| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win xp startet mit fast leerem DesktopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.11.2012, 14:45
| #31 |
 |  Win xp startet mit fast leerem Desktop Das erste log (der Durchlauf bei dem gelöscht wurde): Code:
ATTFilter 14:24:10.0156 3952 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:24:10.0250 3952 ============================================================
14:24:10.0250 3952 Current date / time: 2012/11/08 14:24:10.0250
14:24:10.0250 3952 SystemInfo:
14:24:10.0250 3952
14:24:10.0250 3952 OS Version: 5.1.2600 ServicePack: 2.0
14:24:10.0250 3952 Product type: Workstation
14:24:10.0250 3952 ComputerName: PC132431016427
14:24:10.0250 3952 UserName: ***
14:24:10.0250 3952 Windows directory: C:\WINDOWS
14:24:10.0250 3952 System windows directory: C:\WINDOWS
14:24:10.0250 3952 Processor architecture: Intel x86
14:24:10.0250 3952 Number of processors: 1
14:24:10.0250 3952 Page size: 0x1000
14:24:10.0250 3952 Boot type: Normal boot
14:24:10.0250 3952 ============================================================
14:24:19.0359 3952 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:24:19.0390 3952 ============================================================
14:24:19.0390 3952 \Device\Harddisk0\DR0:
14:24:19.0390 3952 MBR partitions:
14:24:19.0390 3952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
14:24:19.0390 3952 ============================================================
14:24:19.0437 3952 C: <-> \Device\Harddisk0\DR0\Partition1
14:24:19.0453 3952 ============================================================
14:24:19.0453 3952 Initialize success
14:24:19.0453 3952 ============================================================
14:24:34.0171 2096 ============================================================
14:24:34.0171 2096 Scan started
14:24:34.0171 2096 Mode: Manual; SigCheck; TDLFS;
14:24:34.0171 2096 ============================================================
14:24:36.0906 2096 ================ Scan system memory ========================
14:24:48.0109 2096 System memory - ok
14:24:48.0125 2096 ================ Scan services =============================
14:24:48.0234 2096 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:24:48.0453 2096 AAV UpdateService - ok
14:24:48.0625 2096 Abiosdsk - ok
14:24:48.0640 2096 abp480n5 - ok
14:24:48.0703 2096 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:24:48.0984 2096 ACPI - ok
14:24:49.0015 2096 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:24:49.0250 2096 ACPIEC - ok
14:24:49.0328 2096 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:49.0453 2096 AdobeFlashPlayerUpdateSvc - ok
14:24:49.0468 2096 adpu160m - ok
14:24:49.0546 2096 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
14:24:50.0031 2096 aec - ok
14:24:50.0078 2096 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:24:50.0609 2096 AFD - ok
14:24:50.0625 2096 Aha154x - ok
14:24:50.0656 2096 aic78u2 - ok
14:24:50.0671 2096 aic78xx - ok
14:24:50.0703 2096 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:24:50.0921 2096 Alerter - ok
14:24:50.0968 2096 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
14:24:51.0187 2096 ALG - ok
14:24:51.0234 2096 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:24:51.0468 2096 AliIde - ok
14:24:51.0531 2096 [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:24:51.0671 2096 AmdK8 - ok
14:24:51.0687 2096 amsint - ok
14:24:51.0796 2096 [ 69DA2BB73AC426CDEEBDACC68438BA3D ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:24:51.0906 2096 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
14:24:51.0906 2096 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
14:24:51.0921 2096 AppMgmt - ok
14:24:51.0984 2096 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:24:52.0171 2096 Arp1394 - ok
14:24:52.0187 2096 asc - ok
14:24:52.0218 2096 asc3350p - ok
14:24:52.0234 2096 asc3550 - ok
14:24:52.0328 2096 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:24:52.0531 2096 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
14:24:52.0531 2096 aspnet_state - detected UnsignedFile.Multi.Generic (1)
14:24:52.0562 2096 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:24:52.0734 2096 AsyncMac - ok
14:24:52.0781 2096 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:24:53.0000 2096 atapi - ok
14:24:53.0000 2096 Atdisk - ok
14:24:53.0078 2096 [ E548EB303255721145418F85B77B9D8A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:24:53.0265 2096 Ati HotKey Poller - ok
14:24:53.0359 2096 [ 6EF070828E7B8C6F45D8F0E9CE28CA8B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:24:53.0812 2096 ati2mtag - ok
14:24:53.0890 2096 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:24:54.0281 2096 Atmarpc - ok
14:24:54.0328 2096 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:24:54.0531 2096 AudioSrv - ok
14:24:54.0578 2096 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:24:54.0843 2096 audstub - ok
14:24:54.0937 2096 [ FA4A4A50B4B2647AFEDC676CC68C69CC ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:24:55.0171 2096 BCM43XX - ok
14:24:55.0187 2096 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:24:55.0546 2096 Beep - ok
14:24:55.0625 2096 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
14:24:58.0828 2096 BITS - ok
14:24:58.0953 2096 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
14:24:59.0125 2096 Browser - ok
14:24:59.0171 2096 [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
14:24:59.0281 2096 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:24:59.0281 2096 BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:24:59.0328 2096 [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
14:24:59.0453 2096 CAMCAUD - ok
14:24:59.0500 2096 [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
14:24:59.0687 2096 CAMCHALA - ok
14:24:59.0703 2096 catchme - ok
14:24:59.0765 2096 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:25:00.0000 2096 cbidf2k - ok
14:25:00.0046 2096 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:25:00.0234 2096 CCDECODE - ok
14:25:00.0250 2096 cd20xrnt - ok
14:25:00.0296 2096 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:25:00.0796 2096 Cdaudio - ok
14:25:00.0859 2096 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:25:01.0046 2096 Cdfs - ok
14:25:01.0078 2096 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:25:01.0125 2096 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
14:25:01.0125 2096 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
14:25:01.0171 2096 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:25:01.0343 2096 Cdrom - ok
14:25:01.0359 2096 Changer - ok
14:25:01.0406 2096 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:25:01.0656 2096 CiSvc - ok
14:25:01.0687 2096 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:25:01.0890 2096 ClipSrv - ok
14:25:01.0937 2096 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:25:02.0125 2096 CmBatt - ok
14:25:02.0156 2096 CmdIde - ok
14:25:02.0203 2096 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:25:02.0437 2096 Compbatt - ok
14:25:02.0453 2096 COMSysApp - ok
14:25:02.0484 2096 Cpqarray - ok
14:25:02.0531 2096 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:25:02.0718 2096 CryptSvc - ok
14:25:02.0734 2096 dac2w2k - ok
14:25:02.0750 2096 dac960nt - ok
14:25:02.0828 2096 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:25:03.0062 2096 DcomLaunch - ok
14:25:03.0109 2096 [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:25:03.0718 2096 Dhcp - ok
14:25:03.0796 2096 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:25:03.0984 2096 Disk - ok
14:25:04.0000 2096 dmadmin - ok
14:25:04.0093 2096 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:25:04.0359 2096 dmboot - ok
14:25:04.0406 2096 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:25:04.0593 2096 dmio - ok
14:25:04.0640 2096 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:25:04.0859 2096 dmload - ok
14:25:04.0906 2096 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
14:25:05.0156 2096 dmserver - ok
14:25:05.0187 2096 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:25:05.0390 2096 DMusic - ok
14:25:05.0421 2096 [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:25:05.0984 2096 Dnscache - ok
14:25:06.0000 2096 dpti2o - ok
14:25:06.0046 2096 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:25:06.0218 2096 drmkaud - ok
14:25:06.0265 2096 [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
14:25:06.0437 2096 eabfiltr - ok
14:25:06.0468 2096 [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
14:25:06.0562 2096 eabusb - ok
14:25:06.0609 2096 [ 59C9E1336A4508F059827D638E924C62 ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
14:25:06.0687 2096 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
14:25:06.0687 2096 ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
14:25:06.0734 2096 [ 389823DB299B350F2EE830D47376EEAC ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:25:06.0843 2096 ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
14:25:06.0843 2096 ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
14:25:06.0890 2096 [ C4143FC2F7D39A5A8B1CFE0BC4BD8A9E ] ElbyVCD C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
14:25:06.0937 2096 ElbyVCD ( UnsignedFile.Multi.Generic ) - warning
14:25:06.0937 2096 ElbyVCD - detected UnsignedFile.Multi.Generic (1)
14:25:07.0000 2096 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:25:07.0203 2096 ERSvc - ok
14:25:07.0265 2096 [ A07CA23EA361A01E627D911CF139B950 ] Eventlog C:\WINDOWS\system32\services.exe
14:25:07.0468 2096 Eventlog - ok
14:25:07.0531 2096 [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem C:\WINDOWS\system32\es.dll
14:25:07.0625 2096 EventSystem - ok
14:25:07.0734 2096 [ 4A076E190BB9DC3202D95D496878923C ] F-Secure Filter C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys
14:25:07.0796 2096 F-Secure Filter - ok
14:25:07.0859 2096 [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys
14:25:07.0921 2096 F-Secure Gatekeeper - ok
14:25:07.0968 2096 [ 45A0A9A8415DF0C22D0A683D798968CD ] F-Secure Gatekeeper Handler Starter C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
14:25:08.0062 2096 F-Secure Gatekeeper Handler Starter - ok
14:25:08.0140 2096 [ 51B6194B06F8373C7BE83F507F94F405 ] F-Secure HIPS C:\Programme\F-Secure\HIPS\drivers\fshs.sys
14:25:08.0187 2096 F-Secure HIPS - ok
14:25:08.0281 2096 [ 3F3EC2023F3F5C8ADEE89FC21D67FA8B ] F-Secure Network Request Broker C:\Programme\F-Secure\Common\FNRB32.EXE
14:25:08.0359 2096 F-Secure Network Request Broker - ok
14:25:08.0390 2096 [ 958C6C79676E34582CFD3DA2B32CB343 ] F-Secure Recognizer C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys
14:25:08.0437 2096 F-Secure Recognizer - ok
14:25:08.0468 2096 [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM C:\WINDOWS\system32\DRIVERS\fantom.sys
14:25:08.0562 2096 FANTOM ( UnsignedFile.Multi.Generic ) - warning
14:25:08.0562 2096 FANTOM - detected UnsignedFile.Multi.Generic (1)
14:25:08.0593 2096 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:25:08.0828 2096 Fastfat - ok
14:25:08.0921 2096 [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:25:09.0500 2096 FastUserSwitchingCompatibility - ok
14:25:09.0531 2096 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:25:09.0718 2096 Fdc - ok
14:25:09.0765 2096 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:25:09.0968 2096 Fips - ok
14:25:10.0015 2096 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:25:10.0187 2096 Flpydisk - ok
14:25:10.0265 2096 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:25:10.0796 2096 FltMgr - ok
14:25:10.0859 2096 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys
14:25:10.0906 2096 fsbts - ok
14:25:11.0000 2096 [ 00F5156562FEA93C8CAF5EACC0B9524F ] fsdevcon C:\Programme\F-Secure\Device Control\\fsdevcon32.exe
14:25:11.0218 2096 fsdevcon - ok
14:25:11.0343 2096 [ AA59C15C31B53A4F26B165737B2E4FEB ] FSDFWD C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
14:25:11.0625 2096 FSDFWD - ok
14:25:11.0687 2096 [ D7261B0876E4238D680E96B69292B9E0 ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys
14:25:11.0765 2096 FSFW - ok
14:25:11.0859 2096 [ E0229353879FD33E15462B862A064FD6 ] FSMA C:\Programme\F-Secure\Common\FSMA32.EXE
14:25:11.0984 2096 FSMA - ok
14:25:12.0078 2096 [ DD4A7ECF77AD120310648602C0B262EC ] FSORSPClient C:\Programme\F-Secure\ORSP Client\fsorsp.exe
14:25:12.0171 2096 FSORSPClient - ok
14:25:12.0234 2096 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:25:12.0531 2096 Fs_Rec - ok
14:25:12.0578 2096 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:25:12.0796 2096 Ftdisk - ok
14:25:12.0875 2096 [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
14:25:13.0015 2096 FWLANUSB - ok
14:25:13.0062 2096 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:25:13.0125 2096 GEARAspiWDM - ok
14:25:13.0187 2096 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:25:13.0328 2096 Gpc - ok
14:25:13.0421 2096 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:25:13.0609 2096 helpsvc - ok
14:25:13.0656 2096 [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ C:\WINDOWS\System32\hidserv.dll
14:25:13.0843 2096 HidServ - ok
14:25:13.0890 2096 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:25:14.0109 2096 HidUsb - ok
14:25:14.0125 2096 hpn - ok
14:25:14.0203 2096 [ 7463E7CBDF29B50ACB90574D5769A160 ] hpqwmi C:\Programme\HPQ\SHARED\HPQWMI.exe
14:25:14.0312 2096 hpqwmi ( UnsignedFile.Multi.Generic ) - warning
14:25:14.0312 2096 hpqwmi - detected UnsignedFile.Multi.Generic (1)
14:25:14.0375 2096 [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
14:25:14.0484 2096 HSFHWATI - ok
14:25:14.0578 2096 [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:25:15.0046 2096 HSF_DP - ok
14:25:15.0125 2096 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:25:15.0359 2096 HTTP - ok
14:25:15.0406 2096 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:25:15.0734 2096 HTTPFilter - ok
14:25:15.0750 2096 i2omgmt - ok
14:25:15.0765 2096 i2omp - ok
14:25:15.0828 2096 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:25:16.0015 2096 i8042prt - ok
14:25:16.0140 2096 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:25:16.0343 2096 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:25:16.0343 2096 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:25:16.0390 2096 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:25:16.0578 2096 Imapi - ok
14:25:16.0640 2096 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
14:25:16.0859 2096 ImapiService - ok
14:25:16.0875 2096 ini910u - ok
14:25:16.0921 2096 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:25:17.0093 2096 IntelIde - ok
14:25:17.0156 2096 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:25:17.0328 2096 Ip6Fw - ok
14:25:17.0375 2096 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:25:17.0578 2096 IpFilterDriver - ok
14:25:17.0609 2096 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:25:17.0796 2096 IpInIp - ok
14:25:17.0859 2096 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:25:18.0484 2096 IpNat - ok
14:25:18.0562 2096 [ E1BD28CA09EE8F30E8EDBD6C19F5579D ] iPod Service C:\Programme\iPod\bin\iPodService.exe
14:25:18.0765 2096 iPod Service - ok
14:25:18.0812 2096 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:25:19.0093 2096 IPSec - ok
14:25:19.0140 2096 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:25:19.0312 2096 IRENUM - ok
14:25:19.0359 2096 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:25:19.0593 2096 isapnp - ok
14:25:19.0609 2096 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:25:19.0796 2096 Kbdclass - ok
14:25:19.0859 2096 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:25:20.0406 2096 kmixer - ok
14:25:20.0468 2096 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:25:20.0609 2096 KSecDD - ok
14:25:20.0671 2096 [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:25:21.0281 2096 lanmanserver - ok
14:25:21.0328 2096 [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:25:21.0437 2096 lanmanworkstation - ok
14:25:21.0453 2096 lbrtfdc - ok
14:25:21.0531 2096 [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
14:25:21.0593 2096 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:25:21.0593 2096 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:25:21.0640 2096 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:25:21.0828 2096 LmHosts - ok
14:25:21.0875 2096 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:25:21.0937 2096 mdmxsdk - ok
14:25:21.0968 2096 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:25:22.0171 2096 Messenger - ok
14:25:22.0234 2096 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:25:22.0437 2096 mnmdd - ok
14:25:22.0468 2096 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:25:22.0734 2096 mnmsrvc - ok
14:25:22.0812 2096 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:25:23.0015 2096 Modem - ok
14:25:23.0062 2096 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:25:23.0265 2096 Mouclass - ok
14:25:23.0312 2096 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:25:23.0546 2096 mouhid - ok
14:25:23.0593 2096 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:25:23.0796 2096 MountMgr - ok
14:25:23.0875 2096 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:25:23.0937 2096 MozillaMaintenance - ok
14:25:23.0968 2096 mraid35x - ok
14:25:24.0015 2096 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:25:24.0625 2096 MRxDAV - ok
14:25:24.0687 2096 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:25:25.0156 2096 MRxSmb - ok
14:25:25.0156 2096 MSCSPTISRV - ok
14:25:25.0203 2096 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:25:25.0421 2096 MSDTC - ok
14:25:25.0453 2096 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:25:25.0656 2096 Msfs - ok
14:25:25.0671 2096 MSIServer - ok
14:25:25.0718 2096 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:25:25.0890 2096 MSKSSRV - ok
14:25:25.0921 2096 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:25:26.0125 2096 MSPCLOCK - ok
14:25:26.0156 2096 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:25:26.0343 2096 MSPQM - ok
14:25:26.0375 2096 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:25:26.0562 2096 mssmbios - ok
14:25:26.0609 2096 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:25:26.0781 2096 MSTEE - ok
14:25:26.0890 2096 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:25:27.0328 2096 Mup - ok
14:25:27.0390 2096 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:25:27.0984 2096 NABTSFEC - ok
14:25:28.0031 2096 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:25:28.0421 2096 NDIS - ok
14:25:28.0484 2096 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:25:28.0796 2096 NdisIP - ok
14:25:28.0859 2096 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:25:29.0109 2096 NdisTapi - ok
14:25:29.0140 2096 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:25:29.0359 2096 Ndisuio - ok
14:25:29.0406 2096 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:25:29.0593 2096 NdisWan - ok
14:25:29.0625 2096 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:25:29.0828 2096 NDProxy - ok
14:25:29.0875 2096 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:25:30.0062 2096 NetBIOS - ok
14:25:30.0109 2096 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:25:30.0359 2096 NetBT - ok
14:25:30.0421 2096 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
14:25:30.0656 2096 NetDDE - ok
14:25:30.0671 2096 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:25:30.0859 2096 NetDDEdsdm - ok
14:25:30.0890 2096 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:25:31.0093 2096 Netlogon - ok
14:25:31.0140 2096 [ 1E5218FBE323C375B488318950E10FB4 ] Netman C:\WINDOWS\System32\netman.dll
14:25:31.0750 2096 Netman - ok
14:25:31.0812 2096 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:25:32.0000 2096 NIC1394 - ok
14:25:32.0046 2096 [ 774274C487493452DF3B0126DBE7FF3B ] Nla C:\WINDOWS\System32\mswsock.dll
14:25:32.0218 2096 Nla - ok
14:25:32.0265 2096 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:25:32.0453 2096 Npfs - ok
14:25:32.0515 2096 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:25:33.0234 2096 Ntfs - ok
14:25:33.0281 2096 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:25:33.0437 2096 NtLmSsp - ok
14:25:33.0500 2096 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:25:33.0890 2096 NtmsSvc - ok
14:25:33.0937 2096 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:25:34.0203 2096 Null - ok
14:25:34.0250 2096 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:25:34.0515 2096 NwlnkFlt - ok
14:25:34.0546 2096 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:25:34.0781 2096 NwlnkFwd - ok
14:25:34.0875 2096 [ 197DDF60B254A84D8656850397B5F923 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:25:35.0484 2096 ohci1394 - ok
14:25:35.0500 2096 PACSPTISVR - ok
14:25:35.0562 2096 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:25:35.0750 2096 Parport - ok
14:25:35.0781 2096 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:25:35.0968 2096 PartMgr - ok
14:25:36.0015 2096 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:25:36.0218 2096 ParVdm - ok
14:25:36.0265 2096 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:25:36.0453 2096 PCI - ok
14:25:36.0468 2096 PCIDump - ok
14:25:36.0500 2096 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:25:36.0687 2096 PCIIde - ok
14:25:36.0718 2096 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:25:36.0937 2096 Pcmcia - ok
14:25:36.0953 2096 PDCOMP - ok
14:25:36.0968 2096 PDFRAME - ok
14:25:36.0984 2096 PDRELI - ok
14:25:37.0000 2096 PDRFRAME - ok
14:25:37.0015 2096 perc2 - ok
14:25:37.0031 2096 perc2hib - ok
14:25:37.0109 2096 [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay C:\WINDOWS\system32\services.exe
14:25:37.0218 2096 PlugPlay - ok
14:25:37.0250 2096 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:25:37.0421 2096 PolicyAgent - ok
14:25:37.0468 2096 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:25:37.0656 2096 PptpMiniport - ok
14:25:37.0703 2096 [ F04317FB351B75233979DC65D4CEAD54 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:25:38.0281 2096 Processor - ok
14:25:38.0328 2096 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:25:38.0500 2096 ProtectedStorage - ok
14:25:38.0562 2096 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:25:38.0734 2096 PSched - ok
14:25:38.0812 2096 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:25:39.0031 2096 Ptilink - ok
14:25:39.0093 2096 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:25:39.0140 2096 PxHelp20 - ok
14:25:39.0156 2096 ql1080 - ok
14:25:39.0171 2096 Ql10wnt - ok
14:25:39.0187 2096 ql12160 - ok
14:25:39.0218 2096 ql1240 - ok
14:25:39.0234 2096 ql1280 - ok
14:25:39.0281 2096 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:25:39.0500 2096 RasAcd - ok
14:25:39.0515 2096 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:25:39.0750 2096 RasAuto - ok
14:25:39.0796 2096 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:25:39.0968 2096 Rasirda - ok
14:25:40.0000 2096 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:25:40.0171 2096 Rasl2tp - ok
14:25:40.0218 2096 [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:25:40.0828 2096 RasMan - ok
14:25:40.0875 2096 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:25:41.0078 2096 RasPppoe - ok
14:25:41.0140 2096 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:25:41.0343 2096 Raspti - ok
14:25:41.0390 2096 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:25:42.0031 2096 Rdbss - ok
14:25:42.0046 2096 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:25:42.0250 2096 RDPCDD - ok
14:25:42.0312 2096 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:25:42.0921 2096 RDPWD - ok
14:25:42.0968 2096 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:25:43.0328 2096 RDSessMgr - ok
14:25:43.0390 2096 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:25:43.0578 2096 redbook - ok
14:25:43.0609 2096 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:25:43.0828 2096 RemoteAccess - ok
14:25:43.0906 2096 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
14:25:44.0062 2096 RpcLocator - ok
14:25:44.0109 2096 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:25:44.0406 2096 RpcSs - ok
14:25:44.0484 2096 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:25:44.0750 2096 RSVP - ok
14:25:44.0828 2096 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
14:25:44.0953 2096 RTL8023xp - ok
14:25:44.0984 2096 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
14:25:45.0156 2096 SamSs - ok
14:25:45.0203 2096 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:25:45.0453 2096 SCardSvr - ok
14:25:45.0500 2096 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:25:45.0718 2096 Schedule - ok
14:25:45.0765 2096 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:25:45.0953 2096 sdbus - ok
14:25:46.0000 2096 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:25:46.0625 2096 Secdrv - ok
14:25:46.0671 2096 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
14:25:46.0859 2096 seclogon - ok
14:25:46.0953 2096 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
14:25:47.0609 2096 SENS - ok
14:25:47.0671 2096 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:25:47.0968 2096 serenum - ok
14:25:48.0015 2096 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:25:48.0218 2096 Serial - ok
14:25:48.0265 2096 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:25:48.0437 2096 Sfloppy - ok
14:25:48.0500 2096 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:25:48.0796 2096 SharedAccess - ok
14:25:48.0921 2096 [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:25:49.0593 2096 ShellHWDetection - ok
14:25:49.0609 2096 Simbad - ok
14:25:49.0656 2096 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:25:49.0828 2096 SLIP - ok
14:25:49.0890 2096 [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
14:25:50.0078 2096 SMCIRDA - ok
14:25:50.0156 2096 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:25:50.0375 2096 SONYPVU1 - ok
14:25:50.0390 2096 Sparrow - ok
14:25:50.0437 2096 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:25:51.0031 2096 splitter - ok
14:25:51.0078 2096 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:25:52.0093 2096 Spooler - ok
14:25:52.0109 2096 SPTISRV - ok
14:25:52.0187 2096 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:25:52.0562 2096 sr - ok
14:25:52.0625 2096 [ E150E7618328562598F4CE0B5851B5CD ] srservice C:\WINDOWS\system32\srsvc.dll
14:25:53.0343 2096 srservice - ok
14:25:53.0406 2096 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:25:53.0656 2096 Srv - ok
14:25:53.0703 2096 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:25:53.0890 2096 SSDPSRV - ok
14:25:53.0953 2096 [ 5FFB52404158ABC5D9FF4081BCD67033 ] SSHDRV62 C:\WINDOWS\system32\drivers\SSHDRV62.sys
14:25:54.0062 2096 SSHDRV62 ( UnsignedFile.Multi.Generic ) - warning
14:25:54.0062 2096 SSHDRV62 - detected UnsignedFile.Multi.Generic (1)
14:25:54.0078 2096 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:25:54.0156 2096 ssmdrv ( UnsignedFile.Multi.Generic ) - warning
14:25:54.0156 2096 ssmdrv - detected UnsignedFile.Multi.Generic (1)
14:25:54.0218 2096 [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:25:54.0984 2096 stisvc - ok
14:25:55.0015 2096 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:25:55.0187 2096 streamip - ok
14:25:55.0265 2096 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:25:55.0453 2096 swenum - ok
14:25:55.0500 2096 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:25:55.0718 2096 swmidi - ok
14:25:55.0734 2096 SwPrv - ok
14:25:55.0765 2096 symc810 - ok
14:25:55.0781 2096 symc8xx - ok
14:25:55.0796 2096 sym_hi - ok
14:25:55.0812 2096 sym_u3 - ok
14:25:55.0859 2096 [ F484C77F748729129D5CC9C965D9F701 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:25:56.0015 2096 SynTP - ok
14:25:56.0062 2096 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:25:56.0265 2096 sysaudio - ok
14:25:56.0328 2096 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:25:56.0593 2096 SysmonLog - ok
14:25:56.0656 2096 [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:25:57.0390 2096 TapiSrv - ok
14:25:57.0437 2096 [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd C:\WINDOWS\system32\drivers\tbhsd.sys
14:25:57.0484 2096 tbhsd - ok
14:25:57.0546 2096 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:25:57.0796 2096 Tcpip - ok
14:25:57.0859 2096 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:25:58.0046 2096 TDPIPE - ok
14:25:58.0078 2096 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:25:58.0265 2096 TDTCP - ok
14:25:58.0296 2096 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:25:58.0515 2096 TermDD - ok
14:25:58.0562 2096 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
14:25:58.0968 2096 TermService - ok
14:25:59.0000 2096 [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes C:\WINDOWS\System32\shsvcs.dll
14:25:59.0671 2096 Themes - ok
14:25:59.0734 2096 [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
14:25:59.0859 2096 tifm21 - ok
14:25:59.0890 2096 TosIde - ok
14:25:59.0921 2096 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:26:00.0109 2096 TrkWks - ok
14:26:00.0203 2096 [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
14:26:00.0406 2096 TuneUp.Defrag - ok
14:26:00.0468 2096 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:26:00.0656 2096 Udfs - ok
14:26:00.0671 2096 ultra - ok
14:26:00.0718 2096 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
14:26:00.0843 2096 UMWdf - ok
14:26:00.0921 2096 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:26:01.0265 2096 Update - ok
14:26:01.0281 2096 [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:26:01.0484 2096 uploadmgr - ok
14:26:01.0531 2096 [ 855790C1BACED245A6B210AF430ED17B ] upnphost C:\WINDOWS\System32\upnphost.dll
14:26:02.0203 2096 upnphost - ok
14:26:02.0265 2096 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
14:26:02.0437 2096 UPS - ok
14:26:02.0500 2096 [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:26:02.0609 2096 USBAAPL - ok
14:26:02.0671 2096 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:26:02.0843 2096 usbaudio - ok
14:26:02.0890 2096 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:26:03.0078 2096 usbccgp - ok
14:26:03.0109 2096 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:26:03.0281 2096 usbehci - ok
14:26:03.0312 2096 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:26:03.0500 2096 usbhub - ok
14:26:03.0531 2096 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:26:03.0703 2096 usbohci - ok
14:26:03.0750 2096 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:26:03.0953 2096 usbprint - ok
14:26:03.0984 2096 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:26:04.0156 2096 usbscan - ok
14:26:04.0203 2096 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:26:04.0406 2096 USBSTOR - ok
14:26:04.0453 2096 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:26:04.0593 2096 usbuhci - ok
14:26:04.0656 2096 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
14:26:04.0828 2096 usbvideo - ok
14:26:04.0968 2096 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
14:26:05.0000 2096 UxTuneUp - ok
14:26:05.0062 2096 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:26:05.0234 2096 VgaSave - ok
14:26:05.0281 2096 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:26:05.0453 2096 ViaIde - ok
14:26:05.0484 2096 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:26:05.0718 2096 VolSnap - ok
14:26:05.0828 2096 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
14:26:06.0281 2096 VSS - ok
14:26:06.0359 2096 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
14:26:06.0546 2096 W32Time - ok
14:26:06.0609 2096 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:26:06.0828 2096 Wanarp - ok
14:26:06.0843 2096 WDICA - ok
14:26:06.0890 2096 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:26:07.0562 2096 wdmaud - ok
14:26:07.0609 2096 [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:26:08.0187 2096 WebClient - ok
14:26:08.0250 2096 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:26:08.0468 2096 winachsf - ok
14:26:08.0562 2096 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:26:08.0750 2096 winmgmt - ok
14:26:08.0828 2096 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:26:08.0937 2096 WmdmPmSN - ok
14:26:09.0000 2096 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:26:09.0171 2096 WmiAcpi - ok
14:26:09.0250 2096 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:26:09.0531 2096 WmiApSrv - ok
14:26:09.0625 2096 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:26:09.0828 2096 wscsvc - ok
14:26:09.0875 2096 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:26:10.0062 2096 WSTCODEC - ok
14:26:10.0093 2096 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:26:10.0296 2096 wuauserv - ok
14:26:10.0359 2096 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:26:10.0656 2096 WZCSVC - ok
14:26:10.0703 2096 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:26:10.0875 2096 xmlprov - ok
14:26:10.0921 2096 ================ Scan global ===============================
14:26:10.0968 2096 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
14:26:11.0031 2096 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:26:11.0062 2096 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:26:11.0093 2096 [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
14:26:11.0109 2096 [Global] - ok
14:26:11.0109 2096 ================ Scan MBR ==================================
14:26:11.0140 2096 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:26:11.0343 2096 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:26:11.0343 2096 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:26:11.0343 2096 ================ Scan VBR ==================================
14:26:11.0359 2096 [ BB5271B3CA9D84C96B48592682BEBF32 ] \Device\Harddisk0\DR0\Partition1
14:26:11.0359 2096 \Device\Harddisk0\DR0\Partition1 - ok
14:26:11.0359 2096 ============================================================
14:26:11.0359 2096 Scan finished
14:26:11.0359 2096 ============================================================
14:26:11.0515 2088 Detected object count: 14
14:26:11.0515 2088 Actual detected object count: 14
14:27:03.0281 2088 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0281 2088 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0296 2088 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0296 2088 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0296 2088 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0296 2088 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0312 2088 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0312 2088 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0312 2088 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0312 2088 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0328 2088 ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0328 2088 ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0328 2088 ElbyVCD ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0328 2088 ElbyVCD ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0328 2088 FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0328 2088 FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0343 2088 hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0343 2088 hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0343 2088 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0343 2088 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0359 2088 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0359 2088 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0359 2088 SSHDRV62 ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0359 2088 SSHDRV62 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0375 2088 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0375 2088 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0437 2088 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:27:03.0453 2088 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
14:27:03.0453 2088 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
14:27:03.0453 2088 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
14:27:03.0453 2088 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
14:27:03.0531 2088 \Device\Harddisk0\DR0\TDLFS - deleted
14:27:03.0531 2088 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:27:23.0187 3864 Deinitialize success
Code:
ATTFilter 14:29:35.0093 3528 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:29:35.0203 3528 ============================================================
14:29:35.0203 3528 Current date / time: 2012/11/08 14:29:35.0203
14:29:35.0203 3528 SystemInfo:
14:29:35.0203 3528
14:29:35.0203 3528 OS Version: 5.1.2600 ServicePack: 2.0
14:29:35.0203 3528 Product type: Workstation
14:29:35.0203 3528 ComputerName: PC132431016427
14:29:35.0203 3528 UserName: ***
14:29:35.0203 3528 Windows directory: C:\WINDOWS
14:29:35.0203 3528 System windows directory: C:\WINDOWS
14:29:35.0203 3528 Processor architecture: Intel x86
14:29:35.0203 3528 Number of processors: 1
14:29:35.0203 3528 Page size: 0x1000
14:29:35.0203 3528 Boot type: Normal boot
14:29:35.0203 3528 ============================================================
14:29:37.0531 3528 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:29:37.0531 3528 ============================================================
14:29:37.0531 3528 \Device\Harddisk0\DR0:
14:29:37.0531 3528 MBR partitions:
14:29:37.0531 3528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
14:29:37.0531 3528 ============================================================
14:29:37.0546 3528 C: <-> \Device\Harddisk0\DR0\Partition1
14:29:37.0562 3528 ============================================================
14:29:37.0562 3528 Initialize success
14:29:37.0562 3528 ============================================================
14:30:20.0203 1820 ============================================================
14:30:20.0203 1820 Scan started
14:30:20.0203 1820 Mode: Manual; SigCheck; TDLFS;
14:30:20.0203 1820 ============================================================
14:30:20.0343 1820 ================ Scan system memory ========================
14:30:36.0984 1820 System memory - ok
14:30:36.0984 1820 ================ Scan services =============================
14:30:37.0109 1820 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:30:38.0875 1820 AAV UpdateService - ok
14:30:39.0046 1820 Abiosdsk - ok
14:30:39.0062 1820 abp480n5 - ok
14:30:39.0109 1820 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:30:39.0718 1820 ACPI - ok
14:30:39.0781 1820 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:30:41.0046 1820 ACPIEC - ok
14:30:41.0187 1820 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:30:42.0359 1820 AdobeFlashPlayerUpdateSvc - ok
14:30:42.0375 1820 adpu160m - ok
14:30:42.0468 1820 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
14:30:43.0312 1820 aec - ok
14:30:43.0375 1820 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:30:44.0406 1820 AFD - ok
14:30:44.0421 1820 Aha154x - ok
14:30:44.0437 1820 aic78u2 - ok
14:30:44.0468 1820 aic78xx - ok
14:30:44.0500 1820 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:30:45.0625 1820 Alerter - ok
14:30:45.0671 1820 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
14:30:46.0671 1820 ALG - ok
14:30:46.0703 1820 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:30:47.0046 1820 AliIde - ok
14:30:47.0109 1820 [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:30:47.0703 1820 AmdK8 - ok
14:30:47.0718 1820 amsint - ok
14:30:47.0875 1820 [ 69DA2BB73AC426CDEEBDACC68438BA3D ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:30:48.0046 1820 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
14:30:48.0046 1820 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
14:30:48.0062 1820 AppMgmt - ok
14:30:48.0125 1820 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:30:48.0875 1820 Arp1394 - ok
14:30:48.0890 1820 asc - ok
14:30:48.0906 1820 asc3350p - ok
14:30:48.0921 1820 asc3550 - ok
14:30:49.0031 1820 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:30:49.0562 1820 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
14:30:49.0562 1820 aspnet_state - detected UnsignedFile.Multi.Generic (1)
14:30:49.0593 1820 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:30:50.0140 1820 AsyncMac - ok
14:30:50.0187 1820 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:30:50.0421 1820 atapi - ok
14:30:50.0437 1820 Atdisk - ok
14:30:50.0515 1820 [ E548EB303255721145418F85B77B9D8A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:30:51.0109 1820 Ati HotKey Poller - ok
14:30:51.0250 1820 [ 6EF070828E7B8C6F45D8F0E9CE28CA8B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:30:52.0046 1820 ati2mtag - ok
14:30:52.0187 1820 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:30:52.0750 1820 Atmarpc - ok
14:30:52.0812 1820 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:30:53.0062 1820 AudioSrv - ok
14:30:53.0125 1820 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:30:53.0421 1820 audstub - ok
14:30:53.0500 1820 [ FA4A4A50B4B2647AFEDC676CC68C69CC ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:30:53.0859 1820 BCM43XX - ok
14:30:53.0906 1820 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:30:54.0437 1820 Beep - ok
14:30:54.0500 1820 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
14:30:57.0671 1820 BITS - ok
14:30:57.0734 1820 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
14:30:58.0093 1820 Browser - ok
14:30:58.0156 1820 [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
14:30:58.0671 1820 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:30:58.0671 1820 BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:30:58.0718 1820 [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
14:30:58.0906 1820 CAMCAUD - ok
14:30:59.0000 1820 [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
14:30:59.0453 1820 CAMCHALA - ok
14:30:59.0484 1820 catchme - ok
14:30:59.0515 1820 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:31:00.0062 1820 cbidf2k - ok
14:31:00.0109 1820 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:31:00.0328 1820 CCDECODE - ok
14:31:00.0328 1820 cd20xrnt - ok
14:31:00.0375 1820 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:31:00.0968 1820 Cdaudio - ok
14:31:01.0093 1820 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:31:01.0640 1820 Cdfs - ok
14:31:01.0687 1820 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:31:01.0859 1820 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
14:31:01.0859 1820 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
14:31:01.0906 1820 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:31:02.0234 1820 Cdrom - ok
14:31:02.0250 1820 Changer - ok
14:31:02.0281 1820 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:31:02.0531 1820 CiSvc - ok
14:31:02.0562 1820 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:31:03.0109 1820 ClipSrv - ok
14:31:03.0203 1820 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:31:03.0453 1820 CmBatt - ok
14:31:03.0468 1820 CmdIde - ok
14:31:03.0531 1820 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:31:03.0859 1820 Compbatt - ok
14:31:03.0875 1820 COMSysApp - ok
14:31:03.0890 1820 Cpqarray - ok
14:31:03.0937 1820 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:31:04.0500 1820 CryptSvc - ok
14:31:04.0515 1820 dac2w2k - ok
14:31:04.0515 1820 dac960nt - ok
14:31:04.0593 1820 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:31:04.0921 1820 DcomLaunch - ok
14:31:04.0984 1820 [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:31:05.0656 1820 Dhcp - ok
14:31:05.0718 1820 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:31:05.0875 1820 Disk - ok
14:31:05.0890 1820 dmadmin - ok
14:31:05.0968 1820 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:31:06.0281 1820 dmboot - ok
14:31:06.0312 1820 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:31:06.0546 1820 dmio - ok
14:31:06.0593 1820 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:31:07.0703 1820 dmload - ok
14:31:07.0796 1820 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
14:31:08.0156 1820 dmserver - ok
14:31:08.0203 1820 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:31:08.0390 1820 DMusic - ok
14:31:08.0421 1820 [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:31:09.0062 1820 Dnscache - ok
14:31:09.0078 1820 dpti2o - ok
14:31:09.0125 1820 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:31:09.0312 1820 drmkaud - ok
14:31:09.0343 1820 [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
14:31:09.0578 1820 eabfiltr - ok
14:31:09.0609 1820 [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
14:31:09.0703 1820 eabusb - ok
14:31:09.0765 1820 [ 59C9E1336A4508F059827D638E924C62 ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
14:31:09.0921 1820 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
14:31:09.0921 1820 ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
14:31:09.0968 1820 [ 389823DB299B350F2EE830D47376EEAC ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:31:10.0046 1820 ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
14:31:10.0046 1820 ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
14:31:10.0093 1820 [ C4143FC2F7D39A5A8B1CFE0BC4BD8A9E ] ElbyVCD C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
14:31:10.0156 1820 ElbyVCD ( UnsignedFile.Multi.Generic ) - warning
14:31:10.0156 1820 ElbyVCD - detected UnsignedFile.Multi.Generic (1)
14:31:10.0203 1820 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:31:10.0375 1820 ERSvc - ok
14:31:10.0421 1820 [ A07CA23EA361A01E627D911CF139B950 ] Eventlog C:\WINDOWS\system32\services.exe
14:31:10.0687 1820 Eventlog - ok
14:31:10.0750 1820 [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem C:\WINDOWS\system32\es.dll
14:31:10.0937 1820 EventSystem - ok
14:31:11.0078 1820 [ 4A076E190BB9DC3202D95D496878923C ] F-Secure Filter C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys
14:31:11.0203 1820 F-Secure Filter - ok
14:31:11.0265 1820 [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys
14:31:11.0375 1820 F-Secure Gatekeeper - ok
14:31:11.0406 1820 [ 45A0A9A8415DF0C22D0A683D798968CD ] F-Secure Gatekeeper Handler Starter C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
14:31:11.0500 1820 F-Secure Gatekeeper Handler Starter - ok
14:31:11.0578 1820 [ 51B6194B06F8373C7BE83F507F94F405 ] F-Secure HIPS C:\Programme\F-Secure\HIPS\drivers\fshs.sys
14:31:11.0625 1820 F-Secure HIPS - ok
14:31:11.0703 1820 [ 3F3EC2023F3F5C8ADEE89FC21D67FA8B ] F-Secure Network Request Broker C:\Programme\F-Secure\Common\FNRB32.EXE
14:31:11.0781 1820 F-Secure Network Request Broker - ok
14:31:11.0843 1820 [ 958C6C79676E34582CFD3DA2B32CB343 ] F-Secure Recognizer C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys
14:31:11.0921 1820 F-Secure Recognizer - ok
14:31:11.0968 1820 [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM C:\WINDOWS\system32\DRIVERS\fantom.sys
14:31:12.0125 1820 FANTOM ( UnsignedFile.Multi.Generic ) - warning
14:31:12.0125 1820 FANTOM - detected UnsignedFile.Multi.Generic (1)
14:31:12.0171 1820 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:31:12.0406 1820 Fastfat - ok
14:31:12.0453 1820 [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:31:13.0015 1820 FastUserSwitchingCompatibility - ok
14:31:13.0062 1820 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:31:13.0234 1820 Fdc - ok
14:31:13.0265 1820 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:31:13.0468 1820 Fips - ok
14:31:13.0515 1820 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:31:13.0812 1820 Flpydisk - ok
14:31:14.0015 1820 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:31:14.0656 1820 FltMgr - ok
14:31:14.0703 1820 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys
14:31:14.0750 1820 fsbts - ok
14:31:14.0875 1820 [ 00F5156562FEA93C8CAF5EACC0B9524F ] fsdevcon C:\Programme\F-Secure\Device Control\\fsdevcon32.exe
14:31:15.0062 1820 fsdevcon - ok
14:31:15.0156 1820 [ AA59C15C31B53A4F26B165737B2E4FEB ] FSDFWD C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
14:31:15.0406 1820 FSDFWD - ok
14:31:15.0437 1820 [ D7261B0876E4238D680E96B69292B9E0 ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys
14:31:15.0515 1820 FSFW - ok
14:31:15.0562 1820 [ E0229353879FD33E15462B862A064FD6 ] FSMA C:\Programme\F-Secure\Common\FSMA32.EXE
14:31:15.0640 1820 FSMA - ok
14:31:15.0718 1820 [ DD4A7ECF77AD120310648602C0B262EC ] FSORSPClient C:\Programme\F-Secure\ORSP Client\fsorsp.exe
14:31:15.0781 1820 FSORSPClient - ok
14:31:15.0843 1820 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:31:16.0062 1820 Fs_Rec - ok
14:31:16.0109 1820 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:31:16.0390 1820 Ftdisk - ok
14:31:16.0437 1820 [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
14:31:16.0625 1820 FWLANUSB - ok
14:31:16.0656 1820 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:31:16.0734 1820 GEARAspiWDM - ok
14:31:16.0812 1820 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:31:16.0984 1820 Gpc - ok
14:31:17.0093 1820 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:31:17.0296 1820 helpsvc - ok
14:31:17.0343 1820 [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ C:\WINDOWS\System32\hidserv.dll
14:31:17.0562 1820 HidServ - ok
14:31:17.0609 1820 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:31:17.0843 1820 HidUsb - ok
14:31:17.0859 1820 hpn - ok
14:31:17.0953 1820 [ 7463E7CBDF29B50ACB90574D5769A160 ] hpqwmi C:\Programme\HPQ\SHARED\HPQWMI.exe
14:31:18.0031 1820 hpqwmi ( UnsignedFile.Multi.Generic ) - warning
14:31:18.0031 1820 hpqwmi - detected UnsignedFile.Multi.Generic (1)
14:31:18.0093 1820 [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
14:31:18.0312 1820 HSFHWATI - ok
14:31:18.0390 1820 [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:31:18.0843 1820 HSF_DP - ok
14:31:19.0000 1820 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:31:19.0390 1820 HTTP - ok
14:31:19.0437 1820 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:31:19.0718 1820 HTTPFilter - ok
14:31:19.0734 1820 i2omgmt - ok
14:31:19.0750 1820 i2omp - ok
14:31:19.0812 1820 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:31:20.0000 1820 i8042prt - ok
14:31:20.0109 1820 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:31:20.0421 1820 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:31:20.0421 1820 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:31:20.0453 1820 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:31:20.0656 1820 Imapi - ok
14:31:20.0718 1820 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
14:31:20.0921 1820 ImapiService - ok
14:31:20.0953 1820 ini910u - ok
14:31:21.0015 1820 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:31:21.0203 1820 IntelIde - ok
14:31:21.0265 1820 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:31:21.0468 1820 Ip6Fw - ok
14:31:21.0515 1820 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:31:21.0703 1820 IpFilterDriver - ok
14:31:21.0750 1820 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:31:21.0921 1820 IpInIp - ok
14:31:21.0968 1820 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:31:22.0500 1820 IpNat - ok
14:31:22.0593 1820 [ E1BD28CA09EE8F30E8EDBD6C19F5579D ] iPod Service C:\Programme\iPod\bin\iPodService.exe
14:31:22.0781 1820 iPod Service - ok
14:31:22.0828 1820 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:31:23.0109 1820 IPSec - ok
14:31:23.0156 1820 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:31:23.0343 1820 IRENUM - ok
14:31:23.0406 1820 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:31:23.0640 1820 isapnp - ok
14:31:23.0671 1820 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:31:23.0859 1820 Kbdclass - ok
14:31:23.0906 1820 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:31:24.0531 1820 kmixer - ok
14:31:24.0578 1820 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:31:24.0718 1820 KSecDD - ok
14:31:24.0812 1820 [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:31:25.0468 1820 lanmanserver - ok
14:31:25.0515 1820 [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:31:25.0671 1820 lanmanworkstation - ok
14:31:25.0671 1820 lbrtfdc - ok
14:31:25.0750 1820 [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
14:31:25.0828 1820 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:31:25.0828 1820 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:31:25.0859 1820 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:31:26.0046 1820 LmHosts - ok
14:31:26.0078 1820 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:31:26.0140 1820 mdmxsdk - ok
14:31:26.0203 1820 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:31:26.0406 1820 Messenger - ok
14:31:26.0453 1820 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:31:26.0656 1820 mnmdd - ok
14:31:26.0703 1820 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:31:27.0015 1820 mnmsrvc - ok
14:31:27.0093 1820 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:31:27.0296 1820 Modem - ok
14:31:27.0343 1820 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:31:27.0562 1820 Mouclass - ok
14:31:27.0609 1820 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:31:27.0859 1820 mouhid - ok
14:31:27.0906 1820 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:31:28.0250 1820 MountMgr - ok
14:31:28.0328 1820 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:31:28.0390 1820 MozillaMaintenance - ok
14:31:28.0406 1820 mraid35x - ok
14:31:28.0453 1820 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:31:29.0109 1820 MRxDAV - ok
14:31:29.0187 1820 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:31:29.0515 1820 MRxSmb - ok
14:31:29.0531 1820 MSCSPTISRV - ok
14:31:29.0578 1820 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:31:29.0796 1820 MSDTC - ok
14:31:29.0828 1820 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:31:30.0093 1820 Msfs - ok
14:31:30.0109 1820 MSIServer - ok
14:31:30.0140 1820 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:31:30.0312 1820 MSKSSRV - ok
14:31:30.0343 1820 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:31:30.0531 1820 MSPCLOCK - ok
14:31:30.0562 1820 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:31:30.0750 1820 MSPQM - ok
14:31:30.0796 1820 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:31:30.0984 1820 mssmbios - ok
14:31:31.0031 1820 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:31:31.0203 1820 MSTEE - ok
14:31:31.0218 1820 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:31:31.0671 1820 Mup - ok
14:31:31.0734 1820 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:31:31.0968 1820 NABTSFEC - ok
14:31:32.0000 1820 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:31:32.0296 1820 NDIS - ok
14:31:32.0343 1820 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:31:32.0515 1820 NdisIP - ok
14:31:32.0546 1820 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:31:32.0734 1820 NdisTapi - ok
14:31:32.0765 1820 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:31:32.0968 1820 Ndisuio - ok
14:31:33.0031 1820 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:31:33.0281 1820 NdisWan - ok
14:31:33.0312 1820 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:31:33.0531 1820 NDProxy - ok
14:31:33.0593 1820 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:31:33.0781 1820 NetBIOS - ok
14:31:33.0812 1820 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:31:34.0062 1820 NetBT - ok
14:31:34.0125 1820 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
14:31:34.0359 1820 NetDDE - ok
14:31:34.0375 1820 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:31:34.0578 1820 NetDDEdsdm - ok
14:31:34.0593 1820 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:31:34.0843 1820 Netlogon - ok
14:31:34.0875 1820 [ 1E5218FBE323C375B488318950E10FB4 ] Netman C:\WINDOWS\System32\netman.dll
14:31:35.0562 1820 Netman - ok
14:31:35.0609 1820 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:31:35.0796 1820 NIC1394 - ok
14:31:35.0843 1820 [ 774274C487493452DF3B0126DBE7FF3B ] Nla C:\WINDOWS\System32\mswsock.dll
14:31:36.0000 1820 Nla - ok
14:31:36.0031 1820 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:31:36.0218 1820 Npfs - ok
14:31:36.0281 1820 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:31:36.0984 1820 Ntfs - ok
14:31:37.0015 1820 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:31:37.0156 1820 NtLmSsp - ok
14:31:37.0218 1820 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:31:37.0484 1820 NtmsSvc - ok
14:31:37.0531 1820 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:31:37.0796 1820 Null - ok
14:31:37.0843 1820 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:31:38.0093 1820 NwlnkFlt - ok
14:31:38.0140 1820 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:31:38.0390 1820 NwlnkFwd - ok
14:31:38.0468 1820 [ 197DDF60B254A84D8656850397B5F923 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:31:39.0078 1820 ohci1394 - ok
14:31:39.0078 1820 PACSPTISVR - ok
14:31:39.0140 1820 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:31:39.0328 1820 Parport - ok
14:31:39.0375 1820 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:31:39.0562 1820 PartMgr - ok
14:31:39.0609 1820 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:31:39.0796 1820 ParVdm - ok
14:31:39.0828 1820 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:31:40.0031 1820 PCI - ok
14:31:40.0031 1820 PCIDump - ok
14:31:40.0078 1820 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:31:40.0250 1820 PCIIde - ok
14:31:40.0296 1820 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:31:40.0515 1820 Pcmcia - ok
14:31:40.0531 1820 PDCOMP - ok
14:31:40.0546 1820 PDFRAME - ok
14:31:40.0562 1820 PDRELI - ok
14:31:40.0578 1820 PDRFRAME - ok
14:31:40.0593 1820 perc2 - ok
14:31:40.0609 1820 perc2hib - ok
14:31:40.0687 1820 [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay C:\WINDOWS\system32\services.exe
14:31:40.0812 1820 PlugPlay - ok
14:31:40.0843 1820 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:31:41.0000 1820 PolicyAgent - ok
14:31:41.0031 1820 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:31:41.0218 1820 PptpMiniport - ok
14:31:41.0250 1820 [ F04317FB351B75233979DC65D4CEAD54 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:31:41.0828 1820 Processor - ok
14:31:41.0843 1820 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:31:42.0000 1820 ProtectedStorage - ok
14:31:42.0031 1820 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:31:42.0265 1820 PSched - ok
14:31:42.0312 1820 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:31:42.0500 1820 Ptilink - ok
14:31:42.0562 1820 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:31:42.0609 1820 PxHelp20 - ok
14:31:42.0609 1820 ql1080 - ok
14:31:42.0625 1820 Ql10wnt - ok
14:31:42.0640 1820 ql12160 - ok
14:31:42.0656 1820 ql1240 - ok
14:31:42.0671 1820 ql1280 - ok
14:31:42.0734 1820 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:31:42.0937 1820 RasAcd - ok
14:31:42.0953 1820 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:31:43.0140 1820 RasAuto - ok
14:31:43.0171 1820 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:31:43.0359 1820 Rasirda - ok
14:31:43.0390 1820 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:31:43.0562 1820 Rasl2tp - ok
14:31:43.0609 1820 [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:31:44.0250 1820 RasMan - ok
14:31:44.0281 1820 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:31:44.0484 1820 RasPppoe - ok
14:31:44.0531 1820 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:31:44.0734 1820 Raspti - ok
14:31:44.0796 1820 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:31:45.0531 1820 Rdbss - ok
14:31:45.0578 1820 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:31:45.0765 1820 RDPCDD - ok
14:31:45.0859 1820 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:31:46.0562 1820 RDPWD - ok
14:31:46.0609 1820 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:31:46.0968 1820 RDSessMgr - ok
14:31:47.0015 1820 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:31:47.0203 1820 redbook - ok
14:31:47.0250 1820 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:31:47.0453 1820 RemoteAccess - ok
14:31:47.0484 1820 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
14:31:47.0640 1820 RpcLocator - ok
14:31:47.0687 1820 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:31:48.0062 1820 RpcSs - ok
14:31:48.0125 1820 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:31:48.0421 1820 RSVP - ok
14:31:48.0468 1820 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
14:31:48.0609 1820 RTL8023xp - ok
14:31:48.0640 1820 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
14:31:48.0812 1820 SamSs - ok
14:31:48.0937 1820 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:31:49.0140 1820 SCardSvr - ok
14:31:49.0218 1820 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:31:49.0406 1820 Schedule - ok
14:31:49.0453 1820 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:31:49.0656 1820 sdbus - ok
14:31:49.0703 1820 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:31:50.0328 1820 Secdrv - ok
14:31:50.0375 1820 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
14:31:50.0546 1820 seclogon - ok
14:31:50.0593 1820 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
14:31:51.0250 1820 SENS - ok
14:31:51.0296 1820 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:31:51.0593 1820 serenum - ok
14:31:51.0625 1820 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:31:51.0812 1820 Serial - ok
14:31:51.0859 1820 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:31:52.0031 1820 Sfloppy - ok
14:31:52.0093 1820 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:31:52.0406 1820 SharedAccess - ok
14:31:52.0437 1820 [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:31:53.0062 1820 ShellHWDetection - ok
14:31:53.0078 1820 Simbad - ok
14:31:53.0125 1820 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:31:53.0312 1820 SLIP - ok
14:31:53.0375 1820 [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
14:31:53.0500 1820 SMCIRDA - ok
14:31:53.0562 1820 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:31:53.0765 1820 SONYPVU1 - ok
14:31:53.0765 1820 Sparrow - ok
14:31:53.0796 1820 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:31:54.0453 1820 splitter - ok
14:31:54.0484 1820 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:31:55.0531 1820 Spooler - ok
14:31:55.0546 1820 SPTISRV - ok
14:31:55.0609 1820 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:31:55.0921 1820 sr - ok
14:31:55.0968 1820 [ E150E7618328562598F4CE0B5851B5CD ] srservice C:\WINDOWS\system32\srsvc.dll
14:31:56.0718 1820 srservice - ok
14:31:56.0843 1820 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:31:57.0281 1820 Srv - ok
14:31:57.0328 1820 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:31:57.0640 1820 SSDPSRV - ok
14:31:57.0718 1820 [ 5FFB52404158ABC5D9FF4081BCD67033 ] SSHDRV62 C:\WINDOWS\system32\drivers\SSHDRV62.sys
14:31:57.0781 1820 SSHDRV62 ( UnsignedFile.Multi.Generic ) - warning
14:31:57.0781 1820 SSHDRV62 - detected UnsignedFile.Multi.Generic (1)
14:31:57.0828 1820 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:31:57.0890 1820 ssmdrv ( UnsignedFile.Multi.Generic ) - warning
14:31:57.0890 1820 ssmdrv - detected UnsignedFile.Multi.Generic (1)
14:31:57.0953 1820 [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:31:58.0671 1820 stisvc - ok
14:31:58.0703 1820 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:31:58.0875 1820 streamip - ok
14:31:58.0921 1820 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:31:59.0125 1820 swenum - ok
14:31:59.0156 1820 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:31:59.0390 1820 swmidi - ok
14:31:59.0406 1820 SwPrv - ok
14:31:59.0421 1820 symc810 - ok
14:31:59.0437 1820 symc8xx - ok
14:31:59.0453 1820 sym_hi - ok
14:31:59.0468 1820 sym_u3 - ok
14:31:59.0515 1820 [ F484C77F748729129D5CC9C965D9F701 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:31:59.0640 1820 SynTP - ok
14:31:59.0687 1820 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:31:59.0875 1820 sysaudio - ok
14:31:59.0921 1820 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:32:00.0156 1820 SysmonLog - ok
14:32:00.0218 1820 [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:32:00.0906 1820 TapiSrv - ok
14:32:00.0968 1820 [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd C:\WINDOWS\system32\drivers\tbhsd.sys
14:32:01.0000 1820 tbhsd - ok
14:32:01.0062 1820 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:32:01.0265 1820 Tcpip - ok
14:32:01.0328 1820 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:32:01.0500 1820 TDPIPE - ok
14:32:01.0531 1820 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:32:01.0718 1820 TDTCP - ok
14:32:01.0765 1820 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:32:01.0968 1820 TermDD - ok
14:32:02.0046 1820 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
14:32:02.0359 1820 TermService - ok
14:32:02.0390 1820 [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes C:\WINDOWS\System32\shsvcs.dll
14:32:03.0062 1820 Themes - ok
14:32:03.0140 1820 [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
14:32:03.0281 1820 tifm21 - ok
14:32:03.0296 1820 TosIde - ok
14:32:03.0343 1820 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:32:03.0562 1820 TrkWks - ok
14:32:03.0625 1820 [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
14:32:03.0828 1820 TuneUp.Defrag - ok
14:32:03.0890 1820 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:32:04.0078 1820 Udfs - ok
14:32:04.0093 1820 ultra - ok
14:32:04.0140 1820 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
14:32:04.0234 1820 UMWdf - ok
14:32:04.0281 1820 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:32:04.0578 1820 Update - ok
14:32:04.0609 1820 [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:32:04.0781 1820 uploadmgr - ok
14:32:04.0859 1820 [ 855790C1BACED245A6B210AF430ED17B ] upnphost C:\WINDOWS\System32\upnphost.dll
14:32:05.0562 1820 upnphost - ok
14:32:05.0609 1820 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
14:32:05.0812 1820 UPS - ok
14:32:05.0859 1820 [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:32:05.0968 1820 USBAAPL - ok
14:32:06.0031 1820 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:32:06.0234 1820 usbaudio - ok
14:32:06.0265 1820 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:32:06.0453 1820 usbccgp - ok
14:32:06.0484 1820 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:32:06.0656 1820 usbehci - ok
14:32:06.0687 1820 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:32:06.0890 1820 usbhub - ok
14:32:06.0921 1820 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:32:07.0078 1820 usbohci - ok
14:32:07.0109 1820 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:32:07.0281 1820 usbprint - ok
14:32:07.0312 1820 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:32:07.0500 1820 usbscan - ok
14:32:07.0531 1820 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:32:07.0734 1820 USBSTOR - ok
14:32:07.0781 1820 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:32:07.0953 1820 usbuhci - ok
14:32:08.0000 1820 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
14:32:08.0250 1820 usbvideo - ok
14:32:08.0296 1820 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
14:32:08.0343 1820 UxTuneUp - ok
14:32:08.0390 1820 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:32:08.0578 1820 VgaSave - ok
14:32:08.0609 1820 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:32:08.0781 1820 ViaIde - ok
14:32:08.0843 1820 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:32:09.0062 1820 VolSnap - ok
14:32:09.0140 1820 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
14:32:09.0546 1820 VSS - ok
14:32:09.0625 1820 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
14:32:09.0812 1820 W32Time - ok
14:32:09.0859 1820 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:32:10.0046 1820 Wanarp - ok
14:32:10.0062 1820 WDICA - ok
14:32:10.0093 1820 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:32:10.0781 1820 wdmaud - ok
14:32:10.0843 1820 [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:32:11.0515 1820 WebClient - ok
14:32:11.0578 1820 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:32:11.0765 1820 winachsf - ok
14:32:11.0875 1820 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:32:12.0109 1820 winmgmt - ok
14:32:12.0187 1820 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:32:12.0281 1820 WmdmPmSN - ok
14:32:12.0343 1820 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:32:12.0515 1820 WmiAcpi - ok
14:32:12.0562 1820 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:32:12.0812 1820 WmiApSrv - ok
14:32:12.0906 1820 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:32:13.0109 1820 wscsvc - ok
14:32:13.0140 1820 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:32:13.0328 1820 WSTCODEC - ok
14:32:13.0375 1820 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:32:13.0562 1820 wuauserv - ok
14:32:13.0609 1820 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:32:13.0937 1820 WZCSVC - ok
14:32:13.0968 1820 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:32:14.0156 1820 xmlprov - ok
14:32:14.0187 1820 ================ Scan global ===============================
14:32:14.0218 1820 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
14:32:14.0281 1820 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:32:14.0312 1820 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:32:14.0328 1820 [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
14:32:14.0343 1820 [Global] - ok
14:32:14.0343 1820 ================ Scan MBR ==================================
14:32:14.0359 1820 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:32:14.0593 1820 \Device\Harddisk0\DR0 - ok
14:32:14.0593 1820 ================ Scan VBR ==================================
14:32:14.0593 1820 [ BB5271B3CA9D84C96B48592682BEBF32 ] \Device\Harddisk0\DR0\Partition1
14:32:14.0609 1820 \Device\Harddisk0\DR0\Partition1 - ok
14:32:14.0609 1820 ============================================================
14:32:14.0609 1820 Scan finished
14:32:14.0609 1820 ============================================================
14:32:14.0750 1772 Detected object count: 13
14:32:14.0750 1772 Actual detected object count: 13
14:32:33.0531 1772 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0531 1772 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772 ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772 ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772 ElbyVCD ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772 ElbyVCD ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772 FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772 FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772 hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772 hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772 SSHDRV62 ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0578 1772 SSHDRV62 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0578 1772 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0578 1772 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:33:44.0000 3516 Deinitialize success
|
|
08.11.2012, 14:56
| #32 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win xp startet mit fast leerem Desktop Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
08.11.2012, 15:23
| #33 |
| | Win xp startet mit fast leerem Desktop Bekomme f-secure nicht ausgeschaltet. Habe über Ausführen -> msconfig f-secure "abgestellt" und einen Neustart gemacht, habe jedoch trotzdem eine "Achtung!!" Meldung von CF bekommen, dass f-secure weiterhin aktiv ist.
__________________Weißt du wie man f-secure ausbekommt? |
|
08.11.2012, 16:38
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop Nien so aus dem Stehgreif nicht. F-Secure ist auch recht exotisch. Warum schaust du nicht einfach mal ins Handbuch nach?!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.11.2012, 16:57
| #35 |
| | Win xp startet mit fast leerem Desktop Es hat sich scheinbar geändert. Ich konnte eigentlich immer f-secure auschalten, indem ich bei dem f-secure Symbol in der Taskleiste auf "Deaktivieren" geklickt habe. Diesen Befehl gibts inzwischen aber irgendwie nicht mehr...möglicherweise seit einigen Updates oder so...finde auch bei google, etc. keine hilfreichen Hinweise... |
|
08.11.2012, 17:11
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop Dann deinstallier F-Secure. Kenn kaum einen der das nutzt, bei Problemen kannst du also so gut wie keinen fragen, weil das kaum einer nutzt oder willst du jedes Mal den Support von F-Secure anrufen? 
__________________ --> Win xp startet mit fast leerem Desktop |
|
08.11.2012, 17:39
| #37 |
| | Win xp startet mit fast leerem Desktop Habs jetzt doch noch ausbekommen...wieso ist das eigentlich so exotisch? Zu welchem Virenschutz würdest du mir denn raten? Das CF Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-11-08.01 - *** 08.11.2012 17:13:44.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.894.474 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***.PC132431016427\Desktop\ComboFix.exe
AV: F-Secure Client Security 9.32 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 9.32 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Hehou
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Hehou\iqdu.qis
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Oztavo
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Oztavo\poar.myx
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Qovo
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Qovo\buyml.uto
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Sky-Banners
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Sky-Banners\skb\log.xml
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Street-Ads
c:\dokumente und einstellungen\***.PC132431016427\WINDOWS
c:\programme\$NtUninstallWTF1012$
C:\SystemData
c:\systemdata\79228921F3FF2A4
c:\windows\$NtUninstallMTF1011$
c:\windows\IsUn0407.exe
c:\windows\offitems.log
c:\windows\system32\logs
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-08 bis 2012-11-08 ))))))))))))))))))))))))))))))
.
.
2012-11-08 13:27 . 2012-11-08 13:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-07 15:01 . 2012-11-07 15:01 -------- d-----w- c:\dokumente und einstellungen\***.PC132431016427.alt
2012-11-07 14:53 . 2012-11-07 14:54 -------- d-----w- c:\dokumente und einstellungen\***ie
2012-11-03 12:20 . 2012-11-03 12:20 -------- d-----w- C:\Mozilla
2012-11-03 12:15 . 2012-11-07 14:52 -------- d-----w- c:\dokumente und einstellungen\***.PC132431016427.002.OLD
2012-11-03 12:13 . 2012-11-03 12:14 -------- d-----w- c:\dokumente und einstellungen\***.PC132431016427.001.OLD
2012-11-03 12:04 . 2012-11-03 12:05 -------- d-----w- c:\dokumente und einstellungen\***.PC132431016427.000.OLD
2012-11-03 12:04 . 2012-11-03 12:04 -------- d-----w- c:\dokumente und einstellungen\***.PC132431016427.OLD
2012-11-03 11:57 . 2012-11-03 12:20 -------- d-----w- c:\dokumente und einstellungen\TEMP
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 17:32 . 2010-11-25 12:40 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-11-01 19:10 . 2012-11-01 19:09 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\programme\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"Cpqset"="c:\programme\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"F-Secure TNB"="c:\programme\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512]
"F-Secure Manager"="c:\programme\F-Secure\Common\FSM32.EXE" [2012-06-26 306928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\
Microsoft-Indexerstellung.lnk - c:\programme\Microsoft Office\Office\FINDFAST.EXE [1996-12-14 111376]
Office-Start.lnk - c:\programme\Microsoft Office\Office\OSA.EXE [1996-12-14 51984]
.
c:\dokumente und einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\
Microsoft-Indexerstellung.lnk - c:\programme\Microsoft Office\Office\FINDFAST.EXE [1996-12-14 111376]
Office-Start.lnk - c:\programme\Microsoft Office\Office\OSA.EXE [1996-12-14 51984]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Gamma Loader.exe.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"CanonMyPrinter"=c:\programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CloneCDTray"="c:\programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
"CloneCDElbyCDFL"="c:\programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"hpWirelessAssistant"=c:\programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 11:43 22016]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [25.11.2010 13:40 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [25.11.2010 13:40 82992]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programme\F-Secure\HIPS\drivers\fshs.sys [25.11.2010 13:39 71664]
R1 SSHDRV62;SSHDRV62;c:\windows\system32\drivers\SSHDRV62.sys [02.08.2006 10:54 108032]
R2 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 15:35 128296]
R2 fsdevcon;F-Secure Device Control Daemon;c:\programme\F-Secure\Device Control\fsdevcon32.exe [27.09.2012 18:21 403184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programme\F-Secure\Anti-Virus\minifilter\fsgk.sys [25.11.2010 13:39 144440]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22.08.2005 10:06 231424]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [29.07.2008 14:09 39424]
S3 FSORSPClient;F-Secure ORSP Client;c:\programme\F-Secure\ORSP Client\fsorsp.exe [25.11.2010 13:39 61168]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [18.11.2009 12:16 264704]
S4 F-Secure Filter;F-Secure File System Filter;c:\programme\F-Secure\Anti-Virus\win2k\fsfilter.sys [27.09.2012 18:21 41072]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programme\F-Secure\Anti-Virus\win2k\fsrec.sys [27.09.2012 18:21 26352]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55 7680 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-08 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-11 09:54]
.
2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 06:55]
.
2012-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 145.254.22.10:8000
uInternet Settings,ProxyOverride = <local>
LSP: c:\programme\F-Secure\FSPS\program\fslsp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387
FF - ProfilePath - c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Canon PhotoStitch 3.1 - c:\windows\IsUn0407.exe
AddRemove-Easy-PhotoPrint - c:\windows\ISUN0407.EXE
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-PhotoRecord - c:\windows\IsUn0407.exe
AddRemove-ZoomBrowserEXDeInstall - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-08 17:22
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programme\HPQ\Default Settings\cpqset.exe????????????8?3?8?6??????? ???B?????????????hLC????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\programme\f-secure\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\programme\F-Secure\FSPS\program\fslsp.dll
c:\programme\f-secure\hips\fshook32.dll
.
Zeit der Fertigstellung: 2012-11-08 17:25:10
ComboFix-quarantined-files.txt 2012-11-08 16:24
ComboFix2.txt 2010-06-01 20:03
.
Vor Suchlauf: 793.137.152 Bytes frei
Nach Suchlauf: 894.676.992 Bytes frei
.
- - End Of File - - 3ED05CE8CAB76EC342AFEED67A329564
|
|
08.11.2012, 19:09
| #38 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem DesktopZitat:
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 21:24
| #39 |
| | Win xp startet mit fast leerem Desktop Hier das Log: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 08/11/2012 um 21:18:19 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : *** - PC132431016427
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\ICQToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Client
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Script
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Server
Schlüssel Gefunden : HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1586 octets] - [08/11/2012 21:18:19]
########## EOF - C:\AdwCleaner[R1].txt - [1646 octets] ##########
|
|
08.11.2012, 22:11
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 22:51
| #41 |
| | Win xp startet mit fast leerem Desktop Ok erledigt. Total cool übrigens, dass du auch um diese Uhrzeit noch hilfst Das adw log: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 08/11/2012 um 22:15:00 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : *** - PC132431016427
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Client
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Script
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Server
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1715 octets] - [08/11/2012 21:18:19]
AdwCleaner[S1].txt - [1486 octets] - [08/11/2012 22:15:00]
########## EOF - C:\AdwCleaner[S1].txt - [1546 octets] ##########
Code:
ATTFilter OTL logfile created on: 08.11.2012 22:21:46 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,17 Mb Total Physical Memory | 449,32 Mb Available Physical Memory | 50,25% Memory free 2,12 Gb Paging File | 1,75 Gb Available in Paging File | 82,53% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,15 Gb Total Space | 0,86 Gb Free Space | 0,93% Space Free | Partition Type: NTFS Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\common\FSLAUNCHER0.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\Device Control\fsdevcon32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard ) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Microsoft Office\Office\OSA.EXE () ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - \\?\c:\programme\f-secure\hips\fsumi.dll () MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll () MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () MOD - C:\Programme\Microsoft Office\Office\MSO97.DLL () MOD - C:\Programme\Microsoft Office\Office\OSA.EXE () ========== Services (SafeList) ========== SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe File not found SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe File not found SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation) SRV - (FSMA) -- C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (fsdevcon) -- C:\Programme\F-Secure\Device Control\\fsdevcon32.exe () SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\***~1.PC~\LOKALE~1\Temp\catchme.sys File not found DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys () DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation) DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (SSHDRV62) -- C:\WINDOWS\system32\drivers\SSHDRV62.sys () DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.) DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes AG) DRV - (ElbyVCD) -- C:\WINDOWS\system32\drivers\ElbyVCD.sys (Elaborate Bytes AG) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 145.254.22.10:8000 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.10.10 14:41:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 20:10:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.01 20:09:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.16 08:12:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions [2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.24 09:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\extensions [2012.11.01 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.01 20:09:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.10 14:41:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- C:\PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM [2012.11.01 20:10:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.06.23 21:55:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 17:49:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.23 21:55:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 21:55:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 21:55:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 21:55:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.08 17:22:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387 (Image Uploader Control) O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.08 17:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.11.08 15:50:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.11.08 14:59:22 | 004,998,107 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\ComboFix.exe [2012.11.08 14:27:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.07 23:08:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\aswMBR.exe [2012.11.07 22:56:04 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\tdsskiller.exe [2012.11.07 22:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012.11.07 14:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe [2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- C:\Mozilla [2012.11.01 20:09:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox ========== Files - Modified Within 30 Days ========== File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI. [2012.11.08 22:17:20 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.11.08 22:17:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.08 22:17:01 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys [2012.11.08 21:16:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.08 21:15:39 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe [2012.11.08 17:22:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.11.08 15:52:05 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2012.11.08 14:59:35 | 004,998,107 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\ComboFix.exe [2012.11.08 10:48:58 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\MBR.dat [2012.11.07 23:08:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\aswMBR.exe [2012.11.07 22:56:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\tdsskiller.exe [2012.11.07 14:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe [2012.11.04 10:13:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.31 20:22:54 | 000,029,513 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2012.10.31 19:40:50 | 000,158,720 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.31 15:10:29 | 004,081,428 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.31 15:10:29 | 002,982,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.31 15:10:29 | 001,904,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.31 15:10:28 | 002,171,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.15 06:23:39 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.10.12 19:11:42 | 000,070,663 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf.pdf [2012.10.12 14:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job ========== Files Created - No Company Name ========== File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI. [2012.11.08 21:15:36 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe [2012.11.08 10:48:58 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\MBR.dat [2012.10.12 19:11:42 | 000,070,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf.pdf [2012.07.05 00:10:31 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.03.24 23:32:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.11.25 13:40:55 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2008.04.13 15:28:35 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\usb [2006.10.21 15:09:11 | 000,001,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\ViewerApp.dat [2006.03.05 22:32:50 | 000,158,720 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.03.03 20:20:09 | 000,001,954 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\.plugin141.trace [2006.02.17 17:01:21 | 000,000,204 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\wklnhst.dat [2006.02.17 16:51:55 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2004.08.07 06:21:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Das extras log:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.11.2012 22:21:46 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894,17 Mb Total Physical Memory | 449,32 Mb Available Physical Memory | 50,25% Memory free
2,12 Gb Paging File | 1,75 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,86 Gb Free Space | 0,93% Space Free | Partition Type: NTFS
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{24638AD1-5F7E-9900-147E-B3EEA1B84EAE}" = Napster 5.0 Beta
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}" = HP User Guides 0008
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5F2F0392-05F6-4D71-B0F9-0BE3733992FB}" = F-Secure Client Security
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 D2
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F7875264-810A-4ABB-B185-2C5A332E483B}" = F-Secure PSC Prerequisites
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneCD" = CloneCD
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.Rhapsody.Napster5" = Napster 5.0 Beta
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"F-Secure Anti-Virus" = F-Secure Client Security - AntiVirus & AntiSpy-Schutz
"F-Secure Device Control" = F-Secure Gerätesteuerung
"F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail-Scanning
"F-Secure ExploitShield" = F-Secure Client Security - Browser-Schutz
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"F-Secure Internet Shield" = F-Secure Client Security - Internet-Schutzschild
"F-Secure Protocol Scanner" = F-Secure Client Security - Web-Datenverkehr-Scanning
"Guitar Pro 5_is1" = Guitar Pro 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"LastFM_is1" = Last.fm 1.5.4.27091
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.19
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR Archivierer
"XP Codec Pack" = XP Codec Pack
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 11 2012-11-07 15:24:48+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-20.
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 12 2012-11-07 15:24:49+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-20.
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 13 2012-11-07 15:24:49+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-19.
Error - 07.11.2012 10:24:53 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 14 2012-11-07 15:24:53+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-21-3895385494-3161838611-3957656901-1006.
Error - 07.11.2012 10:24:54 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 15 2012-11-07 15:24:53+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-21-3895385494-3161838611-3957656901-1006.
Error - 07.11.2012 10:25:00 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 16 2012-11-07 15:25:00+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SECURITY.
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 17 2012-11-07 15:25:06+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SOFTWARE.
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 18 2012-11-07 15:25:06+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SYSTEM.
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 19 2012-11-07 15:25:06+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SAM.
Error - 08.11.2012 09:27:16 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2012-11-08 14:27:16+01:00 pc132431016427 PC132431016427\***
F-Secure Anti-Virus Malicious code found in file C:\TDSSKiller_Quarantine\08.11.2012_14.24.10\tdlfs0000\tsk0004.dta.
Infection: Trojan.Generic.4113645 Action: The file was deleted.
[ System Events ]
Error - 08.11.2012 06:00:48 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 08.11.2012 09:15:17 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 08.11.2012 09:23:11 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 08.11.2012 09:28:57 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 08.11.2012 09:35:31 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 08.11.2012 10:06:07 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 08.11.2012 11:50:27 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 08.11.2012 12:29:01 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 08.11.2012 16:05:48 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
Error - 08.11.2012 17:17:10 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1079
< End of report >
|
|
09.11.2012, 16:37
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes evtl. Funde bitte entfernen - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.11.2012, 10:27
| #43 |
| | Win xp startet mit fast leerem Desktop Was passiert denn eigentlich mit den Eset Funden? Die wurden ja jetzt nicht gelöscht oder in Quanratäne verschoben, oder? Malware log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.09.08 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 *** :: PC132431016427 [Administrator] 10.11.2012 01:18:13 mbam-log-2012-11-10 (01-18-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 302224 Laufzeit: 7 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCR\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B} (Adware.Adrotator) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=171009f9e8dda24aa36dd6dd8874a1e6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-10 02:26:45
# local_time=2012-11-10 03:26:45 (+0100, Westeuropäische Normalzeit)
# country="***"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 77172790 77172790 0 0
# compatibility_mode=2304 16777191 100 0 0 0 0 0
# compatibility_mode=6912 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3830 3830 0 0
# scanned=99887
# found=3
# cleaned=0
# scan_time=6629
C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js JS/SecurityDisabler.A.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\A0016258.exe Win32/InstallMonetizer.AC application (unable to clean) 00000000000000000000000000000000 I
|
|
11.11.2012, 20:04
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop Ein paar Überbleibsel sind da nur. Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :Files
C:\user.js
C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js
C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2012, 20:58
| #45 |
| | Win xp startet mit fast leerem Desktop Hab beim ersten Mal vergessen, die Sternchen wieder umzubenennen...^^ Daher gibts jetzt zwei logs. Der erste Versuch: Code:
ATTFilter All processes killed
========== FILES ==========
File\Folder C:\user.js not found.
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js not found.
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: ***.PC132431016427
->Temp folder emptied: 76419 bytes
->Temporary Internet Files folder emptied: 73172 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 153454827 bytes
->Flash cache emptied: 2114 bytes
User: ***.PC132431016427.000.OLD
User: ***.PC132431016427.001.OLD
User: ***.PC132431016427.002.OLD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***.PC132431016427.alt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***.PC132431016427.OLD
User: ***ie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1999566 bytes
RecycleBin emptied: 2322184 bytes
Total Files Cleaned = 151,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11112012_203837
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Und der zweite Versuch: Code:
ATTFilter All processes killed
========== FILES ==========
File\Folder C:\user.js not found.
C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js moved successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ***.PC132431016427
->Temp folder emptied: 1060 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7223256 bytes
->Flash cache emptied: 456 bytes
User: ***.PC132431016427.000.OLD
User: ***.PC132431016427.001.OLD
User: ***.PC132431016427.002.OLD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***.PC132431016427.alt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***.PC132431016427.OLD
User: ***ie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11112012_204709
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Win xp startet mit fast leerem Desktop |
| adobe flash player, amerika, application/pdf:, avira, bho, desktop, einstellungen, error, explorer, festplatte, firefox, flash player, format, helper, home, internet, internet explorer, launch, logfile, national, nodrives, ordner, plug-in, programm, realtek, registry, scan, sich automatisch, software, super, temp, tracker, usb, windows |
Linear-Darstellung
