Guten Morgen,

habe mir am 08.01.2013 den GVU Trojaner eingefangen. Das System läuft mit Windows Xp und im abgesicherten Modus startet der Trojaner auch.

Habe es wie bei früheren Versionen mit der Kaspersky Rescue CD versucht. Hat auch gebootet. Jedoch der Kaspersky WindowsUnlocker bringt auch nichts. Desktop, Taskmanager usw. sind danach immer noch gespert.

Bitte um Hilfe.

Habe Schon OTLPE runtergelagden und einen Scan durchlaufen lassen.
Hab die Logfiles auch schon gefunden. Bin mir aber nicht sicher wie ich die hier richtig poste (als Code).

Freu mich auf eine Antwort

Hier die Logfiles

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 1/14/2013 8:42:26 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 347.58 Gb Total Space | 310.35 Gb Free Space | 89.29% Space Free | Partition Type: NTFS
Drive D: | 20.51 Gb Total Space | 13.59 Gb Free Space | 66.27% Space Free | Partition Type: FAT32
Drive H: | 97.66 Gb Total Space | 97.57 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (Datev.Framework.RemoteServices)
SRV - File not found [Auto] --  -- (Datev.Framework.RemoteServiceModel.EnablerService)
SRV - [2013/01/10 07:25:32 | 000,197,896 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\Documents and Settings\forsch5user\wgsdgsdgdsgsd.exe -- (winmgmt)
SRV - [2012/12/12 07:37:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/07 09:36:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/24 16:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/02 20:00:00 | 000,157,792 | ---- | M] (DATEV eG) [Auto] -- C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2012/06/13 19:20:00 | 000,087,040 | ---- | M] (DATEV eG) [Auto] -- C:\Datev\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2012/06/05 15:54:22 | 000,177,760 | ---- | M] (DATEV eG) [Auto] -- C:\Datev\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag)
SRV - [2012/05/08 06:33:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 06:33:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/01 15:43:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2011/08/03 06:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/02 04:47:34 | 000,063,488 | ---- | M] () [Auto] -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe -- (CDMA Device Service)
SRV - [2007/03/21 06:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/12/14 03:00:00 | 001,372,432 | ---- | M] (Danware Data A/S) [Auto] -- C:\DATEV\PROGRAMM\A0000008\NHOSTSVC.EXE -- (NetOp Host for NT Service) NetOp Helper ver. 9.00 (2006348)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/05/08 06:33:50 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 06:33:50 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 08:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/04 06:03:48 | 000,367,560 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2011/09/08 13:24:14 | 007,180,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/08/10 07:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2011/07/17 23:24:44 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/07/17 23:24:44 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/07/17 23:24:08 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/07/17 23:24:08 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/07/17 23:24:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/06/17 08:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/08 01:05:15 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/10/08 01:05:15 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/02 05:17:48 | 000,115,464 | ---- | M] (ABILIS Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AbilisBdaTuner.sys -- (AbilisT)
DRV - [2008/12/02 09:47:38 | 004,954,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/28 05:36:18 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto] -- C:\WINDOWS\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2008/09/28 05:36:16 | 000,627,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WLANURN.sys -- (NWD211AN)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/08/06 07:37:59 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/08/06 06:54:56 | 000,437,760 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WlanUZXP.sys -- (NB762_XP)
DRV - [2007/07/20 11:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/12/22 14:05:34 | 000,449,536 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athrusb.sys -- (athrusb)
DRV - [2006/12/14 03:00:00 | 000,092,432 | ---- | M] (Danware Data A/S) [Kernel | System] -- C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS -- (NHostNT1) NetOp Driver 1 ver. 9.00 (2006348)
DRV - [2006/12/14 03:00:00 | 000,003,216 | ---- | M] (Danware Data A/S) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS -- (NHOSTNT3) NetOp Driver 3 ver. 9.00 (2006348) (NHOSTNT3)
DRV - [2006/08/11 08:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/07/05 07:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006/06/14 12:12:13 | 000,078,184 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/06/14 09:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Forsch2user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\forsch5user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\forsch5user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@datev.de/DATEV_BestellManager,version=1.7: C:\Datev\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\forsch5user\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/17 03:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/07 09:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/07 09:36:44 | 000,000,000 | ---D | M]
 
[2011/04/20 01:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\forsch5user\Application Data\Mozilla\Extensions
[2012/11/23 10:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\forsch5user\Application Data\Mozilla\Firefox\Profiles\7p87vvmf.default\extensions
[2012/11/21 08:30:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\forsch5user\Application Data\Mozilla\Firefox\Profiles\7p87vvmf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/12/07 09:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/07 09:36:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/07 09:36:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- 
[2012/12/07 09:36:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/24 21:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/24 21:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/24 21:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/08/24 21:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/24 21:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/08/24 21:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/05/07 08:06:48 | 000,001,011 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       gosredirector.ea.com
O1 - Hosts: 127.0.0.1       blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1       gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1       gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1       gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1       demangler.ea.com
O1 - Hosts: 127.0.0.1       vmp.tools.gos.ea.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATEV Update-Monitor] C:\Datev\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck]  File not found
O4 - HKU\forsch5user_ON_C..\Run: [KiesAirMessage]  File not found
O4 - HKU\forsch5user_ON_C..\Run: [KiesPreload]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk = C:\Datev\PROGRAMM\BSOffice\service\OfficeDiag.exe (DATEV eG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CleanupPrintJobs.lnk = C:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe (TODO: <Firmenname>)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk = C:\Datev\PROGRAMM\A0000007\DHNC.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DFÜ-Manager.lnk = C:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (DATEV eG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Outlook 2003.lnk = C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk = C:\Datev\SYSTEM\RzpjWtch.exe (DATEV eG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk = C:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL Dual Band Wireless N USB Adapter Utility.lnk = C:\Program Files\ZyXEL\NWD-211AN\NWD-211AN.exe (ZyXEL Communications Corp.)
O4 - Startup: C:\Documents and Settings\forsch5user\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Forsch2user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\forsch5user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\forsch5user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .IPC - C:\Program Files\Internet Explorer\Plugins\npideapl.dll (LINK & LINK Software)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342075579281 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/06 06:36:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:07:51 | 000,000,000 | ---- | M] () - H:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{edc7c0b8-f048-11dc-915d-0019dbc807f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{edc7c0b8-f048-11dc-915d-0019dbc807f5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{edc7c0b8-f048-11dc-915d-0019dbc807f5}\Shell\Open(&0)\command - "" = K:\Recycled\ctfmon.exe
O33 - MountPoints2\{fc03affc-6b5f-11dc-90e4-0019dbc807f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc03affc-6b5f-11dc-90e4-0019dbc807f5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{fc03affc-6b5f-11dc-90e4-0019dbc807f5}\Shell\Open(&0)\command - "" = K:\Recycled\ctfmon.exe
O33 - MountPoints2\{fc57ffba-319d-11df-93a3-0019dbc807f5}\Shell - "" = AutoRun
O33 - MountPoints2\{fc57ffba-319d-11df-93a3-0019dbc807f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc57ffba-319d-11df-93a3-0019dbc807f5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe AUDIO.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/11 08:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Forsch2user\Application Data\DATEV
[2013/01/11 08:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Forsch2user\Local Settings\Application Data\ATI
[2013/01/11 08:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Forsch2user\Application Data\ATI
[2013/01/11 08:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Forsch2user\Local Settings\Application Data\DATEV
[2013/01/11 08:01:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Forsch2user\IETldCache
[2013/01/10 10:20:10 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/01/10 07:25:32 | 000,197,896 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\forsch5user\wgsdgsdgdsgsd.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/13 06:19:16 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
[2013/01/13 06:19:15 | 000,002,635 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Outlook 2003.lnk
[2013/01/13 06:19:02 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/13 06:18:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2013/01/13 06:18:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/13 05:34:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/11 08:21:23 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Forsch2user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2013/01/11 08:19:57 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Forsch2user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/11 02:48:19 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/10 07:34:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/10 07:25:34 | 000,003,022 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js
[2013/01/10 07:25:34 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\forsch5user\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 07:25:32 | 000,197,896 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\forsch5user\wgsdgsdgdsgsd.exe
[2013/01/10 07:03:27 | 000,001,696 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/01/10 02:18:48 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2013/01/10 02:17:52 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\forsch5user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2013/01/09 10:53:44 | 000,505,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 10:53:44 | 000,089,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 07:34:55 | 000,005,703 | ---- | M] () -- C:\Documents and Settings\forsch5user\Local Settings\Application Data\EmptySettings.xml
[2012/12/21 06:18:32 | 000,002,543 | ---- | M] () -- C:\Documents and Settings\forsch5user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2012/12/21 02:54:20 | 000,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/21 02:45:13 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/17 03:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/10 07:25:34 | 000,003,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js
[2013/01/10 07:25:34 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\forsch5user\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 07:25:32 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
[2012/10/27 06:26:04 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/02/15 06:53:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/25 09:31:06 | 000,413,482 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-1004336348-682003330-1003-0.dat
[2011/10/25 09:31:06 | 000,138,010 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/10/25 03:57:51 | 000,005,703 | ---- | C] () -- C:\Documents and Settings\forsch5user\Local Settings\Application Data\EmptySettings.xml
[2011/10/10 02:20:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/08 02:31:32 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/09/14 04:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/07/26 10:26:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/07/26 10:26:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/07/26 10:26:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/07/26 10:26:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/09/06 01:33:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/06 01:33:29 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/09/06 01:33:29 | 000,239,869 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/09/06 01:33:29 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/20 02:37:20 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/20 02:37:19 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/20 02:37:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/05/25 04:54:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/25 00:34:39 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/03/05 01:58:09 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/10 06:23:35 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\forsch5user\Application Data\BEVI.CFG
[2009/12/10 06:18:44 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2009/12/10 06:18:43 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2009/10/06 02:16:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/30 05:05:48 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v60.dll
[2009/07/24 01:14:21 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\forsch5user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/17 02:16:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/11/01 06:45:33 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DvInesKurusOleServer003.INI
[2008/10/30 11:00:22 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v60.dll
[2008/10/30 10:59:24 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v60.dll
[2008/03/14 02:07:19 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/03/14 02:07:19 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/01/20 06:47:30 | 000,000,027 | ---- | C] () -- C:\WINDOWS\VIPZKA.INI
[2007/10/16 08:42:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\llclient.INI
[2007/08/23 11:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/20 06:38:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Whoprog.INI
[2007/08/07 04:39:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Winiv.INI
[2007/08/06 11:02:56 | 000,000,171 | ---- | C] () -- C:\WINDOWS\DEINSTAL.INI
[2007/08/06 10:42:58 | 000,000,162 | ---- | C] () -- C:\WINDOWS\netop.ini
[2007/08/06 10:42:25 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\forsch5user\Local Settings\Application Data\fusioncache.dat
[2007/08/06 10:33:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DvInesKurusOleServer002.INI
[2007/08/06 10:32:54 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Startup.INI
[2007/08/06 10:32:54 | 000,000,108 | ---- | C] () -- C:\WINDOWS\dvinesinstart001.INI
[2007/08/06 10:32:54 | 000,000,108 | ---- | C] () -- C:\WINDOWS\dvinesinstalllocation001.INI
[2007/08/06 10:26:06 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2007/08/06 10:26:06 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2007/08/06 09:59:19 | 000,000,321 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2007/08/06 09:09:20 | 000,001,696 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/06 08:27:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/06 08:26:13 | 000,141,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/06 06:38:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/06 06:33:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/28 17:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/28 17:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,505,894 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,089,358 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/14 10:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/12/14 10:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2004/12/14 10:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2003/09/24 04:42:00 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\tm.ini
[2003/02/20 10:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/08/26 07:50:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ddma32.dll
[1999/05/19 08:47:46 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\DBKONF.dll
[1999/03/16 08:22:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Ivinfo.exe
[1999/03/16 06:26:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ivbtr14s.dll
[1999/03/11 15:07:22 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\ivutl14.dll
[1999/02/10 10:28:26 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\ivtrn14.dll
[1999/01/19 08:18:30 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\LFPNG60N.DLL
[1999/01/19 08:18:30 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\LFTIF60N.DLL
[1999/01/19 08:18:30 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL60N.DLL
[1999/01/19 08:18:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LFPSD60N.DLL
[1999/01/19 08:18:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA60N.DLL
[1999/01/19 08:18:30 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWPG60N.DLL
[1999/01/19 08:18:30 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWMF60N.DLL
[1999/01/19 08:18:28 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\LFFAX60N.DLL
[1999/01/19 08:18:28 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\LFCMP60N.DLL
[1999/01/19 08:18:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX60N.DLL
[1999/01/19 08:18:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFPCT60N.DLL
[1999/01/19 08:18:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFEPS60N.DLL
[1999/01/19 08:18:28 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP60N.DLL
[1999/01/19 08:18:28 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFMSP60N.DLL
[1999/01/19 08:18:28 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\LFMAC60N.DLL
[1998/05/07 06:10:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[1997/09/21 17:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[1997/09/21 17:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/30 02:24:00 | 000,000,141 | ---- | C] () -- C:\WINDOWS\OPTESTER.INI
[1996/10/07 13:22:04 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32MKDE.EXE
[1996/09/24 10:40:44 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[1995/02/14 17:11:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
 
========== LOP Check ==========
 
[2013/01/11 08:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Forsch2user\Application Data\DATEV
[2010/05/11 03:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\forsch5user\Application Data\Command and Conquer 4
[2011/10/25 04:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\forsch5user\Application Data\DATEV
[2011/10/25 09:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\forsch5user\Application Data\DMS
[2012/10/27 07:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\forsch5user\Application Data\DVASSV
[2011/01/06 06:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\forsch5user\Application Data\ImgBurn
[2010/01/04 08:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\forsch5user\Application Data\Meine Die Schlacht um Mittelerde-Dateien
[2011/09/20 09:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\forsch5user\Application Data\Samsung
[2012/02/29 09:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\forsch5user\Application Data\Unity
[2011/01/12 07:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/02/05 08:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2012/10/27 06:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DATEV
[2010/10/29 07:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCTV Systems
[2012/11/22 02:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2007/08/06 10:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkyCom
 
========== Purity Check ==========
 
 
< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 1/14/2013 8:42:26 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 347.58 Gb Total Space | 310.35 Gb Free Space | 89.29% Space Free | Partition Type: NTFS
Drive D: | 20.51 Gb Total Space | 13.59 Gb Free Space | 66.27% Space Free | Partition Type: FAT32
Drive H: | 97.66 Gb Total Space | 97.57 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM 
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM 
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\A0000008\Nhstw32.exe" = C:\DATEV\PROGRAMM\A0000008\nhstw32.exe:*:Enabled:nhstw32.exe -- (Danware Data A/S)
"C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe" = C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe:*:Enabled:DcManag.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\dfueman.exe" = C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe:*:Enabled:DfueMan.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe" = C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe:*:Enabled:ccsrv2.exe -- ()
"C:\DATEV\PROGRAMM\RZKOMM\callauferst.exe" = C:\DATEV\PROGRAMM\RZKOMM\callauferst.exe:*:Enabled:callauferst.exe
"C:\DATEV\PROGRAMM\RZKOMM\DfueSammlerDienst.exe" = C:\DATEV\PROGRAMM\RZKOMM\DfueSammlerDienst.exe:*:Enabled:DfueSammlerDienst.exe -- ()
"C:\DATEV\PROGRAMM\RZKOMM\funktest.exe" = C:\DATEV\PROGRAMM\RZKOMM\funktest.exe:*:Enabled:funktest.exe
"C:\DATEV\PROGRAMM\RZKOMM\funkt_fv.exe" = C:\DATEV\PROGRAMM\RZKOMM\funkt_fv.exe:*:Enabled:funkt_fv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\empftest.exe" = C:\DATEV\PROGRAMM\RZKOMM\empftest.exe:*:Enabled:empftest.exe
"C:\DATEV\PROGRAMM\SWS\Limaservice.exe" = C:\DATEV\PROGRAMM\SWS\LimaService.exe:*:Enabled:LimaService.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\DFUEISDN\SECCLT\secclt.exe" = C:\DATEV\PROGRAMM\DFUEISDN\SecClt\SecClt.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:SecClt.exe
"C:\DATEV\PROGRAMM\DFUEISDN\SSLCLT\sslclt.exe" = C:\DATEV\PROGRAMM\DFUEISDN\SSLClt\SSLClt.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:SSLClt.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\DFUEWS\MNTBNA\mntbna.exe" = C:\DATEV\PROGRAMM\DFUEWS\MNTBNA\mntbna.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:mntbna.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\B0000195\ADDMAN\DATEVAddMan.exe" = C:\DATEV\PROGRAMM\B0000195\ADDMAN\DATEVAddMan.exe:*:Enabled:DATEVAddMan.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\EOBASIS\EO2.exe" = C:\DATEV\PROGRAMM\EOBASIS\EO2.exe:*:Enabled:EO2.exe -- (DATEV eG)
"C:\Datev\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = C:\Datev\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG)
"C:\Datev\PROGRAMM\Install\Uninstal.exe" = C:\Datev\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\MITARBEI\Mitarbei.exe" = C:\DATEV\PROGRAMM\MITARBEI\Mitarbei.exe:*:Enabled:Mitarbei.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\MANDANT\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\R0000135\EOR.EXE" = C:\DATEV\PROGRAMM\R0000135\EOR:*:Enabled:EOR.exe -- (DATEV e.G.)
"C:\DATEV\PROGRAMM\SWS\LimaServer.exe" = C:\DATEV\PROGRAMM\SWS\LimaServer.exe:*:Enabled:LimaServer.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaAdmin.exe" = C:\DATEV\PROGRAMM\SWS\LimaAdmin.exe:*:Enabled:LimaAdmin.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaPing.exe" = C:\DATEV\PROGRAMM\SWS\LimaPing.exe:*:Enabled:LimaPing.exe -- ()
"C:\DATEV\PROGRAMM\SWS\StartCIOProfile.exe" = C:\DATEV\PROGRAMM\SWS\StartCIOProfile.exe:*:Enabled:StartCIOProfile.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\MasterSWM_Viewer.exe" = C:\DATEV\PROGRAMM\SWS\MasterSWM_Viewer.exe:*:Enabled:MasterSWM_Viewer.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaLicFile.exe" = C:\DATEV\PROGRAMM\SWS\LimaLicFile.exe:*:Enabled:LimaLicFile.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\StartCIO.exe" = C:\DATEV\PROGRAMM\SWS\StartCIO.exe:*:Enabled:StartCIO.exe -- ()
"C:\DATEV\PROGRAMM\SWS\TestTCP.exe" = C:\DATEV\PROGRAMM\SWS\TestTCP.exe:*:Enabled:TestTCP.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaStatus.exe" = C:\DATEV\PROGRAMM\SWS\LimaStatus.exe:*:Enabled:LimaStatus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe" = C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe:*:Enabled:Arbeitsplatz.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\A0000008\Nhstw32.exe" = C:\DATEV\PROGRAMM\A0000008\Nhstw32.exe:*:Enabled:Nhstw32.exe -- (Danware Data A/S)
"C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe" = C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe:*:Enabled:DcManag.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\dfueman.exe" = C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe:*:Enabled:DfueMan.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe" = C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe:*:Enabled:ccsrv2.exe -- ()
"C:\DATEV\PROGRAMM\RZKOMM\callauferst.exe" = C:\DATEV\PROGRAMM\RZKOMM\callauferst.exe:*:Enabled:callauferst.exe
"C:\DATEV\PROGRAMM\RZKOMM\DfueSammlerDienst.exe" = C:\DATEV\PROGRAMM\RZKOMM\DfueSammlerDienst.exe:*:Enabled:DfueSammlerDienst.exe -- ()
"C:\DATEV\PROGRAMM\RZKOMM\funktest.exe" = C:\DATEV\PROGRAMM\RZKOMM\funktest.exe:*:Enabled:funktest.exe
"C:\DATEV\PROGRAMM\RZKOMM\funkt_fv.exe" = C:\DATEV\PROGRAMM\RZKOMM\funkt_fv.exe:*:Enabled:funkt_fv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\empftest.exe" = C:\DATEV\PROGRAMM\RZKOMM\empftest.exe:*:Enabled:empftest.exe
"C:\DATEV\PROGRAMM\SWS\Limaservice.exe" = C:\DATEV\PROGRAMM\SWS\LimaService.exe:*:Enabled:LimaService.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\DFUEISDN\SECCLT\secclt.exe" = C:\DATEV\PROGRAMM\DFUEISDN\SecClt\SecClt.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:SecClt.exe
"C:\DATEV\PROGRAMM\DFUEISDN\SSLCLT\sslclt.exe" = C:\DATEV\PROGRAMM\DFUEISDN\SSLClt\SSLClt.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:SSLClt.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\DFUEWS\MNTBNA\mntbna.exe" = C:\DATEV\PROGRAMM\DFUEWS\MNTBNA\mntbna.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:mntbna.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\B0000195\ADDMAN\DATEVAddMan.exe" = C:\DATEV\PROGRAMM\B0000195\ADDMAN\DATEVAddMan.exe:*:Enabled:DATEVAddMan.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\EOBASIS\EO2.exe" = C:\DATEV\PROGRAMM\EOBASIS\EO2.exe:*:Enabled:EO2.exe -- (DATEV eG)
"C:\Datev\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = C:\Datev\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG)
"C:\Datev\PROGRAMM\Install\Uninstal.exe" = C:\Datev\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\MITARBEI\Mitarbei.exe" = C:\DATEV\PROGRAMM\MITARBEI\Mitarbei.exe:*:Enabled:Mitarbei.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\MANDANT\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\R0000135\EOR.EXE" = C:\DATEV\PROGRAMM\R0000135\EOR:*:Enabled:EOR.exe -- (DATEV e.G.)
"C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\patchget.dat" = C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\patchget.dat:*:Enabled:patchgrabber
"C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat" = C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat:*:Enabled:patchgrabber
"C:\DATEV\PROGRAMM\SWS\LimaServer.exe" = C:\DATEV\PROGRAMM\SWS\LimaServer.exe:*:Enabled:LimaServer.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaAdmin.exe" = C:\DATEV\PROGRAMM\SWS\LimaAdmin.exe:*:Enabled:LimaAdmin.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaPing.exe" = C:\DATEV\PROGRAMM\SWS\LimaPing.exe:*:Enabled:LimaPing.exe -- ()
"C:\DATEV\PROGRAMM\SWS\StartCIOProfile.exe" = C:\DATEV\PROGRAMM\SWS\StartCIOProfile.exe:*:Enabled:StartCIOProfile.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\MasterSWM_Viewer.exe" = C:\DATEV\PROGRAMM\SWS\MasterSWM_Viewer.exe:*:Enabled:MasterSWM_Viewer.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaLicFile.exe" = C:\DATEV\PROGRAMM\SWS\LimaLicFile.exe:*:Enabled:LimaLicFile.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\StartCIO.exe" = C:\DATEV\PROGRAMM\SWS\StartCIO.exe:*:Enabled:StartCIO.exe -- ()
"C:\DATEV\PROGRAMM\SWS\TestTCP.exe" = C:\DATEV\PROGRAMM\SWS\TestTCP.exe:*:Enabled:TestTCP.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaStatus.exe" = C:\DATEV\PROGRAMM\SWS\LimaStatus.exe:*:Enabled:LimaStatus.exe -- (DATEV eG)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe" = C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe:*:Enabled:Arbeitsplatz.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"C:\volley\steam\Steam.exe" = C:\volley\steam\Steam.exe:*:Enabled:Steam
"C:\volley\hdro\lotroclient.exe" = C:\volley\hdro\lotroclient.exe:*:Disabled:lotroclient
"C:\volley\HdRII\game.dat" = C:\volley\HdRII\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II
"C:\volley\HdRIILK\game.dat" = C:\volley\HdRIILK\game.dat:*:Enabled:Der Herr der Ringe™, Aufstieg des Hexenkönigs™
"C:\WINDOWS\system32\hasplms.exe" = C:\WINDOWS\system32\hasplms.exe:*:Enabled:Sentinel License Manager -- (SafeNet Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{140B5BC3-E263-397D-B1BB-C4095364FB6F}" = Catalyst Control Center InstallProxy
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{317587A3-A8A0-4EEE-8C02-62595A879E7B}" = Microsoft SQL Server 2005-Abwärtskompatibilität
"{31D72A9B-F7A1-4FE9-A9BC-45D2BE2610D4}" = SQLXML4
"{341C4CB5-8BD1-48D9-BE09-9F511FCF9235}" = DFL2010 ConfigDB
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3686B63F-72CD-C0FB-1348-34DB78ADFC9C}" = CCC Help English
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5808C9C0-C38B-4091-BCC3-9D401C594A88}" = DFL2010 Microkernel
"{58288FBC-C7E8-FE33-3009-199C219D3363}" = Catalyst Control Center Graphics Previews Common
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5CBEBFF-3DB4-4271-A706-757BBE3BD5AE}" = KOBIL CCID driver x64x86
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0EC7B14-C363-8FCF-728E-A94144B31518}" = AMD Catalyst Install Manager
"{E6D45395-C8CE-40D8-BF3A-F0CDA6F1049A}" = ZyXEL Dual Band Wireless N USB Adapter Utility
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7A679C2-2A9C-4008-9CF9-178A6C13D923}" = Dialogseminar online V.3.02
"{EFF5ECCC-20B9-68CE-A95A-A1500E4E0FF8}" = ccc-utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FA798C4A-FE41-AE67-932F-F00CDAAA7723}" = Catalyst Control Center
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DATEVB00000482.0" = DATEV Installation V.3.0
"DATEVB00000501.0" = DATEV Auskunftssystem Laufzeitkomponente V.1.2
"DATEVB00000671.2" = DATEV Basiskomponenten V.1.2
"DATEVK00000151.0" = DATEV Basisschnittstelle für Word V.1.53
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX-Setup
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"LearnLincClient" = Dialogseminar online
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PrintServer Network driver" = PrintServer Network driver
"PROSet" = Intel(R) PRO Network Connections Drivers
"Rise And Fall" = Rise And Fall (remove only)
"VLC media player" = VLC media player 2.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEP" = XPS Essentials Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\forsch5user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
< End of report >
         

Zitat:

(DATEV eG) [Auto] -- C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)

DATEV?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Hallo cosinus,

bei dem Rechner handelt es sich um meinen Privatrechner. Es wurde jedoch DATEV draufgespielt damit ich ab und zu auch von zu Hause aus arbeiten kann. Was jetzt leider nicht mehr möglich ist. Die Updates werden von DATEV als DVD versand die ich dann selber manuell aufspielen muss. Also keine automatischen Updates von DATEV. Das letzte Update müsste aber schon ein paar Monate her sein.

Ist also kein Büro-PC oder so, sondern steht bei mir zu Hause. Ich benutze ihn ja auch fast ausschließlich privat zum surfen etc.

Gruß thdy

Du solltest deinen Kollegen aus der EDV das aber schon mitteilen was mit deinem Rechner los ist...

Arbeite bei einem Steuerberater im 2 Mann Betrieb. Der Steuerberater und ich. Damit bin ich auch kurzer Hand zum Datenschutzbeauftagten bestimmt worden.
Falls es im Büro Probleme gibt holen wir uns einen Externen. Da es bei mir zu Haus passiert ist, sagt mein Chef das es ihm egal ist wie ich das hinkriege und das es mein Privatvergnügen ist.
Hab ja auch schon einiges probiert, aber dieser GVU-Trojaner ist echt hartnäckig.

Daher seid ihr meine letzte Hoffnung.

Fazit:

Habe den Trojaner auf einen privaten Rechner, den ich 2 mal im Jahr mit DATEV nutze. Mein Chef weis bescheid, es kümmert ihn aber nicht. Mir ist es auch egal ob DATEV nach den fix noch läuft oder nicht.

Möchte einfach nur meinen Rechner von diesem penetranten GVU-Trojaner befreien und hab hier nach kompetenter Hilfe gesucht.

Danke

Zitat:

Möchte einfach nur meinen Rechner von diesem penetranten GVU-Trojaner befreien und hab hier nach kompetenter Hilfe gesucht.

"möchte und "nur" - trotzdem fallen Logdateien mit ggf. brisanten Daten an!

Also seist du hiermit extra nochmal drauf hingewiesen! Man beachte den dicken farbigen unteren Teil!

Firmenrechner bzw. gerwerbliche genutzte PC werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Ok cosinus,

dank dir für deine offene Warnung das die Logfiles vertrauliche Daten enthalten könnten. Kann das natürlich nicht komplett ausschließen, jedoch sämtliche Mandantendaten wurden immer auf einen seperaten Server ausgelagert und solten nicht auf dem Rechner sein.

Aber ich verstehe deine Bedenken und hab die Forenregel gelesen. Ich bitte dich jedoch dir zu überlegen mir denoch zu helfen. Wenn die Regel besagt das auch Kleinunternehmen ohne IT-Support geholfen wird, dann vieleicht auch Privatpersonen wie mir...

Dank dir

Dann bestätige bitte auch, dass du uns hier nicht mit Meldungen zuspamst, wenn du doch ein Log mit brisanten Daten veröffentlichest hast. Ich werde nämlich im Nachhinein weder Logs löschen noch ändern.

Also, es unterliegt deiner Sorgfaltspflicht Logs vor dem Posten entsprechend zu editieren, zB Username und so und was man vllt an privaten Daten zB in Dateinamen lesen kann, OTL listet nämlich auch bestimmte Ordnerinhalte weil es sein muss.

Hiermit bestätige ich, dass ich euch nicht mit Meldungen zuspame, falls irgendwelche brisanten Daten per Logfiles veröffentlicht werden.

Ich habe zur Kenntniss genommen, dass es meiner Sorgfalt unterliegt die Logs vor dem Posten entsprechend zu editieren und evtl. enthaltene Usernamen oder andere private Daten somit nicht für alle sichtbar zu machen.

Hab ich jetzt den Segen?

Ja

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
SRV - [2013/01/10 07:25:32 | 000,197,896 | ---- | M] (?????????? ??????????) [Auto] -- C:\Documents and Settings\forsch5user\wgsdgsdgdsgsd.exe -- (winmgmt)
O4 - Startup: C:\Documents and Settings\forsch5user\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O32 - AutoRun File - [2010/08/23 01:07:51 | 000,000,000 | ---- | M] () - H:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{edc7c0b8-f048-11dc-915d-0019dbc807f5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{edc7c0b8-f048-11dc-915d-0019dbc807f5}\Shell\Open(&0)\command - "" = K:\Recycled\ctfmon.exe
O33 - MountPoints2\{fc03affc-6b5f-11dc-90e4-0019dbc807f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc03affc-6b5f-11dc-90e4-0019dbc807f5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{fc03affc-6b5f-11dc-90e4-0019dbc807f5}\Shell\Open(&0)\command - "" = K:\Recycled\ctfmon.exe
O33 - MountPoints2\{fc57ffba-319d-11df-93a3-0019dbc807f5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe AUDIO.vbs
:Files
C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js
C:\Documents and Settings\forsch5user\Start Menu\Programs\Startup\runctf.lnk
C:\Documents and Settings\forsch5user\wgsdgsdgdsgsd.exe
C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
:Commands
[purity]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Danke cosinus

Deinen Code in OTL reinkopiert und auf Fix gedrückt.

Es kam leider kein Logfile wie von dir beschrieben, nur die Frage ob neu gestartet werden soll. Die hab ich mit Ja beantwortet.

Danach Windows normal gestartet. Und siehe da es geht auch ohne Desktopsperre.

Beim Neustart erschien auf dem Desktop jedoch eine Logfile mit ner Nummer als Namen, die auch in dem Ordner MovedFiles zu finden ist.

Soll ich die hier nochmal als Code reinstellen?

Ansonsten den Ordner movedfiles per UloadChannel hochgeladen

So weit so gut

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Entpacke das Archiv auf deinem Desktop.
• Im neu erstellten Ordner starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hier die erste mbar Logfile

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.15.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
forsch5user :: FORSCH5 [administrator]

15.01.2013 17:05:02
mbar-log-2013-01-15 (17-05-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30108
Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

und die 2. nach dem Cleanup

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.15.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
forsch5user :: FORSCH5 [administrator]

15.01.2013 17:41:28
mbar-log-2013-01-15 (17-41-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30087
Time elapsed: 19 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

• Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

hier die aswMBR Logfile

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-16 14:49:17
-----------------------------
14:49:17.515    OS Version: Windows 5.1.2600 Service Pack 3
14:49:17.515    Number of processors: 4 586 0xF07
14:49:17.515    ComputerName: FORSCH5  UserName: 
14:49:18.374    Initialize success
14:49:24.952    AVAST engine defs: 13011600
14:49:29.468    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:49:29.468    Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
14:49:29.484    Disk 0 MBR read successfully
14:49:29.484    Disk 0 MBR scan
14:49:29.499    Disk 0 Windows XP default MBR code
14:49:29.515    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       355924 MB offset 2048
14:49:29.546    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       100000 MB offset 728934400
14:49:29.546    Disk 0 Partition - 00     0F Extended LBA             21012 MB offset 933734400
14:49:29.562    Disk 0 Partition 3 00     0B        FAT32 MSDOS5.0    21012 MB offset 933734463
14:49:29.562    Disk 0 scanning sectors +976768065
14:49:29.640    Disk 0 scanning C:\WINDOWS\system32\drivers
14:49:47.296    Service scanning
14:50:00.468    Modules scanning
14:50:26.249    Disk 0 trace - called modules:
14:50:26.280    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ae1b850]<<
14:50:26.280    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae1bab8]
14:50:26.296    3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8ae07030]
14:50:26.296    \Driver\iaStor[0x8ad9b988] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8ae1b850
14:50:27.124    AVAST engine scan C:\WINDOWS
14:51:11.077    AVAST engine scan C:\WINDOWS\system32
15:02:29.280    AVAST engine scan C:\WINDOWS\system32\drivers
15:03:26.609    AVAST engine scan C:\Documents and Settings\forsch5user
15:06:40.374    File: C:\Documents and Settings\forsch5user\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\59\3439487b-682faa60  **INFECTED** Win32:Reveton-LK [Trj]
15:15:02.140    AVAST engine scan C:\Documents and Settings\All Users
15:15:36.859    Scan finished successfully
15:15:51.327    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\forsch5user\Desktop\MBR.dat"
15:15:51.343    The log file has been saved successfully to "C:\Documents and Settings\forsch5user\Desktop\aswMBR.txt"
         

und die tdsskiller Log

Code: Alles auswählenAufklappen

ATTFilter

15:25:40.0124 5040  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:25:40.0405 5040  ============================================================
15:25:40.0405 5040  Current date / time: 2013/01/16 15:25:40.0405
15:25:40.0405 5040  SystemInfo:
15:25:40.0405 5040  
15:25:40.0405 5040  OS Version: 5.1.2600 ServicePack: 3.0
15:25:40.0405 5040  Product type: Workstation
15:25:40.0405 5040  ComputerName: FORSCH5
15:25:40.0405 5040  UserName: forsch5user
15:25:40.0405 5040  Windows directory: C:\WINDOWS
15:25:40.0405 5040  System windows directory: C:\WINDOWS
15:25:40.0405 5040  Processor architecture: Intel x86
15:25:40.0405 5040  Number of processors: 4
15:25:40.0405 5040  Page size: 0x1000
15:25:40.0405 5040  Boot type: Normal boot
15:25:40.0405 5040  ============================================================
15:25:40.0937 5040  !crdlk
15:25:40.0937 5040  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
15:25:40.0984 5040  ============================================================
15:25:40.0984 5040  \Device\Harddisk0\DR0:
15:25:40.0984 5040  MBR partitions:
15:25:40.0984 5040  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2B72A000
15:25:40.0984 5040  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2B72A800, BlocksNum 0xC350000
15:25:41.0015 5040  \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x37A7A83F, BlocksNum 0x290A402
15:25:41.0015 5040  ============================================================
15:25:41.0046 5040  C: <-> \Device\Harddisk0\DR0\Partition1
15:25:41.0062 5040  D: <-> \Device\Harddisk0\DR0\Partition3
15:25:41.0093 5040  H: <-> \Device\Harddisk0\DR0\Partition2
15:25:41.0093 5040  ============================================================
15:25:41.0093 5040  Initialize success
15:25:41.0093 5040  ============================================================
15:27:42.0452 1228  ============================================================
15:27:42.0452 1228  Scan started
15:27:42.0452 1228  Mode: Manual; SigCheck; TDLFS; 
15:27:42.0452 1228  ============================================================
15:27:42.0890 1228  ================ Scan system memory ========================
15:27:42.0890 1228  System memory - ok
15:27:42.0890 1228  ================ Scan services =============================
15:27:42.0999 1228  [ 39C9203BFE995D792F1D5973543E8ED7 ] AbilisT         C:\WINDOWS\system32\Drivers\AbilisBdaTuner.sys
15:27:43.0093 1228  AbilisT - ok
15:27:43.0093 1228  Abiosdsk - ok
15:27:43.0109 1228  abp480n5 - ok
15:27:43.0140 1228  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:27:43.0265 1228  ACPI - ok
15:27:43.0265 1228  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
15:27:43.0359 1228  ACPIEC - ok
15:27:43.0421 1228  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:43.0421 1228  AdobeFlashPlayerUpdateSvc - ok
15:27:43.0437 1228  adpu160m - ok
15:27:43.0452 1228  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:27:43.0546 1228  aec - ok
15:27:43.0593 1228  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:27:43.0624 1228  AFD - ok
15:27:43.0624 1228  Aha154x - ok
15:27:43.0624 1228  aic78u2 - ok
15:27:43.0624 1228  aic78xx - ok
15:27:43.0671 1228  [ A7F74629628B7F16734418121B61CA99 ] aksfridge       C:\WINDOWS\system32\drivers\aksfridge.sys
15:27:43.0718 1228  aksfridge - ok
15:27:43.0734 1228  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:27:43.0812 1228  Alerter - ok
15:27:43.0827 1228  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
15:27:43.0921 1228  ALG - ok
15:27:43.0937 1228  AliIde - ok
15:27:43.0937 1228  amsint - ok
15:27:44.0030 1228  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:27:44.0046 1228  AntiVirSchedulerService - ok
15:27:44.0077 1228  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:27:44.0077 1228  AntiVirService - ok
15:27:44.0093 1228  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:27:44.0187 1228  AppMgmt - ok
15:27:44.0202 1228  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:27:44.0280 1228  Arp1394 - ok
15:27:44.0296 1228  asc - ok
15:27:44.0296 1228  asc3350p - ok
15:27:44.0296 1228  asc3550 - ok
15:27:44.0421 1228  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:27:44.0452 1228  aspnet_state - ok
15:27:44.0468 1228  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:27:44.0546 1228  AsyncMac - ok
15:27:44.0562 1228  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:27:44.0655 1228  atapi - ok
15:27:44.0655 1228  Atdisk - ok
15:27:44.0687 1228  [ 59DB74EF3B328852A736578DFF3FCAD6 ] athrusb         C:\WINDOWS\system32\DRIVERS\athrusb.sys
15:27:44.0718 1228  athrusb ( UnsignedFile.Multi.Generic ) - warning
15:27:44.0718 1228  athrusb - detected UnsignedFile.Multi.Generic (1)
15:27:44.0765 1228  [ 192A651DF943EE391DFD2E4A123F07F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:27:44.0827 1228  Ati HotKey Poller - ok
15:27:44.0999 1228  [ 0A8B257DB810BE78AC9FD1860B4BA22B ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:27:45.0312 1228  ati2mtag - ok
15:27:45.0343 1228  [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
15:27:45.0359 1228  AtiHdmiService - ok
15:27:45.0405 1228  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
15:27:45.0437 1228  atksgt - ok
15:27:45.0452 1228  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:27:45.0515 1228  Atmarpc - ok
15:27:45.0546 1228  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:27:45.0624 1228  AudioSrv - ok
15:27:45.0655 1228  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:27:45.0734 1228  audstub - ok
15:27:45.0765 1228  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:27:45.0780 1228  avgntflt - ok
15:27:45.0796 1228  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:27:45.0812 1228  avipbb - ok
15:27:45.0812 1228  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:27:45.0827 1228  avkmgr - ok
15:27:45.0859 1228  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:27:45.0937 1228  Beep - ok
15:27:45.0984 1228  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:27:46.0062 1228  BITS - ok
15:27:46.0093 1228  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
15:27:46.0124 1228  Browser - ok
15:27:46.0140 1228  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:27:46.0249 1228  cbidf2k - ok
15:27:46.0280 1228  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:27:46.0343 1228  CCDECODE - ok
15:27:46.0359 1228  cd20xrnt - ok
15:27:46.0374 1228  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:27:46.0452 1228  Cdaudio - ok
15:27:46.0484 1228  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:27:46.0562 1228  Cdfs - ok
15:27:46.0609 1228  [ BB402688E25E6A58188A4FBE8CFB58DF ] CDMA Device Service C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
15:27:46.0609 1228  CDMA Device Service ( UnsignedFile.Multi.Generic ) - warning
15:27:46.0609 1228  CDMA Device Service - detected UnsignedFile.Multi.Generic (1)
15:27:46.0640 1228  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:27:46.0718 1228  Cdrom - ok
15:27:46.0718 1228  Changer - ok
15:27:46.0749 1228  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:27:46.0827 1228  CiSvc - ok
15:27:46.0843 1228  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:27:46.0937 1228  ClipSrv - ok
15:27:46.0999 1228  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:47.0140 1228  clr_optimization_v2.0.50727_32 - ok
15:27:47.0171 1228  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:47.0202 1228  clr_optimization_v4.0.30319_32 - ok
15:27:47.0218 1228  CmdIde - ok
15:27:47.0218 1228  COMSysApp - ok
15:27:47.0218 1228  Cpqarray - ok
15:27:47.0249 1228  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:27:47.0327 1228  CryptSvc - ok
15:27:47.0327 1228  dac2w2k - ok
15:27:47.0343 1228  dac960nt - ok
15:27:47.0452 1228  [ F886378CC9FFA09FE9A9D7CB4CF32934 ] DATEV Update-Service C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
15:27:47.0452 1228  DATEV Update-Service - ok
15:27:47.0515 1228  Datev.Framework.RemoteServiceModel.EnablerService - ok
15:27:47.0530 1228  Datev.Framework.RemoteServices - ok
15:27:47.0577 1228  [ 7D7D3E30813284B4F996286B90C8257D ] DatevPrintService C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
15:27:47.0577 1228  DatevPrintService ( UnsignedFile.Multi.Generic ) - warning
15:27:47.0577 1228  DatevPrintService - detected UnsignedFile.Multi.Generic (1)
15:27:47.0593 1228  [ CA48969C67568A2C87730CE5F55C369C ] Dcmanag         C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
15:27:47.0609 1228  Dcmanag - ok
15:27:47.0640 1228  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:27:47.0671 1228  DcomLaunch - ok
15:27:47.0702 1228  [ C9F9CAFAFBFFAF7E380EFC353CCC940C ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
15:27:47.0718 1228  dg_ssudbus - ok
15:27:47.0749 1228  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:27:47.0827 1228  Dhcp - ok
15:27:47.0843 1228  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:27:47.0921 1228  Disk - ok
15:27:47.0921 1228  dmadmin - ok
15:27:47.0968 1228  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:27:48.0093 1228  dmboot - ok
15:27:48.0109 1228  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:27:48.0202 1228  dmio - ok
15:27:48.0218 1228  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:27:48.0312 1228  dmload - ok
15:27:48.0343 1228  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:27:48.0421 1228  dmserver - ok
15:27:48.0421 1228  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:27:48.0499 1228  DMusic - ok
15:27:48.0530 1228  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:27:48.0562 1228  Dnscache - ok
15:27:48.0593 1228  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:27:48.0687 1228  Dot3svc - ok
15:27:48.0687 1228  dpti2o - ok
15:27:48.0702 1228  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:27:48.0780 1228  drmkaud - ok
15:27:48.0827 1228  [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:27:48.0827 1228  e1express - ok
15:27:48.0874 1228  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:27:48.0952 1228  EapHost - ok
15:27:48.0999 1228  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:27:49.0077 1228  ERSvc - ok
15:27:49.0093 1228  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
15:27:49.0109 1228  Eventlog - ok
15:27:49.0155 1228  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
15:27:49.0171 1228  EventSystem - ok
15:27:49.0218 1228  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:27:49.0296 1228  Fastfat - ok
15:27:49.0327 1228  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:27:49.0343 1228  FastUserSwitchingCompatibility - ok
15:27:49.0374 1228  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
15:27:49.0452 1228  Fdc - ok
15:27:49.0468 1228  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:27:49.0546 1228  Fips - ok
15:27:49.0562 1228  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:27:49.0640 1228  Flpydisk - ok
15:27:49.0655 1228  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
15:27:49.0734 1228  FltMgr - ok
15:27:49.0780 1228  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:27:49.0796 1228  FontCache3.0.0.0 - ok
15:27:49.0796 1228  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:27:49.0890 1228  Fs_Rec - ok
15:27:49.0905 1228  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:27:49.0984 1228  Ftdisk - ok
15:27:50.0015 1228  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:27:50.0093 1228  Gpc - ok
15:27:50.0155 1228  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:27:50.0171 1228  gupdate - ok
15:27:50.0171 1228  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:27:50.0187 1228  gupdatem - ok
15:27:50.0234 1228  [ 506097D91E96AEE4BAD61800782E8FB6 ] hardlock        C:\WINDOWS\system32\drivers\hardlock.sys
15:27:50.0249 1228  hardlock - ok
15:27:50.0265 1228  hasplms - ok
15:27:50.0280 1228  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:27:50.0359 1228  HDAudBus - ok
15:27:50.0437 1228  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:27:50.0515 1228  helpsvc - ok
15:27:50.0530 1228  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:27:50.0609 1228  HidServ - ok
15:27:50.0624 1228  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:27:50.0702 1228  hidusb - ok
15:27:50.0734 1228  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:27:50.0812 1228  hkmsvc - ok
15:27:50.0827 1228  hpn - ok
15:27:50.0843 1228  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:27:50.0874 1228  HTTP - ok
15:27:50.0890 1228  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:27:50.0984 1228  HTTPFilter - ok
15:27:50.0984 1228  i2omgmt - ok
15:27:50.0984 1228  i2omp - ok
15:27:51.0030 1228  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:27:51.0109 1228  i8042prt - ok
15:27:51.0155 1228  [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
15:27:51.0187 1228  IAANTMON - ok
15:27:51.0218 1228  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:27:51.0234 1228  iaStor - ok
15:27:51.0312 1228  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:27:51.0327 1228  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:27:51.0327 1228  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:27:51.0374 1228  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:27:51.0437 1228  idsvc - ok
15:27:51.0468 1228  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:27:51.0546 1228  Imapi - ok
15:27:51.0562 1228  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:27:51.0640 1228  ImapiService - ok
15:27:51.0655 1228  ini910u - ok
15:27:51.0765 1228  [ FEF7E38C1D350C6284137254A60C1EB7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:27:52.0030 1228  IntcAzAudAddService - ok
15:27:52.0077 1228  [ B7A420E4B137176234272D5CA9D51A49 ] IntelDH         C:\WINDOWS\system32\Drivers\IntelDH.sys
15:27:52.0093 1228  IntelDH ( UnsignedFile.Multi.Generic ) - warning
15:27:52.0093 1228  IntelDH - detected UnsignedFile.Multi.Generic (1)
15:27:52.0093 1228  IntelIde - ok
15:27:52.0109 1228  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:27:52.0187 1228  intelppm - ok
15:27:52.0218 1228  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
15:27:52.0296 1228  Ip6Fw - ok
15:27:52.0312 1228  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:27:52.0390 1228  IpFilterDriver - ok
15:27:52.0390 1228  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:27:52.0484 1228  IpInIp - ok
15:27:52.0515 1228  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:27:52.0593 1228  IpNat - ok
15:27:52.0624 1228  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:27:52.0718 1228  IPSec - ok
15:27:52.0749 1228  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:27:52.0812 1228  IRENUM - ok
15:27:52.0843 1228  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:27:52.0937 1228  isapnp - ok
15:27:52.0937 1228  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:27:53.0015 1228  Kbdclass - ok
15:27:53.0030 1228  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:27:53.0109 1228  kbdhid - ok
15:27:53.0124 1228  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:27:53.0218 1228  kmixer - ok
15:27:53.0249 1228  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:27:53.0265 1228  KSecDD - ok
15:27:53.0312 1228  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
15:27:53.0327 1228  lanmanserver - ok
15:27:53.0359 1228  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:27:53.0374 1228  lanmanworkstation - ok
15:27:53.0374 1228  lbrtfdc - ok
15:27:53.0421 1228  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
15:27:53.0437 1228  lirsgt - ok
15:27:53.0468 1228  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:27:53.0546 1228  LmHosts - ok
15:27:53.0624 1228  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:27:53.0640 1228  MDM - ok
15:27:53.0671 1228  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:27:53.0749 1228  Messenger - ok
15:27:53.0780 1228  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:27:53.0859 1228  mnmdd - ok
15:27:53.0905 1228  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:27:53.0984 1228  mnmsrvc - ok
15:27:53.0999 1228  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:27:54.0093 1228  Modem - ok
15:27:54.0109 1228  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:27:54.0202 1228  Mouclass - ok
15:27:54.0218 1228  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:27:54.0296 1228  mouhid - ok
15:27:54.0312 1228  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:27:54.0390 1228  MountMgr - ok
15:27:54.0421 1228  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:27:54.0421 1228  MozillaMaintenance - ok
15:27:54.0452 1228  [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
15:27:54.0530 1228  MPE - ok
15:27:54.0530 1228  mraid35x - ok
15:27:54.0530 1228  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:27:54.0624 1228  MRxDAV - ok
15:27:54.0655 1228  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:27:54.0687 1228  MRxSmb - ok
15:27:54.0718 1228  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:27:54.0796 1228  MSDTC - ok
15:27:54.0812 1228  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:27:54.0890 1228  Msfs - ok
15:27:54.0890 1228  MSIServer - ok
15:27:54.0905 1228  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:27:54.0999 1228  MSKSSRV - ok
15:27:55.0030 1228  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:27:55.0109 1228  MSPCLOCK - ok
15:27:55.0124 1228  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:27:55.0234 1228  MSPQM - ok
15:27:55.0249 1228  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:27:55.0327 1228  mssmbios - ok
15:27:55.0359 1228  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
15:27:55.0437 1228  MSTEE - ok
15:27:55.0452 1228  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:27:55.0484 1228  Mup - ok
15:27:55.0515 1228  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:27:55.0593 1228  NABTSFEC - ok
15:27:55.0624 1228  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:27:55.0702 1228  napagent - ok
15:27:55.0749 1228  [ 6D0B121FE665626D266678EA97C75622 ] NB762_XP        C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
15:27:55.0765 1228  NB762_XP ( UnsignedFile.Multi.Generic ) - warning
15:27:55.0765 1228  NB762_XP - detected UnsignedFile.Multi.Generic (1)
15:27:55.0812 1228  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:27:55.0890 1228  NDIS - ok
15:27:55.0905 1228  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:27:55.0984 1228  NdisIP - ok
15:27:56.0015 1228  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:27:56.0030 1228  NdisTapi - ok
15:27:56.0062 1228  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:27:56.0140 1228  Ndisuio - ok
15:27:56.0155 1228  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:27:56.0234 1228  NdisWan - ok
15:27:56.0249 1228  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:27:56.0280 1228  NDProxy - ok
15:27:56.0280 1228  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:27:56.0359 1228  NetBIOS - ok
15:27:56.0405 1228  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:27:56.0484 1228  NetBT - ok
15:27:56.0515 1228  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:27:56.0593 1228  NetDDE - ok
15:27:56.0593 1228  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:27:56.0671 1228  NetDDEdsdm - ok
15:27:56.0702 1228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:27:56.0780 1228  Netlogon - ok
15:27:56.0796 1228  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
15:27:56.0874 1228  Netman - ok
15:27:56.0968 1228  [ 7951329FCE47C17B235CD2157307CE97 ] NetOp Host for NT Service C:\DATEV\PROGRAMM\A0000008\NHOSTSVC.EXE
15:27:57.0062 1228  NetOp Host for NT Service ( UnsignedFile.Multi.Generic ) - warning
15:27:57.0062 1228  NetOp Host for NT Service - detected UnsignedFile.Multi.Generic (1)
15:27:57.0124 1228  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:27:57.0140 1228  NetTcpPortSharing - ok
15:27:57.0155 1228  [ 790417821024E57BB736909BEE935B05 ] NHostNT1        C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS
15:27:57.0171 1228  NHostNT1 ( UnsignedFile.Multi.Generic ) - warning
15:27:57.0171 1228  NHostNT1 - detected UnsignedFile.Multi.Generic (1)
15:27:57.0218 1228  [ 2074B0E6924DDFB6A726A197CAD3B469 ] NHOSTNT3        C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS
15:27:57.0218 1228  NHOSTNT3 ( UnsignedFile.Multi.Generic ) - warning
15:27:57.0218 1228  NHOSTNT3 - detected UnsignedFile.Multi.Generic (1)
15:27:57.0265 1228  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:27:57.0343 1228  NIC1394 - ok
15:27:57.0359 1228  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:27:57.0374 1228  Nla - ok
15:27:57.0421 1228  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:27:57.0499 1228  Npfs - ok
15:27:57.0515 1228  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:27:57.0640 1228  Ntfs - ok
15:27:57.0640 1228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:27:57.0718 1228  NtLmSsp - ok
15:27:57.0749 1228  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:27:57.0827 1228  NtmsSvc - ok
15:27:57.0843 1228  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:27:57.0921 1228  Null - ok
15:27:58.0187 1228  [ 6733E80A193FC36F41C24142B0C45C0E ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:27:58.0671 1228  nv - ok
15:27:58.0702 1228  [ 2E6ED9FE65A9B3EC606603ED0F33DD7D ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
15:27:58.0718 1228  NVSvc - ok
15:27:58.0796 1228  [ 3C09CC7992A8ADECD1FDDFD5D8E69BAE ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:27:58.0905 1228  nvUpdatusService - ok
15:27:58.0952 1228  [ 326C012C7FE573829871FE9C9E41CF9B ] NWD211AN        C:\WINDOWS\system32\DRIVERS\WLANURN.sys
15:27:58.0968 1228  NWD211AN - ok
15:27:58.0999 1228  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:27:59.0077 1228  NwlnkFlt - ok
15:27:59.0109 1228  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:27:59.0187 1228  NwlnkFwd - ok
15:27:59.0218 1228  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:27:59.0296 1228  ohci1394 - ok
15:27:59.0312 1228  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:59.0327 1228  ose - ok
15:27:59.0343 1228  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
15:27:59.0421 1228  Parport - ok
15:27:59.0437 1228  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:27:59.0530 1228  PartMgr - ok
15:27:59.0562 1228  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:27:59.0640 1228  ParVdm - ok
15:27:59.0655 1228  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:27:59.0718 1228  PCI - ok
15:27:59.0734 1228  PCIDump - ok
15:27:59.0734 1228  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:27:59.0812 1228  PCIIde - ok
15:27:59.0843 1228  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:27:59.0921 1228  Pcmcia - ok
15:27:59.0921 1228  PDCOMP - ok
15:27:59.0921 1228  PDFRAME - ok
15:27:59.0937 1228  PDRELI - ok
15:27:59.0937 1228  PDRFRAME - ok
15:27:59.0937 1228  perc2 - ok
15:27:59.0937 1228  perc2hib - ok
15:27:59.0952 1228  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
15:27:59.0968 1228  PlugPlay - ok
15:27:59.0968 1228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:28:00.0046 1228  PolicyAgent - ok
15:28:00.0077 1228  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:28:00.0171 1228  PptpMiniport - ok
15:28:00.0171 1228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:28:00.0249 1228  ProtectedStorage - ok
15:28:00.0249 1228  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:28:00.0327 1228  PSched - ok
15:28:00.0327 1228  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:28:00.0405 1228  Ptilink - ok
15:28:00.0421 1228  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:28:00.0437 1228  PxHelp20 - ok
15:28:00.0437 1228  ql1080 - ok
15:28:00.0437 1228  Ql10wnt - ok
15:28:00.0452 1228  ql12160 - ok
15:28:00.0452 1228  ql1240 - ok
15:28:00.0452 1228  ql1280 - ok
15:28:00.0468 1228  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:28:00.0546 1228  RasAcd - ok
15:28:00.0577 1228  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:28:00.0655 1228  RasAuto - ok
15:28:00.0671 1228  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:28:00.0749 1228  Rasl2tp - ok
15:28:00.0780 1228  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:28:00.0859 1228  RasMan - ok
15:28:00.0859 1228  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:28:00.0937 1228  RasPppoe - ok
15:28:00.0937 1228  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:28:01.0015 1228  Raspti - ok
15:28:01.0062 1228  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:28:01.0140 1228  Rdbss - ok
15:28:01.0155 1228  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:28:01.0249 1228  RDPCDD - ok
15:28:01.0265 1228  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:28:01.0359 1228  rdpdr - ok
15:28:01.0390 1228  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:28:01.0405 1228  RDPWD - ok
15:28:01.0452 1228  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:28:01.0515 1228  RDSessMgr - ok
15:28:01.0546 1228  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:28:01.0624 1228  redbook - ok
15:28:01.0655 1228  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:28:01.0749 1228  RemoteAccess - ok
15:28:01.0780 1228  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:28:01.0859 1228  RemoteRegistry - ok
15:28:01.0859 1228  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:28:01.0937 1228  RpcLocator - ok
15:28:01.0952 1228  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
15:28:01.0968 1228  RpcSs - ok
15:28:02.0015 1228  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:28:02.0093 1228  RSVP - ok
15:28:02.0109 1228  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:28:02.0187 1228  SamSs - ok
15:28:02.0187 1228  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:28:02.0280 1228  SCardSvr - ok
15:28:02.0296 1228  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:28:02.0374 1228  Schedule - ok
15:28:02.0405 1228  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:28:02.0499 1228  Secdrv - ok
15:28:02.0530 1228  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:28:02.0609 1228  seclogon - ok
15:28:02.0640 1228  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
15:28:02.0718 1228  SENS - ok
15:28:02.0734 1228  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
15:28:02.0812 1228  serenum - ok
15:28:02.0812 1228  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
15:28:02.0890 1228  Serial - ok
15:28:02.0937 1228  [ 4D0CE0FADCA29E7DA68CE597AC9010BD ] sfdrv01a        C:\WINDOWS\system32\drivers\sfdrv01a.sys
15:28:02.0952 1228  sfdrv01a - ok
15:28:02.0968 1228  [ DAAD4C099EBF5094D32C373AC1AC0F3C ] sfhlp02         C:\WINDOWS\system32\drivers\sfhlp02.sys
15:28:02.0984 1228  sfhlp02 - ok
15:28:02.0999 1228  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:28:03.0093 1228  Sfloppy - ok
15:28:03.0109 1228  [ C526AD307FF1900BC4C864F74553F762 ] sfsync04        C:\WINDOWS\system32\drivers\sfsync04.sys
15:28:03.0109 1228  sfsync04 - ok
15:28:03.0124 1228  [ 5DC0D3978B2C98F370BD8A5C9FD86092 ] sfvfs02         C:\WINDOWS\system32\drivers\sfvfs02.sys
15:28:03.0124 1228  sfvfs02 - ok
15:28:03.0171 1228  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:28:03.0265 1228  SharedAccess - ok
15:28:03.0280 1228  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:28:03.0296 1228  ShellHWDetection - ok
15:28:03.0296 1228  Simbad - ok
15:28:03.0327 1228  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:28:03.0421 1228  SLIP - ok
15:28:03.0421 1228  Sparrow - ok
15:28:03.0452 1228  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:28:03.0530 1228  splitter - ok
15:28:03.0562 1228  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:28:03.0593 1228  Spooler - ok
15:28:03.0609 1228  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:28:03.0687 1228  sr - ok
15:28:03.0718 1228  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:28:03.0780 1228  srservice - ok
15:28:03.0827 1228  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:28:03.0843 1228  Srv - ok
15:28:03.0859 1228  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\WINDOWS\system32\DRIVERS\ssadbus.sys
15:28:03.0890 1228  ssadbus - ok
15:28:03.0921 1228  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
15:28:03.0968 1228  ssadmdfl - ok
15:28:03.0984 1228  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
15:28:03.0999 1228  ssadmdm - ok
15:28:04.0015 1228  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:28:04.0093 1228  SSDPSRV - ok
15:28:04.0124 1228  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:28:04.0124 1228  ssmdrv - ok
15:28:04.0155 1228  [ 91970CC4A3A30A01C1573184A62F5143 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
15:28:04.0171 1228  ssudmdm - ok
15:28:04.0202 1228  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:28:04.0296 1228  stisvc - ok
15:28:04.0312 1228  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:28:04.0390 1228  streamip - ok
15:28:04.0405 1228  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:28:04.0484 1228  swenum - ok
15:28:04.0499 1228  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:28:04.0577 1228  swmidi - ok
15:28:04.0577 1228  SwPrv - ok
15:28:04.0577 1228  symc810 - ok
15:28:04.0593 1228  symc8xx - ok
15:28:04.0593 1228  sym_hi - ok
15:28:04.0593 1228  sym_u3 - ok
15:28:04.0624 1228  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:28:04.0702 1228  sysaudio - ok
15:28:04.0734 1228  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:28:04.0812 1228  SysmonLog - ok
15:28:04.0827 1228  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:28:04.0905 1228  TapiSrv - ok
15:28:04.0921 1228  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:28:04.0937 1228  Tcpip - ok
15:28:04.0968 1228  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:28:05.0046 1228  TDPIPE - ok
15:28:05.0077 1228  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:28:05.0171 1228  TDTCP - ok
15:28:05.0187 1228  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:28:05.0265 1228  TermDD - ok
15:28:05.0296 1228  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
15:28:05.0390 1228  TermService - ok
15:28:05.0405 1228  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:28:05.0421 1228  Themes - ok
15:28:05.0421 1228  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:28:05.0499 1228  TlntSvr - ok
15:28:05.0499 1228  TosIde - ok
15:28:05.0515 1228  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:28:05.0593 1228  TrkWks - ok
15:28:05.0624 1228  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:28:05.0702 1228  Udfs - ok
15:28:05.0718 1228  ultra - ok
15:28:05.0734 1228  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:28:05.0843 1228  Update - ok
15:28:05.0859 1228  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:28:05.0937 1228  upnphost - ok
15:28:05.0937 1228  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
15:28:06.0015 1228  UPS - ok
15:28:06.0046 1228  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:28:06.0124 1228  usbccgp - ok
15:28:06.0155 1228  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:28:06.0249 1228  usbehci - ok
15:28:06.0280 1228  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:28:06.0359 1228  usbhub - ok
15:28:06.0390 1228  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:28:06.0468 1228  usbstor - ok
15:28:06.0484 1228  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:28:06.0562 1228  usbuhci - ok
15:28:06.0577 1228  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:28:06.0655 1228  VgaSave - ok
15:28:06.0655 1228  ViaIde - ok
15:28:06.0671 1228  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:28:06.0749 1228  VolSnap - ok
15:28:06.0780 1228  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
15:28:06.0874 1228  VSS - ok
15:28:06.0905 1228  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
15:28:06.0984 1228  W32Time - ok
15:28:07.0015 1228  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:28:07.0093 1228  Wanarp - ok
15:28:07.0093 1228  WDICA - ok
15:28:07.0124 1228  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:28:07.0218 1228  wdmaud - ok
15:28:07.0249 1228  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:28:07.0327 1228  WebClient - ok
15:28:07.0359 1228  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
15:28:07.0390 1228  WmdmPmSN - ok
15:28:07.0421 1228  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:28:07.0452 1228  Wmi - ok
15:28:07.0530 1228  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:28:07.0593 1228  WmiApSrv - ok
15:28:07.0609 1228  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:28:07.0624 1228  WpdUsb - ok
15:28:07.0702 1228  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:28:07.0749 1228  WPFFontCache_v0400 - ok
15:28:07.0765 1228  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:28:07.0859 1228  wscsvc - ok
15:28:07.0874 1228  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:28:07.0968 1228  WSTCODEC - ok
15:28:07.0999 1228  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:28:08.0077 1228  wuauserv - ok
15:28:08.0093 1228  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:28:08.0124 1228  WudfPf - ok
15:28:08.0124 1228  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:28:08.0140 1228  WudfRd - ok
15:28:08.0140 1228  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
15:28:08.0171 1228  WudfSvc - ok
15:28:08.0187 1228  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:28:08.0312 1228  WZCSVC - ok
15:28:08.0343 1228  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:28:08.0405 1228  xmlprov - ok
15:28:08.0421 1228  [ 228EF1572CED753FE18409BB77123204 ] ZDCNDIS5        C:\WINDOWS\system32\ZDCNDIS5.sys
15:28:08.0437 1228  ZDCNDIS5 ( UnsignedFile.Multi.Generic ) - warning
15:28:08.0437 1228  ZDCNDIS5 - detected UnsignedFile.Multi.Generic (1)
15:28:08.0452 1228  ================ Scan global ===============================
15:28:08.0484 1228  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:28:08.0530 1228  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:28:08.0530 1228  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:28:08.0546 1228  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:28:08.0546 1228  [Global] - ok
15:28:08.0546 1228  ================ Scan MBR ==================================
15:28:08.0562 1228  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:28:08.0827 1228  \Device\Harddisk0\DR0 - ok
15:28:08.0827 1228  ================ Scan VBR ==================================
15:28:08.0827 1228  [ 9087B27AB38B4B17053282718ACAD17B ] \Device\Harddisk0\DR0\Partition1
15:28:08.0827 1228  \Device\Harddisk0\DR0\Partition1 - ok
15:28:08.0843 1228  [ 4E1AC69FBED7D3388592AD7A3EBBD565 ] \Device\Harddisk0\DR0\Partition2
15:28:08.0843 1228  \Device\Harddisk0\DR0\Partition2 - ok
15:28:08.0859 1228  [ 3238135118CE396EA1F00ADC26C12DA9 ] \Device\Harddisk0\DR0\Partition3
15:28:08.0859 1228  \Device\Harddisk0\DR0\Partition3 - ok
15:28:08.0859 1228  ============================================================
15:28:08.0859 1228  Scan finished
15:28:08.0859 1228  ============================================================
15:28:08.0968 1344  Detected object count: 10
15:28:08.0968 1344  Actual detected object count: 10
15:29:35.0124 1344  athrusb ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0124 1344  athrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:35.0124 1344  CDMA Device Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0124 1344  CDMA Device Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:35.0140 1344  DatevPrintService ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0140 1344  DatevPrintService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:35.0140 1344  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0140 1344  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:35.0140 1344  IntelDH ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0140 1344  IntelDH ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:35.0140 1344  NB762_XP ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0140 1344  NB762_XP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:35.0140 1344  NetOp Host for NT Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0140 1344  NetOp Host for NT Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:35.0140 1344  NHostNT1 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0140 1344  NHostNT1 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:35.0140 1344  NHOSTNT3 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0140 1344  NHOSTNT3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:35.0140 1344  ZDCNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:35.0140 1344  ZDCNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip