einfügen. Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
Habe es schon versucht zu löschen, leider bekomme ich es nicht hin. Wenn ich es in der system löschen will reagiert es einfach nicht. Jagger Geändert von Jagger192 (09.04.2012 um 12:13 Uhr) |
|
09.04.2012, 17:19
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte RegistrierungsschlüsselZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2012, 16:38
| #9 | |
| | Infizierte RegistrierungsschlüsselZitat:
Kann dir nicht genau sagen wo der ordner her kommt. Er wurde aber am 22.5.2008 erstellt, und ich war hier zum erstem mal am 25.5.2008. Also denke ich das er nicht vom combofix ist. Hatte damals ADD2008 ausgeführt, kann es sein das der ordener davon stammt  Auf jeden fall ist er noch auf dem rechner. Jagger Geändert von Jagger192 (10.04.2012 um 17:20 Uhr) |
|
10.04.2012, 18:48
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel Dann ist der CF-Ordner also schon vier Jahre alt. Zitat:
 1.) Hast du den Haken bei alle Benutzer vergessen 2.) Das war kein CustomScan Was soll es bringen haargenau meinen Text in meiner Code-Box nochmal zu zu posten, diesen Text habe ich schon selber
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2012, 19:29
| #11 |
| | Infizierte Registrierungsschlüssel [QUOTE=cosinus;812179]Dann ist der CF-Ordner also schon vier Jahre alt. [QUOTE] Ja genau. So hier noch mal den 2 log hoffe habe jetzt alles richtig gemacht. Code:
ATTFilter OTL logfile created on: 10.04.2012 20:02:08 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Jagger\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 3,03 Gb Available Physical Memory | 86,71% Memory free 5,34 Gb Paging File | 5,06 Gb Available in Paging File | 94,73% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 3,90 Gb Free Space | 7,99% Space Free | Partition Type: NTFS Drive E: | 963,46 Mb Total Space | 782,21 Mb Free Space | 81,19% Space Free | Partition Type: FAT32 Drive O: | 195,31 Gb Total Space | 2,16 Gb Free Space | 1,11% Space Free | Partition Type: NTFS Drive W: | 221,62 Gb Total Space | 1,89 Gb Free Space | 0,85% Space Free | Partition Type: NTFS Computer Name: JAEGER | User Name: Jagger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Jagger\desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Alwil Software\Avast5\defs\12041001\algo.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe () MOD - C:\Programme\Delux\PS2 Keyboard English Edition\Deluxkbd.dll () ========== Win32 Services (SafeList) ========== SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (StarOpen) -- File not found DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.sys File not found DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS File not found DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NETFRITZ) -- System32\DRIVERS\NETFRITZ.SYS File not found DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found DRV - (LXARScan) -- System32\Drivers\Lxarscan.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.) DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software) DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (DAdderFltr) -- C:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (usb2vcom) -- C:\WINDOWS\system32\drivers\usb2vcom.sys () DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron ) DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) DRV - (AVMPORT) -- C:\WINDOWS\system32\drivers\avmport.sys (AVM Berlin) DRV - (DIGIRPS) -- C:\WINDOWS\system32\drivers\digirlpt.sys (Digi International, Inc.) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.biut.de/ IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVDX2&o=14642&src=crm&q={searchTerms}&locale=de_DE IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{45598712-1ED3-4F4E-9848-132393493C78}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Programme\RelevantKnowledge ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2008.05.25 15:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PS2 Keyboard English Edition.lnk = C:\Programme\Delux\PS2 Keyboard English Edition\Keyboard.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O15 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..Trusted Domains: eset.com ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..Trusted Domains: internet ([]about in Lokales Intranet) O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.) O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} hxxp://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8984FBF3-2C22-4454-A416-8F56993FD9BE}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABB1E62E-D031-4642-985A-B2F80FC3E540}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jagger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jagger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.03.19 03:48:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{24f57d01-f9f7-11de-a276-806d6172696f}\Shell\AutoRun\command - "" = E:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - File not found MsConfig - StartUpReg: AnyDVD - hkey= - key= - File not found MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sdauxservice - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SafeBootMin: sdcoreservice - Reg Error: Value error. SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sdauxservice - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SafeBootNet: sdcoreservice - Reg Error: Value error. SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2100.02.08 17:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Programme\ACMonitor_X73.exe [2012.04.10 17:46:44 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Jagger\Desktop\ccsetup317.exe [2012.04.09 12:45:17 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jagger\Desktop\OTL.exe [2012.04.08 09:11:43 | 000,000,000 | ---D | C] -- C:\Programme\ESET [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.10 19:49:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.10 17:47:44 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.04.10 17:46:52 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Jagger\Desktop\ccsetup317.exe [2012.04.10 17:27:15 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.10 17:27:14 | 000,004,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.04.10 17:27:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.10 17:27:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.09 12:45:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jagger\Desktop\OTL.exe [2012.04.08 10:25:29 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.04.08 10:23:17 | 000,451,126 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.08 10:23:17 | 000,434,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.08 10:23:17 | 000,081,656 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.08 10:23:17 | 000,068,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.08 10:19:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.03.21 10:32:18 | 000,638,784 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Jagger\Desktop\autoruns.exe [2012.03.21 10:32:18 | 000,557,888 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Jagger\Desktop\autorunsc.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2100.02.23 15:35:34 | 000,000,768 | ---- | C] () -- C:\Programme\x73_lut.dat [2100.02.08 16:53:34 | 000,001,437 | ---- | C] () -- C:\Programme\gtx73.ini [2012.04.10 17:47:44 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.04.08 10:11:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.04.08 09:03:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.04.08 09:03:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2010.08.31 18:07:43 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wiso.ini ========== LOP Check ========== [2009.10.03 10:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1Click DVD Copy Pro [2010.08.30 15:25:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2008.12.11 19:39:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2010.08.31 18:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009.01.01 15:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2009.01.04 18:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2009.01.28 20:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GraphicRemedy [2009.07.20 17:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.06.18 11:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.10.05 18:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2007.10.07 01:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2007.10.07 07:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2009.07.05 10:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.02.15 21:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2008.05.10 11:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2008.05.10 11:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\acccore [2008.12.11 19:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Ashampoo [2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Canneverbe Limited [2008.11.29 13:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2011.03.15 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DC++ [2008.03.30 14:05:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DeepBurner [2009.02.11 20:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FileZilla [2008.11.14 10:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FRITZ! [2009.01.28 20:43:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gDEBugger [2009.10.03 09:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GetRightToGo [2007.01.01 00:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GlarySoft [2008.09.14 13:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gtk-2.0 [2007.03.20 05:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze [2008.03.30 13:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InfraRecorder [2008.11.08 09:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Kazaa Lite [2009.06.18 12:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Nokia [2011.03.09 14:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Paltalk [2009.06.18 12:27:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PC Suite [2008.07.20 20:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Pegasys Inc [2009.08.13 18:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PingTesterDataBas [2011.05.21 13:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong [2008.05.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht [2007.10.07 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Vso ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.05.10 11:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\acccore [2009.01.16 18:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Adobe [2008.12.11 19:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Ashampoo [2011.03.29 10:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Canneverbe Limited [2008.11.29 13:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2011.03.15 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DC++ [2008.03.30 14:05:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\DeepBurner [2009.12.18 12:07:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\dvdcss [2009.02.11 20:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FileZilla [2008.11.14 10:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\FRITZ! [2009.01.28 20:43:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gDEBugger [2009.10.03 09:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GetRightToGo [2007.01.01 00:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\GlarySoft [2008.09.06 10:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Google [2008.09.14 13:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\gtk-2.0 [2007.03.20 05:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze [2008.03.20 19:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Help [2008.03.28 12:24:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Identities [2008.03.30 13:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InfraRecorder [2008.03.19 04:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InstallShield [2008.09.14 18:41:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InstallShield Installation Information [2008.11.08 09:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Kazaa Lite [2010.04.01 17:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Macromedia [2009.05.13 18:16:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Malwarebytes [2008.08.31 10:32:27 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Microsoft [2011.04.11 20:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\mIRC [2008.10.23 19:03:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\MSN6 [2008.11.20 22:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\NCH Software [2009.11.19 21:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Nero [2009.11.19 21:39:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\NeroDigital(TM) [2009.06.18 12:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Nokia [2011.03.09 14:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Paltalk [2009.06.18 12:27:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PC Suite [2009.06.17 07:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PC Tools [2008.07.20 20:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Pegasys Inc [2009.08.13 18:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PingTesterDataBas [2011.05.21 13:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong [2008.04.12 17:13:25 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\SecuROM [2008.10.23 20:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Sun [2008.05.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht [2011.04.08 16:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\vlc [2007.10.07 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Vso [2009.02.13 11:29:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\WinRAR [2009.05.13 18:06:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2007.10.07 07:23:22 | 000,087,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\inst.exe [2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze\uninstall.exe [2008.09.14 18:26:19 | 000,331,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe [2009.08.13 18:17:15 | 000,040,960 | ---- | M] (ss) -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PingTesterDataBas\PingIPscan2008112.exe < %SYSTEMDRIVE%\*.exe > [2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2002.08.29 03:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2002.08.29 03:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2002.08.29 03:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll [2002.08.29 03:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2002.08.29 03:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2008.03.19 04:35:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.03.19 04:35:39 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.03.19 04:35:39 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 111 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 < End of report > |
|
11.04.2012, 10:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.sys File not found
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS File not found
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File not found
DRV - (NETFRITZ) -- System32\DRIVERS\NETFRITZ.SYS File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (LXARScan) -- System32\Drivers\Lxarscan.sys File not found
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.biut.de/
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=DVDX2&o=14642&src=crm&q={searchTerms}&locale=de_DE
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{45598712-1ED3-4F4E-9848-132393493C78}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.19 03:48:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24f57d01-f9f7-11de-a276-806d6172696f}\Shell\AutoRun\command - "" = E:\setupSNK.exe
[2007.03.20 05:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze
[2011.05.21 13:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong
[2008.05.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht
@Alternate Data Stream - 111 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
:Files
C:\Programme\softonic-de3
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2012, 17:54
| #13 |
| | Infizierte Registrierungsschlüssel Hi Ging alles ohne probleme. Code:
ATTFilter All processes killed
========== OTL ==========
Service SASKUTIL stopped successfully!
Service SASKUTIL deleted successfully!
File C:\Programme\SUPERAntiSpyware\SASKUTIL.sys File not found not found.
Service SASENUM stopped successfully!
Service SASENUM deleted successfully!
File C:\Programme\SUPERAntiSpyware\SASENUM.SYS File not found not found.
Service SASDIFSV stopped successfully!
Service SASDIFSV deleted successfully!
File C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File not found not found.
Service NETFRITZ stopped successfully!
Service NETFRITZ deleted successfully!
File System32\DRIVERS\NETFRITZ.SYS File not found not found.
Service motmodem stopped successfully!
Service motmodem deleted successfully!
File system32\DRIVERS\motmodem.sys File not found not found.
Service LXARScan stopped successfully!
Service LXARScan deleted successfully!
File System32\Drivers\Lxarscan.sys File not found not found.
HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\prxtbsof0.dll moved successfully.
HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{45598712-1ED3-4F4E-9848-132393493C78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45598712-1ED3-4F4E-9848-132393493C78}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\prxtbsof0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24f57d01-f9f7-11de-a276-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24f57d01-f9f7-11de-a276-806d6172696f}\ not found.
File E:\setupSNK.exe not found.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\Gutscheinmieze folder moved successfully.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\PriceGong folder moved successfully.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht\Logs folder moved successfully.
C:\Dokumente und Einstellungen\Jagger\Anwendungsdaten\VirusSchlacht folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\Programme\softonic-de3 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 225820 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Jagger
->Temp folder emptied: 582083627 bytes
->Temporary Internet Files folder emptied: 15335139 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1563 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 8643206 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 14932652 bytes
%systemroot%\System32 .tmp files removed: 2676103 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 24192 bytes
Windows Temp folder emptied: 1176422 bytes
RecycleBin emptied: 2345340 bytes
Total Files Cleaned = 599,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Jagger
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04112012_184941
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Jagger |
|
11.04.2012, 18:44
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2012, 11:16
| #15 |
| | Infizierte Registrierungsschlüssel Hi Wie kann ich den die fehler mit skip behanden? Hier das log Code:
ATTFilter 12:00:37.0633 1936 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:00:38.0039 1936 ============================================================
12:00:38.0039 1936 Current date / time: 2012/04/15 12:00:38.0039
12:00:38.0039 1936 SystemInfo:
12:00:38.0039 1936
12:00:38.0039 1936 OS Version: 5.1.2600 ServicePack: 3.0
12:00:38.0039 1936 Product type: Workstation
12:00:38.0039 1936 ComputerName: JAEGER
12:00:38.0039 1936 UserName: Jagger
12:00:38.0039 1936 Windows directory: C:\WINDOWS
12:00:38.0039 1936 System windows directory: C:\WINDOWS
12:00:38.0039 1936 Processor architecture: Intel x86
12:00:38.0039 1936 Number of processors: 2
12:00:38.0039 1936 Page size: 0x1000
12:00:38.0039 1936 Boot type: Normal boot
12:00:38.0039 1936 ============================================================
12:00:39.0321 1936 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:00:39.0321 1936 Drive \Device\Harddisk1\DR4 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:00:39.0321 1936 \Device\Harddisk0\DR0:
12:00:39.0321 1936 MBR used
12:00:39.0321 1936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
12:00:39.0336 1936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x1869E559
12:00:39.0336 1936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E845EFE, BlocksNum 0x1BB3ED43
12:00:39.0336 1936 \Device\Harddisk1\DR4:
12:00:39.0336 1936 MBR used
12:00:39.0336 1936 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xB, StartLBA 0x58, BlocksNum 0x1E3BA8
12:00:39.0774 1936 Initialize success
12:00:39.0774 1936 ============================================================
12:03:29.0586 3100 ============================================================
12:03:29.0586 3100 Scan started
12:03:29.0586 3100 Mode: Manual; SigCheck; TDLFS;
12:03:29.0586 3100 ============================================================
12:03:29.0868 3100 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:03:29.0946 3100 Aavmker4 - ok
12:03:29.0961 3100 Abiosdsk - ok
12:03:29.0961 3100 abp480n5 - ok
12:03:29.0993 3100 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:03:30.0102 3100 ACPI - ok
12:03:30.0118 3100 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:03:30.0196 3100 ACPIEC - ok
12:03:30.0196 3100 adpu160m - ok
12:03:30.0211 3100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:03:30.0274 3100 aec - ok
12:03:30.0305 3100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:03:30.0321 3100 AFD - ok
12:03:30.0321 3100 Aha154x - ok
12:03:30.0336 3100 aic78u2 - ok
12:03:30.0336 3100 aic78xx - ok
12:03:30.0368 3100 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:03:30.0430 3100 Alerter - ok
12:03:30.0430 3100 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:03:30.0461 3100 ALG - ok
12:03:30.0477 3100 AliIde - ok
12:03:30.0477 3100 amsint - ok
12:03:30.0508 3100 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:03:30.0539 3100 AppMgmt - ok
12:03:30.0586 3100 AR9271 (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys
12:03:30.0649 3100 AR9271 - ok
12:03:30.0649 3100 asc - ok
12:03:30.0664 3100 asc3350p - ok
12:03:30.0664 3100 asc3550 - ok
12:03:30.0727 3100 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:03:30.0727 3100 aspnet_state - ok
12:03:30.0743 3100 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:03:30.0743 3100 aswFsBlk - ok
12:03:30.0774 3100 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
12:03:30.0774 3100 aswMon2 - ok
12:03:30.0789 3100 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
12:03:30.0805 3100 aswRdr - ok
12:03:30.0836 3100 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
12:03:30.0852 3100 aswSnx - ok
12:03:30.0883 3100 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
12:03:30.0883 3100 aswSP - ok
12:03:30.0899 3100 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
12:03:30.0899 3100 aswTdi - ok
12:03:30.0930 3100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:03:30.0993 3100 AsyncMac - ok
12:03:30.0993 3100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:03:31.0071 3100 atapi - ok
12:03:31.0071 3100 Atdisk - ok
12:03:31.0102 3100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:03:31.0164 3100 Atmarpc - ok
12:03:31.0180 3100 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:03:31.0258 3100 AudioSrv - ok
12:03:31.0274 3100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:03:31.0336 3100 audstub - ok
12:03:31.0399 3100 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
12:03:31.0414 3100 avast! Antivirus - ok
12:03:31.0430 3100 AVMPORT (02568a764ef2c37cfa6f9c471e67d475) C:\WINDOWS\System32\drivers\avmport.sys
12:03:31.0430 3100 AVMPORT ( UnsignedFile.Multi.Generic ) - warning
12:03:31.0430 3100 AVMPORT - detected UnsignedFile.Multi.Generic (1)
12:03:31.0461 3100 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
12:03:31.0524 3100 AVMWAN - ok
12:03:31.0539 3100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:03:31.0618 3100 Beep - ok
12:03:31.0649 3100 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:03:31.0727 3100 BITS - ok
12:03:31.0743 3100 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:03:31.0774 3100 Bridge - ok
12:03:31.0774 3100 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:03:31.0805 3100 BridgeMP - ok
12:03:31.0836 3100 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:03:31.0899 3100 Browser - ok
12:03:31.0930 3100 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
12:03:31.0961 3100 BTHPORT - ok
12:03:31.0977 3100 BthServ (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
12:03:32.0039 3100 BthServ - ok
12:03:32.0055 3100 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:03:32.0118 3100 BTHUSB - ok
12:03:32.0133 3100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:03:32.0196 3100 cbidf2k - ok
12:03:32.0211 3100 cd20xrnt - ok
12:03:32.0227 3100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:03:32.0289 3100 Cdaudio - ok
12:03:32.0321 3100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:03:32.0383 3100 Cdfs - ok
12:03:32.0414 3100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:03:32.0477 3100 Cdrom - ok
12:03:32.0477 3100 Changer - ok
12:03:32.0508 3100 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:03:32.0571 3100 CiSvc - ok
12:03:32.0602 3100 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:03:32.0664 3100 ClipSrv - ok
12:03:32.0727 3100 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:03:32.0743 3100 clr_optimization_v2.0.50727_32 - ok
12:03:32.0743 3100 CmdIde - ok
12:03:32.0743 3100 COMSysApp - ok
12:03:32.0758 3100 Cpqarray - ok
12:03:32.0774 3100 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:03:32.0836 3100 CryptSvc - ok
12:03:32.0852 3100 dac2w2k - ok
12:03:32.0852 3100 dac960nt - ok
12:03:32.0883 3100 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
12:03:32.0883 3100 DAdderFltr - ok
12:03:32.0914 3100 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:03:32.0930 3100 DcomLaunch - ok
12:03:32.0977 3100 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:03:33.0039 3100 Dhcp - ok
12:03:33.0071 3100 DIGIRPS (ac831d7c56b5c30a7b0987c4d8dd7608) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
12:03:33.0133 3100 DIGIRPS - ok
12:03:33.0149 3100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:03:33.0211 3100 Disk - ok
12:03:33.0227 3100 dmadmin - ok
12:03:33.0258 3100 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:03:33.0368 3100 dmboot - ok
12:03:33.0383 3100 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:03:33.0446 3100 dmio - ok
12:03:33.0461 3100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:03:33.0539 3100 dmload - ok
12:03:33.0555 3100 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:03:33.0618 3100 dmserver - ok
12:03:33.0633 3100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:03:33.0696 3100 DMusic - ok
12:03:33.0711 3100 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:03:33.0727 3100 Dnscache - ok
12:03:33.0758 3100 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:03:33.0821 3100 Dot3svc - ok
12:03:33.0821 3100 dpti2o - ok
12:03:33.0836 3100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:03:33.0899 3100 drmkaud - ok
12:03:33.0930 3100 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:03:33.0993 3100 EapHost - ok
12:03:34.0024 3100 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:03:34.0086 3100 ERSvc - ok
12:03:34.0102 3100 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:03:34.0133 3100 Eventlog - ok
12:03:34.0149 3100 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
12:03:34.0180 3100 EventSystem - ok
12:03:34.0196 3100 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
12:03:34.0196 3100 ezplay ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0196 3100 ezplay - detected UnsignedFile.Multi.Generic (1)
12:03:34.0211 3100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:03:34.0274 3100 Fastfat - ok
12:03:34.0305 3100 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:03:34.0336 3100 FastUserSwitchingCompatibility - ok
12:03:34.0336 3100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:03:34.0399 3100 Fdc - ok
12:03:34.0430 3100 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:03:34.0493 3100 Fips - ok
12:03:34.0508 3100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:03:34.0571 3100 Flpydisk - ok
12:03:34.0602 3100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:03:34.0664 3100 FltMgr - ok
12:03:34.0711 3100 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:03:34.0727 3100 FontCache3.0.0.0 - ok
12:03:34.0743 3100 fpcibase (03ddba31f856936baddd2d66e111faed) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
12:03:34.0789 3100 fpcibase - ok
12:03:34.0805 3100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:03:34.0868 3100 Fs_Rec - ok
12:03:34.0883 3100 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:03:34.0946 3100 Ftdisk - ok
12:03:34.0961 3100 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
12:03:35.0493 3100 gdrv - ok
12:03:35.0524 3100 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
12:03:35.0539 3100 giveio ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0539 3100 giveio - detected UnsignedFile.Multi.Generic (1)
12:03:35.0571 3100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:03:35.0649 3100 Gpc - ok
12:03:35.0696 3100 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:03:35.0696 3100 gupdate - ok
12:03:35.0711 3100 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:03:35.0711 3100 gupdatem - ok
12:03:35.0727 3100 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:03:35.0805 3100 HDAudBus - ok
12:03:35.0836 3100 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:03:35.0899 3100 helpsvc - ok
12:03:35.0914 3100 HidServ - ok
12:03:35.0930 3100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:03:36.0008 3100 hidusb - ok
12:03:36.0024 3100 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:03:36.0086 3100 hkmsvc - ok
12:03:36.0102 3100 hpn - ok
12:03:36.0118 3100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:03:36.0133 3100 HTTP - ok
12:03:36.0164 3100 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:03:36.0227 3100 HTTPFilter - ok
12:03:36.0243 3100 i2omgmt - ok
12:03:36.0243 3100 i2omp - ok
12:03:36.0258 3100 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:03:36.0321 3100 i8042prt - ok
12:03:36.0383 3100 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:03:36.0383 3100 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:03:36.0383 3100 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:03:36.0461 3100 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:03:36.0493 3100 idsvc - ok
12:03:36.0508 3100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:03:36.0586 3100 Imapi - ok
12:03:36.0618 3100 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:03:36.0696 3100 ImapiService - ok
12:03:36.0696 3100 ini910u - ok
12:03:36.0789 3100 IntcAzAudAddService (e37589414437a60797e94c0f57c546db) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:03:36.0899 3100 IntcAzAudAddService - ok
12:03:36.0914 3100 IntelIde - ok
12:03:36.0930 3100 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:03:36.0993 3100 intelppm - ok
12:03:37.0008 3100 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:03:37.0071 3100 ip6fw - ok
12:03:37.0102 3100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:03:37.0164 3100 IpFilterDriver - ok
12:03:37.0164 3100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:03:37.0243 3100 IpInIp - ok
12:03:37.0258 3100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:03:37.0336 3100 IpNat - ok
12:03:37.0352 3100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:03:37.0414 3100 IPSec - ok
12:03:37.0430 3100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:03:37.0461 3100 IRENUM - ok
12:03:37.0477 3100 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:03:37.0539 3100 isapnp - ok
12:03:37.0555 3100 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
12:03:37.0555 3100 JGOGO - ok
12:03:37.0571 3100 JRAID (f90a4e8657319a652e04c5362926cfea) C:\WINDOWS\system32\DRIVERS\jraid.sys
12:03:37.0586 3100 JRAID - ok
12:03:37.0602 3100 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:03:37.0664 3100 Kbdclass - ok
12:03:37.0664 3100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:03:37.0743 3100 kmixer - ok
12:03:37.0758 3100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:03:37.0758 3100 KSecDD - ok
12:03:37.0789 3100 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:03:37.0805 3100 lanmanserver - ok
12:03:37.0821 3100 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:03:37.0852 3100 lanmanworkstation - ok
12:03:37.0852 3100 lbrtfdc - ok
12:03:37.0852 3100 LexBceS - ok
12:03:37.0883 3100 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:03:37.0946 3100 LmHosts - ok
12:03:37.0977 3100 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:03:38.0039 3100 Messenger - ok
12:03:38.0055 3100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:03:38.0133 3100 mnmdd - ok
12:03:38.0149 3100 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
12:03:38.0211 3100 mnmsrvc - ok
12:03:38.0227 3100 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:03:38.0289 3100 Modem - ok
12:03:38.0305 3100 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:03:38.0383 3100 Mouclass - ok
12:03:38.0399 3100 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:03:38.0461 3100 mouhid - ok
12:03:38.0477 3100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:03:38.0539 3100 MountMgr - ok
12:03:38.0539 3100 mraid35x - ok
12:03:38.0555 3100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:03:38.0618 3100 MRxDAV - ok
12:03:38.0649 3100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:03:38.0664 3100 MRxSmb - ok
12:03:38.0680 3100 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
12:03:38.0758 3100 MSDTC - ok
12:03:38.0758 3100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:03:38.0821 3100 Msfs - ok
12:03:38.0836 3100 MSIServer - ok
12:03:38.0852 3100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:03:38.0914 3100 MSKSSRV - ok
12:03:38.0930 3100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:03:38.0993 3100 MSPCLOCK - ok
12:03:39.0008 3100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:03:39.0071 3100 MSPQM - ok
12:03:39.0086 3100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:03:39.0149 3100 mssmbios - ok
12:03:39.0164 3100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:03:39.0180 3100 Mup - ok
12:03:39.0196 3100 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:03:39.0289 3100 napagent - ok
12:03:39.0321 3100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:03:39.0383 3100 NDIS - ok
12:03:39.0414 3100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:03:39.0414 3100 NdisTapi - ok
12:03:39.0446 3100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:03:39.0508 3100 Ndisuio - ok
12:03:39.0539 3100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:03:39.0602 3100 NdisWan - ok
12:03:39.0633 3100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:03:39.0649 3100 NDProxy - ok
12:03:39.0696 3100 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
12:03:39.0727 3100 Nero BackItUp Scheduler 4.0 - ok
12:03:39.0743 3100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:03:39.0805 3100 NetBIOS - ok
12:03:39.0821 3100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:03:39.0883 3100 NetBT - ok
12:03:39.0914 3100 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:03:39.0993 3100 NetDDE - ok
12:03:39.0993 3100 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:03:40.0071 3100 NetDDEdsdm - ok
12:03:40.0086 3100 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:03:40.0149 3100 Netlogon - ok
12:03:40.0180 3100 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:03:40.0258 3100 Netman - ok
12:03:40.0321 3100 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:03:40.0321 3100 NetTcpPortSharing - ok
12:03:40.0352 3100 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:03:40.0368 3100 Nla - ok
12:03:40.0383 3100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:03:40.0446 3100 Npfs - ok
12:03:40.0477 3100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:03:40.0555 3100 Ntfs - ok
12:03:40.0555 3100 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
12:03:40.0633 3100 NtLmSsp - ok
12:03:40.0649 3100 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:03:40.0743 3100 NtmsSvc - ok
12:03:40.0758 3100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:03:40.0821 3100 Null - ok
12:03:40.0946 3100 nv (b518ab25714821ae21677a8ada1fdf86) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:03:41.0164 3100 nv ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0164 3100 nv - detected UnsignedFile.Multi.Generic (1)
12:03:41.0180 3100 NVSvc (77ecdf9e3d43d4e86e85b73886992625) C:\WINDOWS\system32\nvsvc32.exe
12:03:41.0196 3100 NVSvc ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0196 3100 NVSvc - detected UnsignedFile.Multi.Generic (1)
12:03:41.0211 3100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:03:41.0274 3100 NwlnkFlt - ok
12:03:41.0289 3100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:03:41.0352 3100 NwlnkFwd - ok
12:03:41.0383 3100 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
12:03:41.0446 3100 Parport - ok
12:03:41.0446 3100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:03:41.0508 3100 PartMgr - ok
12:03:41.0539 3100 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:03:41.0602 3100 ParVdm - ok
12:03:41.0633 3100 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
12:03:41.0633 3100 pccsmcfd - ok
12:03:41.0649 3100 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:03:41.0727 3100 PCI - ok
12:03:41.0727 3100 PCIDump - ok
12:03:41.0743 3100 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:03:41.0805 3100 PCIIde - ok
12:03:41.0836 3100 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:03:41.0899 3100 Pcmcia - ok
12:03:41.0930 3100 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
12:03:41.0930 3100 pcouffin ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0930 3100 pcouffin - detected UnsignedFile.Multi.Generic (1)
12:03:41.0961 3100 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
12:03:41.0961 3100 PCTCore - ok
12:03:41.0977 3100 PDCOMP - ok
12:03:41.0977 3100 PDFRAME - ok
12:03:41.0977 3100 PDRELI - ok
12:03:41.0993 3100 PDRFRAME - ok
12:03:41.0993 3100 perc2 - ok
12:03:42.0008 3100 perc2hib - ok
12:03:42.0024 3100 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:03:42.0039 3100 PlugPlay - ok
12:03:42.0055 3100 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
12:03:42.0071 3100 PnkBstrA - ok
12:03:42.0086 3100 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:03:42.0149 3100 PolicyAgent - ok
12:03:42.0164 3100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:03:42.0227 3100 PptpMiniport - ok
12:03:42.0258 3100 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
12:03:42.0321 3100 Processor - ok
12:03:42.0321 3100 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:03:42.0399 3100 ProtectedStorage - ok
12:03:42.0414 3100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:03:42.0477 3100 PSched - ok
12:03:42.0493 3100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:03:42.0571 3100 Ptilink - ok
12:03:42.0586 3100 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:03:42.0602 3100 PxHelp20 - ok
12:03:42.0602 3100 ql1080 - ok
12:03:42.0602 3100 Ql10wnt - ok
12:03:42.0618 3100 ql12160 - ok
12:03:42.0618 3100 ql1240 - ok
12:03:42.0633 3100 ql1280 - ok
12:03:42.0649 3100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:03:42.0696 3100 RasAcd - ok
12:03:42.0727 3100 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:03:42.0805 3100 RasAuto - ok
12:03:42.0805 3100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:03:42.0868 3100 Rasl2tp - ok
12:03:42.0899 3100 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:03:42.0961 3100 RasMan - ok
12:03:42.0977 3100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:03:43.0039 3100 RasPppoe - ok
12:03:43.0055 3100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:03:43.0118 3100 Raspti - ok
12:03:43.0133 3100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:03:43.0196 3100 Rdbss - ok
12:03:43.0196 3100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:03:43.0274 3100 RDPCDD - ok
12:03:43.0274 3100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:03:43.0336 3100 rdpdr - ok
12:03:43.0368 3100 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:03:43.0383 3100 RDPWD - ok
12:03:43.0399 3100 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:03:43.0477 3100 RDSessMgr - ok
12:03:43.0493 3100 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:03:43.0571 3100 redbook - ok
12:03:43.0586 3100 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:03:43.0664 3100 RemoteAccess - ok
12:03:43.0696 3100 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:03:43.0758 3100 RemoteRegistry - ok
12:03:43.0774 3100 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:03:43.0852 3100 ROOTMODEM - ok
12:03:43.0993 3100 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
12:03:44.0289 3100 RpcLocator - ok
12:03:44.0305 3100 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
12:03:44.0321 3100 RpcSs - ok
12:03:44.0336 3100 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
12:03:44.0414 3100 RSVP - ok
12:03:44.0430 3100 RTLE8023xp (098de621085d7f922871a99b0ec7ddd6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:03:44.0446 3100 RTLE8023xp - ok
12:03:44.0477 3100 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:03:44.0539 3100 SamSs - ok
12:03:44.0555 3100 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:03:44.0618 3100 SCardSvr - ok
12:03:44.0649 3100 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:03:44.0727 3100 Schedule - ok
12:03:44.0789 3100 sdAuxService (2881d5c135d076bcf52b0f5ad3d8dc0b) C:\Programme\Spyware Doctor\pctsAuxs.exe
12:03:44.0805 3100 sdAuxService - ok
12:03:44.0836 3100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:03:44.0868 3100 Secdrv - ok
12:03:44.0899 3100 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:03:44.0977 3100 seclogon - ok
12:03:44.0993 3100 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:03:45.0055 3100 SENS - ok
12:03:45.0071 3100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:03:45.0133 3100 serenum - ok
12:03:45.0149 3100 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
12:03:45.0211 3100 Serial - ok
12:03:45.0227 3100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:03:45.0289 3100 Sfloppy - ok
12:03:45.0305 3100 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:03:45.0383 3100 SharedAccess - ok
12:03:45.0414 3100 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:03:45.0430 3100 ShellHWDetection - ok
12:03:45.0430 3100 Simbad - ok
12:03:45.0446 3100 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:03:45.0524 3100 SONYPVU1 - ok
12:03:45.0524 3100 Sparrow - ok
12:03:45.0539 3100 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
12:03:45.0555 3100 speedfan ( UnsignedFile.Multi.Generic ) - warning
12:03:45.0555 3100 speedfan - detected UnsignedFile.Multi.Generic (1)
12:03:45.0555 3100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:03:45.0618 3100 splitter - ok
12:03:45.0649 3100 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:03:45.0664 3100 Spooler - ok
12:03:45.0696 3100 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:03:45.0727 3100 sr - ok
12:03:45.0758 3100 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
12:03:45.0789 3100 srservice - ok
12:03:45.0821 3100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:03:45.0836 3100 Srv - ok
12:03:45.0852 3100 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:03:45.0899 3100 SSDPSRV - ok
12:03:45.0899 3100 StarOpen - ok
12:03:45.0930 3100 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:03:46.0008 3100 stisvc - ok
12:03:46.0024 3100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:03:46.0086 3100 swenum - ok
12:03:46.0102 3100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:03:46.0164 3100 swmidi - ok
12:03:46.0164 3100 SwPrv - ok
12:03:46.0180 3100 symc810 - ok
12:03:46.0180 3100 symc8xx - ok
12:03:46.0180 3100 sym_hi - ok
12:03:46.0196 3100 sym_u3 - ok
12:03:46.0196 3100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:03:46.0274 3100 sysaudio - ok
12:03:46.0289 3100 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:03:46.0352 3100 SysmonLog - ok
12:03:46.0368 3100 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:03:46.0446 3100 TapiSrv - ok
12:03:46.0477 3100 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) C:\WINDOWS\system32\drivers\tbhsd.sys
12:03:46.0477 3100 tbhsd - ok
12:03:46.0508 3100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:03:46.0524 3100 Tcpip - ok
12:03:46.0539 3100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:03:46.0618 3100 TDPIPE - ok
12:03:46.0618 3100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:03:46.0696 3100 TDTCP - ok
12:03:46.0711 3100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:03:46.0774 3100 TermDD - ok
12:03:46.0789 3100 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:03:46.0868 3100 TermService - ok
12:03:46.0899 3100 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:03:46.0914 3100 Themes - ok
12:03:46.0961 3100 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
12:03:46.0993 3100 TlntSvr - ok
12:03:47.0008 3100 TosIde - ok
12:03:47.0024 3100 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:03:47.0102 3100 TrkWks - ok
12:03:47.0118 3100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:03:47.0180 3100 Udfs - ok
12:03:47.0180 3100 ultra - ok
12:03:47.0211 3100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:03:47.0289 3100 Update - ok
12:03:47.0305 3100 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:03:47.0352 3100 upnphost - ok
12:03:47.0368 3100 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:03:47.0430 3100 UPS - ok
12:03:47.0461 3100 usb2vcom (66276112dc7089d2d9e58c7cbf0855c1) C:\WINDOWS\system32\Drivers\usb2vcom.sys
12:03:47.0461 3100 usb2vcom ( UnsignedFile.Multi.Generic ) - warning
12:03:47.0461 3100 usb2vcom - detected UnsignedFile.Multi.Generic (1)
12:03:47.0477 3100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:03:47.0539 3100 usbehci - ok
12:03:47.0555 3100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:03:47.0618 3100 usbhub - ok
12:03:47.0633 3100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:03:47.0696 3100 usbprint - ok
12:03:47.0711 3100 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:03:47.0774 3100 usbser - ok
12:03:47.0805 3100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:03:47.0868 3100 USBSTOR - ok
12:03:47.0883 3100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:03:47.0946 3100 usbuhci - ok
12:03:48.0149 3100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:03:48.0227 3100 VgaSave - ok
12:03:48.0227 3100 ViaIde - ok
12:03:48.0243 3100 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:03:48.0305 3100 VolSnap - ok
12:03:48.0321 3100 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:03:48.0368 3100 VSS - ok
12:03:48.0383 3100 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:03:48.0477 3100 W32Time - ok
12:03:48.0493 3100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:03:48.0555 3100 Wanarp - ok
12:03:48.0586 3100 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:03:48.0618 3100 Wdf01000 - ok
12:03:48.0618 3100 WDICA - ok
12:03:48.0633 3100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:03:48.0696 3100 wdmaud - ok
12:03:48.0711 3100 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:03:48.0774 3100 WebClient - ok
12:03:48.0805 3100 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:03:48.0868 3100 winmgmt - ok
12:03:48.0914 3100 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:03:48.0914 3100 WmdmPmSN - ok
12:03:48.0961 3100 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:03:48.0977 3100 Wmi - ok
12:03:49.0008 3100 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:03:49.0071 3100 WmiApSrv - ok
12:03:49.0133 3100 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
12:03:49.0180 3100 WMPNetworkSvc - ok
12:03:49.0211 3100 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:03:49.0274 3100 wscsvc - ok
12:03:49.0305 3100 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:03:49.0368 3100 wuauserv - ok
12:03:49.0399 3100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:03:49.0399 3100 WudfPf - ok
12:03:49.0414 3100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:03:49.0430 3100 WudfRd - ok
12:03:49.0461 3100 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:03:49.0477 3100 WudfSvc - ok
12:03:49.0493 3100 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:03:49.0586 3100 WZCSVC - ok
12:03:49.0618 3100 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:03:49.0696 3100 xmlprov - ok
12:03:49.0696 3100 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:03:49.0899 3100 \Device\Harddisk0\DR0 - ok
12:03:49.0899 3100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
12:03:52.0118 3100 \Device\Harddisk1\DR4 - ok
12:03:52.0118 3100 Boot (0x1200) (3c316c7365933d10b3f14d87e352c4ef) \Device\Harddisk0\DR0\Partition0
12:03:52.0118 3100 \Device\Harddisk0\DR0\Partition0 - ok
12:03:52.0118 3100 Boot (0x1200) (578f372d75f249e7dfd117ed7af69a0c) \Device\Harddisk0\DR0\Partition1
12:03:52.0118 3100 \Device\Harddisk0\DR0\Partition1 - ok
12:03:52.0133 3100 Boot (0x1200) (9b06fd4c096a3fe3014b2087152cf244) \Device\Harddisk0\DR0\Partition2
12:03:52.0133 3100 \Device\Harddisk0\DR0\Partition2 - ok
12:03:52.0133 3100 Boot (0x1200) (03c484ebf374f7d01828758619ebb1f6) \Device\Harddisk1\DR4\Partition0
12:03:52.0133 3100 \Device\Harddisk1\DR4\Partition0 - ok
12:03:52.0133 3100 ============================================================
12:03:52.0133 3100 Scan finished
12:03:52.0133 3100 ============================================================
12:03:52.0243 3048 Detected object count: 9
12:03:52.0243 3048 Actual detected object count: 9
12:04:45.0446 3048 AVMPORT ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048 AVMPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:45.0446 3048 ezplay ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048 ezplay ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:45.0446 3048 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:45.0446 3048 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:45.0446 3048 nv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:45.0446 3048 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:45.0446 3048 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:45.0446 3048 speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:45.0446 3048 usb2vcom ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:45.0446 3048 usb2vcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:07:54.0602 3920 ============================================================
12:07:54.0602 3920 Scan started
12:07:54.0602 3920 Mode: Manual; SigCheck; TDLFS;
12:07:54.0602 3920 ============================================================
12:07:54.0914 3920 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:07:54.0930 3920 Aavmker4 - ok
12:07:54.0930 3920 Abiosdsk - ok
12:07:54.0946 3920 abp480n5 - ok
12:07:54.0961 3920 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:07:55.0071 3920 ACPI - ok
12:07:55.0086 3920 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:07:55.0180 3920 ACPIEC - ok
12:07:55.0180 3920 adpu160m - ok
12:07:55.0196 3920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:07:55.0258 3920 aec - ok
12:07:55.0289 3920 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:07:55.0305 3920 AFD - ok
12:07:55.0305 3920 Aha154x - ok
12:07:55.0321 3920 aic78u2 - ok
12:07:55.0321 3920 aic78xx - ok
12:07:55.0352 3920 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:07:55.0414 3920 Alerter - ok
12:07:55.0430 3920 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:07:55.0461 3920 ALG - ok
12:07:55.0477 3920 AliIde - ok
12:07:55.0477 3920 amsint - ok
12:07:55.0508 3920 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:07:55.0539 3920 AppMgmt - ok
12:07:55.0586 3920 AR9271 (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys
12:07:55.0618 3920 AR9271 - ok
12:07:55.0633 3920 asc - ok
12:07:55.0633 3920 asc3350p - ok
12:07:55.0633 3920 asc3550 - ok
12:07:55.0680 3920 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:07:55.0696 3920 aspnet_state - ok
12:07:55.0696 3920 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:07:55.0696 3920 aswFsBlk - ok
12:07:55.0727 3920 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
12:07:55.0743 3920 aswMon2 - ok
12:07:55.0743 3920 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
12:07:55.0758 3920 aswRdr - ok
12:07:55.0789 3920 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
12:07:55.0805 3920 aswSnx - ok
12:07:55.0836 3920 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
12:07:55.0852 3920 aswSP - ok
12:07:55.0852 3920 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
12:07:55.0852 3920 aswTdi - ok
12:07:55.0883 3920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:07:55.0946 3920 AsyncMac - ok
12:07:55.0961 3920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:07:56.0024 3920 atapi - ok
12:07:56.0024 3920 Atdisk - ok
12:07:56.0055 3920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:07:56.0118 3920 Atmarpc - ok
12:07:56.0133 3920 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:07:56.0196 3920 AudioSrv - ok
12:07:56.0227 3920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:07:56.0289 3920 audstub - ok
12:07:56.0352 3920 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
12:07:56.0352 3920 avast! Antivirus - ok
12:07:56.0368 3920 AVMPORT (02568a764ef2c37cfa6f9c471e67d475) C:\WINDOWS\System32\drivers\avmport.sys
12:07:56.0383 3920 AVMPORT ( UnsignedFile.Multi.Generic ) - warning
12:07:56.0383 3920 AVMPORT - detected UnsignedFile.Multi.Generic (1)
12:07:56.0414 3920 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
12:07:56.0477 3920 AVMWAN - ok
12:07:56.0508 3920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:07:56.0571 3920 Beep - ok
12:07:56.0586 3920 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:07:56.0664 3920 BITS - ok
12:07:56.0680 3920 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:07:56.0711 3920 Bridge - ok
12:07:56.0711 3920 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:07:56.0758 3920 BridgeMP - ok
12:07:56.0774 3920 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:07:56.0836 3920 Browser - ok
12:07:56.0883 3920 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
12:07:56.0899 3920 BTHPORT - ok
12:07:56.0914 3920 BthServ (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
12:07:56.0977 3920 BthServ - ok
12:07:56.0993 3920 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:07:57.0055 3920 BTHUSB - ok
12:07:57.0071 3920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:07:57.0133 3920 cbidf2k - ok
12:07:57.0149 3920 cd20xrnt - ok
12:07:57.0164 3920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:07:57.0227 3920 Cdaudio - ok
12:07:57.0258 3920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:07:57.0336 3920 Cdfs - ok
12:07:57.0352 3920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:07:57.0430 3920 Cdrom - ok
12:07:57.0430 3920 Changer - ok
12:07:57.0446 3920 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:07:57.0508 3920 CiSvc - ok
12:07:57.0524 3920 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:07:57.0602 3920 ClipSrv - ok
12:07:57.0649 3920 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:07:57.0649 3920 clr_optimization_v2.0.50727_32 - ok
12:07:57.0664 3920 CmdIde - ok
12:07:57.0664 3920 COMSysApp - ok
12:07:57.0664 3920 Cpqarray - ok
12:07:57.0696 3920 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:07:57.0758 3920 CryptSvc - ok
12:07:57.0758 3920 dac2w2k - ok
12:07:57.0774 3920 dac960nt - ok
12:07:57.0789 3920 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
12:07:57.0805 3920 DAdderFltr - ok
12:07:57.0821 3920 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:07:57.0836 3920 DcomLaunch - ok
12:07:57.0868 3920 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:07:57.0930 3920 Dhcp - ok
12:07:57.0961 3920 DIGIRPS (ac831d7c56b5c30a7b0987c4d8dd7608) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
12:07:58.0024 3920 DIGIRPS - ok
12:07:58.0039 3920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:07:58.0102 3920 Disk - ok
12:07:58.0118 3920 dmadmin - ok
12:07:58.0149 3920 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:07:58.0258 3920 dmboot - ok
12:07:58.0258 3920 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:07:58.0321 3920 dmio - ok
12:07:58.0352 3920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:07:58.0430 3920 dmload - ok
12:07:58.0446 3920 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:07:58.0508 3920 dmserver - ok
12:07:58.0524 3920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:07:58.0586 3920 DMusic - ok
12:07:58.0602 3920 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:07:58.0618 3920 Dnscache - ok
12:07:58.0649 3920 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:07:58.0711 3920 Dot3svc - ok
12:07:58.0711 3920 dpti2o - ok
12:07:58.0727 3920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:07:58.0789 3920 drmkaud - ok
12:07:58.0821 3920 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:07:58.0883 3920 EapHost - ok
12:07:58.0899 3920 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:07:58.0961 3920 ERSvc - ok
12:07:58.0993 3920 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:07:59.0008 3920 Eventlog - ok
12:07:59.0039 3920 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
12:07:59.0055 3920 EventSystem - ok
12:07:59.0071 3920 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
12:07:59.0086 3920 ezplay ( UnsignedFile.Multi.Generic ) - warning
12:07:59.0086 3920 ezplay - detected UnsignedFile.Multi.Generic (1)
12:07:59.0102 3920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:07:59.0164 3920 Fastfat - ok
12:07:59.0180 3920 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:07:59.0196 3920 FastUserSwitchingCompatibility - ok
12:07:59.0211 3920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:07:59.0274 3920 Fdc - ok
12:07:59.0305 3920 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:07:59.0368 3920 Fips - ok
12:07:59.0383 3920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:07:59.0446 3920 Flpydisk - ok
12:07:59.0461 3920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:07:59.0524 3920 FltMgr - ok
12:07:59.0586 3920 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:07:59.0586 3920 FontCache3.0.0.0 - ok
12:07:59.0618 3920 fpcibase (03ddba31f856936baddd2d66e111faed) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
12:07:59.0649 3920 fpcibase - ok
12:07:59.0664 3920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:07:59.0727 3920 Fs_Rec - ok
12:07:59.0743 3920 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:07:59.0805 3920 Ftdisk - ok
12:07:59.0821 3920 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
12:07:59.0821 3920 gdrv - ok
12:07:59.0836 3920 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
12:07:59.0852 3920 giveio ( UnsignedFile.Multi.Generic ) - warning
12:07:59.0852 3920 giveio - detected UnsignedFile.Multi.Generic (1)
12:07:59.0852 3920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:07:59.0930 3920 Gpc - ok
12:07:59.0977 3920 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:07:59.0993 3920 gupdate - ok
12:07:59.0993 3920 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:08:00.0008 3920 gupdatem - ok
12:08:00.0024 3920 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:08:00.0086 3920 HDAudBus - ok
12:08:00.0118 3920 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:08:00.0180 3920 helpsvc - ok
12:08:00.0180 3920 HidServ - ok
12:08:00.0211 3920 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:08:00.0274 3920 hidusb - ok
12:08:00.0305 3920 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:08:00.0368 3920 hkmsvc - ok
12:08:00.0368 3920 hpn - ok
12:08:00.0399 3920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:08:00.0414 3920 HTTP - ok
12:08:00.0430 3920 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:08:00.0508 3920 HTTPFilter - ok
12:08:00.0508 3920 i2omgmt - ok
12:08:00.0524 3920 i2omp - ok
12:08:00.0524 3920 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:08:00.0586 3920 i8042prt - ok
12:08:00.0649 3920 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:08:00.0649 3920 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:08:00.0649 3920 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:08:00.0727 3920 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:08:00.0743 3920 idsvc - ok
12:08:00.0774 3920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:08:00.0836 3920 Imapi - ok
12:08:00.0868 3920 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:08:00.0946 3920 ImapiService - ok
12:08:00.0946 3920 ini910u - ok
12:08:01.0039 3920 IntcAzAudAddService (e37589414437a60797e94c0f57c546db) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:08:01.0164 3920 IntcAzAudAddService - ok
12:08:01.0164 3920 IntelIde - ok
12:08:01.0180 3920 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:08:01.0243 3920 intelppm - ok
12:08:01.0258 3920 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:08:01.0321 3920 ip6fw - ok
12:08:01.0368 3920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:08:01.0430 3920 IpFilterDriver - ok
12:08:01.0446 3920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:08:01.0508 3920 IpInIp - ok
12:08:01.0524 3920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:08:01.0602 3920 IpNat - ok
12:08:01.0618 3920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:08:01.0680 3920 IPSec - ok
12:08:01.0696 3920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:08:01.0727 3920 IRENUM - ok
12:08:01.0743 3920 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:08:01.0805 3920 isapnp - ok
12:08:01.0821 3920 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
12:08:01.0821 3920 JGOGO - ok
12:08:01.0836 3920 JRAID (f90a4e8657319a652e04c5362926cfea) C:\WINDOWS\system32\DRIVERS\jraid.sys
12:08:01.0852 3920 JRAID - ok
12:08:01.0868 3920 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:08:01.0930 3920 Kbdclass - ok
12:08:01.0930 3920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:08:01.0993 3920 kmixer - ok
12:08:02.0008 3920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:08:02.0024 3920 KSecDD - ok
12:08:02.0055 3920 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:08:02.0071 3920 lanmanserver - ok
12:08:02.0086 3920 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:08:02.0118 3920 lanmanworkstation - ok
12:08:02.0118 3920 lbrtfdc - ok
12:08:02.0118 3920 LexBceS - ok
12:08:02.0149 3920 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:08:02.0211 3920 LmHosts - ok
12:08:02.0243 3920 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:08:02.0305 3920 Messenger - ok
12:08:02.0321 3920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:08:02.0383 3920 mnmdd - ok
12:08:02.0414 3920 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
12:08:02.0477 3920 mnmsrvc - ok
12:08:02.0477 3920 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:08:02.0539 3920 Modem - ok
12:08:02.0555 3920 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:08:02.0618 3920 Mouclass - ok
12:08:02.0633 3920 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:08:02.0696 3920 mouhid - ok
12:08:02.0696 3920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:08:02.0774 3920 MountMgr - ok
12:08:02.0774 3920 mraid35x - ok
12:08:02.0774 3920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:08:02.0836 3920 MRxDAV - ok
12:08:02.0883 3920 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:08:02.0899 3920 MRxSmb - ok
12:08:02.0914 3920 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
12:08:02.0993 3920 MSDTC - ok
12:08:02.0993 3920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:08:03.0055 3920 Msfs - ok
12:08:03.0055 3920 MSIServer - ok
12:08:03.0071 3920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:08:03.0133 3920 MSKSSRV - ok
12:08:03.0164 3920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:08:03.0211 3920 MSPCLOCK - ok
12:08:03.0227 3920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:08:03.0289 3920 MSPQM - ok
12:08:03.0305 3920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:08:03.0368 3920 mssmbios - ok
12:08:03.0399 3920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:08:03.0414 3920 Mup - ok
12:08:03.0430 3920 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:08:03.0508 3920 napagent - ok
12:08:03.0524 3920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:08:03.0586 3920 NDIS - ok
12:08:03.0602 3920 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:08:03.0618 3920 NdisTapi - ok
12:08:03.0618 3920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:08:03.0696 3920 Ndisuio - ok
12:08:03.0711 3920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:08:03.0774 3920 NdisWan - ok
12:08:03.0789 3920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:08:03.0805 3920 NDProxy - ok
12:08:03.0868 3920 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
12:08:03.0883 3920 Nero BackItUp Scheduler 4.0 - ok
12:08:03.0899 3920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:08:03.0961 3920 NetBIOS - ok
12:08:03.0977 3920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:08:04.0039 3920 NetBT - ok
12:08:04.0071 3920 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:08:04.0149 3920 NetDDE - ok
12:08:04.0149 3920 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:08:04.0211 3920 NetDDEdsdm - ok
12:08:04.0243 3920 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:08:04.0305 3920 Netlogon - ok
12:08:04.0336 3920 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:08:04.0399 3920 Netman - ok
12:08:04.0461 3920 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:08:04.0461 3920 NetTcpPortSharing - ok
12:08:04.0493 3920 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:08:04.0508 3920 Nla - ok
12:08:04.0508 3920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:08:04.0571 3920 Npfs - ok
12:08:04.0602 3920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:08:04.0664 3920 Ntfs - ok
12:08:04.0664 3920 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
12:08:04.0743 3920 NtLmSsp - ok
12:08:04.0758 3920 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:08:04.0836 3920 NtmsSvc - ok
12:08:04.0852 3920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:08:04.0914 3920 Null - ok
12:08:05.0039 3920 nv (b518ab25714821ae21677a8ada1fdf86) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:08:05.0164 3920 nv ( UnsignedFile.Multi.Generic ) - warning
12:08:05.0164 3920 nv - detected UnsignedFile.Multi.Generic (1)
12:08:05.0196 3920 NVSvc (77ecdf9e3d43d4e86e85b73886992625) C:\WINDOWS\system32\nvsvc32.exe
12:08:05.0196 3920 NVSvc ( UnsignedFile.Multi.Generic ) - warning
12:08:05.0196 3920 NVSvc - detected UnsignedFile.Multi.Generic (1)
12:08:05.0211 3920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:08:05.0289 3920 NwlnkFlt - ok
12:08:05.0289 3920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:08:05.0352 3920 NwlnkFwd - ok
12:08:05.0368 3920 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
12:08:05.0430 3920 Parport - ok
12:08:05.0446 3920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:08:05.0508 3920 PartMgr - ok
12:08:05.0539 3920 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:08:05.0602 3920 ParVdm - ok
12:08:05.0618 3920 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
12:08:05.0633 3920 pccsmcfd - ok
12:08:05.0649 3920 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:08:05.0711 3920 PCI - ok
12:08:05.0711 3920 PCIDump - ok
12:08:05.0743 3920 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:08:05.0805 3920 PCIIde - ok
12:08:05.0821 3920 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:08:05.0883 3920 Pcmcia - ok
12:08:05.0914 3920 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
12:08:05.0914 3920 pcouffin ( UnsignedFile.Multi.Generic ) - warning
12:08:05.0914 3920 pcouffin - detected UnsignedFile.Multi.Generic (1)
12:08:05.0930 3920 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
12:08:05.0946 3920 PCTCore - ok
12:08:05.0946 3920 PDCOMP - ok
12:08:05.0946 3920 PDFRAME - ok
12:08:05.0961 3920 PDRELI - ok
12:08:05.0961 3920 PDRFRAME - ok
12:08:05.0961 3920 perc2 - ok
12:08:05.0977 3920 perc2hib - ok
12:08:05.0993 3920 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:08:06.0008 3920 PlugPlay - ok
12:08:06.0024 3920 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
12:08:06.0039 3920 PnkBstrA - ok
12:08:06.0055 3920 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:08:06.0133 3920 PolicyAgent - ok
12:08:06.0133 3920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:08:06.0196 3920 PptpMiniport - ok
12:08:06.0211 3920 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
12:08:06.0289 3920 Processor - ok
12:08:06.0289 3920 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:08:06.0352 3920 ProtectedStorage - ok
12:08:06.0383 3920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:08:06.0446 3920 PSched - ok
12:08:06.0477 3920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:08:06.0539 3920 Ptilink - ok
12:08:06.0571 3920 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:08:06.0571 3920 PxHelp20 - ok
12:08:06.0571 3920 ql1080 - ok
12:08:06.0586 3920 Ql10wnt - ok
12:08:06.0586 3920 ql12160 - ok
12:08:06.0602 3920 ql1240 - ok
12:08:06.0602 3920 ql1280 - ok
12:08:06.0618 3920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:08:06.0680 3920 RasAcd - ok
12:08:06.0696 3920 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:08:06.0774 3920 RasAuto - ok
12:08:06.0774 3920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:08:06.0836 3920 Rasl2tp - ok
12:08:06.0868 3920 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:08:06.0930 3920 RasMan - ok
12:08:06.0930 3920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:08:06.0993 3920 RasPppoe - ok
12:08:07.0008 3920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:08:07.0071 3920 Raspti - ok
12:08:07.0086 3920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:08:07.0149 3920 Rdbss - ok
12:08:07.0149 3920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:08:07.0211 3920 RDPCDD - ok
12:08:07.0227 3920 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:08:07.0289 3920 rdpdr - ok
12:08:07.0321 3920 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:08:07.0336 3920 RDPWD - ok
12:08:07.0368 3920 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:08:07.0430 3920 RDSessMgr - ok
12:08:07.0446 3920 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:08:07.0524 3920 redbook - ok
12:08:07.0539 3920 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:08:07.0618 3920 RemoteAccess - ok
12:08:07.0649 3920 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:08:07.0727 3920 RemoteRegistry - ok
12:08:07.0743 3920 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:08:07.0805 3920 ROOTMODEM - ok
12:08:07.0821 3920 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
12:08:07.0899 3920 RpcLocator - ok
12:08:07.0914 3920 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
12:08:07.0930 3920 RpcSs - ok
12:08:07.0946 3920 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
12:08:08.0008 3920 RSVP - ok
12:08:08.0024 3920 RTLE8023xp (098de621085d7f922871a99b0ec7ddd6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:08:08.0039 3920 RTLE8023xp - ok
12:08:08.0055 3920 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:08:08.0133 3920 SamSs - ok
12:08:08.0149 3920 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:08:08.0211 3920 SCardSvr - ok
12:08:08.0227 3920 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:08:08.0305 3920 Schedule - ok
12:08:08.0368 3920 sdAuxService (2881d5c135d076bcf52b0f5ad3d8dc0b) C:\Programme\Spyware Doctor\pctsAuxs.exe
12:08:08.0383 3920 sdAuxService - ok
12:08:08.0414 3920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:08:08.0446 3920 Secdrv - ok
12:08:08.0477 3920 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:08:08.0539 3920 seclogon - ok
12:08:08.0571 3920 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:08:08.0633 3920 SENS - ok
12:08:08.0649 3920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:08:08.0711 3920 serenum - ok
12:08:08.0727 3920 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
12:08:08.0789 3920 Serial - ok
12:08:08.0821 3920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:08:08.0883 3920 Sfloppy - ok
12:08:08.0899 3920 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:08:08.0961 3920 SharedAccess - ok
12:08:08.0993 3920 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:08:09.0008 3920 ShellHWDetection - ok
12:08:09.0008 3920 Simbad - ok
12:08:09.0039 3920 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:08:09.0102 3920 SONYPVU1 - ok
12:08:09.0102 3920 Sparrow - ok
12:08:09.0133 3920 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
12:08:09.0133 3920 speedfan ( UnsignedFile.Multi.Generic ) - warning
12:08:09.0133 3920 speedfan - detected UnsignedFile.Multi.Generic (1)
12:08:09.0149 3920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:08:09.0196 3920 splitter - ok
12:08:09.0227 3920 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:08:09.0227 3920 Spooler - ok
12:08:09.0258 3920 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:08:09.0289 3920 sr - ok
12:08:09.0321 3920 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
12:08:09.0368 3920 srservice - ok
12:08:09.0399 3920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:08:09.0414 3920 Srv - ok
12:08:09.0446 3920 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:08:09.0477 3920 SSDPSRV - ok
12:08:09.0493 3920 StarOpen - ok
12:08:09.0524 3920 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:08:09.0586 3920 stisvc - ok
12:08:09.0602 3920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:08:09.0664 3920 swenum - ok
12:08:09.0680 3920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:08:09.0743 3920 swmidi - ok
12:08:09.0743 3920 SwPrv - ok
12:08:09.0758 3920 symc810 - ok
12:08:09.0758 3920 symc8xx - ok
12:08:09.0758 3920 sym_hi - ok
12:08:09.0774 3920 sym_u3 - ok
12:08:09.0789 3920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:08:09.0852 3920 sysaudio - ok
12:08:09.0868 3920 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:08:09.0946 3920 SysmonLog - ok
12:08:09.0961 3920 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:08:10.0024 3920 TapiSrv - ok
12:08:10.0071 3920 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) C:\WINDOWS\system32\drivers\tbhsd.sys
12:08:10.0071 3920 tbhsd - ok
12:08:10.0102 3920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:08:10.0118 3920 Tcpip - ok
12:08:10.0133 3920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:08:10.0196 3920 TDPIPE - ok
12:08:10.0211 3920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:08:10.0274 3920 TDTCP - ok
12:08:10.0289 3920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:08:10.0352 3920 TermDD - ok
12:08:10.0383 3920 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:08:10.0446 3920 TermService - ok
12:08:10.0461 3920 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:08:10.0477 3920 Themes - ok
12:08:10.0508 3920 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
12:08:10.0539 3920 TlntSvr - ok
12:08:10.0555 3920 TosIde - ok
12:08:10.0571 3920 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:08:10.0633 3920 TrkWks - ok
12:08:10.0664 3920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:08:10.0727 3920 Udfs - ok
12:08:10.0727 3920 ultra - ok
12:08:10.0758 3920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:08:10.0836 3920 Update - ok
12:08:10.0852 3920 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:08:10.0883 3920 upnphost - ok
12:08:10.0899 3920 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:08:10.0977 3920 UPS - ok
12:08:10.0993 3920 usb2vcom (66276112dc7089d2d9e58c7cbf0855c1) C:\WINDOWS\system32\Drivers\usb2vcom.sys
12:08:11.0008 3920 usb2vcom ( UnsignedFile.Multi.Generic ) - warning
12:08:11.0008 3920 usb2vcom - detected UnsignedFile.Multi.Generic (1)
12:08:11.0024 3920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:08:11.0086 3920 usbehci - ok
12:08:11.0086 3920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:08:11.0149 3920 usbhub - ok
12:08:11.0164 3920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:08:11.0227 3920 usbprint - ok
12:08:11.0243 3920 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:08:11.0305 3920 usbser - ok
12:08:11.0321 3920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:08:11.0383 3920 USBSTOR - ok
12:08:11.0399 3920 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:08:11.0461 3920 usbuhci - ok
12:08:11.0461 3920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:08:11.0524 3920 VgaSave - ok
12:08:11.0539 3920 ViaIde - ok
12:08:11.0555 3920 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:08:11.0618 3920 VolSnap - ok
12:08:11.0633 3920 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:08:11.0680 3920 VSS - ok
12:08:11.0696 3920 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:08:11.0758 3920 W32Time - ok
12:08:11.0789 3920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:08:11.0868 3920 Wanarp - ok
12:08:11.0883 3920 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:08:11.0899 3920 Wdf01000 - ok
12:08:11.0914 3920 WDICA - ok
12:08:11.0930 3920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:08:11.0993 3920 wdmaud - ok
12:08:12.0008 3920 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:08:12.0071 3920 WebClient - ok
12:08:12.0118 3920 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:08:12.0180 3920 winmgmt - ok
12:08:12.0211 3920 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:08:12.0211 3920 WmdmPmSN - ok
12:08:12.0243 3920 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:08:12.0258 3920 Wmi - ok
12:08:12.0274 3920 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:08:12.0336 3920 WmiApSrv - ok
12:08:12.0399 3920 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
12:08:12.0430 3920 WMPNetworkSvc - ok
12:08:12.0461 3920 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:08:12.0539 3920 wscsvc - ok
12:08:12.0555 3920 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:08:12.0633 3920 wuauserv - ok
12:08:12.0649 3920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:08:12.0664 3920 WudfPf - ok
12:08:12.0696 3920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:08:12.0696 3920 WudfRd - ok
12:08:12.0727 3920 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:08:12.0743 3920 WudfSvc - ok
12:08:12.0774 3920 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:08:12.0852 3920 WZCSVC - ok
12:08:12.0868 3920 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:08:12.0946 3920 xmlprov - ok
12:08:12.0946 3920 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:08:13.0164 3920 \Device\Harddisk0\DR0 - ok
12:08:13.0164 3920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
12:08:15.0305 3920 \Device\Harddisk1\DR4 - ok
12:08:15.0305 3920 Boot (0x1200) (3c316c7365933d10b3f14d87e352c4ef) \Device\Harddisk0\DR0\Partition0
12:08:15.0305 3920 \Device\Harddisk0\DR0\Partition0 - ok
12:08:15.0305 3920 Boot (0x1200) (578f372d75f249e7dfd117ed7af69a0c) \Device\Harddisk0\DR0\Partition1
12:08:15.0305 3920 \Device\Harddisk0\DR0\Partition1 - ok
12:08:15.0321 3920 Boot (0x1200) (9b06fd4c096a3fe3014b2087152cf244) \Device\Harddisk0\DR0\Partition2
12:08:15.0321 3920 \Device\Harddisk0\DR0\Partition2 - ok
12:08:15.0321 3920 Boot (0x1200) (03c484ebf374f7d01828758619ebb1f6) \Device\Harddisk1\DR4\Partition0
12:08:15.0321 3920 \Device\Harddisk1\DR4\Partition0 - ok
12:08:15.0321 3920 ============================================================
12:08:15.0321 3920 Scan finished
12:08:15.0321 3920 ============================================================
12:08:15.0321 4052 Detected object count: 9
12:08:15.0321 4052 Actual detected object count: 9
12:08:45.0571 4052 AVMPORT ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052 AVMPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:08:45.0571 4052 ezplay ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052 ezplay ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:08:45.0571 4052 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:08:45.0571 4052 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:08:45.0571 4052 nv ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:08:45.0571 4052 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:08:45.0571 4052 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:08:45.0571 4052 speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:08:45.0571 4052 usb2vcom ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:45.0571 4052 usb2vcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu Infizierte Registrierungsschlüssel |
| about, administrator, anti-malware, autostart, data, dateien, dateisystem, explorer, file, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, image, infizierte, laptop, malwarebytes, microsoft, programme, pup.offerbundler.st, pup.spyware.marketscore, quarantäne, relevantknowledge, security, service pack 3, software, speicher, system volume information, test, _restore |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
