| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.6760809 im Receycler und System Volume InformationWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.11.2012, 20:52
| #1 |
 |  Trojan.Generic.6760809 im Receycler und System Volume Information Guten Tag, - auf meinem Rechner wurde von G Data Trojan.Generic.6760809 im Receycler und System Volume Information gefunden - nach Löschung Papierkorb und System Volume Information keine Funde mehr mit G Data - Eset Online findet nur C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\ICReinstall\cnet2_CMI8738_WDM_0639XP_zip.exe -> Variante von Win32/InstallCore.D Anwendung C:\Dokumente und Einstellungen\Simulator\Lokale Einstellungen\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2631.exe -> Win32/OpenCandy Anwendung C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe -> Win32/Toolbar.Widgi Anwendung Laut Virus total alles Fehlalarme - alle anderen Scans ohne Befund - Rechner ansonsten völlig ohne Auffälligkeiten - Bitte um Überprüfung der beigefügten Logs, ob wieder alles ok ist. Vielen Dank ! Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.09.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Admin :: AIRBORNE1 [administrator] 09.11.2012 11:00:08 mbam-log-2012-11-09 (11-00-08).txt Scan type: Full scan (C:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 349100 Time elapsed: 4 hour(s), 37 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) *************************************************************************************************************************** GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-11-09 20:16:23 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 WDC_WD2502ABYS-02B7A0 rev.02.03B03 Running: 480wtml6.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\uflcqpog.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB903B000, 0x2C28EE, 0xE8000020] ---- EOF - GMER 1.0.15 ---- ********************************************************************************************************************************** Code:
ATTFilter OTL logfile created on: 06.11.2012 19:45:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 70,03% Memory free 2,35 Gb Paging File | 1,79 Gb Available in Paging File | 75,94% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 233,81 Gb Total Space | 20,47 Gb Free Space | 8,75% Space Free | Partition Type: NTFS Drive G: | 1397,26 Gb Total Space | 986,24 Gb Free Space | 70,58% Space Free | Partition Type: NTFS Computer Name: AIRBORNE1 | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.06 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe PRC - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe PRC - [2012.01.27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2011.02.13 11:54:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe PRC - [2002.07.12 15:33:12 | 001,581,056 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe ========== Modules (No Company Name) ========== MOD - [2012.11.06 10:52:05 | 001,828,864 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\G Data\AVKScanP\Avast5\defs\12110601\algo.dll MOD - [2011.03.27 21:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.02.13 11:54:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Services (SafeList) ========== SRV - [2012.10.29 22:23:35 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.08 22:06:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.02.13 11:54:21 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.11.03 18:25:10 | 000,069,552 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2012.11.03 18:21:25 | 000,053,536 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2012.11.03 18:21:24 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2012.11.03 18:21:24 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2012.11.03 17:22:01 | 000,030,200 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc) DRV - [2012.11.03 17:21:58 | 000,046,840 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.12.08 05:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.12.08 05:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.12.08 05:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.12.08 05:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.12.08 05:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.11.10 04:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010.11.16 15:07:38 | 000,058,496 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser) DRV - [2010.11.16 15:07:38 | 000,019,656 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm) DRV - [2010.09.23 08:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006.02.20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2005.09.14 21:01:14 | 000,824,512 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys -- (hcwPVRP2) DRV - [2003.11.21 15:20:10 | 000,113,152 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2002.07.16 09:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) DRV - [2001.03.01 03:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 84 24 3A 9E A5 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.edkb.de/wetter/edkb.html" FF - prefs.js..extensions.enabledAddons: listit@csail.mit.edu:0.5.0.2 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "65.51.181.123" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.28 09:31:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.28 09:31:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.29 22:23:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.12.02 23:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2010.12.02 23:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.03 08:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions [2012.08.09 20:25:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.11.03 08:37:51 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.01.22 00:19:00 | 001,085,841 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\listit@csail.mit.edu.xpi [2012.08.05 21:17:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.28 09:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.03 18:21:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.10.28 09:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.28 09:31:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2012.06.19 22:43:28 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 21:08:48 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.19 22:43:28 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 22:43:28 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 22:43:28 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 22:43:28 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.29 22:25:45 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 18 00 00 00 [binary data] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2178DDF3-43FF-403C-9D39-9E2062495B6C}: DhcpNameServer = 192.168.0.100 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\programme\g data\internetsecurity\avkkid\avkcks.exe) - c:\Programme\G Data\InternetSecurity\AVKKid\AvkCKS.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.27 10:17:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.07.10 03:14:07 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 13:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.06 18:16:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2012.11.04 12:18:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent [2012.11.04 12:04:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2012.11.04 11:54:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.03 18:25:11 | 000,015,600 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys [2012.11.03 18:25:10 | 000,069,552 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys [2012.11.03 18:21:23 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\GdScrSv.de.dll [2012.11.03 17:22:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\G Data InternetSecurity 2013 [2012.11.03 17:22:01 | 000,030,200 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys [2012.11.03 17:22:00 | 000,053,536 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys [2012.11.03 17:21:58 | 000,046,840 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys [2012.11.03 17:21:57 | 000,093,728 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys [2012.11.03 17:21:57 | 000,041,888 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys [2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\G Data [2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Programme\G Data [2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2012.10.29 22:23:27 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.28 09:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.10.08 22:43:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Sun [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.06 20:06:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.06 18:19:11 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2012.11.06 18:18:34 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2012.11.06 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2012.11.06 17:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.06 14:50:39 | 000,855,193 | ---- | M] () -- C:\WINDOWS\System32\sig.bin [2012.11.06 14:50:39 | 000,045,869 | ---- | M] () -- C:\WINDOWS\System32\nmp.map [2012.11.05 18:09:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.04 13:40:25 | 000,060,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.04 13:17:37 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012.11.04 12:05:51 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.11.03 22:17:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.11.03 18:25:11 | 000,015,600 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys [2012.11.03 18:25:10 | 000,069,552 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys [2012.11.03 18:21:25 | 000,053,536 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys [2012.11.03 18:21:24 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys [2012.11.03 18:21:24 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys [2012.11.03 17:22:01 | 000,030,200 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys [2012.11.03 17:21:58 | 000,046,840 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys [2012.11.03 17:21:52 | 000,001,829 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\G Data InternetSecurity.lnk [2012.11.03 17:16:03 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.11.03 08:54:19 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.31 23:05:28 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT [2012.10.28 09:32:16 | 000,517,474 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.28 09:32:16 | 000,494,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.28 09:32:16 | 000,101,628 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.28 09:32:16 | 000,084,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.23 19:20:03 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT [2012.10.13 14:58:31 | 000,017,442 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Diät Lilli.odt [2012.10.11 21:11:19 | 000,420,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller - ergänze Angaben.pdf [2012.10.11 20:56:08 | 000,476,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller.pdf [2012.10.09 16:32:37 | 000,013,684 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RES_T6G9CF15135_0.pdf [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.06 18:19:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2012.11.06 18:18:33 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2012.11.04 07:40:08 | 000,855,193 | ---- | C] () -- C:\WINDOWS\System32\sig.bin [2012.11.04 07:40:08 | 000,045,869 | ---- | C] () -- C:\WINDOWS\System32\nmp.map [2012.11.03 17:21:52 | 000,001,829 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\G Data InternetSecurity.lnk [2012.11.03 09:06:44 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012.10.12 18:44:39 | 000,017,442 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Diät Lilli.odt [2012.10.11 21:11:19 | 000,420,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller - ergänze Angaben.pdf [2012.10.11 20:56:08 | 000,476,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller.pdf [2012.10.09 16:32:37 | 000,013,684 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RES_T6G9CF15135_0.pdf [2012.09.26 22:52:49 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel [2012.08.22 22:42:43 | 000,001,607 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.08.16 21:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI [2012.08.16 19:56:17 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Analog Mono [2012.08.16 19:56:17 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Action Clauses [2012.08.16 19:56:17 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Analog Pad [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ambient [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Alerts [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Action [2012.08.16 19:54:51 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT [2012.08.16 19:54:51 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT [2012.08.16 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Authentication [2012.08.16 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Applications [2012.08.16 19:54:28 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLeo.DAT [2012.04.03 22:48:42 | 000,036,932 | ---- | C] () -- C:\WINDOWS\cmijack.dat [2012.04.03 22:48:42 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini [2012.04.03 22:48:42 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.dat [2012.02.15 17:30:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.12 13:46:45 | 000,000,125 | ---- | C] () -- C:\WINDOWS\TKWIN.INI [2012.02.05 21:49:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.09.08 21:18:23 | 000,558,128 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1275210071-2049760794-839522115-1003-0.dat [2011.09.08 21:18:23 | 000,136,238 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.07.21 16:24:15 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.04.04 21:37:10 | 000,000,715 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.03.23 09:41:27 | 000,000,488 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2011.03.13 15:52:00 | 000,004,726 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini [2011.02.24 21:45:48 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI [2011.02.13 11:54:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE [2011.01.07 20:08:35 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2011.01.07 20:08:16 | 000,002,285 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2011.01.06 21:30:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.01.06 21:29:45 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.01.06 17:44:22 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010.12.12 16:41:47 | 000,006,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mdbu.bin [2010.12.11 20:51:52 | 000,060,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.27 22:57:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2010.11.27 22:54:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll [2010.11.27 21:18:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2010.11.27 21:06:29 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.11.27 20:54:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\scrub2k.exe [2010.11.27 20:54:50 | 000,000,443 | ---- | C] () -- C:\WINDOWS\hpw0460k.ini [2010.11.27 20:53:35 | 000,000,092 | ---- | C] () -- C:\WINDOWS\hpdj460.ini [2010.11.27 20:53:31 | 000,001,445 | ---- | C] () -- C:\WINDOWS\mariner.ini [2010.11.27 20:37:30 | 000,035,344 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010.11.27 20:37:08 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.11.27 20:36:54 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe [2010.11.27 20:27:01 | 000,000,199 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2010.11.27 20:27:01 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2010.11.27 17:49:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.11.27 13:15:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.11.27 10:18:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.11.27 10:15:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.11.27 10:06:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.11.27 10:05:41 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2010.11.27 17:46:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2010.09.09 15:17:08 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.04 12:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AIMP3 [2011.03.13 17:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Auslogics [2011.04.04 21:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service [2010.12.12 12:53:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Canneverbe Limited [2012.11.04 11:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular [2011.04.02 12:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2012.08.09 20:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Garmin [2010.12.30 21:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Greenshot [2010.12.12 11:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\KeePass [2011.12.10 00:03:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LibreOffice [2012.06.03 13:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LogView [2011.04.01 21:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MrJobs [2012.08.16 20:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Nikon [2012.04.13 22:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Notepad++ [2010.12.10 17:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org [2010.12.11 17:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Panasonic [2011.09.18 15:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\pdfforge [2012.08.24 13:06:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PhotoScape [2011.03.13 16:09:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Q-Dir [2011.12.11 13:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\RavensburgerTipToi [2012.03.04 17:02:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Samsung [2012.01.27 21:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TeamViewer [2010.12.02 23:11:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird [2011.06.20 17:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Tracker Software [2012.11.04 17:21:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Wireshark [2010.11.27 12:45:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2012.08.16 21:04:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2011.04.04 21:37:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.12.05 00:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.02.13 12:31:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2012.11.04 11:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2012.08.16 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2012.08.16 19:54:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flange Saw [2012.08.16 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Framework [2012.11.03 18:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2012.08.16 19:54:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gems [2012.08.16 21:02:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2011.05.28 16:24:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2010.11.27 17:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security [2012.08.16 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Perl [2012.11.04 12:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.02.13 14:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SMART Technologies [2011.12.18 14:23:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2012.08.16 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 ========== Purity Check ========== < End of report > ******************************************************************************************************************** Code:
ATTFilter OTL Extras logfile created on: 06.11.2012 19:45:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,50 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 70,03% Memory free
2,35 Gb Paging File | 1,79 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 233,81 Gb Total Space | 20,47 Gb Free Space | 8,75% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 986,24 Gb Free Space | 70,58% Space Free | Partition Type: NTFS
Computer Name: AIRBORNE1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" = C:\Programme\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe:*:Disabled:Toolbox for HP Printing System for Windows -- (Hewlett-Packard Company)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\PhoenixRC\phoenixRC.exe" = C:\Programme\PhoenixRC\phoenixRC.exe:*:Enabled:phoenixRC -- ()
"C:\Programme\RealVNC\VNC4\vncviewer.exe" = C:\Programme\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Programme\RealVNC\VNC4\winvnc4.exe" = C:\Programme\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{147E4062-DC7C-4B74-B64F-0991516C53B0}_is1" = CodeVisionAVR V2.03.4 ATM18 Evaluation
"{18941178-396B-0CC4-2168-17112315EBB8}" = ccc-utility
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2C7946AF-8AE9-6369-0075-7A3419F59441}" = Catalyst Control Center InstallProxy
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37B3776C-6DE6-4DD4-9AC6-C14952083932}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{579CB8A1-9966-4223-943F-05B3CF84C841}" = Microsoft Visual C++ 2008 Samples
"{59F646AD-A378-4783-8638-EA1AD92E1153}_is1" = MPEG-VCR 3.14.7.5 (09/2010)
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{656E92B7-1C9A-464F-8269-0D3F6AFDACBB}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{790F6156-B231-F7D6-BAE4-741E7CB0ACB1}" = ccc-utility
"{7A03BEDC-6390-440E-8D13-721A22F0BD1F}" = PhoenixRC
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{810AD6B3-C830-A74C-300E-D14820CE1850}" = Catalyst Control Center InstallProxy
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B361E4-A86E-4335-99FF-6C3604788DAB}" = HD Writer AE 1.0 for HDC
"{9875BF9C-8565-4085-B6A4-5D8D838FB5C3}" = HP Deskjet 460
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36579B4-313E-DC6B-D817-41824D46EF5D}" = CCC Help English
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3BA6488-5C3E-A4EF-BA64-74C54ABCEE03}" = ccc-core-static
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EDD654B3-6FE9-67AC-CE7D-5FE3698439DB}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"DVD-lab PRO_is1" = DVD-lab PRO 1.51 Full
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.4.0
"GIMP-2_is1" = GIMP 2.8.0
"Greenshot_is1" = Greenshot
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"hp deskjet 460 series" = HP Deskjet 460 Series
"ie8" = Windows Internet Explorer 8
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.21
"LogView V2" = LogView V2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG-VCR" = MPEG-VCR 3.14.7.5 (09/2010)
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Notepad++" = Notepad++
"PCI Audio Driver" = PCI Audio Driver
"PE Builder_is1" = PE Builder 3.1.10a
"Picasa 3" = Picasa 3
"PSPad editor_is1" = PSPad editor
"RealVNC_is1" = VNC Free Edition 4.1.3
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 2.0.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.5
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.4
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"LogView V2 2" = LogView V2 2
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.09.2011 16:10:26 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien
gefunden.
Error - 08.09.2011 16:10:26 | Computer Name = AIRBORNE1 | Source = .NET Runtime | ID = 1026
Description = Anwendung: HelpLibAgent.exe Frameworkversion: v4.0.30319 Beschreibung:
Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen:
System.Net.HttpListenerException Stapel: bei Microsoft.Help.HelpHttpServer.ConnectionManagerThreadStart()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object) bei System.Threading.ThreadHelper.ThreadStart()
Error - 09.09.2011 16:18:12 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien
gefunden.
Error - 09.09.2011 16:18:15 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien
gefunden.
Error - 14.10.2011 10:31:38 | Computer Name = AIRBORNE1 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 15.10.2011 08:53:16 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 7.0.1.4288, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.11.2011 18:08:49 | Computer Name = AIRBORNE1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wintv.exe, Version 6.0.26080.0, fehlgeschlagenes
Modul mfc42.dll, Version 6.2.8081.0, Fehleradresse 0x000022be.
Error - 09.12.2011 14:20:41 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.12.2011 14:20:42 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.12.2011 14:20:42 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 03.11.2012 12:26:33 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 03.11.2012 13:23:10 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.11.2012 02:37:01 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.11.2012 03:37:41 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.11.2012 10:03:25 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.11.2012 11:19:51 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 05.11.2012 13:09:49 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 06.11.2012 02:01:51 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 06.11.2012 09:40:10 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 06.11.2012 12:56:34 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
< End of report >
|
|
12.11.2012, 11:51
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Generic.6760809 im Receycler und System Volume Information Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Zitat:
__________________ |
|
12.11.2012, 17:33
| #3 |
| | Trojan.Generic.6760809 im Receycler und System Volume Information Guten Tag,
__________________-die Log Dateien liegen nicht mehr vor, da ich wieder auf Avast zurück gewechselt bin :-( (mein Rechner hatte nicht die Performance für G Data) - die Funde lagen in Dateien wie z.B. A0084417.exe in System Volume Information\_restore{BE8EECC4-C1BB-45D6-8C2A-F88C1C98C680}\RP515, soweit meine Notizen noch hergeben - es handelt sich um einen privaten Bürorechner Schon mal Danke für die Mühe ... Thomas |
|
12.11.2012, 18:11
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.6760809 im Receycler und System Volume InformationZitat:
 Privat oder ein Büro-/Firmenrechner?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.11.2012, 21:45
| #5 |
| | Trojan.Generic.6760809 im Receycler und System Volume Information Guten Tag, mein privater Rechner, der in meinem privaten Arbeitszimmer steht - also zur reinen privaten Nutzung ....  Thomas |
|
12.11.2012, 22:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.6760809 im Receycler und System Volume Information Ok - aber was ist mit Malwarebytes, hatte dieses Tool denn niemals Funde?
__________________ --> Trojan.Generic.6760809 im Receycler und System Volume Information |
|
12.11.2012, 22:53
| #7 |
| | Trojan.Generic.6760809 im Receycler und System Volume Information - Malewarebytes und Avast haben auf dem Rechner noch nie angeschlagen. Nur G Data und ESET. - Evtl. besteht ein Zusammenhang mit gelöschten Mails ... - Deshalb die Frage, ob Ihr anhand der Logs (oder zus. Logs) etwas auffälliges finden könnt. Thomas |
|
12.11.2012, 23:06
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.6760809 im Receycler und System Volume Information 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.11.2012, 23:35
| #9 |
| | Trojan.Generic.6760809 im Receycler und System Volume InformationCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 23:21:05
-----------------------------
23:21:05.265 OS Version: Windows 5.1.2600 Service Pack 3
23:21:05.265 Number of processors: 1 586 0x304
23:21:05.265 ComputerName: AIRBORNE1 UserName: Admin
23:21:05.937 Initialize success
23:21:06.578 AVAST engine defs: 12111201
23:21:29.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
23:21:29.671 Disk 0 Vendor: WDC_WD2502ABYS-02B7A0 02.03B03 Size: 239429MB BusType: 3
23:21:29.687 Disk 0 MBR read successfully
23:21:29.687 Disk 0 MBR scan
23:21:29.687 Disk 0 Windows XP default MBR code
23:21:29.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 239417 MB offset 63
23:21:29.703 Disk 0 scanning sectors +490326480
23:21:29.750 Disk 0 scanning C:\WINDOWS\system32\drivers
23:21:35.750 Service scanning
23:21:44.515 Modules scanning
23:21:47.515 Disk 0 trace - called modules:
23:21:47.531 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:21:47.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89eb2ab8]
23:21:47.531 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005d[0x89ee2900]
23:21:47.546 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x89e81d98]
23:21:48.046 AVAST engine scan C:\WINDOWS
23:21:50.421 AVAST engine scan C:\WINDOWS\system32
23:24:06.703 AVAST engine scan C:\WINDOWS\system32\drivers
23:24:23.296 AVAST engine scan C:\Dokumente und Einstellungen\Admin
23:27:12.906 AVAST engine scan C:\Dokumente und Einstellungen\All Users
23:28:16.281 Scan finished successfully
23:28:34.812 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\MBR.dat"
23:28:34.812 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\aswMBR.txt"
Code:
ATTFilter 23:29:51.0875 1136 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:29:51.0890 1136 ============================================================
23:29:51.0890 1136 Current date / time: 2012/11/12 23:29:51.0890
23:29:51.0890 1136 SystemInfo:
23:29:51.0890 1136
23:29:51.0890 1136 OS Version: 5.1.2600 ServicePack: 3.0
23:29:51.0890 1136 Product type: Workstation
23:29:51.0890 1136 ComputerName: AIRBORNE1
23:29:51.0890 1136 UserName: Admin
23:29:51.0890 1136 Windows directory: C:\WINDOWS
23:29:51.0890 1136 System windows directory: C:\WINDOWS
23:29:51.0890 1136 Processor architecture: Intel x86
23:29:51.0890 1136 Number of processors: 1
23:29:51.0890 1136 Page size: 0x1000
23:29:51.0890 1136 Boot type: Normal boot
23:29:51.0890 1136 ============================================================
23:29:52.0984 1136 Drive \Device\Harddisk0\DR0 - Size: 0x3A7450A000 (233.82 Gb), SectorSize: 0x200, Cylinders: 0x7EAE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:29:52.0984 1136 Drive \Device\Harddisk1\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:29:59.0796 1136 ============================================================
23:29:59.0796 1136 \Device\Harddisk0\DR0:
23:29:59.0796 1136 MBR partitions:
23:29:59.0796 1136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D39C991
23:29:59.0796 1136 \Device\Harddisk1\DR2:
23:29:59.0796 1136 MBR partitions:
23:29:59.0796 1136 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
23:29:59.0796 1136 ============================================================
23:29:59.0828 1136 C: <-> \Device\Harddisk0\DR0\Partition1
23:29:59.0875 1136 G: <-> \Device\Harddisk1\DR2\Partition1
23:29:59.0875 1136 ============================================================
23:29:59.0875 1136 Initialize success
23:29:59.0875 1136 ============================================================
23:30:30.0656 0400 ============================================================
23:30:30.0656 0400 Scan started
23:30:30.0656 0400 Mode: Manual; SigCheck; TDLFS;
23:30:30.0656 0400 ============================================================
23:30:30.0984 0400 ================ Scan system memory ========================
23:30:30.0984 0400 System memory - ok
23:30:30.0984 0400 ================ Scan services =============================
23:30:31.0109 0400 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
23:30:31.0234 0400 Aavmker4 - ok
23:30:31.0250 0400 Abiosdsk - ok
23:30:31.0250 0400 abp480n5 - ok
23:30:31.0281 0400 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:30:31.0484 0400 ACPI - ok
23:30:31.0500 0400 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:30:31.0640 0400 ACPIEC - ok
23:30:31.0718 0400 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:30:31.0750 0400 AdobeFlashPlayerUpdateSvc - ok
23:30:31.0750 0400 adpu160m - ok
23:30:31.0796 0400 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:30:31.0937 0400 aec - ok
23:30:31.0968 0400 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:30:32.0000 0400 AFD - ok
23:30:32.0015 0400 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
23:30:32.0156 0400 agp440 - ok
23:30:32.0171 0400 Aha154x - ok
23:30:32.0171 0400 aic78u2 - ok
23:30:32.0187 0400 aic78xx - ok
23:30:32.0203 0400 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:30:32.0343 0400 Alerter - ok
23:30:32.0359 0400 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
23:30:32.0500 0400 ALG - ok
23:30:32.0515 0400 AliIde - ok
23:30:32.0515 0400 amsint - ok
23:30:32.0546 0400 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\WINDOWS\system32\Drivers\ssadadb.sys
23:30:32.0609 0400 androidusb - ok
23:30:32.0640 0400 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:30:32.0765 0400 AppMgmt - ok
23:30:32.0765 0400 asc - ok
23:30:32.0781 0400 asc3350p - ok
23:30:32.0796 0400 asc3550 - ok
23:30:32.0906 0400 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:30:32.0937 0400 aspnet_state - ok
23:30:32.0953 0400 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:30:32.0968 0400 aswFsBlk - ok
23:30:33.0015 0400 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
23:30:33.0031 0400 aswMon2 - ok
23:30:33.0062 0400 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
23:30:33.0078 0400 AswRdr - ok
23:30:33.0109 0400 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
23:30:33.0156 0400 aswSnx - ok
23:30:33.0203 0400 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:30:33.0234 0400 aswSP - ok
23:30:33.0250 0400 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:30:33.0265 0400 aswTdi - ok
23:30:33.0281 0400 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:30:33.0421 0400 AsyncMac - ok
23:30:33.0437 0400 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:30:33.0578 0400 atapi - ok
23:30:33.0593 0400 Atdisk - ok
23:30:33.0640 0400 [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:30:33.0687 0400 Ati HotKey Poller - ok
23:30:33.0875 0400 [ C832BF76F003999D2E91E5115583C69E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:30:34.0171 0400 ati2mtag - ok
23:30:34.0203 0400 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:30:34.0328 0400 Atmarpc - ok
23:30:34.0359 0400 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:30:34.0484 0400 AudioSrv - ok
23:30:34.0531 0400 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:30:34.0656 0400 audstub - ok
23:30:34.0734 0400 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
23:30:34.0750 0400 avast! Antivirus - ok
23:30:34.0781 0400 [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:30:34.0812 0400 b57w2k - ok
23:30:34.0843 0400 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:30:34.0984 0400 Beep - ok
23:30:35.0031 0400 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
23:30:35.0046 0400 bgsvcgen - ok
23:30:35.0078 0400 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\System32\qmgr.dll
23:30:35.0218 0400 BITS - ok
23:30:35.0250 0400 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
23:30:35.0296 0400 Browser - ok
23:30:35.0328 0400 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:30:35.0453 0400 cbidf2k - ok
23:30:35.0484 0400 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:30:35.0515 0400 CCDECODE - ok
23:30:35.0531 0400 cd20xrnt - ok
23:30:35.0562 0400 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:30:35.0703 0400 Cdaudio - ok
23:30:35.0718 0400 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:30:35.0859 0400 Cdfs - ok
23:30:35.0875 0400 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
23:30:35.0890 0400 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
23:30:35.0890 0400 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
23:30:35.0890 0400 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:30:36.0031 0400 Cdrom - ok
23:30:36.0046 0400 Changer - ok
23:30:36.0093 0400 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:30:36.0218 0400 CiSvc - ok
23:30:36.0234 0400 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:30:36.0375 0400 ClipSrv - ok
23:30:36.0437 0400 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:36.0484 0400 clr_optimization_v2.0.50727_32 - ok
23:30:36.0515 0400 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:36.0593 0400 clr_optimization_v4.0.30319_32 - ok
23:30:36.0593 0400 CmdIde - ok
23:30:36.0625 0400 [ FD40439BB258B9AA9AD314BF5948EF46 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
23:30:36.0703 0400 cmpci - ok
23:30:36.0718 0400 COMSysApp - ok
23:30:36.0734 0400 Cpqarray - ok
23:30:36.0781 0400 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:30:36.0921 0400 CryptSvc - ok
23:30:36.0921 0400 dac2w2k - ok
23:30:36.0921 0400 dac960nt - ok
23:30:36.0968 0400 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:30:37.0062 0400 DcomLaunch - ok
23:30:37.0109 0400 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:30:37.0234 0400 Dhcp - ok
23:30:37.0265 0400 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:30:37.0390 0400 Disk - ok
23:30:37.0406 0400 dmadmin - ok
23:30:37.0437 0400 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:30:37.0609 0400 dmboot - ok
23:30:37.0625 0400 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:30:37.0765 0400 dmio - ok
23:30:37.0796 0400 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:30:37.0937 0400 dmload - ok
23:30:37.0968 0400 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:30:38.0109 0400 dmserver - ok
23:30:38.0156 0400 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:30:38.0281 0400 DMusic - ok
23:30:38.0296 0400 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:30:38.0343 0400 Dnscache - ok
23:30:38.0375 0400 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:30:38.0500 0400 Dot3svc - ok
23:30:38.0515 0400 dpti2o - ok
23:30:38.0546 0400 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:30:38.0671 0400 drmkaud - ok
23:30:38.0671 0400 EagleXNt - ok
23:30:38.0703 0400 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:30:38.0843 0400 EapHost - ok
23:30:38.0875 0400 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:30:39.0015 0400 ERSvc - ok
23:30:39.0062 0400 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
23:30:39.0109 0400 Eventlog - ok
23:30:39.0156 0400 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
23:30:39.0203 0400 EventSystem - ok
23:30:39.0203 0400 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:30:39.0328 0400 Fastfat - ok
23:30:39.0359 0400 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:30:39.0406 0400 FastUserSwitchingCompatibility - ok
23:30:39.0437 0400 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:30:39.0562 0400 Fdc - ok
23:30:39.0578 0400 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:30:39.0703 0400 Fips - ok
23:30:39.0703 0400 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:30:39.0828 0400 Flpydisk - ok
23:30:39.0875 0400 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:30:40.0000 0400 FltMgr - ok
23:30:40.0062 0400 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:30:40.0078 0400 FontCache3.0.0.0 - ok
23:30:40.0078 0400 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:30:40.0218 0400 Fs_Rec - ok
23:30:40.0218 0400 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:30:40.0343 0400 Ftdisk - ok
23:30:40.0359 0400 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:30:40.0484 0400 gameenum - ok
23:30:40.0500 0400 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:30:40.0640 0400 Gpc - ok
23:30:40.0687 0400 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
23:30:40.0703 0400 gusvc - ok
23:30:40.0750 0400 [ FC7DCDEF8F17D3C5DECC880673EA5BD5 ] hcwPVRP2 C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys
23:30:40.0812 0400 hcwPVRP2 - ok
23:30:40.0906 0400 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:30:41.0046 0400 helpsvc - ok
23:30:41.0078 0400 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
23:30:41.0218 0400 HidServ - ok
23:30:41.0250 0400 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:30:41.0375 0400 hidusb - ok
23:30:41.0406 0400 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:30:41.0531 0400 hkmsvc - ok
23:30:41.0546 0400 hpn - ok
23:30:41.0593 0400 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:30:41.0640 0400 HTTP - ok
23:30:41.0687 0400 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:30:41.0921 0400 HTTPFilter - ok
23:30:41.0937 0400 i2omgmt - ok
23:30:41.0937 0400 i2omp - ok
23:30:41.0953 0400 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:30:42.0093 0400 i8042prt - ok
23:30:42.0156 0400 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:30:42.0171 0400 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:30:42.0171 0400 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:30:42.0265 0400 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:30:42.0312 0400 idsvc - ok
23:30:42.0343 0400 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:30:42.0468 0400 Imapi - ok
23:30:42.0500 0400 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
23:30:42.0640 0400 ImapiService - ok
23:30:42.0656 0400 ini910u - ok
23:30:42.0671 0400 IntelIde - ok
23:30:42.0687 0400 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:30:42.0828 0400 intelppm - ok
23:30:42.0859 0400 [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
23:30:42.0875 0400 IOPort ( UnsignedFile.Multi.Generic ) - warning
23:30:42.0875 0400 IOPort - detected UnsignedFile.Multi.Generic (1)
23:30:42.0890 0400 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:30:43.0031 0400 ip6fw - ok
23:30:43.0062 0400 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:30:43.0187 0400 IpFilterDriver - ok
23:30:43.0203 0400 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:30:43.0328 0400 IpInIp - ok
23:30:43.0343 0400 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:30:43.0500 0400 IpNat - ok
23:30:43.0515 0400 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:30:43.0640 0400 IPSec - ok
23:30:43.0671 0400 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:30:43.0781 0400 IRENUM - ok
23:30:43.0812 0400 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:30:43.0937 0400 isapnp - ok
23:30:43.0953 0400 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:30:44.0078 0400 Kbdclass - ok
23:30:44.0093 0400 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:30:44.0234 0400 kbdhid - ok
23:30:44.0265 0400 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:30:44.0406 0400 kmixer - ok
23:30:44.0437 0400 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:30:44.0484 0400 KSecDD - ok
23:30:44.0515 0400 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:30:44.0562 0400 lanmanserver - ok
23:30:44.0609 0400 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:30:44.0640 0400 lanmanworkstation - ok
23:30:44.0671 0400 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:30:44.0687 0400 Lbd - ok
23:30:44.0703 0400 lbrtfdc - ok
23:30:44.0734 0400 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:30:44.0875 0400 LmHosts - ok
23:30:44.0906 0400 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
23:30:44.0937 0400 MBAMProtector - ok
23:30:45.0015 0400 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:30:45.0031 0400 MBAMScheduler - ok
23:30:45.0078 0400 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
23:30:45.0109 0400 MBAMService - ok
23:30:45.0140 0400 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:30:45.0281 0400 Messenger - ok
23:30:45.0281 0400 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:30:45.0406 0400 mnmdd - ok
23:30:45.0437 0400 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
23:30:45.0562 0400 mnmsrvc - ok
23:30:45.0593 0400 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:30:45.0734 0400 Modem - ok
23:30:45.0781 0400 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:30:45.0906 0400 Mouclass - ok
23:30:45.0937 0400 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:30:46.0062 0400 mouhid - ok
23:30:46.0062 0400 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:30:46.0187 0400 MountMgr - ok
23:30:46.0218 0400 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:30:46.0250 0400 MozillaMaintenance - ok
23:30:46.0250 0400 mraid35x - ok
23:30:46.0265 0400 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:30:46.0390 0400 MRxDAV - ok
23:30:46.0437 0400 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:30:46.0500 0400 MRxSmb - ok
23:30:46.0531 0400 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
23:30:46.0671 0400 MSDTC - ok
23:30:46.0687 0400 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:30:46.0812 0400 Msfs - ok
23:30:46.0812 0400 MSIServer - ok
23:30:46.0843 0400 [ 85736F804191CB420A31ACA2A7F0674F ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:30:46.0875 0400 MSKSSRV - ok
23:30:46.0906 0400 [ E943ADB93D83C5CBC0CA3F53F53B48CC ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:30:46.0953 0400 MSPCLOCK - ok
23:30:47.0000 0400 [ F6A726B8832DB1F88326B8BE98B11981 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:30:47.0062 0400 MSPQM - ok
23:30:47.0093 0400 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:30:47.0218 0400 mssmbios - ok
23:30:47.0234 0400 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:30:47.0281 0400 MSTEE - ok
23:30:47.0296 0400 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:30:47.0328 0400 Mup - ok
23:30:47.0359 0400 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:30:47.0375 0400 NABTSFEC - ok
23:30:47.0406 0400 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
23:30:47.0562 0400 napagent - ok
23:30:47.0562 0400 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:30:47.0703 0400 NDIS - ok
23:30:47.0734 0400 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:30:47.0765 0400 NdisIP - ok
23:30:47.0812 0400 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:30:47.0828 0400 NdisTapi - ok
23:30:47.0859 0400 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:30:47.0984 0400 Ndisuio - ok
23:30:48.0000 0400 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:30:48.0109 0400 NdisWan - ok
23:30:48.0140 0400 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:30:48.0171 0400 NDProxy - ok
23:30:48.0203 0400 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:30:48.0328 0400 NetBIOS - ok
23:30:48.0359 0400 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:30:48.0484 0400 NetBT - ok
23:30:48.0531 0400 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
23:30:48.0656 0400 NetDDE - ok
23:30:48.0656 0400 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:30:48.0796 0400 NetDDEdsdm - ok
23:30:48.0828 0400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
23:30:48.0953 0400 Netlogon - ok
23:30:48.0984 0400 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
23:30:49.0125 0400 Netman - ok
23:30:49.0171 0400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:30:49.0203 0400 NetTcpPortSharing - ok
23:30:49.0234 0400 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
23:30:49.0281 0400 Nla - ok
23:30:49.0328 0400 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
23:30:49.0343 0400 NMSAccess - ok
23:30:49.0390 0400 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
23:30:49.0406 0400 NPF - ok
23:30:49.0421 0400 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:30:49.0546 0400 Npfs - ok
23:30:49.0578 0400 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:30:49.0750 0400 Ntfs - ok
23:30:49.0750 0400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
23:30:49.0875 0400 NtLmSsp - ok
23:30:49.0906 0400 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:30:50.0093 0400 NtmsSvc - ok
23:30:50.0109 0400 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:30:50.0218 0400 Null - ok
23:30:50.0234 0400 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:30:50.0390 0400 NwlnkFlt - ok
23:30:50.0421 0400 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:30:50.0546 0400 NwlnkFwd - ok
23:30:50.0578 0400 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:30:50.0718 0400 Parport - ok
23:30:50.0718 0400 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:30:50.0843 0400 PartMgr - ok
23:30:50.0859 0400 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:30:51.0000 0400 ParVdm - ok
23:30:51.0015 0400 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:30:51.0125 0400 PCI - ok
23:30:51.0140 0400 PCIDump - ok
23:30:51.0156 0400 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:30:51.0296 0400 PCIIde - ok
23:30:51.0328 0400 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:30:51.0453 0400 Pcmcia - ok
23:30:51.0468 0400 PDCOMP - ok
23:30:51.0468 0400 PDFRAME - ok
23:30:51.0484 0400 PDRELI - ok
23:30:51.0484 0400 PDRFRAME - ok
23:30:51.0500 0400 perc2 - ok
23:30:51.0515 0400 perc2hib - ok
23:30:51.0546 0400 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
23:30:51.0578 0400 PlugPlay - ok
23:30:51.0578 0400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
23:30:51.0703 0400 PolicyAgent - ok
23:30:51.0718 0400 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:30:51.0859 0400 PptpMiniport - ok
23:30:51.0875 0400 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:30:52.0000 0400 Processor - ok
23:30:52.0015 0400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:30:52.0140 0400 ProtectedStorage - ok
23:30:52.0156 0400 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:30:52.0281 0400 PSched - ok
23:30:52.0281 0400 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:30:52.0421 0400 Ptilink - ok
23:30:52.0468 0400 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:30:52.0484 0400 PxHelp20 - ok
23:30:52.0484 0400 ql1080 - ok
23:30:52.0500 0400 Ql10wnt - ok
23:30:52.0500 0400 ql12160 - ok
23:30:52.0515 0400 ql1240 - ok
23:30:52.0515 0400 ql1280 - ok
23:30:52.0531 0400 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:30:52.0656 0400 RasAcd - ok
23:30:52.0703 0400 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:30:52.0828 0400 RasAuto - ok
23:30:52.0828 0400 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:30:52.0953 0400 Rasl2tp - ok
23:30:53.0000 0400 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:30:53.0156 0400 RasMan - ok
23:30:53.0156 0400 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:30:53.0281 0400 RasPppoe - ok
23:30:53.0296 0400 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:30:53.0437 0400 Raspti - ok
23:30:53.0437 0400 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:30:53.0562 0400 Rdbss - ok
23:30:53.0578 0400 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:30:53.0703 0400 RDPCDD - ok
23:30:53.0718 0400 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:30:53.0843 0400 rdpdr - ok
23:30:53.0890 0400 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:30:53.0937 0400 RDPWD - ok
23:30:53.0984 0400 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:30:54.0109 0400 RDSessMgr - ok
23:30:54.0125 0400 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:30:54.0250 0400 redbook - ok
23:30:54.0281 0400 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:30:54.0406 0400 RemoteAccess - ok
23:30:54.0453 0400 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:30:54.0578 0400 RemoteRegistry - ok
23:30:54.0625 0400 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Programme\WinPcap\rpcapd.exe
23:30:54.0640 0400 rpcapd - ok
23:30:54.0656 0400 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
23:30:54.0796 0400 RpcLocator - ok
23:30:54.0812 0400 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:30:54.0843 0400 RpcSs - ok
23:30:54.0890 0400 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
23:30:55.0031 0400 RSVP - ok
23:30:55.0062 0400 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
23:30:55.0171 0400 SamSs - ok
23:30:55.0203 0400 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:30:55.0343 0400 SCardSvr - ok
23:30:55.0390 0400 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:30:55.0531 0400 Schedule - ok
23:30:55.0531 0400 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:30:55.0656 0400 Secdrv - ok
23:30:55.0687 0400 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
23:30:55.0812 0400 seclogon - ok
23:30:55.0843 0400 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
23:30:55.0968 0400 SENS - ok
23:30:55.0984 0400 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:30:56.0125 0400 serenum - ok
23:30:56.0125 0400 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:30:56.0250 0400 Serial - ok
23:30:56.0312 0400 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:30:56.0421 0400 Sfloppy - ok
23:30:56.0468 0400 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:30:56.0640 0400 SharedAccess - ok
23:30:56.0656 0400 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:30:56.0671 0400 ShellHWDetection - ok
23:30:56.0718 0400 [ 4AABD176758CDBCFB834A72BD01CD02F ] silabenm C:\WINDOWS\system32\DRIVERS\silabenm.sys
23:30:56.0734 0400 silabenm ( UnsignedFile.Multi.Generic ) - warning
23:30:56.0734 0400 silabenm - detected UnsignedFile.Multi.Generic (1)
23:30:56.0765 0400 [ F5460535EDE7ADEB0721BC56587554EA ] silabser C:\WINDOWS\system32\DRIVERS\silabser.sys
23:30:56.0796 0400 silabser ( UnsignedFile.Multi.Generic ) - warning
23:30:56.0796 0400 silabser - detected UnsignedFile.Multi.Generic (1)
23:30:56.0796 0400 Simbad - ok
23:30:56.0828 0400 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:30:56.0859 0400 SLIP - ok
23:30:56.0875 0400 Sparrow - ok
23:30:56.0921 0400 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:30:57.0046 0400 splitter - ok
23:30:57.0078 0400 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:30:57.0109 0400 Spooler - ok
23:30:57.0140 0400 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:30:57.0265 0400 sr - ok
23:30:57.0296 0400 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
23:30:57.0421 0400 srservice - ok
23:30:57.0468 0400 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:30:57.0500 0400 Srv - ok
23:30:57.0546 0400 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
23:30:57.0578 0400 ssadbus - ok
23:30:57.0609 0400 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
23:30:57.0625 0400 ssadmdfl - ok
23:30:57.0640 0400 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
23:30:57.0671 0400 ssadmdm - ok
23:30:57.0703 0400 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
23:30:57.0750 0400 ssadserd - ok
23:30:57.0765 0400 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:30:57.0906 0400 SSDPSRV - ok
23:30:57.0953 0400 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
23:30:57.0953 0400 StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:30:57.0953 0400 StarOpen - detected UnsignedFile.Multi.Generic (1)
23:30:58.0000 0400 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:30:58.0156 0400 stisvc - ok
23:30:58.0187 0400 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:30:58.0203 0400 streamip - ok
23:30:58.0250 0400 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:30:58.0359 0400 swenum - ok
23:30:58.0375 0400 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:30:58.0500 0400 swmidi - ok
23:30:58.0515 0400 SwPrv - ok
23:30:58.0531 0400 symc810 - ok
23:30:58.0546 0400 symc8xx - ok
23:30:58.0546 0400 sym_hi - ok
23:30:58.0562 0400 sym_u3 - ok
23:30:58.0625 0400 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:30:58.0750 0400 sysaudio - ok
23:30:58.0781 0400 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:30:58.0906 0400 SysmonLog - ok
23:30:58.0937 0400 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:30:59.0078 0400 TapiSrv - ok
23:30:59.0125 0400 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:30:59.0187 0400 Tcpip - ok
23:30:59.0234 0400 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:30:59.0343 0400 TDPIPE - ok
23:30:59.0375 0400 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:30:59.0500 0400 TDTCP - ok
23:30:59.0515 0400 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:30:59.0625 0400 TermDD - ok
23:30:59.0656 0400 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
23:30:59.0812 0400 TermService - ok
23:30:59.0828 0400 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:30:59.0859 0400 Themes - ok
23:30:59.0906 0400 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
23:31:00.0046 0400 TlntSvr - ok
23:31:00.0046 0400 TosIde - ok
23:31:00.0078 0400 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:31:00.0203 0400 TrkWks - ok
23:31:00.0250 0400 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:31:00.0359 0400 Udfs - ok
23:31:00.0359 0400 ultra - ok
23:31:00.0406 0400 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:31:00.0562 0400 Update - ok
23:31:00.0578 0400 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:31:00.0718 0400 upnphost - ok
23:31:00.0734 0400 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
23:31:00.0859 0400 UPS - ok
23:31:00.0890 0400 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:31:01.0031 0400 usbaudio - ok
23:31:01.0046 0400 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:31:01.0156 0400 usbccgp - ok
23:31:01.0187 0400 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:31:01.0296 0400 usbehci - ok
23:31:01.0312 0400 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:31:01.0437 0400 usbhub - ok
23:31:01.0453 0400 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:31:01.0593 0400 usbprint - ok
23:31:01.0640 0400 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:31:01.0765 0400 usbscan - ok
23:31:01.0781 0400 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:31:01.0906 0400 USBSTOR - ok
23:31:01.0953 0400 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:31:02.0062 0400 usbuhci - ok
23:31:02.0109 0400 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:31:02.0234 0400 usbvideo - ok
23:31:02.0265 0400 [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI C:\WINDOWS\system32\UTSCSI.EXE
23:31:02.0296 0400 UTSCSI ( UnsignedFile.Multi.Generic ) - warning
23:31:02.0296 0400 UTSCSI - detected UnsignedFile.Multi.Generic (1)
23:31:02.0343 0400 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:31:02.0453 0400 VgaSave - ok
23:31:02.0468 0400 ViaIde - ok
23:31:02.0500 0400 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:31:02.0609 0400 VolSnap - ok
23:31:02.0640 0400 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
23:31:02.0781 0400 VSS - ok
23:31:02.0812 0400 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
23:31:02.0937 0400 W32Time - ok
23:31:02.0984 0400 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:31:03.0109 0400 Wanarp - ok
23:31:03.0156 0400 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
23:31:03.0187 0400 Wdf01000 - ok
23:31:03.0203 0400 WDICA - ok
23:31:03.0234 0400 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:31:03.0359 0400 wdmaud - ok
23:31:03.0390 0400 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:31:03.0515 0400 WebClient - ok
23:31:03.0609 0400 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:31:03.0718 0400 winmgmt - ok
23:31:03.0781 0400 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:31:03.0812 0400 WmdmPmSN - ok
23:31:03.0843 0400 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:31:03.0906 0400 Wmi - ok
23:31:03.0937 0400 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:31:04.0062 0400 WmiApSrv - ok
23:31:04.0078 0400 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:31:04.0093 0400 WpdUsb - ok
23:31:04.0187 0400 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:31:04.0218 0400 WPFFontCache_v0400 - ok
23:31:04.0250 0400 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:31:04.0406 0400 wscsvc - ok
23:31:04.0421 0400 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:31:04.0437 0400 WSTCODEC - ok
23:31:04.0453 0400 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:31:04.0578 0400 wuauserv - ok
23:31:04.0625 0400 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:31:04.0640 0400 WudfPf - ok
23:31:04.0656 0400 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:31:04.0671 0400 WudfRd - ok
23:31:04.0703 0400 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:31:04.0750 0400 WudfSvc - ok
23:31:04.0796 0400 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:31:04.0968 0400 WZCSVC - ok
23:31:05.0000 0400 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:31:05.0156 0400 xmlprov - ok
23:31:05.0156 0400 ================ Scan global ===============================
23:31:05.0187 0400 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
23:31:05.0250 0400 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
23:31:05.0265 0400 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
23:31:05.0296 0400 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
23:31:05.0312 0400 [Global] - ok
23:31:05.0312 0400 ================ Scan MBR ==================================
23:31:05.0328 0400 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
23:31:05.0531 0400 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:31:05.0531 0400 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:31:05.0546 0400 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
23:31:06.0093 0400 \Device\Harddisk1\DR2 - ok
23:31:06.0093 0400 ================ Scan VBR ==================================
23:31:06.0093 0400 [ D964B52BD354518261E5B697C98E79D1 ] \Device\Harddisk0\DR0\Partition1
23:31:06.0109 0400 \Device\Harddisk0\DR0\Partition1 - ok
23:31:06.0125 0400 [ F17264F44C7DBECAC0FD14C51ED6F082 ] \Device\Harddisk1\DR2\Partition1
23:31:06.0125 0400 \Device\Harddisk1\DR2\Partition1 - ok
23:31:06.0125 0400 ============================================================
23:31:06.0125 0400 Scan finished
23:31:06.0125 0400 ============================================================
23:31:06.0234 1652 Detected object count: 8
23:31:06.0234 1652 Actual detected object count: 8
23:32:16.0843 1652 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0843 1652 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:16.0859 1652 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:16.0859 1652 IOPort ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652 IOPort ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:16.0859 1652 silabenm ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652 silabenm ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:16.0859 1652 silabser ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652 silabser ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:16.0859 1652 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:16.0859 1652 UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652 UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:16.0859 1652 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:32:16.0859 1652 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
12.11.2012, 23:39
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.6760809 im Receycler und System Volume Information Du hast ein TDSS drin! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2012, 00:00
| #11 |
| | Trojan.Generic.6760809 im Receycler und System Volume InformationCode:
ATTFilter Combofix Logfile: |
|
13.11.2012, 10:00
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.6760809 im Receycler und System Volume Information Ok, mach bitte neue Logs mit aswMBR und dem TDSS-Killer - genauso wie vorher auch
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2012, 17:32
| #13 |
| | Trojan.Generic.6760809 im Receycler und System Volume InformationCode:
ATTFilter 17:27:20.0453 3768 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:27:20.0468 3768 ============================================================
17:27:20.0468 3768 Current date / time: 2012/11/13 17:27:20.0468
17:27:20.0468 3768 SystemInfo:
17:27:20.0468 3768
17:27:20.0468 3768 OS Version: 5.1.2600 ServicePack: 3.0
17:27:20.0468 3768 Product type: Workstation
17:27:20.0468 3768 ComputerName: AIRBORNE1
17:27:20.0468 3768 UserName: Admin
17:27:20.0468 3768 Windows directory: C:\WINDOWS
17:27:20.0468 3768 System windows directory: C:\WINDOWS
17:27:20.0468 3768 Processor architecture: Intel x86
17:27:20.0468 3768 Number of processors: 1
17:27:20.0468 3768 Page size: 0x1000
17:27:20.0468 3768 Boot type: Normal boot
17:27:20.0468 3768 ============================================================
17:27:21.0593 3768 Drive \Device\Harddisk0\DR0 - Size: 0x3A7450A000 (233.82 Gb), SectorSize: 0x200, Cylinders: 0x7EAE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:27:21.0609 3768 Drive \Device\Harddisk1\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:27:21.0609 3768 ============================================================
17:27:21.0609 3768 \Device\Harddisk0\DR0:
17:27:21.0609 3768 MBR partitions:
17:27:21.0609 3768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D39C991
17:27:21.0609 3768 \Device\Harddisk1\DR2:
17:27:21.0609 3768 MBR partitions:
17:27:21.0609 3768 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
17:27:21.0609 3768 ============================================================
17:27:21.0625 3768 C: <-> \Device\Harddisk0\DR0\Partition1
17:27:21.0656 3768 G: <-> \Device\Harddisk1\DR2\Partition1
17:27:21.0656 3768 ============================================================
17:27:21.0656 3768 Initialize success
17:27:21.0656 3768 ============================================================
17:27:36.0234 3804 ============================================================
17:27:36.0234 3804 Scan started
17:27:36.0234 3804 Mode: Manual; SigCheck; TDLFS;
17:27:36.0234 3804 ============================================================
17:27:36.0531 3804 ================ Scan system memory ========================
17:27:36.0531 3804 System memory - ok
17:27:36.0531 3804 ================ Scan services =============================
17:27:36.0687 3804 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:27:36.0812 3804 Aavmker4 - ok
17:27:36.0828 3804 Abiosdsk - ok
17:27:36.0828 3804 abp480n5 - ok
17:27:36.0859 3804 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:27:37.0078 3804 ACPI - ok
17:27:37.0093 3804 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:27:37.0234 3804 ACPIEC - ok
17:27:37.0296 3804 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:27:37.0328 3804 AdobeFlashPlayerUpdateSvc - ok
17:27:37.0328 3804 adpu160m - ok
17:27:37.0375 3804 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:27:37.0515 3804 aec - ok
17:27:37.0546 3804 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:27:37.0578 3804 AFD - ok
17:27:37.0593 3804 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:27:37.0734 3804 agp440 - ok
17:27:37.0734 3804 Aha154x - ok
17:27:37.0750 3804 aic78u2 - ok
17:27:37.0765 3804 aic78xx - ok
17:27:37.0781 3804 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:27:37.0921 3804 Alerter - ok
17:27:37.0937 3804 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:27:38.0078 3804 ALG - ok
17:27:38.0093 3804 AliIde - ok
17:27:38.0109 3804 amsint - ok
17:27:38.0140 3804 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\WINDOWS\system32\Drivers\ssadadb.sys
17:27:38.0171 3804 androidusb - ok
17:27:38.0187 3804 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:27:38.0312 3804 AppMgmt - ok
17:27:38.0312 3804 asc - ok
17:27:38.0328 3804 asc3350p - ok
17:27:38.0328 3804 asc3550 - ok
17:27:38.0437 3804 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:27:38.0468 3804 aspnet_state - ok
17:27:38.0500 3804 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:27:38.0515 3804 aswFsBlk - ok
17:27:38.0562 3804 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:27:38.0578 3804 aswMon2 - ok
17:27:38.0593 3804 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
17:27:38.0609 3804 AswRdr - ok
17:27:38.0656 3804 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:27:38.0687 3804 aswSnx - ok
17:27:38.0718 3804 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:27:38.0734 3804 aswSP - ok
17:27:38.0765 3804 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:27:38.0781 3804 aswTdi - ok
17:27:38.0796 3804 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:27:38.0937 3804 AsyncMac - ok
17:27:38.0953 3804 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:27:39.0093 3804 atapi - ok
17:27:39.0109 3804 Atdisk - ok
17:27:39.0156 3804 [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:27:39.0187 3804 Ati HotKey Poller - ok
17:27:39.0359 3804 [ C832BF76F003999D2E91E5115583C69E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:27:39.0578 3804 ati2mtag - ok
17:27:39.0609 3804 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:27:39.0734 3804 Atmarpc - ok
17:27:39.0750 3804 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:27:39.0890 3804 AudioSrv - ok
17:27:39.0921 3804 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:27:40.0046 3804 audstub - ok
17:27:40.0109 3804 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
17:27:40.0125 3804 avast! Antivirus - ok
17:27:40.0156 3804 [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:27:40.0203 3804 b57w2k - ok
17:27:40.0234 3804 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:27:40.0375 3804 Beep - ok
17:27:40.0421 3804 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
17:27:40.0437 3804 bgsvcgen - ok
17:27:40.0468 3804 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:27:40.0609 3804 BITS - ok
17:27:40.0640 3804 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:27:40.0671 3804 Browser - ok
17:27:40.0796 3804 catchme - ok
17:27:40.0812 3804 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:27:40.0937 3804 cbidf2k - ok
17:27:40.0953 3804 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:27:40.0984 3804 CCDECODE - ok
17:27:40.0984 3804 cd20xrnt - ok
17:27:41.0031 3804 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:27:41.0171 3804 Cdaudio - ok
17:27:41.0187 3804 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:27:41.0312 3804 Cdfs - ok
17:27:41.0328 3804 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
17:27:41.0328 3804 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
17:27:41.0328 3804 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
17:27:41.0343 3804 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:27:41.0468 3804 Cdrom - ok
17:27:41.0484 3804 Changer - ok
17:27:41.0515 3804 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:27:41.0640 3804 CiSvc - ok
17:27:41.0687 3804 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:27:41.0828 3804 ClipSrv - ok
17:27:41.0890 3804 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:41.0953 3804 clr_optimization_v2.0.50727_32 - ok
17:27:41.0984 3804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:42.0046 3804 clr_optimization_v4.0.30319_32 - ok
17:27:42.0062 3804 CmdIde - ok
17:27:42.0093 3804 [ FD40439BB258B9AA9AD314BF5948EF46 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
17:27:42.0156 3804 cmpci - ok
17:27:42.0171 3804 COMSysApp - ok
17:27:42.0187 3804 Cpqarray - ok
17:27:42.0218 3804 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:27:42.0359 3804 CryptSvc - ok
17:27:42.0375 3804 dac2w2k - ok
17:27:42.0375 3804 dac960nt - ok
17:27:42.0421 3804 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:27:42.0468 3804 DcomLaunch - ok
17:27:42.0484 3804 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:27:42.0609 3804 Dhcp - ok
17:27:42.0625 3804 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:27:42.0750 3804 Disk - ok
17:27:42.0750 3804 dmadmin - ok
17:27:42.0781 3804 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:27:42.0953 3804 dmboot - ok
17:27:42.0953 3804 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:27:43.0093 3804 dmio - ok
17:27:43.0125 3804 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:27:43.0265 3804 dmload - ok
17:27:43.0265 3804 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:27:43.0406 3804 dmserver - ok
17:27:43.0421 3804 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:27:43.0546 3804 DMusic - ok
17:27:43.0578 3804 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:27:43.0609 3804 Dnscache - ok
17:27:43.0640 3804 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:27:43.0765 3804 Dot3svc - ok
17:27:43.0765 3804 dpti2o - ok
17:27:43.0796 3804 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:27:43.0921 3804 drmkaud - ok
17:27:43.0937 3804 EagleXNt - ok
17:27:43.0968 3804 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:27:44.0109 3804 EapHost - ok
17:27:44.0125 3804 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:27:44.0250 3804 ERSvc - ok
17:27:44.0281 3804 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:27:44.0312 3804 Eventlog - ok
17:27:44.0359 3804 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
17:27:44.0390 3804 EventSystem - ok
17:27:44.0390 3804 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:27:44.0515 3804 Fastfat - ok
17:27:44.0562 3804 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:27:44.0609 3804 FastUserSwitchingCompatibility - ok
17:27:44.0625 3804 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:27:44.0734 3804 Fdc - ok
17:27:44.0765 3804 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:27:44.0890 3804 Fips - ok
17:27:44.0890 3804 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:27:45.0015 3804 Flpydisk - ok
17:27:45.0062 3804 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:27:45.0171 3804 FltMgr - ok
17:27:45.0234 3804 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:27:45.0250 3804 FontCache3.0.0.0 - ok
17:27:45.0250 3804 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:27:45.0375 3804 Fs_Rec - ok
17:27:45.0390 3804 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:27:45.0515 3804 Ftdisk - ok
17:27:45.0531 3804 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:27:45.0656 3804 gameenum - ok
17:27:45.0671 3804 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:27:45.0796 3804 Gpc - ok
17:27:45.0843 3804 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
17:27:45.0859 3804 gusvc - ok
17:27:45.0906 3804 [ FC7DCDEF8F17D3C5DECC880673EA5BD5 ] hcwPVRP2 C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys
17:27:45.0984 3804 hcwPVRP2 - ok
17:27:46.0062 3804 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:27:46.0203 3804 helpsvc - ok
17:27:46.0234 3804 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:27:46.0375 3804 HidServ - ok
17:27:46.0390 3804 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:27:46.0515 3804 hidusb - ok
17:27:46.0546 3804 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:27:46.0671 3804 hkmsvc - ok
17:27:46.0687 3804 hpn - ok
17:27:46.0734 3804 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:27:46.0765 3804 HTTP - ok
17:27:46.0796 3804 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:27:46.0953 3804 HTTPFilter - ok
17:27:46.0968 3804 i2omgmt - ok
17:27:46.0968 3804 i2omp - ok
17:27:46.0984 3804 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:27:47.0125 3804 i8042prt - ok
17:27:47.0203 3804 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:27:47.0218 3804 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:27:47.0218 3804 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:27:47.0312 3804 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:27:47.0375 3804 idsvc - ok
17:27:47.0390 3804 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:27:47.0515 3804 Imapi - ok
17:27:47.0546 3804 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:27:47.0687 3804 ImapiService - ok
17:27:47.0687 3804 ini910u - ok
17:27:47.0703 3804 IntelIde - ok
17:27:47.0718 3804 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:27:47.0843 3804 intelppm - ok
17:27:47.0859 3804 [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
17:27:47.0875 3804 IOPort ( UnsignedFile.Multi.Generic ) - warning
17:27:47.0875 3804 IOPort - detected UnsignedFile.Multi.Generic (1)
17:27:47.0890 3804 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:27:48.0031 3804 ip6fw - ok
17:27:48.0062 3804 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:27:48.0187 3804 IpFilterDriver - ok
17:27:48.0203 3804 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:27:48.0343 3804 IpInIp - ok
17:27:48.0359 3804 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:27:48.0484 3804 IpNat - ok
17:27:48.0515 3804 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:27:48.0640 3804 IPSec - ok
17:27:48.0656 3804 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:27:48.0765 3804 IRENUM - ok
17:27:48.0796 3804 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:27:48.0921 3804 isapnp - ok
17:27:48.0921 3804 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:27:49.0046 3804 Kbdclass - ok
17:27:49.0046 3804 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:27:49.0187 3804 kbdhid - ok
17:27:49.0203 3804 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:27:49.0343 3804 kmixer - ok
17:27:49.0375 3804 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:27:49.0390 3804 KSecDD - ok
17:27:49.0406 3804 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:27:49.0453 3804 lanmanserver - ok
17:27:49.0484 3804 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:27:49.0515 3804 lanmanworkstation - ok
17:27:49.0546 3804 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:27:49.0562 3804 Lbd - ok
17:27:49.0578 3804 lbrtfdc - ok
17:27:49.0609 3804 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:27:49.0718 3804 LmHosts - ok
17:27:49.0750 3804 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:27:49.0765 3804 MBAMProtector - ok
17:27:49.0828 3804 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:27:49.0859 3804 MBAMScheduler - ok
17:27:49.0890 3804 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
17:27:49.0921 3804 MBAMService - ok
17:27:49.0953 3804 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:27:50.0078 3804 Messenger - ok
17:27:50.0093 3804 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:27:50.0218 3804 mnmdd - ok
17:27:50.0250 3804 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:27:50.0375 3804 mnmsrvc - ok
17:27:50.0390 3804 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:27:50.0531 3804 Modem - ok
17:27:50.0546 3804 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:27:50.0671 3804 Mouclass - ok
17:27:50.0703 3804 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:27:50.0828 3804 mouhid - ok
17:27:50.0843 3804 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:27:50.0968 3804 MountMgr - ok
17:27:51.0000 3804 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:27:51.0015 3804 MozillaMaintenance - ok
17:27:51.0015 3804 mraid35x - ok
17:27:51.0031 3804 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:27:51.0156 3804 MRxDAV - ok
17:27:51.0203 3804 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:27:51.0234 3804 MRxSmb - ok
17:27:51.0265 3804 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:27:51.0406 3804 MSDTC - ok
17:27:51.0421 3804 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:27:51.0531 3804 Msfs - ok
17:27:51.0546 3804 MSIServer - ok
17:27:51.0578 3804 [ 85736F804191CB420A31ACA2A7F0674F ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:27:51.0609 3804 MSKSSRV - ok
17:27:51.0640 3804 [ E943ADB93D83C5CBC0CA3F53F53B48CC ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:27:51.0687 3804 MSPCLOCK - ok
17:27:51.0718 3804 [ F6A726B8832DB1F88326B8BE98B11981 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:27:51.0781 3804 MSPQM - ok
17:27:51.0812 3804 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:27:51.0937 3804 mssmbios - ok
17:27:51.0953 3804 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:27:52.0000 3804 MSTEE - ok
17:27:52.0015 3804 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:27:52.0031 3804 Mup - ok
17:27:52.0046 3804 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:27:52.0062 3804 NABTSFEC - ok
17:27:52.0093 3804 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:27:52.0250 3804 napagent - ok
17:27:52.0265 3804 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:27:52.0375 3804 NDIS - ok
17:27:52.0406 3804 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:27:52.0437 3804 NdisIP - ok
17:27:52.0484 3804 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:27:52.0515 3804 NdisTapi - ok
17:27:52.0546 3804 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:27:52.0671 3804 Ndisuio - ok
17:27:52.0687 3804 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:27:52.0796 3804 NdisWan - ok
17:27:52.0812 3804 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:27:52.0828 3804 NDProxy - ok
17:27:52.0843 3804 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:27:52.0968 3804 NetBIOS - ok
17:27:53.0000 3804 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:27:53.0140 3804 NetBT - ok
17:27:53.0171 3804 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:27:53.0296 3804 NetDDE - ok
17:27:53.0312 3804 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:27:53.0437 3804 NetDDEdsdm - ok
17:27:53.0468 3804 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:27:53.0593 3804 Netlogon - ok
17:27:53.0640 3804 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:27:53.0765 3804 Netman - ok
17:27:53.0796 3804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:27:53.0828 3804 NetTcpPortSharing - ok
17:27:53.0843 3804 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:27:53.0875 3804 Nla - ok
17:27:53.0921 3804 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
17:27:53.0937 3804 NMSAccess - ok
17:27:53.0984 3804 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
17:27:54.0000 3804 NPF - ok
17:27:54.0015 3804 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:27:54.0140 3804 Npfs - ok
17:27:54.0156 3804 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:27:54.0328 3804 Ntfs - ok
17:27:54.0343 3804 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:27:54.0468 3804 NtLmSsp - ok
17:27:54.0515 3804 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:27:54.0687 3804 NtmsSvc - ok
17:27:54.0718 3804 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:27:54.0828 3804 Null - ok
17:27:54.0843 3804 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:27:54.0984 3804 NwlnkFlt - ok
17:27:55.0015 3804 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:27:55.0156 3804 NwlnkFwd - ok
17:27:55.0171 3804 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:27:55.0312 3804 Parport - ok
17:27:55.0312 3804 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:27:55.0437 3804 PartMgr - ok
17:27:55.0484 3804 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:27:55.0609 3804 ParVdm - ok
17:27:55.0625 3804 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:27:55.0750 3804 PCI - ok
17:27:55.0750 3804 PCIDump - ok
17:27:55.0781 3804 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:27:55.0921 3804 PCIIde - ok
17:27:55.0937 3804 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:27:56.0062 3804 Pcmcia - ok
17:27:56.0078 3804 PDCOMP - ok
17:27:56.0078 3804 PDFRAME - ok
17:27:56.0093 3804 PDRELI - ok
17:27:56.0093 3804 PDRFRAME - ok
17:27:56.0109 3804 perc2 - ok
17:27:56.0109 3804 perc2hib - ok
17:27:56.0156 3804 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:27:56.0187 3804 PlugPlay - ok
17:27:56.0187 3804 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:27:56.0312 3804 PolicyAgent - ok
17:27:56.0328 3804 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:27:56.0453 3804 PptpMiniport - ok
17:27:56.0468 3804 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:27:56.0593 3804 Processor - ok
17:27:56.0593 3804 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:27:56.0734 3804 ProtectedStorage - ok
17:27:56.0734 3804 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:27:56.0859 3804 PSched - ok
17:27:56.0875 3804 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:27:57.0015 3804 Ptilink - ok
17:27:57.0046 3804 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:27:57.0062 3804 PxHelp20 - ok
17:27:57.0078 3804 ql1080 - ok
17:27:57.0078 3804 Ql10wnt - ok
17:27:57.0093 3804 ql12160 - ok
17:27:57.0093 3804 ql1240 - ok
17:27:57.0109 3804 ql1280 - ok
17:27:57.0125 3804 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:27:57.0250 3804 RasAcd - ok
17:27:57.0281 3804 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:27:57.0421 3804 RasAuto - ok
17:27:57.0421 3804 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:27:57.0546 3804 Rasl2tp - ok
17:27:57.0593 3804 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:27:57.0750 3804 RasMan - ok
17:27:57.0750 3804 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:27:57.0875 3804 RasPppoe - ok
17:27:57.0890 3804 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:27:58.0031 3804 Raspti - ok
17:27:58.0046 3804 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:27:58.0171 3804 Rdbss - ok
17:27:58.0171 3804 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:27:58.0296 3804 RDPCDD - ok
17:27:58.0312 3804 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:27:58.0437 3804 rdpdr - ok
17:27:58.0484 3804 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:27:58.0515 3804 RDPWD - ok
17:27:58.0546 3804 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:27:58.0671 3804 RDSessMgr - ok
17:27:58.0687 3804 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:27:58.0812 3804 redbook - ok
17:27:58.0828 3804 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:27:58.0953 3804 RemoteAccess - ok
17:27:59.0000 3804 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:27:59.0140 3804 RemoteRegistry - ok
17:27:59.0171 3804 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Programme\WinPcap\rpcapd.exe
17:27:59.0203 3804 rpcapd - ok
17:27:59.0218 3804 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
17:27:59.0343 3804 RpcLocator - ok
17:27:59.0375 3804 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:27:59.0406 3804 RpcSs - ok
17:27:59.0437 3804 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:27:59.0578 3804 RSVP - ok
17:27:59.0609 3804 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:27:59.0734 3804 SamSs - ok
17:27:59.0750 3804 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:27:59.0890 3804 SCardSvr - ok
17:27:59.0937 3804 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:28:00.0062 3804 Schedule - ok
17:28:00.0078 3804 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:28:00.0203 3804 Secdrv - ok
17:28:00.0234 3804 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:28:00.0359 3804 seclogon - ok
17:28:00.0390 3804 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:28:00.0515 3804 SENS - ok
17:28:00.0531 3804 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:28:00.0671 3804 serenum - ok
17:28:00.0671 3804 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:28:00.0796 3804 Serial - ok
17:28:00.0859 3804 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:28:00.0968 3804 Sfloppy - ok
17:28:01.0015 3804 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:28:01.0156 3804 SharedAccess - ok
17:28:01.0187 3804 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:28:01.0203 3804 ShellHWDetection - ok
17:28:01.0250 3804 [ 4AABD176758CDBCFB834A72BD01CD02F ] silabenm C:\WINDOWS\system32\DRIVERS\silabenm.sys
17:28:01.0265 3804 silabenm ( UnsignedFile.Multi.Generic ) - warning
17:28:01.0265 3804 silabenm - detected UnsignedFile.Multi.Generic (1)
17:28:01.0296 3804 [ F5460535EDE7ADEB0721BC56587554EA ] silabser C:\WINDOWS\system32\DRIVERS\silabser.sys
17:28:01.0328 3804 silabser ( UnsignedFile.Multi.Generic ) - warning
17:28:01.0328 3804 silabser - detected UnsignedFile.Multi.Generic (1)
17:28:01.0328 3804 Simbad - ok
17:28:01.0359 3804 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:28:01.0406 3804 SLIP - ok
17:28:01.0421 3804 Sparrow - ok
17:28:01.0468 3804 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:28:01.0578 3804 splitter - ok
17:28:01.0609 3804 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:28:01.0640 3804 Spooler - ok
17:28:01.0671 3804 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:28:01.0781 3804 sr - ok
17:28:01.0812 3804 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:28:01.0953 3804 srservice - ok
17:28:01.0984 3804 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:28:02.0015 3804 Srv - ok
17:28:02.0046 3804 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
17:28:02.0062 3804 ssadbus - ok
17:28:02.0078 3804 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
17:28:02.0109 3804 ssadmdfl - ok
17:28:02.0125 3804 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
17:28:02.0156 3804 ssadmdm - ok
17:28:02.0171 3804 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
17:28:02.0218 3804 ssadserd - ok
17:28:02.0234 3804 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:28:02.0375 3804 SSDPSRV - ok
17:28:02.0421 3804 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
17:28:02.0437 3804 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:28:02.0437 3804 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:28:02.0468 3804 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:28:02.0625 3804 stisvc - ok
17:28:02.0656 3804 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:28:02.0671 3804 streamip - ok
17:28:02.0718 3804 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:28:02.0843 3804 swenum - ok
17:28:02.0859 3804 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:28:02.0968 3804 swmidi - ok
17:28:02.0984 3804 SwPrv - ok
17:28:03.0000 3804 symc810 - ok
17:28:03.0000 3804 symc8xx - ok
17:28:03.0015 3804 sym_hi - ok
17:28:03.0015 3804 sym_u3 - ok
17:28:03.0062 3804 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:28:03.0187 3804 sysaudio - ok
17:28:03.0218 3804 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:28:03.0343 3804 SysmonLog - ok
17:28:03.0375 3804 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:28:03.0531 3804 TapiSrv - ok
17:28:03.0578 3804 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:28:03.0593 3804 Tcpip - ok
17:28:03.0609 3804 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:28:03.0734 3804 TDPIPE - ok
17:28:03.0765 3804 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:28:03.0875 3804 TDTCP - ok
17:28:03.0921 3804 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:28:04.0031 3804 TermDD - ok
17:28:04.0062 3804 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:28:04.0218 3804 TermService - ok
17:28:04.0234 3804 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:28:04.0250 3804 Themes - ok
17:28:04.0296 3804 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
17:28:04.0421 3804 TlntSvr - ok
17:28:04.0437 3804 TosIde - ok
17:28:04.0453 3804 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:28:04.0578 3804 TrkWks - ok
17:28:04.0609 3804 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:28:04.0734 3804 Udfs - ok
17:28:04.0734 3804 ultra - ok
17:28:04.0750 3804 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:28:04.0921 3804 Update - ok
17:28:04.0937 3804 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:28:05.0078 3804 upnphost - ok
17:28:05.0093 3804 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:28:05.0218 3804 UPS - ok
17:28:05.0234 3804 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:28:05.0375 3804 usbaudio - ok
17:28:05.0421 3804 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:28:05.0531 3804 usbccgp - ok
17:28:05.0546 3804 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:28:05.0671 3804 usbehci - ok
17:28:05.0671 3804 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:28:05.0796 3804 usbhub - ok
17:28:05.0843 3804 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:28:05.0968 3804 usbprint - ok
17:28:06.0015 3804 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:28:06.0140 3804 usbscan - ok
17:28:06.0156 3804 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:28:06.0296 3804 USBSTOR - ok
17:28:06.0312 3804 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:28:06.0437 3804 usbuhci - ok
17:28:06.0468 3804 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
17:28:06.0593 3804 usbvideo - ok
17:28:06.0625 3804 [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI C:\WINDOWS\system32\UTSCSI.EXE
17:28:06.0656 3804 UTSCSI ( UnsignedFile.Multi.Generic ) - warning
17:28:06.0656 3804 UTSCSI - detected UnsignedFile.Multi.Generic (1)
17:28:06.0703 3804 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:28:06.0828 3804 VgaSave - ok
17:28:06.0828 3804 ViaIde - ok
17:28:06.0875 3804 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:28:06.0984 3804 VolSnap - ok
17:28:07.0015 3804 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:28:07.0156 3804 VSS - ok
17:28:07.0187 3804 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:28:07.0312 3804 W32Time - ok
17:28:07.0343 3804 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:28:07.0484 3804 Wanarp - ok
17:28:07.0531 3804 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
17:28:07.0562 3804 Wdf01000 - ok
17:28:07.0578 3804 WDICA - ok
17:28:07.0609 3804 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:28:07.0734 3804 wdmaud - ok
17:28:07.0765 3804 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:28:07.0890 3804 WebClient - ok
17:28:07.0968 3804 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:28:08.0093 3804 winmgmt - ok
17:28:08.0140 3804 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:28:08.0156 3804 WmdmPmSN - ok
17:28:08.0187 3804 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:28:08.0265 3804 Wmi - ok
17:28:08.0281 3804 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:28:08.0406 3804 WmiApSrv - ok
17:28:08.0421 3804 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:28:08.0437 3804 WpdUsb - ok
17:28:08.0515 3804 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:28:08.0562 3804 WPFFontCache_v0400 - ok
17:28:08.0593 3804 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:28:08.0734 3804 WS2IFSL - ok
17:28:08.0765 3804 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:28:08.0906 3804 wscsvc - ok
17:28:08.0937 3804 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:28:08.0953 3804 WSTCODEC - ok
17:28:08.0984 3804 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:28:09.0109 3804 wuauserv - ok
17:28:09.0156 3804 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:28:09.0171 3804 WudfPf - ok
17:28:09.0187 3804 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:28:09.0203 3804 WudfRd - ok
17:28:09.0250 3804 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:28:09.0281 3804 WudfSvc - ok
17:28:09.0328 3804 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:28:09.0515 3804 WZCSVC - ok
17:28:09.0546 3804 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:28:09.0703 3804 xmlprov - ok
17:28:09.0718 3804 ================ Scan global ===============================
17:28:09.0750 3804 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:28:09.0812 3804 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:28:09.0828 3804 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:28:09.0875 3804 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:28:09.0890 3804 [Global] - ok
17:28:09.0890 3804 ================ Scan MBR ==================================
17:28:09.0906 3804 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:28:10.0109 3804 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:28:10.0109 3804 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:28:10.0125 3804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
17:28:10.0312 3804 \Device\Harddisk1\DR2 - ok
17:28:10.0312 3804 ================ Scan VBR ==================================
17:28:10.0328 3804 [ D964B52BD354518261E5B697C98E79D1 ] \Device\Harddisk0\DR0\Partition1
17:28:10.0328 3804 \Device\Harddisk0\DR0\Partition1 - ok
17:28:10.0328 3804 [ F17264F44C7DBECAC0FD14C51ED6F082 ] \Device\Harddisk1\DR2\Partition1
17:28:10.0328 3804 \Device\Harddisk1\DR2\Partition1 - ok
17:28:10.0328 3804 ============================================================
17:28:10.0328 3804 Scan finished
17:28:10.0328 3804 ============================================================
17:28:10.0437 3784 Detected object count: 8
17:28:10.0437 3784 Actual detected object count: 8
17:28:32.0812 3784 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:28:32.0812 3784 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:28:32.0812 3784 IOPort ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784 IOPort ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:28:32.0812 3784 silabenm ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784 silabenm ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:28:32.0812 3784 silabser ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784 silabser ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:28:32.0812 3784 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:28:32.0828 3784 UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0828 3784 UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:28:32.0828 3784 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:28:32.0828 3784 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-13 17:16:07
-----------------------------
17:16:07.468 OS Version: Windows 5.1.2600 Service Pack 3
17:16:07.468 Number of processors: 1 586 0x304
17:16:07.468 ComputerName: AIRBORNE1 UserName: Admin
17:16:08.328 Initialize success
17:16:08.500 AVAST engine defs: 12111300
17:16:50.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
17:16:50.859 Disk 0 Vendor: WDC_WD2502ABYS-02B7A0 02.03B03 Size: 239429MB BusType: 3
17:16:50.875 Disk 0 MBR read successfully
17:16:50.875 Disk 0 MBR scan
17:16:50.875 Disk 0 Windows XP default MBR code
17:16:50.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 239417 MB offset 63
17:16:50.890 Disk 0 scanning sectors +490326480
17:16:50.937 Disk 0 scanning C:\WINDOWS\system32\drivers
17:16:57.421 Service scanning
17:17:06.531 Modules scanning
17:17:09.296 Disk 0 trace - called modules:
17:17:09.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:17:09.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89f18ab8]
17:17:09.312 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005e[0x89eb7a00]
17:17:09.312 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x89da7940]
17:17:09.828 AVAST engine scan C:\WINDOWS
17:17:12.015 AVAST engine scan C:\WINDOWS\system32
17:19:33.343 AVAST engine scan C:\WINDOWS\system32\drivers
17:19:49.890 AVAST engine scan C:\Dokumente und Einstellungen\Admin
17:22:35.609 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:23:35.484 Scan finished successfully
17:26:38.937 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\MBR.dat"
17:26:38.953 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\aswMBR2.txt"
|
|
13.11.2012, 21:43
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.6760809 im Receycler und System Volume InformationCode:
ATTFilter 23:32:16.0859 1652 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2012, 22:08
| #15 |
| | Trojan.Generic.6760809 im Receycler und System Volume InformationCode:
ATTFilter 21:53:22.0796 3480 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:53:22.0890 3480 ============================================================
21:53:22.0890 3480 Current date / time: 2012/11/13 21:53:22.0890
21:53:22.0890 3480 SystemInfo:
21:53:22.0890 3480
21:53:22.0890 3480 OS Version: 5.1.2600 ServicePack: 3.0
21:53:22.0890 3480 Product type: Workstation
21:53:22.0890 3480 ComputerName: AIRBORNE1
21:53:22.0890 3480 UserName: Admin
21:53:22.0890 3480 Windows directory: C:\WINDOWS
21:53:22.0890 3480 System windows directory: C:\WINDOWS
21:53:22.0890 3480 Processor architecture: Intel x86
21:53:22.0890 3480 Number of processors: 1
21:53:22.0890 3480 Page size: 0x1000
21:53:22.0890 3480 Boot type: Normal boot
21:53:22.0890 3480 ============================================================
21:53:23.0984 3480 Drive \Device\Harddisk0\DR0 - Size: 0x3A7450A000 (233.82 Gb), SectorSize: 0x200, Cylinders: 0x7EAE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:53:24.0015 3480 Drive \Device\Harddisk1\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:53:30.0953 3480 ============================================================
21:53:30.0953 3480 \Device\Harddisk0\DR0:
21:53:30.0984 3480 MBR partitions:
21:53:30.0984 3480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D39C991
21:53:30.0984 3480 \Device\Harddisk1\DR2:
21:53:30.0984 3480 MBR partitions:
21:53:30.0984 3480 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
21:53:30.0984 3480 ============================================================
21:53:31.0000 3480 C: <-> \Device\Harddisk0\DR0\Partition1
21:53:31.0031 3480 G: <-> \Device\Harddisk1\DR2\Partition1
21:53:31.0031 3480 ============================================================
21:53:31.0031 3480 Initialize success
21:53:31.0031 3480 ============================================================
21:53:41.0703 1492 ============================================================
21:53:41.0703 1492 Scan started
21:53:41.0703 1492 Mode: Manual; SigCheck; TDLFS;
21:53:41.0703 1492 ============================================================
21:53:41.0906 1492 ================ Scan system memory ========================
21:53:41.0906 1492 System memory - ok
21:53:41.0906 1492 ================ Scan services =============================
21:53:42.0031 1492 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:53:42.0218 1492 Aavmker4 - ok
21:53:42.0234 1492 Abiosdsk - ok
21:53:42.0234 1492 abp480n5 - ok
21:53:42.0281 1492 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:53:42.0796 1492 ACPI - ok
21:53:42.0828 1492 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:53:42.0968 1492 ACPIEC - ok
21:53:43.0046 1492 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:53:43.0062 1492 AdobeFlashPlayerUpdateSvc - ok
21:53:43.0078 1492 adpu160m - ok
21:53:43.0109 1492 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:53:43.0265 1492 aec - ok
21:53:43.0312 1492 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:53:43.0343 1492 AFD - ok
21:53:43.0375 1492 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:53:43.0531 1492 agp440 - ok
21:53:43.0546 1492 Aha154x - ok
21:53:43.0546 1492 aic78u2 - ok
21:53:43.0562 1492 aic78xx - ok
21:53:43.0593 1492 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:53:43.0750 1492 Alerter - ok
21:53:43.0765 1492 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:53:43.0890 1492 ALG - ok
21:53:43.0890 1492 AliIde - ok
21:53:43.0906 1492 amsint - ok
21:53:43.0937 1492 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\WINDOWS\system32\Drivers\ssadadb.sys
21:53:44.0015 1492 androidusb - ok
21:53:44.0046 1492 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:53:44.0171 1492 AppMgmt - ok
21:53:44.0171 1492 asc - ok
21:53:44.0187 1492 asc3350p - ok
21:53:44.0187 1492 asc3550 - ok
21:53:44.0312 1492 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:53:44.0328 1492 aspnet_state - ok
21:53:44.0359 1492 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:53:44.0375 1492 aswFsBlk - ok
21:53:44.0421 1492 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:53:44.0437 1492 aswMon2 - ok
21:53:44.0453 1492 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
21:53:44.0468 1492 AswRdr - ok
21:53:44.0484 1492 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:53:44.0546 1492 aswSnx - ok
21:53:44.0578 1492 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:53:44.0609 1492 aswSP - ok
21:53:44.0640 1492 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:53:44.0656 1492 aswTdi - ok
21:53:44.0671 1492 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:53:44.0812 1492 AsyncMac - ok
21:53:44.0843 1492 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:53:44.0984 1492 atapi - ok
21:53:45.0000 1492 Atdisk - ok
21:53:45.0046 1492 [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:53:45.0125 1492 Ati HotKey Poller - ok
21:53:45.0296 1492 [ C832BF76F003999D2E91E5115583C69E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:53:45.0515 1492 ati2mtag - ok
21:53:45.0546 1492 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:53:45.0671 1492 Atmarpc - ok
21:53:45.0703 1492 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:53:45.0843 1492 AudioSrv - ok
21:53:45.0875 1492 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:53:46.0000 1492 audstub - ok
21:53:46.0078 1492 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
21:53:46.0093 1492 avast! Antivirus - ok
21:53:46.0125 1492 [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:53:46.0171 1492 b57w2k - ok
21:53:46.0218 1492 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:53:46.0343 1492 Beep - ok
21:53:46.0390 1492 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
21:53:46.0406 1492 bgsvcgen - ok
21:53:46.0437 1492 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:53:46.0578 1492 BITS - ok
21:53:46.0609 1492 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:53:46.0656 1492 Browser - ok
21:53:46.0781 1492 catchme - ok
21:53:46.0812 1492 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:53:46.0937 1492 cbidf2k - ok
21:53:46.0953 1492 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:53:47.0000 1492 CCDECODE - ok
21:53:47.0015 1492 cd20xrnt - ok
21:53:47.0046 1492 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:53:47.0187 1492 Cdaudio - ok
21:53:47.0218 1492 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:53:47.0343 1492 Cdfs - ok
21:53:47.0375 1492 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
21:53:47.0375 1492 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
21:53:47.0375 1492 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
21:53:47.0390 1492 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:53:47.0531 1492 Cdrom - ok
21:53:47.0546 1492 Changer - ok
21:53:47.0578 1492 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:53:47.0703 1492 CiSvc - ok
21:53:47.0750 1492 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:53:47.0875 1492 ClipSrv - ok
21:53:47.0937 1492 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:53:47.0953 1492 clr_optimization_v2.0.50727_32 - ok
21:53:48.0000 1492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:53:48.0015 1492 clr_optimization_v4.0.30319_32 - ok
21:53:48.0015 1492 CmdIde - ok
21:53:48.0062 1492 [ FD40439BB258B9AA9AD314BF5948EF46 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
21:53:48.0125 1492 cmpci - ok
21:53:48.0125 1492 COMSysApp - ok
21:53:48.0140 1492 Cpqarray - ok
21:53:48.0171 1492 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:53:48.0312 1492 CryptSvc - ok
21:53:48.0328 1492 dac2w2k - ok
21:53:48.0328 1492 dac960nt - ok
21:53:48.0375 1492 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:53:48.0453 1492 DcomLaunch - ok
21:53:48.0500 1492 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:53:48.0625 1492 Dhcp - ok
21:53:48.0640 1492 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:53:48.0765 1492 Disk - ok
21:53:48.0781 1492 dmadmin - ok
21:53:48.0812 1492 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:53:48.0984 1492 dmboot - ok
21:53:49.0000 1492 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:53:49.0125 1492 dmio - ok
21:53:49.0156 1492 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:53:49.0296 1492 dmload - ok
21:53:49.0328 1492 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:53:49.0468 1492 dmserver - ok
21:53:49.0484 1492 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:53:49.0609 1492 DMusic - ok
21:53:49.0640 1492 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:53:49.0703 1492 Dnscache - ok
21:53:49.0734 1492 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:53:49.0859 1492 Dot3svc - ok
21:53:49.0875 1492 dpti2o - ok
21:53:49.0906 1492 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:53:50.0031 1492 drmkaud - ok
21:53:50.0046 1492 EagleXNt - ok
21:53:50.0078 1492 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:53:50.0234 1492 EapHost - ok
21:53:50.0250 1492 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:53:50.0390 1492 ERSvc - ok
21:53:50.0437 1492 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:53:50.0468 1492 Eventlog - ok
21:53:50.0515 1492 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
21:53:50.0562 1492 EventSystem - ok
21:53:50.0593 1492 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:53:50.0718 1492 Fastfat - ok
21:53:50.0734 1492 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:53:50.0781 1492 FastUserSwitchingCompatibility - ok
21:53:50.0812 1492 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:53:50.0937 1492 Fdc - ok
21:53:50.0953 1492 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:53:51.0078 1492 Fips - ok
21:53:51.0109 1492 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:53:51.0234 1492 Flpydisk - ok
21:53:51.0265 1492 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:53:51.0390 1492 FltMgr - ok
21:53:51.0453 1492 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:53:51.0468 1492 FontCache3.0.0.0 - ok
21:53:51.0484 1492 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:53:51.0609 1492 Fs_Rec - ok
21:53:51.0625 1492 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:53:51.0765 1492 Ftdisk - ok
21:53:51.0781 1492 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:53:51.0906 1492 gameenum - ok
21:53:51.0953 1492 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:53:52.0078 1492 Gpc - ok
21:53:52.0125 1492 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
21:53:52.0140 1492 gusvc - ok
21:53:52.0203 1492 [ FC7DCDEF8F17D3C5DECC880673EA5BD5 ] hcwPVRP2 C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys
21:53:52.0281 1492 hcwPVRP2 - ok
21:53:52.0359 1492 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:53:52.0500 1492 helpsvc - ok
21:53:52.0546 1492 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
21:53:52.0687 1492 HidServ - ok
21:53:52.0703 1492 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:53:52.0828 1492 hidusb - ok
21:53:52.0875 1492 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:53:53.0000 1492 hkmsvc - ok
21:53:53.0015 1492 hpn - ok
21:53:53.0062 1492 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:53:53.0109 1492 HTTP - ok
21:53:53.0156 1492 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:53:53.0328 1492 HTTPFilter - ok
21:53:53.0343 1492 i2omgmt - ok
21:53:53.0343 1492 i2omp - ok
21:53:53.0375 1492 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:53:53.0500 1492 i8042prt - ok
21:53:53.0578 1492 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:53:53.0593 1492 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:53:53.0593 1492 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:53:53.0671 1492 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:53:53.0703 1492 idsvc - ok
21:53:53.0734 1492 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:53:53.0859 1492 Imapi - ok
21:53:53.0906 1492 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:53:54.0046 1492 ImapiService - ok
21:53:54.0062 1492 ini910u - ok
21:53:54.0078 1492 IntelIde - ok
21:53:54.0093 1492 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:53:54.0234 1492 intelppm - ok
21:53:54.0281 1492 [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
21:53:54.0281 1492 IOPort ( UnsignedFile.Multi.Generic ) - warning
21:53:54.0281 1492 IOPort - detected UnsignedFile.Multi.Generic (1)
21:53:54.0312 1492 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:53:54.0437 1492 ip6fw - ok
21:53:54.0468 1492 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:53:54.0593 1492 IpFilterDriver - ok
21:53:54.0609 1492 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:53:54.0750 1492 IpInIp - ok
21:53:54.0781 1492 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:53:54.0906 1492 IpNat - ok
21:53:54.0921 1492 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:53:55.0046 1492 IPSec - ok
21:53:55.0078 1492 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:53:55.0203 1492 IRENUM - ok
21:53:55.0234 1492 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:53:55.0359 1492 isapnp - ok
21:53:55.0375 1492 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:53:55.0500 1492 Kbdclass - ok
21:53:55.0515 1492 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:53:55.0640 1492 kbdhid - ok
21:53:55.0671 1492 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:53:55.0812 1492 kmixer - ok
21:53:55.0843 1492 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:53:55.0875 1492 KSecDD - ok
21:53:55.0921 1492 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:53:55.0984 1492 lanmanserver - ok
21:53:56.0031 1492 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:53:56.0062 1492 lanmanworkstation - ok
21:53:56.0093 1492 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:53:56.0109 1492 Lbd - ok
21:53:56.0109 1492 lbrtfdc - ok
21:53:56.0156 1492 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:53:56.0296 1492 LmHosts - ok
21:53:56.0343 1492 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:53:56.0359 1492 MBAMProtector - ok
21:53:56.0437 1492 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:53:56.0453 1492 MBAMScheduler - ok
21:53:56.0500 1492 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
21:53:56.0546 1492 MBAMService - ok
21:53:56.0562 1492 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:53:56.0687 1492 Messenger - ok
21:53:56.0734 1492 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:53:56.0875 1492 mnmdd - ok
21:53:56.0921 1492 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:53:57.0046 1492 mnmsrvc - ok
21:53:57.0062 1492 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:53:57.0203 1492 Modem - ok
21:53:57.0234 1492 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:53:57.0375 1492 Mouclass - ok
21:53:57.0421 1492 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:53:57.0562 1492 mouhid - ok
21:53:57.0562 1492 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:53:57.0687 1492 MountMgr - ok
21:53:57.0718 1492 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:53:57.0734 1492 MozillaMaintenance - ok
21:53:57.0734 1492 mraid35x - ok
21:53:57.0750 1492 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:53:57.0875 1492 MRxDAV - ok
21:53:57.0937 1492 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:53:58.0000 1492 MRxSmb - ok
21:53:58.0031 1492 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:53:58.0171 1492 MSDTC - ok
21:53:58.0171 1492 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:53:58.0312 1492 Msfs - ok
21:53:58.0312 1492 MSIServer - ok
21:53:58.0343 1492 [ 85736F804191CB420A31ACA2A7F0674F ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:53:58.0375 1492 MSKSSRV - ok
21:53:58.0406 1492 [ E943ADB93D83C5CBC0CA3F53F53B48CC ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:53:58.0468 1492 MSPCLOCK - ok
21:53:58.0500 1492 [ F6A726B8832DB1F88326B8BE98B11981 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:53:58.0562 1492 MSPQM - ok
21:53:58.0562 1492 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:53:58.0687 1492 mssmbios - ok
21:53:58.0718 1492 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:53:58.0765 1492 MSTEE - ok
21:53:58.0781 1492 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:53:58.0812 1492 Mup - ok
21:53:58.0843 1492 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:53:58.0859 1492 NABTSFEC - ok
21:53:58.0906 1492 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:53:59.0046 1492 napagent - ok
21:53:59.0062 1492 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:53:59.0203 1492 NDIS - ok
21:53:59.0218 1492 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:53:59.0250 1492 NdisIP - ok
21:53:59.0296 1492 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:53:59.0328 1492 NdisTapi - ok
21:53:59.0359 1492 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:53:59.0484 1492 Ndisuio - ok
21:53:59.0500 1492 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:53:59.0625 1492 NdisWan - ok
21:53:59.0656 1492 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:53:59.0687 1492 NDProxy - ok
21:53:59.0718 1492 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:53:59.0859 1492 NetBIOS - ok
21:53:59.0890 1492 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:54:00.0015 1492 NetBT - ok
21:54:00.0062 1492 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:54:00.0187 1492 NetDDE - ok
21:54:00.0203 1492 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:54:00.0328 1492 NetDDEdsdm - ok
21:54:00.0359 1492 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:54:00.0500 1492 Netlogon - ok
21:54:00.0546 1492 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:54:00.0687 1492 Netman - ok
21:54:00.0734 1492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:54:00.0750 1492 NetTcpPortSharing - ok
21:54:00.0765 1492 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:54:00.0796 1492 Nla - ok
21:54:00.0875 1492 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
21:54:00.0890 1492 NMSAccess - ok
21:54:00.0937 1492 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
21:54:00.0953 1492 NPF - ok
21:54:00.0968 1492 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:54:01.0109 1492 Npfs - ok
21:54:01.0140 1492 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:54:01.0281 1492 Ntfs - ok
21:54:01.0296 1492 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
21:54:01.0421 1492 NtLmSsp - ok
21:54:01.0453 1492 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:54:01.0625 1492 NtmsSvc - ok
21:54:01.0640 1492 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:54:01.0781 1492 Null - ok
21:54:01.0812 1492 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:54:01.0937 1492 NwlnkFlt - ok
21:54:01.0953 1492 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:54:02.0078 1492 NwlnkFwd - ok
21:54:02.0125 1492 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:54:02.0250 1492 Parport - ok
21:54:02.0265 1492 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:54:02.0390 1492 PartMgr - ok
21:54:02.0437 1492 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:54:02.0562 1492 ParVdm - ok
21:54:02.0578 1492 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:54:02.0703 1492 PCI - ok
21:54:02.0718 1492 PCIDump - ok
21:54:02.0734 1492 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:54:02.0875 1492 PCIIde - ok
21:54:02.0921 1492 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:54:03.0062 1492 Pcmcia - ok
21:54:03.0078 1492 PDCOMP - ok
21:54:03.0078 1492 PDFRAME - ok
21:54:03.0093 1492 PDRELI - ok
21:54:03.0109 1492 PDRFRAME - ok
21:54:03.0109 1492 perc2 - ok
21:54:03.0125 1492 perc2hib - ok
21:54:03.0156 1492 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:54:03.0187 1492 PlugPlay - ok
21:54:03.0187 1492 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:54:03.0312 1492 PolicyAgent - ok
21:54:03.0359 1492 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:54:03.0500 1492 PptpMiniport - ok
21:54:03.0515 1492 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:54:03.0625 1492 Processor - ok
21:54:03.0640 1492 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:54:03.0765 1492 ProtectedStorage - ok
21:54:03.0781 1492 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:54:03.0906 1492 PSched - ok
21:54:03.0937 1492 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:54:04.0093 1492 Ptilink - ok
21:54:04.0125 1492 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:54:04.0140 1492 PxHelp20 - ok
21:54:04.0140 1492 ql1080 - ok
21:54:04.0156 1492 Ql10wnt - ok
21:54:04.0156 1492 ql12160 - ok
21:54:04.0171 1492 ql1240 - ok
21:54:04.0171 1492 ql1280 - ok
21:54:04.0203 1492 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:54:04.0328 1492 RasAcd - ok
21:54:04.0375 1492 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:54:04.0500 1492 RasAuto - ok
21:54:04.0531 1492 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:54:04.0640 1492 Rasl2tp - ok
21:54:04.0671 1492 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:54:04.0828 1492 RasMan - ok
21:54:04.0843 1492 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:54:04.0968 1492 RasPppoe - ok
21:54:05.0000 1492 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:54:05.0140 1492 Raspti - ok
21:54:05.0140 1492 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:54:05.0281 1492 Rdbss - ok
21:54:05.0296 1492 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:54:05.0421 1492 RDPCDD - ok
21:54:05.0453 1492 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:54:05.0578 1492 rdpdr - ok
21:54:05.0625 1492 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:54:05.0671 1492 RDPWD - ok
21:54:05.0703 1492 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:54:05.0843 1492 RDSessMgr - ok
21:54:05.0890 1492 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:54:06.0000 1492 redbook - ok
21:54:06.0046 1492 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:54:06.0171 1492 RemoteAccess - ok
21:54:06.0203 1492 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:54:06.0343 1492 RemoteRegistry - ok
21:54:06.0390 1492 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Programme\WinPcap\rpcapd.exe
21:54:06.0406 1492 rpcapd - ok
21:54:06.0421 1492 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
21:54:06.0578 1492 RpcLocator - ok
21:54:06.0593 1492 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:54:06.0625 1492 RpcSs - ok
21:54:06.0671 1492 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
21:54:06.0828 1492 RSVP - ok
21:54:06.0843 1492 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:54:06.0953 1492 SamSs - ok
21:54:06.0968 1492 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:54:07.0125 1492 SCardSvr - ok
21:54:07.0156 1492 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:54:07.0296 1492 Schedule - ok
21:54:07.0343 1492 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:54:07.0468 1492 Secdrv - ok
21:54:07.0468 1492 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:54:07.0609 1492 seclogon - ok
21:54:07.0625 1492 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:54:07.0750 1492 SENS - ok
21:54:07.0765 1492 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:54:07.0890 1492 serenum - ok
21:54:07.0921 1492 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:54:08.0031 1492 Serial - ok
21:54:08.0093 1492 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:54:08.0218 1492 Sfloppy - ok
21:54:08.0250 1492 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:54:08.0375 1492 SharedAccess - ok
21:54:08.0406 1492 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:54:08.0437 1492 ShellHWDetection - ok
21:54:08.0484 1492 [ 4AABD176758CDBCFB834A72BD01CD02F ] silabenm C:\WINDOWS\system32\DRIVERS\silabenm.sys
21:54:08.0500 1492 silabenm ( UnsignedFile.Multi.Generic ) - warning
21:54:08.0500 1492 silabenm - detected UnsignedFile.Multi.Generic (1)
21:54:08.0515 1492 [ F5460535EDE7ADEB0721BC56587554EA ] silabser C:\WINDOWS\system32\DRIVERS\silabser.sys
21:54:08.0531 1492 silabser ( UnsignedFile.Multi.Generic ) - warning
21:54:08.0531 1492 silabser - detected UnsignedFile.Multi.Generic (1)
21:54:08.0546 1492 Simbad - ok
21:54:08.0546 1492 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:54:08.0593 1492 SLIP - ok
21:54:08.0609 1492 Sparrow - ok
21:54:08.0640 1492 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:54:08.0765 1492 splitter - ok
21:54:08.0812 1492 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:54:08.0843 1492 Spooler - ok
21:54:08.0859 1492 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:54:08.0984 1492 sr - ok
21:54:09.0000 1492 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:54:09.0140 1492 srservice - ok
21:54:09.0187 1492 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:54:09.0234 1492 Srv - ok
21:54:09.0281 1492 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
21:54:09.0312 1492 ssadbus - ok
21:54:09.0328 1492 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
21:54:09.0359 1492 ssadmdfl - ok
21:54:09.0375 1492 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
21:54:09.0406 1492 ssadmdm - ok
21:54:09.0421 1492 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
21:54:09.0468 1492 ssadserd - ok
21:54:09.0484 1492 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:54:09.0640 1492 SSDPSRV - ok
21:54:09.0671 1492 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
21:54:09.0687 1492 StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:54:09.0687 1492 StarOpen - detected UnsignedFile.Multi.Generic (1)
21:54:09.0734 1492 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:54:09.0890 1492 stisvc - ok
21:54:09.0921 1492 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:54:09.0937 1492 streamip - ok
21:54:09.0968 1492 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:54:10.0093 1492 swenum - ok
21:54:10.0125 1492 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:54:10.0250 1492 swmidi - ok
21:54:10.0250 1492 SwPrv - ok
21:54:10.0265 1492 symc810 - ok
21:54:10.0281 1492 symc8xx - ok
21:54:10.0281 1492 sym_hi - ok
21:54:10.0296 1492 sym_u3 - ok
21:54:10.0343 1492 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:54:10.0468 1492 sysaudio - ok
21:54:10.0500 1492 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:54:10.0640 1492 SysmonLog - ok
21:54:10.0671 1492 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:54:10.0796 1492 TapiSrv - ok
21:54:10.0859 1492 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:54:10.0875 1492 Tcpip - ok
21:54:10.0906 1492 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:54:11.0015 1492 TDPIPE - ok
21:54:11.0046 1492 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:54:11.0171 1492 TDTCP - ok
21:54:11.0203 1492 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:54:11.0328 1492 TermDD - ok
21:54:11.0343 1492 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:54:11.0500 1492 TermService - ok
21:54:11.0515 1492 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:54:11.0546 1492 Themes - ok
21:54:11.0593 1492 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
21:54:11.0718 1492 TlntSvr - ok
21:54:11.0734 1492 TosIde - ok
21:54:11.0750 1492 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:54:11.0875 1492 TrkWks - ok
21:54:11.0906 1492 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:54:12.0031 1492 Udfs - ok
21:54:12.0046 1492 ultra - ok
21:54:12.0093 1492 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:54:12.0250 1492 Update - ok
21:54:12.0281 1492 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:54:12.0421 1492 upnphost - ok
21:54:12.0453 1492 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:54:12.0578 1492 UPS - ok
21:54:12.0609 1492 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:54:12.0734 1492 usbaudio - ok
21:54:12.0765 1492 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:54:12.0890 1492 usbccgp - ok
21:54:12.0906 1492 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:54:13.0031 1492 usbehci - ok
21:54:13.0031 1492 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:54:13.0187 1492 usbhub - ok
21:54:13.0218 1492 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:54:13.0359 1492 usbprint - ok
21:54:13.0406 1492 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:54:13.0531 1492 usbscan - ok
21:54:13.0546 1492 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:54:13.0687 1492 USBSTOR - ok
21:54:13.0718 1492 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:54:13.0843 1492 usbuhci - ok
21:54:13.0875 1492 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
21:54:14.0000 1492 usbvideo - ok
21:54:14.0031 1492 [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI C:\WINDOWS\system32\UTSCSI.EXE
21:54:14.0078 1492 UTSCSI ( UnsignedFile.Multi.Generic ) - warning
21:54:14.0078 1492 UTSCSI - detected UnsignedFile.Multi.Generic (1)
21:54:14.0093 1492 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:54:14.0218 1492 VgaSave - ok
21:54:14.0218 1492 ViaIde - ok
21:54:14.0265 1492 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:54:14.0390 1492 VolSnap - ok
21:54:14.0406 1492 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:54:14.0546 1492 VSS - ok
21:54:14.0578 1492 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:54:14.0703 1492 W32Time - ok
21:54:14.0765 1492 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:54:14.0906 1492 Wanarp - ok
21:54:14.0937 1492 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:54:14.0968 1492 Wdf01000 - ok
21:54:14.0968 1492 WDICA - ok
21:54:15.0000 1492 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:54:15.0140 1492 wdmaud - ok
21:54:15.0156 1492 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:54:15.0296 1492 WebClient - ok
21:54:15.0375 1492 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:54:15.0515 1492 winmgmt - ok
21:54:15.0562 1492 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:54:15.0609 1492 WmdmPmSN - ok
21:54:15.0640 1492 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:54:15.0687 1492 Wmi - ok
21:54:15.0718 1492 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:54:15.0843 1492 WmiApSrv - ok
21:54:15.0859 1492 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:54:15.0875 1492 WpdUsb - ok
21:54:15.0968 1492 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:54:16.0000 1492 WPFFontCache_v0400 - ok
21:54:16.0031 1492 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:54:16.0171 1492 WS2IFSL - ok
21:54:16.0203 1492 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:54:16.0343 1492 wscsvc - ok
21:54:16.0375 1492 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:54:16.0390 1492 WSTCODEC - ok
21:54:16.0421 1492 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:54:16.0562 1492 wuauserv - ok
21:54:16.0593 1492 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:54:16.0625 1492 WudfPf - ok
21:54:16.0640 1492 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:54:16.0671 1492 WudfRd - ok
21:54:16.0703 1492 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:54:16.0750 1492 WudfSvc - ok
21:54:16.0796 1492 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:54:16.0968 1492 WZCSVC - ok
21:54:17.0000 1492 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:54:17.0156 1492 xmlprov - ok
21:54:17.0171 1492 ================ Scan global ===============================
21:54:17.0187 1492 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:54:17.0234 1492 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:54:17.0265 1492 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:54:17.0296 1492 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:54:17.0312 1492 [Global] - ok
21:54:17.0312 1492 ================ Scan MBR ==================================
21:54:17.0328 1492 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:54:17.0531 1492 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:54:17.0531 1492 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:54:17.0546 1492 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
21:54:17.0718 1492 \Device\Harddisk1\DR2 - ok
21:54:17.0734 1492 ================ Scan VBR ==================================
21:54:17.0734 1492 [ D964B52BD354518261E5B697C98E79D1 ] \Device\Harddisk0\DR0\Partition1
21:54:17.0734 1492 \Device\Harddisk0\DR0\Partition1 - ok
21:54:17.0750 1492 [ F17264F44C7DBECAC0FD14C51ED6F082 ] \Device\Harddisk1\DR2\Partition1
21:54:17.0750 1492 \Device\Harddisk1\DR2\Partition1 - ok
21:54:17.0750 1492 ============================================================
21:54:17.0750 1492 Scan finished
21:54:17.0750 1492 ============================================================
21:54:17.0859 0516 Detected object count: 8
21:54:17.0859 0516 Actual detected object count: 8
21:54:28.0828 0516 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:28.0828 0516 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:28.0828 0516 IOPort ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516 IOPort ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:28.0828 0516 silabenm ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516 silabenm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:28.0828 0516 silabser ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516 silabser ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:28.0828 0516 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:28.0843 0516 UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0843 0516 UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:28.0875 0516 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
21:54:28.0875 0516 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:54:28.0875 0516 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
21:54:28.0890 0516 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:54:28.0937 0516 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:54:28.0937 0516 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:54:44.0656 0516 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:54:44.0781 0516 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:54:44.0859 0516 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
21:54:44.0859 0516 \Device\Harddisk0\DR0\TDLFS - deleted
21:54:44.0859 0516 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
Code:
ATTFilter 22:02:59.0562 3584 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:02:59.0578 3584 ============================================================
22:02:59.0578 3584 Current date / time: 2012/11/13 22:02:59.0578
22:02:59.0578 3584 SystemInfo:
22:02:59.0578 3584
22:02:59.0578 3584 OS Version: 5.1.2600 ServicePack: 3.0
22:02:59.0578 3584 Product type: Workstation
22:02:59.0578 3584 ComputerName: AIRBORNE1
22:02:59.0578 3584 UserName: Admin
22:02:59.0578 3584 Windows directory: C:\WINDOWS
22:02:59.0578 3584 System windows directory: C:\WINDOWS
22:02:59.0578 3584 Processor architecture: Intel x86
22:02:59.0578 3584 Number of processors: 1
22:02:59.0578 3584 Page size: 0x1000
22:02:59.0578 3584 Boot type: Normal boot
22:02:59.0578 3584 ============================================================
22:03:00.0734 3584 Drive \Device\Harddisk0\DR0 - Size: 0x3A7450A000 (233.82 Gb), SectorSize: 0x200, Cylinders: 0x7EAE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:03:00.0765 3584 Drive \Device\Harddisk1\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:03:00.0796 3584 ============================================================
22:03:00.0796 3584 \Device\Harddisk0\DR0:
22:03:00.0796 3584 MBR partitions:
22:03:00.0796 3584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D39C991
22:03:00.0796 3584 \Device\Harddisk1\DR2:
22:03:00.0796 3584 MBR partitions:
22:03:00.0796 3584 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
22:03:00.0796 3584 ============================================================
22:03:00.0890 3584 C: <-> \Device\Harddisk0\DR0\Partition1
22:03:00.0906 3584 G: <-> \Device\Harddisk1\DR2\Partition1
22:03:00.0937 3584 ============================================================
22:03:00.0937 3584 Initialize success
22:03:00.0937 3584 ============================================================
22:03:05.0968 3648 ============================================================
22:03:05.0968 3648 Scan started
22:03:05.0968 3648 Mode: Manual; SigCheck; TDLFS;
22:03:05.0968 3648 ============================================================
22:03:07.0031 3648 ================ Scan system memory ========================
22:03:07.0031 3648 System memory - ok
22:03:07.0031 3648 ================ Scan services =============================
22:03:07.0156 3648 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
22:03:07.0281 3648 Aavmker4 - ok
22:03:07.0296 3648 Abiosdsk - ok
22:03:07.0296 3648 abp480n5 - ok
22:03:07.0328 3648 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:03:07.0546 3648 ACPI - ok
22:03:07.0562 3648 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:03:07.0703 3648 ACPIEC - ok
22:03:07.0781 3648 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:03:07.0796 3648 AdobeFlashPlayerUpdateSvc - ok
22:03:07.0812 3648 adpu160m - ok
22:03:07.0843 3648 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:03:07.0984 3648 aec - ok
22:03:08.0031 3648 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:03:08.0093 3648 AFD - ok
22:03:08.0125 3648 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:03:08.0265 3648 agp440 - ok
22:03:08.0281 3648 Aha154x - ok
22:03:08.0281 3648 aic78u2 - ok
22:03:08.0296 3648 aic78xx - ok
22:03:08.0328 3648 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:03:08.0484 3648 Alerter - ok
22:03:08.0500 3648 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
22:03:08.0640 3648 ALG - ok
22:03:08.0640 3648 AliIde - ok
22:03:08.0656 3648 amsint - ok
22:03:08.0687 3648 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\WINDOWS\system32\Drivers\ssadadb.sys
22:03:08.0750 3648 androidusb - ok
22:03:08.0781 3648 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:03:08.0921 3648 AppMgmt - ok
22:03:08.0937 3648 asc - ok
22:03:08.0937 3648 asc3350p - ok
22:03:08.0953 3648 asc3550 - ok
22:03:09.0062 3648 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:03:09.0109 3648 aspnet_state - ok
22:03:09.0140 3648 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:03:09.0156 3648 aswFsBlk - ok
22:03:09.0203 3648 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
22:03:09.0218 3648 aswMon2 - ok
22:03:09.0250 3648 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
22:03:09.0265 3648 AswRdr - ok
22:03:09.0312 3648 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
22:03:09.0343 3648 aswSnx - ok
22:03:09.0375 3648 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
22:03:09.0390 3648 aswSP - ok
22:03:09.0421 3648 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
22:03:09.0437 3648 aswTdi - ok
22:03:09.0453 3648 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:03:09.0593 3648 AsyncMac - ok
22:03:09.0640 3648 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:03:09.0765 3648 atapi - ok
22:03:09.0796 3648 Atdisk - ok
22:03:09.0843 3648 [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:03:09.0968 3648 Ati HotKey Poller - ok
22:03:10.0156 3648 [ C832BF76F003999D2E91E5115583C69E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:03:10.0359 3648 ati2mtag - ok
22:03:10.0406 3648 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:03:10.0531 3648 Atmarpc - ok
22:03:10.0562 3648 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:03:10.0703 3648 AudioSrv - ok
22:03:10.0734 3648 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:03:10.0843 3648 audstub - ok
22:03:10.0937 3648 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
22:03:10.0953 3648 avast! Antivirus - ok
22:03:11.0000 3648 [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:03:11.0062 3648 b57w2k - ok
22:03:11.0125 3648 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:03:11.0250 3648 Beep - ok
22:03:11.0281 3648 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
22:03:11.0312 3648 bgsvcgen - ok
22:03:11.0390 3648 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
22:03:11.0828 3648 BITS - ok
22:03:11.0859 3648 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
22:03:12.0031 3648 Browser - ok
22:03:12.0171 3648 catchme - ok
22:03:12.0187 3648 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:03:12.0343 3648 cbidf2k - ok
22:03:12.0375 3648 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:03:12.0484 3648 CCDECODE - ok
22:03:12.0484 3648 cd20xrnt - ok
22:03:12.0515 3648 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:03:12.0687 3648 Cdaudio - ok
22:03:12.0734 3648 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:03:12.0937 3648 Cdfs - ok
22:03:12.0984 3648 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
22:03:13.0046 3648 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
22:03:13.0046 3648 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
22:03:13.0062 3648 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:03:13.0234 3648 Cdrom - ok
22:03:13.0234 3648 Changer - ok
22:03:13.0265 3648 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:03:13.0453 3648 CiSvc - ok
22:03:13.0500 3648 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:03:13.0687 3648 ClipSrv - ok
22:03:13.0734 3648 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:03:13.0796 3648 clr_optimization_v2.0.50727_32 - ok
22:03:13.0828 3648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:03:13.0890 3648 clr_optimization_v4.0.30319_32 - ok
22:03:13.0906 3648 CmdIde - ok
22:03:13.0937 3648 [ FD40439BB258B9AA9AD314BF5948EF46 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
22:03:14.0031 3648 cmpci - ok
22:03:14.0046 3648 COMSysApp - ok
22:03:14.0062 3648 Cpqarray - ok
22:03:14.0093 3648 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:03:14.0234 3648 CryptSvc - ok
22:03:14.0234 3648 dac2w2k - ok
22:03:14.0250 3648 dac960nt - ok
22:03:14.0281 3648 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:03:14.0359 3648 DcomLaunch - ok
22:03:14.0390 3648 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:03:14.0531 3648 Dhcp - ok
22:03:14.0562 3648 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:03:14.0703 3648 Disk - ok
22:03:14.0703 3648 dmadmin - ok
22:03:14.0796 3648 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:03:15.0093 3648 dmboot - ok
22:03:15.0093 3648 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:03:15.0234 3648 dmio - ok
22:03:15.0265 3648 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:03:15.0406 3648 dmload - ok
22:03:15.0437 3648 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:03:15.0578 3648 dmserver - ok
22:03:15.0609 3648 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:03:15.0718 3648 DMusic - ok
22:03:15.0765 3648 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:03:15.0890 3648 Dnscache - ok
22:03:15.0921 3648 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:03:16.0046 3648 Dot3svc - ok
22:03:16.0062 3648 dpti2o - ok
22:03:16.0093 3648 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:03:16.0218 3648 drmkaud - ok
22:03:16.0218 3648 EagleXNt - ok
22:03:16.0250 3648 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:03:16.0406 3648 EapHost - ok
22:03:16.0437 3648 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:03:16.0578 3648 ERSvc - ok
22:03:16.0625 3648 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
22:03:16.0671 3648 Eventlog - ok
22:03:16.0734 3648 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
22:03:16.0796 3648 EventSystem - ok
22:03:16.0843 3648 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:03:16.0984 3648 Fastfat - ok
22:03:17.0015 3648 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:03:17.0109 3648 FastUserSwitchingCompatibility - ok
22:03:17.0125 3648 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:03:17.0250 3648 Fdc - ok
22:03:17.0281 3648 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:03:17.0406 3648 Fips - ok
22:03:17.0453 3648 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:03:17.0578 3648 Flpydisk - ok
22:03:17.0625 3648 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:03:17.0750 3648 FltMgr - ok
22:03:17.0796 3648 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:03:17.0812 3648 FontCache3.0.0.0 - ok
22:03:17.0828 3648 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:03:17.0953 3648 Fs_Rec - ok
22:03:17.0968 3648 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:03:18.0093 3648 Ftdisk - ok
22:03:18.0140 3648 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:03:18.0250 3648 gameenum - ok
22:03:18.0281 3648 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:03:18.0421 3648 Gpc - ok
22:03:18.0468 3648 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
22:03:18.0484 3648 gusvc - ok
22:03:18.0531 3648 [ FC7DCDEF8F17D3C5DECC880673EA5BD5 ] hcwPVRP2 C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys
22:03:18.0640 3648 hcwPVRP2 - ok
22:03:18.0734 3648 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:03:18.0859 3648 helpsvc - ok
22:03:18.0906 3648 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
22:03:19.0031 3648 HidServ - ok
22:03:19.0062 3648 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:03:19.0187 3648 hidusb - ok
22:03:19.0250 3648 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:03:19.0375 3648 hkmsvc - ok
22:03:19.0375 3648 hpn - ok
22:03:19.0421 3648 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:03:19.0453 3648 HTTP - ok
22:03:19.0484 3648 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:03:19.0640 3648 HTTPFilter - ok
22:03:19.0640 3648 i2omgmt - ok
22:03:19.0656 3648 i2omp - ok
22:03:19.0671 3648 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:03:19.0796 3648 i8042prt - ok
22:03:19.0859 3648 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:03:19.0906 3648 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:03:19.0906 3648 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:03:19.0984 3648 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:03:20.0031 3648 idsvc - ok
22:03:20.0062 3648 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:03:20.0187 3648 Imapi - ok
22:03:20.0218 3648 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
22:03:20.0359 3648 ImapiService - ok
22:03:20.0375 3648 ini910u - ok
22:03:20.0390 3648 IntelIde - ok
22:03:20.0421 3648 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:03:20.0562 3648 intelppm - ok
22:03:20.0593 3648 [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
22:03:20.0609 3648 IOPort ( UnsignedFile.Multi.Generic ) - warning
22:03:20.0609 3648 IOPort - detected UnsignedFile.Multi.Generic (1)
22:03:20.0625 3648 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:03:20.0765 3648 ip6fw - ok
22:03:20.0796 3648 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:03:20.0921 3648 IpFilterDriver - ok
22:03:20.0937 3648 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:03:21.0062 3648 IpInIp - ok
22:03:21.0078 3648 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:03:21.0218 3648 IpNat - ok
22:03:21.0234 3648 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:03:21.0359 3648 IPSec - ok
22:03:21.0390 3648 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:03:21.0500 3648 IRENUM - ok
22:03:21.0531 3648 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:03:21.0656 3648 isapnp - ok
22:03:21.0671 3648 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:03:21.0796 3648 Kbdclass - ok
22:03:21.0796 3648 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:03:21.0937 3648 kbdhid - ok
22:03:21.0953 3648 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:03:22.0093 3648 kmixer - ok
22:03:22.0125 3648 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:03:22.0187 3648 KSecDD - ok
22:03:22.0234 3648 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:03:22.0296 3648 lanmanserver - ok
22:03:22.0343 3648 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:03:22.0421 3648 lanmanworkstation - ok
22:03:22.0453 3648 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
22:03:22.0468 3648 Lbd - ok
22:03:22.0468 3648 lbrtfdc - ok
22:03:22.0515 3648 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:03:22.0656 3648 LmHosts - ok
22:03:22.0687 3648 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:03:22.0703 3648 MBAMProtector - ok
22:03:22.0781 3648 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:03:22.0796 3648 MBAMScheduler - ok
22:03:22.0843 3648 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
22:03:22.0875 3648 MBAMService - ok
22:03:22.0890 3648 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:03:23.0015 3648 Messenger - ok
22:03:23.0062 3648 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:03:23.0187 3648 mnmdd - ok
22:03:23.0218 3648 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
22:03:23.0359 3648 mnmsrvc - ok
22:03:23.0406 3648 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:03:23.0546 3648 Modem - ok
22:03:23.0578 3648 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:03:23.0703 3648 Mouclass - ok
22:03:23.0750 3648 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:03:23.0875 3648 mouhid - ok
22:03:23.0890 3648 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:03:24.0000 3648 MountMgr - ok
22:03:24.0031 3648 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
22:03:24.0046 3648 MozillaMaintenance - ok
22:03:24.0062 3648 mraid35x - ok
22:03:24.0078 3648 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:03:24.0203 3648 MRxDAV - ok
22:03:24.0250 3648 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:03:24.0328 3648 MRxSmb - ok
22:03:24.0359 3648 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:03:24.0500 3648 MSDTC - ok
22:03:24.0531 3648 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:03:24.0656 3648 Msfs - ok
22:03:24.0656 3648 MSIServer - ok
22:03:24.0687 3648 [ 85736F804191CB420A31ACA2A7F0674F ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:03:24.0718 3648 MSKSSRV - ok
22:03:24.0750 3648 [ E943ADB93D83C5CBC0CA3F53F53B48CC ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:03:24.0796 3648 MSPCLOCK - ok
22:03:24.0828 3648 [ F6A726B8832DB1F88326B8BE98B11981 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:03:24.0890 3648 MSPQM - ok
22:03:24.0921 3648 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:03:25.0031 3648 mssmbios - ok
22:03:25.0046 3648 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:03:25.0093 3648 MSTEE - ok
22:03:25.0109 3648 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:03:25.0140 3648 Mup - ok
22:03:25.0156 3648 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:03:25.0187 3648 NABTSFEC - ok
22:03:25.0218 3648 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
22:03:25.0375 3648 napagent - ok
22:03:25.0390 3648 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:03:25.0515 3648 NDIS - ok
22:03:25.0546 3648 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:03:25.0578 3648 NdisIP - ok
22:03:25.0625 3648 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:03:25.0703 3648 NdisTapi - ok
22:03:25.0734 3648 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:03:25.0859 3648 Ndisuio - ok
22:03:25.0875 3648 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:03:25.0984 3648 NdisWan - ok
22:03:26.0015 3648 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:03:26.0046 3648 NDProxy - ok
22:03:26.0078 3648 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:03:26.0203 3648 NetBIOS - ok
22:03:26.0234 3648 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:03:26.0359 3648 NetBT - ok
22:03:26.0406 3648 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
22:03:26.0531 3648 NetDDE - ok
22:03:26.0546 3648 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:03:26.0671 3648 NetDDEdsdm - ok
22:03:26.0703 3648 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:03:26.0843 3648 Netlogon - ok
22:03:26.0890 3648 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
22:03:27.0031 3648 Netman - ok
22:03:27.0078 3648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:03:27.0140 3648 NetTcpPortSharing - ok
22:03:27.0171 3648 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
22:03:27.0234 3648 Nla - ok
22:03:27.0281 3648 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
22:03:27.0281 3648 NMSAccess - ok
22:03:27.0328 3648 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
22:03:27.0359 3648 NPF - ok
22:03:27.0375 3648 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:03:27.0484 3648 Npfs - ok
22:03:27.0531 3648 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:03:27.0703 3648 Ntfs - ok
22:03:27.0703 3648 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
22:03:27.0828 3648 NtLmSsp - ok
22:03:27.0875 3648 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:03:28.0046 3648 NtmsSvc - ok
22:03:28.0078 3648 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:03:28.0203 3648 Null - ok
22:03:28.0218 3648 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:03:28.0375 3648 NwlnkFlt - ok
22:03:28.0406 3648 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:03:28.0515 3648 NwlnkFwd - ok
22:03:28.0546 3648 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:03:28.0671 3648 Parport - ok
22:03:28.0687 3648 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:03:28.0812 3648 PartMgr - ok
22:03:28.0843 3648 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:03:28.0984 3648 ParVdm - ok
22:03:29.0000 3648 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:03:29.0125 3648 PCI - ok
22:03:29.0140 3648 PCIDump - ok
22:03:29.0156 3648 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:03:29.0281 3648 PCIIde - ok
22:03:29.0312 3648 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:03:29.0437 3648 Pcmcia - ok
22:03:29.0453 3648 PDCOMP - ok
22:03:29.0453 3648 PDFRAME - ok
22:03:29.0468 3648 PDRELI - ok
22:03:29.0484 3648 PDRFRAME - ok
22:03:29.0484 3648 perc2 - ok
22:03:29.0500 3648 perc2hib - ok
22:03:29.0531 3648 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
22:03:29.0562 3648 PlugPlay - ok
22:03:29.0578 3648 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:03:29.0703 3648 PolicyAgent - ok
22:03:29.0718 3648 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:03:29.0843 3648 PptpMiniport - ok
22:03:29.0859 3648 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:03:29.0968 3648 Processor - ok
22:03:29.0984 3648 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:03:30.0093 3648 ProtectedStorage - ok
22:03:30.0109 3648 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:03:30.0234 3648 PSched - ok
22:03:30.0250 3648 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:03:30.0390 3648 Ptilink - ok
22:03:30.0437 3648 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:03:30.0453 3648 PxHelp20 - ok
22:03:30.0453 3648 ql1080 - ok
22:03:30.0468 3648 Ql10wnt - ok
22:03:30.0484 3648 ql12160 - ok
22:03:30.0484 3648 ql1240 - ok
22:03:30.0500 3648 ql1280 - ok
22:03:30.0515 3648 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:03:30.0640 3648 RasAcd - ok
22:03:30.0687 3648 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:03:30.0812 3648 RasAuto - ok
22:03:30.0812 3648 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:03:30.0937 3648 Rasl2tp - ok
22:03:30.0984 3648 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:03:31.0125 3648 RasMan - ok
22:03:31.0125 3648 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:03:31.0250 3648 RasPppoe - ok
22:03:31.0281 3648 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:03:31.0421 3648 Raspti - ok
22:03:31.0437 3648 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:03:31.0546 3648 Rdbss - ok
22:03:31.0562 3648 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:03:31.0687 3648 RDPCDD - ok
22:03:31.0718 3648 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:03:31.0843 3648 rdpdr - ok
22:03:31.0890 3648 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:03:31.0968 3648 RDPWD - ok
22:03:32.0015 3648 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:03:32.0156 3648 RDSessMgr - ok
22:03:32.0171 3648 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:03:32.0281 3648 redbook - ok
22:03:32.0312 3648 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:03:32.0453 3648 RemoteAccess - ok
22:03:32.0484 3648 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:03:32.0625 3648 RemoteRegistry - ok
22:03:32.0671 3648 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Programme\WinPcap\rpcapd.exe
22:03:32.0687 3648 rpcapd - ok
22:03:32.0703 3648 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
22:03:32.0843 3648 RpcLocator - ok
22:03:32.0859 3648 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:03:32.0906 3648 RpcSs - ok
22:03:32.0937 3648 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
22:03:33.0078 3648 RSVP - ok
22:03:33.0093 3648 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
22:03:33.0218 3648 SamSs - ok
22:03:33.0250 3648 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:03:33.0390 3648 SCardSvr - ok
22:03:33.0437 3648 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:03:33.0562 3648 Schedule - ok
22:03:33.0593 3648 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:03:33.0703 3648 Secdrv - ok
22:03:33.0750 3648 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
22:03:33.0875 3648 seclogon - ok
22:03:33.0890 3648 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
22:03:34.0015 3648 SENS - ok
22:03:34.0046 3648 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:03:34.0171 3648 serenum - ok
22:03:34.0203 3648 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:03:34.0328 3648 Serial - ok
22:03:34.0375 3648 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:03:34.0500 3648 Sfloppy - ok
22:03:34.0546 3648 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:03:34.0687 3648 SharedAccess - ok
22:03:34.0718 3648 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:03:34.0750 3648 ShellHWDetection - ok
22:03:34.0796 3648 [ 4AABD176758CDBCFB834A72BD01CD02F ] silabenm C:\WINDOWS\system32\DRIVERS\silabenm.sys
22:03:34.0812 3648 silabenm ( UnsignedFile.Multi.Generic ) - warning
22:03:34.0812 3648 silabenm - detected UnsignedFile.Multi.Generic (1)
22:03:34.0859 3648 [ F5460535EDE7ADEB0721BC56587554EA ] silabser C:\WINDOWS\system32\DRIVERS\silabser.sys
22:03:34.0875 3648 silabser ( UnsignedFile.Multi.Generic ) - warning
22:03:34.0875 3648 silabser - detected UnsignedFile.Multi.Generic (1)
22:03:34.0890 3648 Simbad - ok
22:03:34.0906 3648 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:03:34.0921 3648 SLIP - ok
22:03:34.0953 3648 Sparrow - ok
22:03:34.0984 3648 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:03:35.0109 3648 splitter - ok
22:03:35.0140 3648 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:03:35.0171 3648 Spooler - ok
22:03:35.0218 3648 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:03:35.0328 3648 sr - ok
22:03:35.0375 3648 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
22:03:35.0515 3648 srservice - ok
22:03:35.0546 3648 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:03:35.0593 3648 Srv - ok
22:03:35.0640 3648 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
22:03:35.0703 3648 ssadbus - ok
22:03:35.0718 3648 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
22:03:35.0734 3648 ssadmdfl - ok
22:03:35.0750 3648 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
22:03:35.0781 3648 ssadmdm - ok
22:03:35.0812 3648 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
22:03:35.0843 3648 ssadserd - ok
22:03:35.0890 3648 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:03:36.0031 3648 SSDPSRV - ok
22:03:36.0062 3648 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
22:03:36.0078 3648 StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:03:36.0078 3648 StarOpen - detected UnsignedFile.Multi.Generic (1)
22:03:36.0125 3648 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:03:36.0281 3648 stisvc - ok
22:03:36.0328 3648 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:03:36.0343 3648 streamip - ok
22:03:36.0390 3648 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:03:36.0515 3648 swenum - ok
22:03:36.0531 3648 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:03:36.0640 3648 swmidi - ok
22:03:36.0656 3648 SwPrv - ok
22:03:36.0671 3648 symc810 - ok
22:03:36.0671 3648 symc8xx - ok
22:03:36.0687 3648 sym_hi - ok
22:03:36.0687 3648 sym_u3 - ok
22:03:36.0718 3648 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:03:36.0843 3648 sysaudio - ok
22:03:36.0890 3648 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:03:37.0031 3648 SysmonLog - ok
22:03:37.0062 3648 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:03:37.0203 3648 TapiSrv - ok
22:03:37.0250 3648 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:03:37.0296 3648 Tcpip - ok
22:03:37.0328 3648 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:03:37.0437 3648 TDPIPE - ok
22:03:37.0468 3648 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:03:37.0578 3648 TDTCP - ok
22:03:37.0625 3648 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:03:37.0750 3648 TermDD - ok
22:03:37.0765 3648 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
22:03:37.0906 3648 TermService - ok
22:03:37.0921 3648 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:03:37.0953 3648 Themes - ok
22:03:38.0000 3648 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
22:03:38.0125 3648 TlntSvr - ok
22:03:38.0140 3648 TosIde - ok
22:03:38.0156 3648 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:03:38.0281 3648 TrkWks - ok
22:03:38.0312 3648 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:03:38.0437 3648 Udfs - ok
22:03:38.0453 3648 ultra - ok
22:03:38.0484 3648 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:03:38.0625 3648 Update - ok
22:03:38.0656 3648 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:03:38.0796 3648 upnphost - ok
22:03:38.0812 3648 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
22:03:38.0937 3648 UPS - ok
22:03:38.0968 3648 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:03:39.0093 3648 usbaudio - ok
22:03:39.0140 3648 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:03:39.0265 3648 usbccgp - ok
22:03:39.0296 3648 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:03:39.0406 3648 usbehci - ok
22:03:39.0421 3648 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:03:39.0546 3648 usbhub - ok
22:03:39.0593 3648 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:03:39.0718 3648 usbprint - ok
22:03:39.0765 3648 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:03:39.0890 3648 usbscan - ok
22:03:39.0906 3648 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:03:40.0046 3648 USBSTOR - ok
22:03:40.0078 3648 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:03:40.0203 3648 usbuhci - ok
22:03:40.0265 3648 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:03:40.0375 3648 usbvideo - ok
22:03:40.0421 3648 [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI C:\WINDOWS\system32\UTSCSI.EXE
22:03:40.0437 3648 UTSCSI ( UnsignedFile.Multi.Generic ) - warning
22:03:40.0437 3648 UTSCSI - detected UnsignedFile.Multi.Generic (1)
22:03:40.0468 3648 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:03:40.0593 3648 VgaSave - ok
22:03:40.0609 3648 ViaIde - ok
22:03:40.0656 3648 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:03:40.0781 3648 VolSnap - ok
22:03:40.0796 3648 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
22:03:40.0937 3648 VSS - ok
22:03:40.0968 3648 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
22:03:41.0109 3648 W32Time - ok
22:03:41.0218 3648 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:03:41.0375 3648 Wanarp - ok
22:03:41.0421 3648 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:03:41.0468 3648 Wdf01000 - ok
22:03:41.0468 3648 WDICA - ok
22:03:41.0500 3648 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:03:41.0625 3648 wdmaud - ok
22:03:41.0640 3648 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:03:41.0765 3648 WebClient - ok
22:03:41.0843 3648 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:03:41.0968 3648 winmgmt - ok
22:03:42.0031 3648 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:03:42.0078 3648 WmdmPmSN - ok
22:03:42.0109 3648 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:03:42.0187 3648 Wmi - ok
22:03:42.0218 3648 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:03:42.0375 3648 WmiApSrv - ok
22:03:42.0390 3648 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:03:42.0406 3648 WpdUsb - ok
22:03:42.0484 3648 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:03:42.0531 3648 WPFFontCache_v0400 - ok
22:03:42.0562 3648 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:03:42.0687 3648 WS2IFSL - ok
22:03:42.0734 3648 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:03:42.0875 3648 wscsvc - ok
22:03:42.0890 3648 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:03:42.0906 3648 WSTCODEC - ok
22:03:42.0953 3648 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:03:43.0093 3648 wuauserv - ok
22:03:43.0125 3648 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:03:43.0156 3648 WudfPf - ok
22:03:43.0171 3648 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:03:43.0187 3648 WudfRd - ok
22:03:43.0218 3648 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:03:43.0265 3648 WudfSvc - ok
22:03:43.0312 3648 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:03:43.0500 3648 WZCSVC - ok
22:03:43.0531 3648 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:03:43.0687 3648 xmlprov - ok
22:03:43.0703 3648 ================ Scan global ===============================
22:03:43.0734 3648 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:03:43.0765 3648 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:03:43.0796 3648 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:03:43.0828 3648 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:03:43.0828 3648 [Global] - ok
22:03:43.0843 3648 ================ Scan MBR ==================================
22:03:43.0859 3648 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
22:03:44.0093 3648 \Device\Harddisk0\DR0 - ok
22:03:44.0093 3648 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
22:03:44.0265 3648 \Device\Harddisk1\DR2 - ok
22:03:44.0265 3648 ================ Scan VBR ==================================
22:03:44.0265 3648 [ D964B52BD354518261E5B697C98E79D1 ] \Device\Harddisk0\DR0\Partition1
22:03:44.0265 3648 \Device\Harddisk0\DR0\Partition1 - ok
22:03:44.0281 3648 [ F17264F44C7DBECAC0FD14C51ED6F082 ] \Device\Harddisk1\DR2\Partition1
22:03:44.0281 3648 \Device\Harddisk1\DR2\Partition1 - ok
22:03:44.0281 3648 ============================================================
22:03:44.0281 3648 Scan finished
22:03:44.0281 3648 ============================================================
22:03:44.0390 3640 Detected object count: 7
22:03:44.0390 3640 Actual detected object count: 7
22:04:00.0015 3640 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0015 3640 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:00.0015 3640 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0015 3640 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:00.0031 3640 IOPort ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640 IOPort ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:00.0031 3640 silabenm ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640 silabenm ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:00.0031 3640 silabser ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640 silabser ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:00.0031 3640 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:00.0031 3640 UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640 UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
anbei noch das Ergebnis eines nächtlichen ESET Online Scan: C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\System Volume Information\_restore{BE8EECC4-C1BB-45D6-8C2A-F88C1C98C680}\RP7\A0001239.exe Win32/Toolbar.Widgi Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\TDSSKiller_Quarantine\13.11.2012_21.53.22\tdlfs0000\tsk0003.dta Variante von Win32/Olmarik.ADZ Trojaner Gesäubert durch Löschen - in Quarantäne kopiert C:\TDSSKiller_Quarantine\13.11.2012_21.53.22\tdlfs0000\tsk0004.dta möglicherweise Variante von Win32/Agent.FJFPNNI Trojaner Gesäubert durch Löschen - in Quarantäne kopiert Thomas ... und Malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.14.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Admin :: AIRBORNE1 [administrator] 14.11.2012 06:00:19 mbam-log-2012-11-14 (06-00-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 242923 Time elapsed: 4 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
| Themen zu Trojan.Generic.6760809 im Receycler und System Volume Information |
| 7-zip, ad-aware, adobe, antivirus, application/pdf:, avast, bho, einstellungen, error, explorer, firefox, firewall, flash player, ftp, google, helper, icreinstall, index, intranet, logfile, mozilla, panda usb vaccine, pdfforge toolbar, plug-in, prozess, registry, rundll, security, software, system, temp, tracker, trojan.generic., udp, virus, virus total, win32/installcore.d, windows internet |
Linear-Darstellung
