Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner an bord :-(

GVU Trojaner an bord :-(


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner an bord :-(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 28.01.2013, 21:34   #1
yaggi
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


mein Onkel hat sich einen GVU-Trojaner zugezogen! Gott sei Dank war die Dame an der Kasse so schlau ihm vom Bezahlen der 100,-€ abzuraten, sonst wären sie ersten Moneten schon weg!!
Aber zu Thema:

Ich hab hier gelesen man solle auf alle Fälle ein neues Thema für die Bereinigung anfangen, was ich hiermit tue ;-)

Ich hab mir nach diesem Thread "http://www.trojaner-board.de/129895-...noob-gvu.html" eine OTLPE-CD gebrannt und der 1. Scan läuft gerade!

Da man anscheinend keine Selbstversuche starten soll, warte ich nun auf Eure Hilfe!

Ach ja, toller Job, den Ihr hier macht und vielen Dank schon mal im Voraus!!!

Alt 28.01.2013, 21:38   #2
markusg
/// Malware-holic
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


Hi
na da kann er sich bei der Dame noch mal bedanken.
starte neu, gehe in den abgesicherten Modus mit netzwerk melde dich in deinem Konto an.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 30.01.2013, 10:24   #3
yaggi
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


hallo markusd,

erstmal vielen Dank für Deine Mühe! Und sorry, dass ich mich erst jetzt melde, aber ich hatte vorübergehend einen Trojaner im Darm und bin flach gelegen

Zum eigentlichen Thema: da der Schädling auch im abgesicherten Modus aktiv ist, hab ich mir eine REATOGO-X-PE gebrannt und den Scan hier laufen lassen. Hoffe es passt so!

hier die OTL.TXTOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/30/2013 9:57:43 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 787.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 826.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 52.68 Gb Total Space | 16.97 Gb Free Space | 32.22% Space Free | Partition Type: NTFS
Drive D: | 123.23 Mb Total Space | 123.11 Mb Free Space | 99.91% Space Free | Partition Type: FAT
Drive E: | 17.21 Gb Total Space | 11.45 Gb Free Space | 66.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (winmgmt) -- C:\Dokumente und Einstellungen\Erich\Lokale Einstellungen\Temp\7CFjIy9.exe (Microsoft Corporation)
SRV - (SPAMfighter Update Service) -- C:\Programme\Fighters\SPAMfighter\sfus.exe (SPAMfighter ApS)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NICCONFIGSVC) -- C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) Intel(R) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (ScsiAccess) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (Ser2pl) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (Changer) --  File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Logix4u)
DRV - (Kithara-Lewetz) -- C:\WINDOWS\system32\Lewetz.sys (Kithara Software GmbH)
DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Kithara-Ksts7) -- C:\WINDOWS\system32\Ksts7.sys (Kithara Software GmbH)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (wsppkt) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys (SingleClick Systems)
DRV - (hnmwrlspkt) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys (SingleClick Systems)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (DSproct) -- C:\Programme\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (Mach3) -- C:\WINDOWS\system32\drivers\Mach3.sys (Your Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1060915
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1060915
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1060915
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Erich_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1060915
IE - HKU\Erich_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Erich_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Erich_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Erich_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Erich_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Erich_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Erich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Erich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
IE - HKU\Jana_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1060915
IE - HKU\Jana_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de
IE - HKU\Jana_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\Jana_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Lisa_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1060915
IE - HKU\Lisa_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de
IE - HKU\Lisa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.antolin.de/
IE - HKU\Lisa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Erich_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Jana_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupDutyLite] C:\Programme\BackUpDutyLite\BackUpDutyLite.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Programme\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [CTSVolFE.exe] C:\Programme\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Programme\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MMTray] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RegUse]  File not found
O4 - HKLM..\Run: [sfagent] C:\Programme\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Erich_ON_C..\Run: [DellSupport] C:\Programme\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Erich_ON_C..\Run: [Driver Mender] C:\Programme\Driver Mender\Driver Mender\DriverMender.exe (PC Drivers Headquarters)
O4 - HKU\Erich_ON_C..\Run: [KGShareApp] C:\Programme\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKU\Erich_ON_C..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\Erich_ON_C..\Run: [ModemOnHold] C:\Programme\NetWaiting\netwaiting.exe ()
O4 - HKU\Erich_ON_C..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\Jana_ON_C..\Run: [ModemOnHold] C:\Programme\NetWaiting\netwaiting.exe ()
O4 - HKU\Lisa_ON_C..\Run: [ModemOnHold] C:\Programme\NetWaiting\netwaiting.exe ()
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\KODAK Software Updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\p6_19_erinnerung.lnk = C:\Programme\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\p6_erinnerung_197.lnk = C:\Programme\phase6\phase6_197\WinStart\p6erinnerung.exe (phase-6 AG)
O4 - Startup: C:\Dokumente und Einstellungen\Erich\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Erich_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jana_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lisa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - hxxp://upload.wikimedia.org/wikipedia/commons/8/8a/ISS_after_completion_%28as_of_June_2006%29.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O29 - HKLM SecurityProviders - (mcenspc.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/18 07:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/24 11:04:53 | 000,000,100 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: winmgmt - C:\Dokumente und Einstellungen\Erich\Lokale Einstellungen\Temp\7CFjIy9.exe (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/27 10:42:21 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Erich\28269578.exe
[2013/01/17 02:45:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Fighters
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/30 03:44:50 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\9yIjFC7.pad
[2013/01/30 03:44:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/30 03:42:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/28 14:54:42 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\BackupDutyLite.job
[2013/01/28 14:54:18 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/28 02:28:01 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/01/27 11:52:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/27 10:38:40 | 000,003,137 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\9yIjFC7.js
[2013/01/27 10:38:40 | 000,000,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Erich\Startmenü\Programme\Autostart\runctf.lnk
[2013/01/27 10:07:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/27 09:16:20 | 000,002,513 | ---- | M] () -- C:\Dokumente und Einstellungen\Erich\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2013/01/27 05:09:19 | 000,006,115 | ---- | M] () -- C:\Dokumente und Einstellungen\Erich\Eigene Dateien\eaglerc.usr
[2013/01/27 04:06:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/17 02:45:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Fighters
[2013/01/10 04:08:44 | 000,479,662 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/01/10 04:08:44 | 000,458,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 04:08:44 | 000,094,102 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/01/10 04:08:44 | 000,078,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/10 04:00:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/27 10:38:40 | 000,003,137 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\9yIjFC7.js
[2013/01/27 10:38:40 | 000,000,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Erich\Startmenü\Programme\Autostart\runctf.lnk
[2013/01/27 10:38:32 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\9yIjFC7.pad
[2012/02/15 04:01:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/10 06:46:04 | 000,000,051 | ---- | C] () -- C:\WINDOWS\ChEditor.INI
[2011/12/10 06:45:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2008/12/25 12:59:56 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Lisa\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/12/25 12:52:02 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Jana\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/12/25 12:04:06 | 000,290,904 | R--- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll
[2008/07/09 15:00:18 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/02/10 03:44:54 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Erich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/05 03:52:23 | 000,001,297 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/01/28 07:28:09 | 000,070,656 | ---- | C] () -- C:\WINDOWS\cabarc.exe
[2007/01/28 07:28:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\GkSui20.EXE
[2006/12/03 11:29:17 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006/11/04 06:48:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006/10/15 00:57:18 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/10/07 10:13:02 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
[2006/10/07 09:15:48 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/26 14:31:25 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\443C20C7E8.sys
[2006/09/21 11:12:37 | 000,002,498 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/09/20 14:48:34 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/20 14:48:34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\E8C7203C44.sys
[2006/09/20 08:21:56 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Erich\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/09/20 08:21:41 | 000,000,141 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/09/14 21:49:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/14 21:46:18 | 000,000,855 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/09/14 21:44:11 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/14 21:36:25 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/14 21:32:06 | 000,000,004 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QSLLPSVCShare
[2006/09/14 21:03:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/14 21:03:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/14 21:02:56 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/18 07:26:49 | 000,000,949 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/18 07:22:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/18 07:16:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/18 07:15:48 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/18 07:12:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/18 07:11:35 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/18 07:05:50 | 000,479,662 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/18 07:05:50 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/18 07:05:50 | 000,094,102 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/18 07:05:50 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/18 07:05:37 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/18 07:05:35 | 000,458,664 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/18 07:05:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/18 07:05:35 | 000,078,956 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/18 07:05:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/18 07:05:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/18 07:05:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/18 07:05:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/18 07:05:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/18 07:05:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/18 07:05:18 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/18 07:05:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/02/04 01:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2000/09/08 09:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
 
========== LOP Check ==========
 
[2012/06/19 07:38:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater
[2010/10/19 11:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Erich\Anwendungsdaten\Canon
[2008/07/11 11:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Erich\Anwendungsdaten\CD-LabelPrint
[2012/02/09 04:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Erich\Anwendungsdaten\Fighters
[2006/09/20 14:28:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Erich\Anwendungsdaten\Leadertech
[2006/10/07 10:27:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Erich\Anwendungsdaten\Musicmatch
[2008/07/09 15:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Erich\Anwendungsdaten\ScanSoft
[2009/06/10 04:32:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Erich\Anwendungsdaten\Skinux
[2012/05/31 10:30:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Erich\Anwendungsdaten\Uniblue
[2012/03/31 03:16:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jana\Anwendungsdaten\Fighters
[2012/05/12 09:41:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jana\Anwendungsdaten\Search Settings
[2009/07/25 03:56:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jana\Anwendungsdaten\Skinux
[2009/03/19 07:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jana\Anwendungsdaten\SPAMfighter
[2012/06/23 02:27:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jana\Anwendungsdaten\YouTube Downloader
[2012/05/19 03:26:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lisa\Anwendungsdaten\Fighters
[2012/05/19 03:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lisa\Anwendungsdaten\Search Settings
[2009/07/31 04:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lisa\Anwendungsdaten\Skinux
[2008/12/25 13:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lisa\Anwendungsdaten\SPAMfighter
[2012/05/19 03:28:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lisa\Anwendungsdaten\YouTube Downloader
[2012/02/09 04:27:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Fighters
[2008/07/09 14:39:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012/06/03 01:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2013/01/17 02:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
[2008/07/09 15:00:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2012/10/25 11:39:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012/06/03 01:44:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB
[2012/06/24 02:02:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2009/04/29 03:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2012/04/11 02:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{FD7CAB3E-E895-4E98-9D68-A307CC601204}
[2013/01/28 14:54:42 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\BackupDutyLite.job
[2012/08/08 05:31:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Mender-RTMRules.job
[2012/06/03 01:43:53 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Mender-RTMScan.job
[2012/06/03 01:43:55 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Mender-RTMUpdater.job
[2012/07/20 01:41:35 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\RegUse.job
[2013/01/28 02:28:01 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/02/20 11:41:00 | 000,000,000 | ---D | M] -- C:\6a9a36fb08e4d1876eeecb
[2013/01/17 02:46:01 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006/09/21 10:33:31 | 000,000,000 | ---D | M] -- C:\dell
[2011/12/30 11:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2008/12/25 12:59:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2006/09/14 21:03:22 | 000,000,000 | ---D | M] -- C:\drivers
[2011/12/30 11:09:22 | 000,000,000 | ---D | M] -- C:\EasyPalCommonRepeaterDir
[2006/09/14 21:49:30 | 000,000,000 | ---D | M] -- C:\i386
[2012/06/03 08:35:43 | 000,000,000 | ---D | M] -- C:\KPCMS
[2007/01/28 07:34:30 | 000,000,000 | ---D | M] -- C:\Mach3
[2006/10/07 09:46:18 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/04/17 07:47:53 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2011/12/30 11:09:22 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/12/21 10:43:47 | 000,000,000 | ---D | M] -- C:\Programme
[2011/12/21 14:01:34 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/04/21 09:11:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007/09/17 09:10:16 | 000,000,000 | ---D | M] -- C:\TEMP
[2007/09/18 16:08:35 | 000,000,000 | ---D | M] -- C:\totalcmd
[2011/12/30 11:09:22 | 000,000,000 | ---D | M] -- C:\users
[2013/01/30 03:44:13 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2008/12/02 05:25:12 | 000,000,000 | ---D | M] -- C:\WinPC-NC Economy Demo
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008/04/14 01:53:10 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008/04/14 01:53:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008/04/14 01:53:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008/04/14 01:53:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008/04/14 01:53:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008/04/14 01:53:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008/04/14 01:53:10 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
 
< MD5 for: AGP440.SYS  >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\agp440.sys
[2008/04/13 18:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 01:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\eventlog.dll
[2008/04/14 01:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\i386\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/04 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 08:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/14 01:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/14 01:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\explorer.exe
[2007/06/13 08:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/14 01:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\netlogon.dll
[2008/04/14 01:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\i386\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 01:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\scecli.dll
[2008/04/14 01:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\i386\scecli.dll
[2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 13:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 10:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 13:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\i386\user32.dll
[2004/08/04 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 10:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/14 01:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\user32.dll
[2008/04/14 01:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 01:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe
[2008/04/14 01:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\i386\userinit.exe
[2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\i386\winlogon.exe
[2004/08/04 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe
[2008/04/14 01:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\i386\ws2ifsl.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004/08/18 07:11:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/18 07:11:04 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/18 07:11:04 | 000,413,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/10/31 22:28:29 | 006,105,088 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/10/31 22:28:29 | 000,268,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 01:52:20 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 01:52:22 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 01:52:24 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\psapi.dll
[2012/06/08 09:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012/11/13 06:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< CREATERESTOREPOINT >
 
< End of report >
--- --- ---


und die EXTRA.TXT
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 1/30/2013 9:57:43 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 787.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 826.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 52.68 Gb Total Space | 16.97 Gb Free Space | 32.22% Space Free | Partition Type: NTFS
Drive D: | 123.23 Mb Total Space | 123.11 Mb Free Space | 99.91% Space Free | Partition Type: FAT
Drive E: | 17.21 Gb Total Space | 11.45 Gb Free Space | 66.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Dell Network Assistant\ezi_hnm2.exe" = C:\Programme\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971 -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}" = KODAK Share-Tastenanwendung
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{34A6ADBE-2521-4634-96AA-E4B9C3F0BF20}" = AVRStudio4
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36415915-0B92-4F82-A240-42D3C14304F0}" = Driver Mender
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3EE75730-B5B8-490B-B560-913C5C840719}" = EasyPal  01X/DEC/08
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5F65ECEE-EB1D-4C85-8D8C-9C7CE2DBB1D6}" = Karte Europa
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B58D3D06-1C79-48EF-AF7E-79D8629D16E0}" = phase6_197
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C037D08B-4883-491D-9329-DC5ACA90F797}" = Sony Ericsson PC Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{D9DCC53C-D199-4261-8A60-FA7616F73F19}" = English Network 2 Aussprache-CD-ROM
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DFAC9B29-AB5E-4331-B509-4156B43D0133}" = LED  16.03.06
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DA4ACE-5E3E-47AD-A408-EBCFC14A78AB}" = English Network Starter Aussprache-CD-ROM
"{F1EDF79D-5F1E-4E49-9E01-4C2EE56C24BA}" = Marco Polo Mobile Navigator 3
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FC5DE7E9-5805-497A-9090-9FF46630485A}" = SPAMfighter
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BackUpDutyLite" = BackUpDutyLite
"beacon -light-_is1" = beacon -light-  1.0b
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Ch Editor for 5119" = Ch Editor
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
"EAGLE 4.16r1" = EAGLE 4.16r1
"EAGLE 4.16r2" = EAGLE 4.16r2
"EasyPal_is1" = EasyPal version 14BB
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Encarta Virtual Globe 3.0" = Microsoft Encarta Weltatlas - Version 98
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Frontplatten Designer 3.51" = Frontplatten Designer 3.51
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Kithara Tool Suite 7 Runtime" = Kithara Tool Suite 7 Runtime
"Lewetz Real-time Driver" = Lewetz Real-time Driver
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mini dB-Rechner_is1" = mini dB-Rechner 1.3.2
"minirk12_is1" = mini Ringkern-Rechner 1.2
"MIXERLITE" = Mixer
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"SearchAssist" = SearchAssist
"SPAMfighter" = SPAMfighter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPC-NC Economy Demo" = WinPC-NC Economy Demo
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YAKUMO EazyGo" = YAKUMO EazyGo
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Erich_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Jana_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Lisa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
< End of report >
--- --- ---


Hallo! Könnte sich bitte mal jemand um mich kümmern? ;-)
__________________
Alt 31.01.2013, 13:42   #4
markusg
/// Malware-holic
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


hi
das is unangenem, und ich hoffe es passt nu wieder alles
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - Startup: C:\Dokumente und Einstellungen\Erich\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
[2013/01/27 10:42:21 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Erich\28269578.exe
[2013/01/30 03:44:50 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\9yIjFC7.pad
[2013/01/27 10:38:40 | 000,003,137 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\9yIjFC7.js
[2013/01/27 10:38:40 | 000,000,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Erich\Startmenü\Programme\Autostart\runctf.lnk
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.01.2013, 15:59   #5
yaggi
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


Hallo,

danke für Deine Mühen!
Mit einigen Umwegen hat alles geklappt!

hier das Log:
========== OTL ==========
C:\Dokumente und Einstellungen\Erich\Startmenü\Programme\Autostart\runctf.lnk moved successfully.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\Erich\28269578.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\9yIjFC7.pad moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\9yIjFC7.js moved successfully.
File C:\Dokumente und Einstellungen\Erich\Startmenü\Programme\Autostart\runctf.lnk not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: Erich
->Temp folder emptied: 2410262460 bytes
->Temporary Internet Files folder emptied: 547198852 bytes
->Java cache emptied: 14390854 bytes
->Flash cache emptied: 1956230 bytes

User: Jana
->Temp folder emptied: 5800110 bytes
->Temporary Internet Files folder emptied: 259573881 bytes
->Flash cache emptied: 19272 bytes

User: Lisa
->Temp folder emptied: 4117884 bytes
->Temporary Internet Files folder emptied: 35897414 bytes
->Java cache emptied: 73489 bytes
->Flash cache emptied: 13365 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2876319 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

Total Flash Files Cleaned = 3,130.00 mb


[EMPTYTEMP]

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Erich
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jana
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lisa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 172367012 bytes

Total Files Cleaned = 164.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 01312013_152020

Files\Folders moved on Reboot...
File\Folder X:\I386\SYSTEM32\RUNDLL32.EXE not found!

Registry entries deleted on Reboot...

Zip-datei kommt gleich

upload hat geklappt


Alt 31.01.2013, 16:55   #6
markusg
/// Malware-holic
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


ok
dann weiter hiermit:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
--> GVU Trojaner an bord :-(

Alt 31.01.2013, 17:13   #7
yaggi
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


hier das Tdsskiller-log

17:06:27.0820 3428 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:06:27.0992 3428 ============================================================
17:06:27.0992 3428 Current date / time: 2013/01/31 17:06:27.0992
17:06:27.0992 3428 SystemInfo:
17:06:27.0992 3428
17:06:27.0992 3428 OS Version: 5.1.2600 ServicePack: 3.0
17:06:27.0992 3428 Product type: Workstation
17:06:27.0992 3428 ComputerName: PC-GREINER-3
17:06:27.0992 3428 UserName: Erich
17:06:27.0992 3428 Windows directory: C:\WINDOWS
17:06:27.0992 3428 System windows directory: C:\WINDOWS
17:06:27.0992 3428 Processor architecture: Intel x86
17:06:27.0992 3428 Number of processors: 2
17:06:27.0992 3428 Page size: 0x1000
17:06:27.0992 3428 Boot type: Normal boot
17:06:27.0992 3428 ============================================================
17:06:29.0867 3428 Drive \Device\Harddisk0\DR0 - Size: 0x1248119400 (73.13 Gb), SectorSize: 0x200, Cylinders: 0x254A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:06:29.0867 3428 ============================================================
17:06:29.0867 3428 \Device\Harddisk0\DR0:
17:06:29.0867 3428 MBR partitions:
17:06:29.0867 3428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x695C69D
17:06:29.0867 3428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x69878E8, BlocksNum 0x2269146
17:06:29.0867 3428 ============================================================
17:06:29.0914 3428 C: <-> \Device\Harddisk0\DR0\Partition1
17:06:29.0961 3428 D: <-> \Device\Harddisk0\DR0\Partition2
17:06:29.0961 3428 ============================================================
17:06:29.0961 3428 Initialize success
17:06:29.0961 3428 ============================================================
17:07:31.0195 1152 ============================================================
17:07:31.0195 1152 Scan started
17:07:31.0195 1152 Mode: Manual; SigCheck; TDLFS;
17:07:31.0195 1152 ============================================================
17:07:32.0929 1152 ================ Scan system memory ========================
17:07:34.0992 1152 System memory - ok
17:07:34.0992 1152 ================ Scan services =============================
17:07:35.0101 1152 Abiosdsk - ok
17:07:35.0132 1152 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:07:36.0445 1152 abp480n5 - ok
17:07:36.0539 1152 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
17:07:36.0632 1152 ACDaemon - ok
17:07:36.0664 1152 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:07:36.0929 1152 ACPI - ok
17:07:36.0976 1152 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:07:37.0101 1152 ACPIEC - ok
17:07:37.0211 1152 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:07:37.0242 1152 AdobeFlashPlayerUpdateSvc - ok
17:07:37.0257 1152 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:07:37.0414 1152 adpu160m - ok
17:07:37.0445 1152 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:07:37.0601 1152 aec - ok
17:07:37.0632 1152 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:07:37.0632 1152 AegisP ( UnsignedFile.Multi.Generic ) - warning
17:07:37.0632 1152 AegisP - detected UnsignedFile.Multi.Generic (1)
17:07:37.0664 1152 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:07:37.0726 1152 AFD - ok
17:07:37.0773 1152 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:07:37.0898 1152 agp440 - ok
17:07:37.0914 1152 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:07:38.0054 1152 agpCPQ - ok
17:07:38.0148 1152 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:07:38.0289 1152 Aha154x - ok
17:07:38.0336 1152 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:07:38.0492 1152 aic78u2 - ok
17:07:38.0523 1152 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:07:38.0711 1152 aic78xx - ok
17:07:38.0757 1152 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:07:38.0945 1152 Alerter - ok
17:07:38.0976 1152 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:07:39.0148 1152 ALG - ok
17:07:39.0164 1152 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:07:39.0289 1152 AliIde - ok
17:07:39.0320 1152 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:07:39.0461 1152 alim1541 - ok
17:07:39.0554 1152 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:07:39.0695 1152 amdagp - ok
17:07:39.0695 1152 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
17:07:39.0773 1152 amsint - ok
17:07:39.0851 1152 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:07:39.0867 1152 AntiVirSchedulerService - ok
17:07:39.0914 1152 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:07:39.0929 1152 AntiVirService - ok
17:07:39.0961 1152 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
17:07:39.0961 1152 APPDRV ( UnsignedFile.Multi.Generic ) - warning
17:07:39.0961 1152 APPDRV - detected UnsignedFile.Multi.Generic (1)
17:07:39.0976 1152 AppMgmt - ok
17:07:40.0023 1152 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:07:40.0211 1152 Arp1394 - ok
17:07:40.0257 1152 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
17:07:40.0476 1152 asc - ok
17:07:40.0539 1152 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:07:40.0632 1152 asc3350p - ok
17:07:40.0664 1152 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:07:40.0851 1152 asc3550 - ok
17:07:41.0007 1152 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:07:41.0070 1152 aspnet_state - ok
17:07:41.0086 1152 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:07:41.0226 1152 AsyncMac - ok
17:07:41.0257 1152 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:07:41.0382 1152 atapi - ok
17:07:41.0398 1152 Atdisk - ok
17:07:41.0414 1152 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:07:41.0632 1152 Atmarpc - ok
17:07:41.0664 1152 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:07:41.0789 1152 AudioSrv - ok
17:07:41.0804 1152 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:07:41.0945 1152 audstub - ok
17:07:41.0961 1152 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:07:41.0992 1152 avgntflt - ok
17:07:42.0023 1152 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:07:42.0039 1152 avipbb - ok
17:07:42.0054 1152 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:07:42.0070 1152 avkmgr - ok
17:07:42.0101 1152 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:07:42.0164 1152 bcm4sbxp - ok
17:07:42.0226 1152 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:07:42.0414 1152 Beep - ok
17:07:42.0476 1152 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:07:42.0726 1152 BITS - ok
17:07:42.0757 1152 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:07:42.0836 1152 Browser - ok
17:07:42.0851 1152 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:07:43.0039 1152 cbidf - ok
17:07:43.0054 1152 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:07:43.0179 1152 cbidf2k - ok
17:07:43.0211 1152 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:07:43.0304 1152 cd20xrnt - ok
17:07:43.0351 1152 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:07:43.0507 1152 Cdaudio - ok
17:07:43.0539 1152 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:07:43.0679 1152 Cdfs - ok
17:07:43.0726 1152 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:07:43.0789 1152 Cdrom - ok
17:07:43.0789 1152 Changer - ok
17:07:43.0836 1152 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:07:43.0992 1152 CiSvc - ok
17:07:44.0007 1152 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:07:44.0164 1152 ClipSrv - ok
17:07:44.0195 1152 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:07:44.0257 1152 clr_optimization_v2.0.50727_32 - ok
17:07:44.0273 1152 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:07:44.0476 1152 CmBatt - ok
17:07:44.0554 1152 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:07:44.0757 1152 CmdIde - ok
17:07:44.0836 1152 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:07:44.0976 1152 Compbatt - ok
17:07:44.0976 1152 COMSysApp - ok
17:07:45.0007 1152 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:07:45.0148 1152 Cpqarray - ok
17:07:45.0164 1152 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:07:45.0351 1152 CryptSvc - ok
17:07:45.0445 1152 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:07:45.0648 1152 dac2w2k - ok
17:07:45.0742 1152 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:07:45.0945 1152 dac960nt - ok
17:07:46.0039 1152 [ 30E4C5DE753616BA1243A05A4FF5AAD2 ] DcCam C:\WINDOWS\system32\DRIVERS\DcCam.sys
17:07:46.0132 1152 DcCam - ok
17:07:46.0195 1152 [ A444074CAACCC2E794D2E5F93D2679EE ] DcFpoint C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
17:07:46.0226 1152 DcFpoint - ok
17:07:46.0257 1152 [ 6E770432A09617CA74CB0525EDF06EF3 ] DCFS2K C:\WINDOWS\system32\drivers\dcfs2k.sys
17:07:46.0273 1152 DCFS2K - ok
17:07:46.0304 1152 [ 89977377AA94D71C1DDE3A82D23223CC ] DcLps C:\WINDOWS\system32\DRIVERS\DcLps.sys
17:07:46.0336 1152 DcLps - ok
17:07:46.0398 1152 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:07:46.0554 1152 DcomLaunch - ok
17:07:46.0586 1152 [ CE0AE71BB5A092D5BB0B298D5BC7A208 ] DcPTP C:\WINDOWS\system32\DRIVERS\DcPTP.sys
17:07:46.0632 1152 DcPTP - ok
17:07:46.0664 1152 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:07:46.0898 1152 Dhcp - ok
17:07:46.0945 1152 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:07:47.0086 1152 Disk - ok
17:07:47.0101 1152 dmadmin - ok
17:07:47.0304 1152 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:07:47.0507 1152 dmboot - ok
17:07:47.0586 1152 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:07:47.0789 1152 dmio - ok
17:07:47.0851 1152 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:07:48.0054 1152 dmload - ok
17:07:48.0148 1152 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:07:48.0351 1152 dmserver - ok
17:07:48.0382 1152 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:07:48.0523 1152 DMusic - ok
17:07:48.0554 1152 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:07:48.0632 1152 Dnscache - ok
17:07:48.0664 1152 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:07:48.0804 1152 Dot3svc - ok
17:07:48.0820 1152 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:07:48.0961 1152 dpti2o - ok
17:07:49.0023 1152 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:07:49.0164 1152 drmkaud - ok
17:07:49.0226 1152 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
17:07:49.0242 1152 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
17:07:49.0242 1152 drvmcdb - detected UnsignedFile.Multi.Generic (1)
17:07:49.0242 1152 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
17:07:49.0257 1152 drvnddm ( UnsignedFile.Multi.Generic ) - warning
17:07:49.0257 1152 drvnddm - detected UnsignedFile.Multi.Generic (1)
17:07:49.0320 1152 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Programme\Dell Support\GTAction\triggers\DSproct.sys
17:07:49.0336 1152 DSproct ( UnsignedFile.Multi.Generic ) - warning
17:07:49.0336 1152 DSproct - detected UnsignedFile.Multi.Generic (1)
17:07:49.0367 1152 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:07:49.0507 1152 E100B - ok
17:07:49.0523 1152 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:07:49.0648 1152 EapHost - ok
17:07:49.0679 1152 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:07:49.0867 1152 ERSvc - ok
17:07:49.0945 1152 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:07:50.0007 1152 Eventlog - ok
17:07:50.0054 1152 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:07:50.0101 1152 EventSystem - ok
17:07:50.0148 1152 [ F96E450937BAD69FE4804D46829AA5C7 ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe
17:07:50.0148 1152 EvtEng ( UnsignedFile.Multi.Generic ) - warning
17:07:50.0148 1152 EvtEng - detected UnsignedFile.Multi.Generic (1)
17:07:50.0179 1152 [ 80FB249DEF6F5A157B531349E71CC6AC ] Exportit C:\WINDOWS\system32\DRIVERS\exportit.sys
17:07:50.0242 1152 Exportit - ok
17:07:50.0304 1152 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:07:50.0476 1152 Fastfat - ok
17:07:50.0554 1152 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:07:50.0617 1152 FastUserSwitchingCompatibility - ok
17:07:50.0664 1152 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
17:07:50.0882 1152 Fax - ok
17:07:50.0929 1152 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:07:51.0054 1152 Fdc - ok
17:07:51.0132 1152 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:07:51.0257 1152 Fips - ok
17:07:51.0289 1152 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:07:51.0429 1152 Flpydisk - ok
17:07:51.0461 1152 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:07:51.0586 1152 FltMgr - ok
17:07:51.0648 1152 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:07:51.0679 1152 FontCache3.0.0.0 - ok
17:07:51.0679 1152 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:07:51.0836 1152 Fs_Rec - ok
17:07:51.0851 1152 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:07:51.0976 1152 Ftdisk - ok
17:07:52.0039 1152 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
17:07:52.0054 1152 GoogleDesktopManager-051210-111108 - ok
17:07:52.0101 1152 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:07:52.0226 1152 Gpc - ok
17:07:52.0320 1152 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
17:07:52.0336 1152 gupdate - ok
17:07:52.0336 1152 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
17:07:52.0351 1152 gupdatem - ok
17:07:52.0429 1152 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
17:07:52.0445 1152 gusvc - ok
17:07:52.0461 1152 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:07:52.0601 1152 HDAudBus - ok
17:07:52.0648 1152 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:07:52.0773 1152 helpsvc - ok
17:07:52.0820 1152 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:07:52.0945 1152 HidServ - ok
17:07:52.0976 1152 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:07:53.0117 1152 HidUsb - ok
17:07:53.0148 1152 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:07:53.0273 1152 hkmsvc - ok
17:07:53.0304 1152 [ CABBA915F11FF2013C550BB1A9B977DF ] hnmwrlspkt C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
17:07:53.0320 1152 hnmwrlspkt ( UnsignedFile.Multi.Generic ) - warning
17:07:53.0320 1152 hnmwrlspkt - detected UnsignedFile.Multi.Generic (1)
17:07:53.0351 1152 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
17:07:53.0476 1152 hpn - ok
17:07:53.0507 1152 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:07:53.0554 1152 HSFHWAZL - ok
17:07:53.0617 1152 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:07:53.0742 1152 HSF_DPV - ok
17:07:53.0789 1152 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:07:53.0820 1152 HTTP - ok
17:07:53.0867 1152 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:07:54.0007 1152 HTTPFilter - ok
17:07:54.0054 1152 [ 448BB2FE30F1DDE9EAA4F0E87B52B687 ] hwinterface C:\WINDOWS\system32\Drivers\hwinterface.sys
17:07:54.0054 1152 hwinterface ( UnsignedFile.Multi.Generic ) - warning
17:07:54.0054 1152 hwinterface - detected UnsignedFile.Multi.Generic (1)
17:07:54.0101 1152 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
17:07:54.0304 1152 i2omgmt - ok
17:07:54.0336 1152 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:07:54.0476 1152 i2omp - ok
17:07:54.0492 1152 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:07:54.0632 1152 i8042prt - ok
17:07:54.0789 1152 [ CC449157474D5E43DAEA7E20F52C635A ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:07:54.0929 1152 ialm - ok
17:07:54.0992 1152 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:07:55.0054 1152 idsvc - ok
17:07:55.0132 1152 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:07:55.0257 1152 Imapi - ok
17:07:55.0304 1152 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:07:55.0445 1152 ImapiService - ok
17:07:55.0461 1152 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:07:55.0617 1152 ini910u - ok
17:07:55.0648 1152 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:07:55.0789 1152 IntelIde - ok
17:07:55.0820 1152 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:07:55.0945 1152 intelppm - ok
17:07:55.0976 1152 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:07:56.0101 1152 Ip6Fw - ok
17:07:56.0148 1152 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:07:56.0304 1152 IpFilterDriver - ok
17:07:56.0336 1152 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:07:56.0461 1152 IpInIp - ok
17:07:56.0476 1152 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:07:56.0617 1152 IpNat - ok
17:07:56.0632 1152 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:07:56.0757 1152 IPSec - ok
17:07:56.0789 1152 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:07:56.0929 1152 IRENUM - ok
17:07:56.0961 1152 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:07:57.0086 1152 isapnp - ok
17:07:57.0132 1152 [ FE8300320281D658A7854D5CFC02A63F ] k750bus C:\WINDOWS\system32\DRIVERS\k750bus.sys
17:07:57.0179 1152 k750bus - ok
17:07:57.0195 1152 [ F44521F63C0C00364FA3D59DB980DE6A ] k750mdfl C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
17:07:57.0304 1152 k750mdfl - ok
17:07:57.0320 1152 [ E93323C3ED5E8923A177740A973C27B2 ] k750mdm C:\WINDOWS\system32\DRIVERS\k750mdm.sys
17:07:57.0336 1152 k750mdm - ok
17:07:57.0351 1152 [ 9D5F5A70CA0B7C428EFCD73DB50E6AC7 ] k750mgmt C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
17:07:57.0382 1152 k750mgmt - ok
17:07:57.0382 1152 [ 81CA2D57B2C14F76F4BA80846784BB3D ] k750obex C:\WINDOWS\system32\DRIVERS\k750obex.sys
17:07:57.0398 1152 k750obex - ok
17:07:57.0414 1152 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:07:57.0554 1152 Kbdclass - ok
17:07:57.0570 1152 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:07:57.0695 1152 kbdhid - ok
17:07:57.0726 1152 [ 979691BA399B46631F596BDF46E3195C ] Kithara-Ksts7 C:\WINDOWS\system32\Ksts7.sys
17:07:57.0757 1152 Kithara-Ksts7 ( UnsignedFile.Multi.Generic ) - warning
17:07:57.0757 1152 Kithara-Ksts7 - detected UnsignedFile.Multi.Generic (1)
17:07:57.0804 1152 [ 282A0604679AF13B30B75B44C0CE546D ] Kithara-Lewetz C:\WINDOWS\system32\Lewetz.sys
17:07:57.0804 1152 Kithara-Lewetz ( UnsignedFile.Multi.Generic ) - warning
17:07:57.0804 1152 Kithara-Lewetz - detected UnsignedFile.Multi.Generic (1)
17:07:57.0851 1152 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:07:57.0992 1152 kmixer - ok
17:07:58.0039 1152 [ A97812A623D23727E50F501F95719B23 ] KodakCCS C:\WINDOWS\system32\drivers\KodakCCS.exe
17:07:58.0086 1152 KodakCCS - ok
17:07:58.0132 1152 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:07:58.0320 1152 KSecDD - ok
17:07:58.0367 1152 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:07:58.0461 1152 lanmanserver - ok
17:07:58.0507 1152 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:07:58.0570 1152 lanmanworkstation - ok
17:07:58.0570 1152 lbrtfdc - ok
17:07:58.0617 1152 [ 31B582394DA3290DFF300F10952E9A4D ] LHidKe C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
17:07:58.0695 1152 LHidKe - ok
17:07:58.0726 1152 [ CBD1C6BFF70E170CEC6E1502E7FCFEF6 ] LHidUsbK C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
17:07:58.0789 1152 LHidUsbK - ok
17:07:58.0836 1152 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:07:59.0039 1152 LmHosts - ok
17:07:59.0117 1152 [ 90A794D0A0BF3531C4BA1C0510449629 ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
17:07:59.0148 1152 LMouKE - ok
17:07:59.0195 1152 [ EFD8CCCCB43D62D31E67D8497DE2C368 ] Mach3 C:\WINDOWS\system32\Drivers\Mach3.sys
17:07:59.0226 1152 Mach3 ( UnsignedFile.Multi.Generic ) - warning
17:07:59.0226 1152 Mach3 - detected UnsignedFile.Multi.Generic (1)
17:07:59.0351 1152 [ FC124ED5BCB99A998978B39C624948FA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
17:07:59.0367 1152 MDM ( UnsignedFile.Multi.Generic ) - warning
17:07:59.0367 1152 MDM - detected UnsignedFile.Multi.Generic (1)
17:07:59.0414 1152 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:07:59.0429 1152 mdmxsdk - ok
17:07:59.0445 1152 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:07:59.0570 1152 Messenger - ok
17:07:59.0601 1152 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:07:59.0742 1152 mnmdd - ok
17:07:59.0773 1152 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:07:59.0914 1152 mnmsrvc - ok
17:07:59.0945 1152 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:08:00.0086 1152 Modem - ok
17:08:00.0117 1152 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:08:00.0242 1152 Mouclass - ok
17:08:00.0320 1152 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:08:01.0226 1152 mouhid - ok
17:08:01.0289 1152 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:08:01.0461 1152 MountMgr - ok
17:08:01.0507 1152 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:08:01.0679 1152 mraid35x - ok
17:08:01.0726 1152 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:08:01.0898 1152 MRxDAV - ok
17:08:01.0945 1152 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:08:02.0054 1152 MRxSmb - ok
17:08:02.0086 1152 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:08:02.0211 1152 MSDTC - ok
17:08:02.0257 1152 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:08:02.0367 1152 Msfs - ok
17:08:02.0382 1152 MSIServer - ok
17:08:02.0398 1152 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:08:02.0539 1152 MSKSSRV - ok
17:08:02.0570 1152 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:08:02.0711 1152 MSPCLOCK - ok
17:08:02.0757 1152 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:08:02.0898 1152 MSPQM - ok
17:08:02.0945 1152 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:08:03.0070 1152 mssmbios - ok
17:08:03.0101 1152 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:08:03.0117 1152 Mup - ok
17:08:03.0164 1152 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:08:03.0304 1152 napagent - ok
17:08:03.0336 1152 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:08:03.0492 1152 NDIS - ok
17:08:03.0507 1152 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:08:03.0539 1152 NdisTapi - ok
17:08:03.0570 1152 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:08:03.0742 1152 Ndisuio - ok
17:08:03.0804 1152 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:08:03.0992 1152 NdisWan - ok
17:08:04.0039 1152 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:08:04.0117 1152 NDProxy - ok
17:08:04.0195 1152 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:08:04.0382 1152 NetBIOS - ok
17:08:04.0398 1152 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:08:04.0617 1152 NetBT - ok
17:08:04.0726 1152 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:08:04.0945 1152 NetDDE - ok
17:08:04.0961 1152 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:08:05.0070 1152 NetDDEdsdm - ok
17:08:05.0132 1152 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:08:05.0289 1152 Netlogon - ok
17:08:05.0304 1152 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:08:05.0461 1152 Netman - ok
17:08:05.0476 1152 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:08:05.0492 1152 NetTcpPortSharing - ok
17:08:05.0507 1152 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:08:05.0632 1152 NIC1394 - ok
17:08:05.0711 1152 [ 8A6FA8E0B302DF2496802AAFDA5CE810 ] NICCONFIGSVC C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
17:08:05.0773 1152 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
17:08:05.0773 1152 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
17:08:05.0804 1152 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:08:05.0851 1152 Nla - ok
17:08:05.0882 1152 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:08:06.0007 1152 Npfs - ok
17:08:06.0039 1152 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:08:06.0226 1152 Ntfs - ok
17:08:06.0304 1152 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:08:06.0492 1152 NtLmSsp - ok
17:08:06.0570 1152 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:08:06.0742 1152 NtmsSvc - ok
17:08:06.0757 1152 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:08:06.0898 1152 Null - ok
17:08:06.0976 1152 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:08:07.0226 1152 nv - ok
17:08:07.0320 1152 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:08:07.0476 1152 NwlnkFlt - ok
17:08:07.0492 1152 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:08:07.0664 1152 NwlnkFwd - ok
17:08:07.0695 1152 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:08:07.0836 1152 ohci1394 - ok
17:08:07.0882 1152 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
17:08:07.0898 1152 omci ( UnsignedFile.Multi.Generic ) - warning
17:08:07.0898 1152 omci - detected UnsignedFile.Multi.Generic (1)
17:08:07.0914 1152 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:08:07.0945 1152 ose - ok
17:08:07.0976 1152 [ EC0D523B492764B15B3B6B1E17172201 ] Packet C:\WINDOWS\system32\DRIVERS\packet.sys
17:08:07.0992 1152 Packet ( UnsignedFile.Multi.Generic ) - warning
17:08:07.0992 1152 Packet - detected UnsignedFile.Multi.Generic (1)
17:08:08.0007 1152 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:08:08.0148 1152 Parport - ok
17:08:08.0164 1152 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:08:08.0273 1152 PartMgr - ok
17:08:08.0289 1152 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:08:08.0429 1152 ParVdm - ok
17:08:08.0507 1152 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:08:08.0632 1152 PCI - ok
17:08:08.0632 1152 PCIDump - ok
17:08:08.0648 1152 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:08:08.0773 1152 PCIIde - ok
17:08:08.0789 1152 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:08:08.0914 1152 Pcmcia - ok
17:08:08.0929 1152 PDCOMP - ok
17:08:08.0929 1152 PDFRAME - ok
17:08:08.0945 1152 PDRELI - ok
17:08:08.0945 1152 PDRFRAME - ok
17:08:08.0961 1152 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
17:08:09.0101 1152 perc2 - ok
17:08:09.0179 1152 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:08:09.0304 1152 perc2hib - ok
17:08:09.0336 1152 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:08:09.0382 1152 PlugPlay - ok
17:08:09.0398 1152 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:08:09.0523 1152 PolicyAgent - ok
17:08:09.0570 1152 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:08:09.0679 1152 PptpMiniport - ok
17:08:09.0695 1152 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:08:09.0804 1152 ProtectedStorage - ok
17:08:09.0820 1152 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:08:09.0961 1152 PSched - ok
17:08:09.0992 1152 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:08:10.0132 1152 Ptilink - ok
17:08:10.0164 1152 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:08:10.0179 1152 PxHelp20 - ok
17:08:10.0226 1152 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:08:10.0351 1152 ql1080 - ok
17:08:10.0367 1152 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:08:10.0507 1152 Ql10wnt - ok
17:08:10.0523 1152 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:08:10.0679 1152 ql12160 - ok
17:08:10.0695 1152 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:08:10.0820 1152 ql1240 - ok
17:08:10.0836 1152 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:08:10.0976 1152 ql1280 - ok
17:08:10.0976 1152 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:08:11.0101 1152 RasAcd - ok
17:08:11.0211 1152 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:08:11.0351 1152 RasAuto - ok
17:08:11.0367 1152 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:08:11.0492 1152 Rasl2tp - ok
17:08:11.0539 1152 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:08:11.0664 1152 RasMan - ok
17:08:11.0695 1152 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:08:11.0851 1152 RasPppoe - ok
17:08:11.0867 1152 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:08:12.0007 1152 Raspti - ok
17:08:12.0023 1152 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:08:12.0164 1152 Rdbss - ok
17:08:12.0179 1152 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:08:12.0320 1152 RDPCDD - ok
17:08:12.0382 1152 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:08:12.0507 1152 rdpdr - ok
17:08:12.0554 1152 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:08:12.0617 1152 RDPWD - ok
17:08:12.0679 1152 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:08:12.0804 1152 RDSessMgr - ok
17:08:12.0836 1152 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:08:12.0992 1152 redbook - ok
17:08:13.0007 1152 [ 6210679582240D54CC7FCC6278CA8B04 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
17:08:13.0039 1152 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
17:08:13.0039 1152 RegSrvc - detected UnsignedFile.Multi.Generic (1)
17:08:13.0070 1152 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:08:13.0226 1152 RemoteAccess - ok
17:08:13.0257 1152 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
17:08:13.0320 1152 rimmptsk - ok
17:08:13.0367 1152 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
17:08:13.0398 1152 rimsptsk - ok
17:08:13.0429 1152 [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
17:08:13.0476 1152 rismxdp - ok
17:08:13.0507 1152 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:08:13.0679 1152 RpcLocator - ok
17:08:13.0726 1152 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:08:13.0773 1152 RpcSs - ok
17:08:13.0789 1152 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:08:13.0929 1152 RSVP - ok
17:08:13.0961 1152 [ 99647323602BE0E77A9737E6EADA65BA ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
17:08:14.0023 1152 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
17:08:14.0023 1152 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
17:08:14.0054 1152 [ 2C0E9E777AB1849B43494626C1F308B5 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:08:14.0070 1152 s24trans ( UnsignedFile.Multi.Generic ) - warning
17:08:14.0070 1152 s24trans - detected UnsignedFile.Multi.Generic (1)
17:08:14.0086 1152 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:08:14.0211 1152 SamSs - ok
17:08:14.0226 1152 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:08:14.0351 1152 SCardSvr - ok
17:08:14.0398 1152 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:08:14.0539 1152 Schedule - ok
17:08:14.0586 1152 [ ED9C5CF6CC611EC8AC4A77C3F58F0601 ] ScsiAccess C:\WINDOWS\system32\ScsiAccess.EXE
17:08:14.0617 1152 ScsiAccess ( UnsignedFile.Multi.Generic ) - warning
17:08:14.0617 1152 ScsiAccess - detected UnsignedFile.Multi.Generic (1)
17:08:14.0632 1152 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:08:14.0804 1152 sdbus - ok
17:08:14.0836 1152 [ 8EDD7B9E4A4B4C16E2DAB9188CAA861B ] SDDMI2 C:\WINDOWS\system32\DDMI2.sys
17:08:14.0851 1152 SDDMI2 ( UnsignedFile.Multi.Generic ) - warning
17:08:14.0851 1152 SDDMI2 - detected UnsignedFile.Multi.Generic (1)
17:08:14.0898 1152 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:08:15.0039 1152 Secdrv - ok
17:08:15.0054 1152 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:08:15.0242 1152 seclogon - ok
17:08:15.0257 1152 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:08:15.0398 1152 SENS - ok
17:08:15.0398 1152 Ser2pl - ok
17:08:15.0445 1152 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:08:15.0570 1152 serenum - ok
17:08:15.0601 1152 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:08:15.0726 1152 Serial - ok
17:08:15.0773 1152 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:08:15.0898 1152 sffdisk - ok
17:08:15.0945 1152 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:08:16.0086 1152 sffp_sd - ok
17:08:16.0101 1152 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:08:16.0226 1152 Sfloppy - ok
17:08:16.0273 1152 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:08:16.0429 1152 SharedAccess - ok
17:08:16.0461 1152 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:08:16.0476 1152 ShellHWDetection - ok
17:08:16.0476 1152 Simbad - ok
17:08:16.0507 1152 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:08:16.0648 1152 sisagp - ok
17:08:16.0726 1152 [ ACEE95093C47CE3EC342578EE5F47E01 ] SPAMfighter Update Service C:\Programme\Fighters\SPAMfighter\sfus.exe
17:08:16.0757 1152 SPAMfighter Update Service - ok
17:08:16.0773 1152 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:08:16.0867 1152 Sparrow - ok
17:08:16.0898 1152 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:08:17.0070 1152 splitter - ok
17:08:17.0132 1152 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:08:17.0195 1152 Spooler - ok
17:08:17.0226 1152 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:08:17.0382 1152 sr - ok
17:08:17.0429 1152 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:08:17.0554 1152 srservice - ok
17:08:17.0601 1152 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:08:17.0695 1152 Srv - ok
17:08:17.0711 1152 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
17:08:17.0726 1152 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
17:08:17.0726 1152 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
17:08:17.0757 1152 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:08:17.0961 1152 SSDPSRV - ok
17:08:17.0992 1152 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:08:18.0007 1152 ssmdrv - ok
17:08:18.0023 1152 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
17:08:18.0039 1152 ssrtln ( UnsignedFile.Multi.Generic ) - warning
17:08:18.0039 1152 ssrtln - detected UnsignedFile.Multi.Generic (1)
17:08:18.0101 1152 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:08:18.0226 1152 STHDA - ok
17:08:18.0336 1152 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:08:18.0492 1152 stisvc - ok
17:08:18.0570 1152 [ DE43E582B80C4DF7D6425A42BCABB90A ] Suite Service C:\Programme\Fighters\FighterSuiteService.exe
17:08:18.0664 1152 Suite Service - ok
17:08:18.0695 1152 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:08:18.0882 1152 swenum - ok
17:08:18.0914 1152 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:08:19.0086 1152 swmidi - ok
17:08:19.0086 1152 SwPrv - ok
17:08:19.0117 1152 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
17:08:19.0273 1152 symc810 - ok
17:08:19.0304 1152 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:08:19.0445 1152 symc8xx - ok
17:08:19.0461 1152 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:08:19.0601 1152 sym_hi - ok
17:08:19.0617 1152 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:08:19.0757 1152 sym_u3 - ok
17:08:19.0804 1152 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:08:19.0851 1152 SynTP - ok
17:08:19.0867 1152 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:08:20.0007 1152 sysaudio - ok
17:08:20.0039 1152 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:08:20.0179 1152 SysmonLog - ok
17:08:20.0226 1152 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:08:20.0367 1152 TapiSrv - ok
17:08:20.0414 1152 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:08:20.0445 1152 Tcpip - ok
17:08:20.0507 1152 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:08:20.0632 1152 TDPIPE - ok
17:08:20.0648 1152 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:08:20.0773 1152 TDTCP - ok
17:08:20.0789 1152 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:08:20.0929 1152 TermDD - ok
17:08:20.0945 1152 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:08:21.0086 1152 TermService - ok
17:08:21.0179 1152 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
17:08:21.0211 1152 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
17:08:21.0211 1152 tfsnboio - detected UnsignedFile.Multi.Generic (1)
17:08:21.0242 1152 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
17:08:21.0242 1152 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
17:08:21.0242 1152 tfsncofs - detected UnsignedFile.Multi.Generic (1)
17:08:21.0289 1152 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
17:08:21.0289 1152 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
17:08:21.0289 1152 tfsndrct - detected UnsignedFile.Multi.Generic (1)
17:08:21.0304 1152 [ D4400188782AA797598958969C9657D4 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
17:08:21.0304 1152 tfsndres ( UnsignedFile.Multi.Generic ) - warning
17:08:21.0304 1152 tfsndres - detected UnsignedFile.Multi.Generic (1)
17:08:21.0336 1152 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
17:08:21.0336 1152 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
17:08:21.0336 1152 tfsnifs - detected UnsignedFile.Multi.Generic (1)
17:08:21.0351 1152 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
17:08:21.0367 1152 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
17:08:21.0367 1152 tfsnopio - detected UnsignedFile.Multi.Generic (1)
17:08:21.0382 1152 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
17:08:21.0382 1152 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
17:08:21.0382 1152 tfsnpool - detected UnsignedFile.Multi.Generic (1)
17:08:21.0398 1152 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
17:08:21.0414 1152 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
17:08:21.0414 1152 tfsnudf - detected UnsignedFile.Multi.Generic (1)
17:08:21.0445 1152 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
17:08:21.0445 1152 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
17:08:21.0445 1152 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
17:08:21.0476 1152 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:08:21.0492 1152 Themes - ok
17:08:21.0523 1152 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
17:08:21.0664 1152 TosIde - ok
17:08:21.0695 1152 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:08:21.0820 1152 TrkWks - ok
17:08:21.0867 1152 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:08:21.0992 1152 Udfs - ok
17:08:22.0023 1152 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
17:08:22.0101 1152 ultra - ok
17:08:22.0179 1152 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:08:22.0351 1152 Update - ok
17:08:22.0382 1152 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:08:22.0523 1152 upnphost - ok
17:08:22.0539 1152 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:08:22.0679 1152 UPS - ok
17:08:22.0711 1152 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:08:22.0836 1152 usbccgp - ok
17:08:22.0867 1152 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:08:22.0992 1152 usbehci - ok
17:08:23.0023 1152 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:08:23.0148 1152 usbhub - ok
17:08:23.0164 1152 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:08:23.0304 1152 usbprint - ok
17:08:23.0320 1152 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:08:23.0461 1152 usbscan - ok
17:08:23.0476 1152 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:08:23.0601 1152 USBSTOR - ok
17:08:23.0617 1152 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:08:23.0757 1152 usbuhci - ok
17:08:23.0773 1152 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:08:23.0898 1152 VgaSave - ok
17:08:23.0945 1152 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:08:24.0054 1152 viaagp - ok
17:08:24.0086 1152 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:08:24.0211 1152 ViaIde - ok
17:08:24.0242 1152 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:08:24.0367 1152 VolSnap - ok
17:08:24.0414 1152 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:08:24.0539 1152 VSS - ok
17:08:24.0570 1152 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time C:\WINDOWS\system32\w32time.dll
17:08:24.0711 1152 w32time - ok
17:08:24.0789 1152 [ 95C7421F8BAFC85BA09D33364058937D ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
17:08:24.0945 1152 w39n51 - ok
17:08:24.0976 1152 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:08:25.0117 1152 Wanarp - ok
17:08:25.0164 1152 [ DC7F91B2ED24A738C807EA07F298928C ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:08:25.0226 1152 wceusbsh - ok
17:08:25.0242 1152 WDICA - ok
17:08:25.0273 1152 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:08:25.0398 1152 wdmaud - ok
17:08:25.0445 1152 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:08:25.0570 1152 WebClient - ok
17:08:25.0632 1152 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:08:25.0742 1152 winachsf - ok
17:08:25.0773 1152 [ 097A8291DF541F9B9AF2C500797CDCAA ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
17:08:25.0804 1152 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
17:08:25.0804 1152 WinDriver6 - detected UnsignedFile.Multi.Generic (1)
17:08:25.0867 1152 winmgmt - ok
17:08:25.0914 1152 [ E876C33293AA5FFA81A1AA28D594712E ] WLANKEEPER C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
17:08:25.0929 1152 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
17:08:25.0929 1152 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
17:08:25.0961 1152 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:08:26.0086 1152 WmdmPmSN - ok
17:08:26.0226 1152 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:08:26.0367 1152 WmiApSrv - ok
17:08:26.0445 1152 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
17:08:26.0554 1152 WMPNetworkSvc - ok
17:08:26.0601 1152 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:08:26.0726 1152 wscsvc - ok
17:08:26.0757 1152 [ 22068DCA607F93BF5FD5926390FB478F ] wsppkt C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
17:08:26.0773 1152 wsppkt ( UnsignedFile.Multi.Generic ) - warning
17:08:26.0773 1152 wsppkt - detected UnsignedFile.Multi.Generic (1)
17:08:26.0789 1152 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:08:26.0914 1152 wuauserv - ok
17:08:26.0961 1152 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:08:26.0992 1152 WudfPf - ok
17:08:27.0023 1152 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:08:27.0054 1152 WudfRd - ok
17:08:27.0070 1152 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:08:27.0101 1152 WudfSvc - ok
17:08:27.0211 1152 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:08:27.0382 1152 WZCSVC - ok
17:08:27.0414 1152 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:08:27.0539 1152 xmlprov - ok
17:08:27.0554 1152 ================ Scan global ===============================
17:08:27.0586 1152 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:08:27.0632 1152 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:08:27.0648 1152 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:08:27.0664 1152 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:08:27.0679 1152 [Global] - ok
17:08:27.0679 1152 ================ Scan MBR ==================================
17:08:27.0695 1152 [ DEA9E81F0228B68C9ADAF84C9B0CF931 ] \Device\Harddisk0\DR0
17:08:27.0992 1152 \Device\Harddisk0\DR0 - ok
17:08:27.0992 1152 ================ Scan VBR ==================================
17:08:27.0992 1152 [ D5DFE85ADB20719F177CF6F56704906B ] \Device\Harddisk0\DR0\Partition1
17:08:27.0992 1152 \Device\Harddisk0\DR0\Partition1 - ok
17:08:28.0007 1152 [ 47DE5A847684AE07FDC626FFBFFD5CDD ] \Device\Harddisk0\DR0\Partition2
17:08:28.0023 1152 \Device\Harddisk0\DR0\Partition2 - ok
17:08:28.0023 1152 ============================================================
17:08:28.0023 1152 Scan finished
17:08:28.0023 1152 ============================================================
17:08:28.0132 3088 Detected object count: 34
17:08:28.0132 3088 Actual detected object count: 34
17:09:34.0945 3088 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0945 3088 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0945 3088 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0945 3088 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0945 3088 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0945 3088 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0961 3088 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0961 3088 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0961 3088 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0961 3088 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0961 3088 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0961 3088 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0961 3088 hnmwrlspkt ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0961 3088 hnmwrlspkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0976 3088 hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0976 3088 hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0976 3088 Kithara-Ksts7 ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0976 3088 Kithara-Ksts7 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0976 3088 Kithara-Lewetz ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0976 3088 Kithara-Lewetz ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0976 3088 Mach3 ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0976 3088 Mach3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0992 3088 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0992 3088 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0992 3088 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0992 3088 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:34.0992 3088 omci ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:34.0992 3088 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0007 3088 Packet ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0007 3088 Packet ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0007 3088 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0007 3088 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0007 3088 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0007 3088 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0007 3088 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0007 3088 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0023 3088 ScsiAccess ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0023 3088 ScsiAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0023 3088 SDDMI2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0023 3088 SDDMI2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0023 3088 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0023 3088 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0023 3088 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0023 3088 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0039 3088 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0039 3088 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0039 3088 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0039 3088 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0039 3088 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0039 3088 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0039 3088 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0039 3088 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0054 3088 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0054 3088 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0054 3088 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0054 3088 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0054 3088 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0054 3088 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0070 3088 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0070 3088 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0070 3088 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0070 3088 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0070 3088 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0070 3088 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0070 3088 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0070 3088 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:35.0070 3088 wsppkt ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:35.0070 3088 wsppkt ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 31.01.2013, 17:21   #8
markusg
/// Malware-holic
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


danke
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.01.2013, 19:30   #9
yaggi
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


hier das log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-31.01 - Erich 31.01.2013  18:13:22.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\Erich\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Erich\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\IsUn0410.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_hwinterface
-------\Service_hwinterface
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-28 bis 2013-01-31  ))))))))))))))))))))))))))))))
.
.
2013-01-31 20:20 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2013-01-31 20:20 . 2013-01-31 14:55	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 14:07 . 2012-05-06 12:49	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-10 14:07 . 2012-05-06 12:49	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-18 12:05	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-11-27 09:01 . 2012-12-21 15:43	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-22 14:51 . 2012-12-21 15:43	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-22 14:50 . 2012-12-21 15:43	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-13 11:55 . 2004-08-18 12:05	1866496	----a-w-	c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2009-08-19 16:07	1371648	----a-w-	c:\windows\system32\msxml6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\programme\NetWaiting\netwaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\programme\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"LDM"="c:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 67128]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 68856]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"updateMgr"="c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"KGShareApp"="c:\programme\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
"Driver Mender"="c:\programme\Driver Mender\Driver Mender\DriverMender.exe" [2012-05-21 3571640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"CTSVolFE.exe"="c:\programme\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"DMXLauncher"="c:\programme\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-04 30192]
"type32"="c:\programme\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"MMTray"="c:\programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"MSKDetectorExe"="c:\programme\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"mmtask"="c:\programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programme\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"CommonToolkitTray"="c:\programme\Fighters\Tray\FightersTray.exe" [2012-11-13 1405544]
"KodakShareButtonApp"="c:\programme\Kodak\KODAK Share Button App\Listener.exe" [2012-02-03 108032]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"BackupDutyLite"="c:\programme\BackUpDutyLite\BackUpDutyLite.exe" [2012-01-04 490496]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"sfagent"="c:\programme\Fighters\SPAMfighter\sfagent.exe" [2013-01-15 1460768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Kodak EasyShare Software.lnk - c:\programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
KODAK Software Updater.lnk - c:\programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
Logitech Desktop Messenger.lnk - c:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-27 67128]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2006-10-7 450560]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
p6_19_erinnerung.lnk - c:\programme\phase6\phase6_19\WinStart\p6erinnerung.exe [2007-2-11 49152]
p6_erinnerung_197.lnk - c:\programme\phase6\phase6_197\WinStart\p6erinnerung.exe [2008-10-25 49152]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [21.12.2012 16:43 36552]
R1 Kithara-Lewetz;Lewetz Real-time Driver;c:\windows\system32\Lewetz.sys [02.12.2008 11:23 240960]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [21.12.2012 16:43 85280]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12.01.2006 22:27 13696]
R2 Kithara-Ksts7;Kithara Tool Suite 7 Runtime;c:\windows\system32\Ksts7.sys [28.01.2007 13:28 262208]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\programme\Fighters\SPAMfighter\sfus.exe [15.01.2013 18:02 216608]
R2 Suite Service;Suite Service;c:\programme\Fighters\FighterSuiteService.exe [12.11.2012 13:47 1270376]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12.01.2006 22:29 13568]
R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\Mach3.sys [28.01.2007 13:31 103040]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [15.09.2006 03:44 30192]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 14:07]
.
2013-01-31 c:\windows\Tasks\BackupDutyLite.job
- c:\programme\BackUpDutyLite\BackUpDutyLite.exe [2012-01-04 16:52]
.
2012-08-08 c:\windows\Tasks\Driver Mender-RTMRules.job
- c:\programme\Driver Mender\Driver Mender\DriverMender.exe [2012-05-21 08:37]
.
2012-06-03 c:\windows\Tasks\Driver Mender-RTMScan.job
- c:\programme\Driver Mender\Driver Mender\DriverMender.exe [2012-05-21 08:37]
.
2012-06-03 c:\windows\Tasks\Driver Mender-RTMUpdater.job
- c:\programme\Driver Mender\Driver Mender\DriverMender.exe [2012-05-21 08:37]
.
2013-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 08:49]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-15 08:42]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-15 08:42]
.
2013-01-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2012-06-06 19:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://de.mcafee.com/root/campaign.asp?cid=16649
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-RegUse - c:\programme\RegUse\RegUse.exe
AddRemove-EAGLE 4.16r1 - c:\windows\unin0407.exe
AddRemove-EAGLE 4.16r2 - c:\windows\unin0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Windows CE Services - c:\windows\ISUN0407.EXE
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-31 18:38
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2690332829-1965490600-2030581944-1006\Software\SecuROM\License information*]
"datasecu"=hex:48,af,b6,50,9b,96,b5,24,46,81,5e,d0,8f,4b,93,6c,36,af,ab,2a,7a,
   6b,bd,cc,05,11,45,da,35,47,4c,9a,4a,16,44,57,b4,51,08,8f,c8,2b,0e,b7,1e,79,\
"rkeysecu"=hex:fe,f1,15,60,46,72,c9,e3,26,d7,c9,96,39,61,21,e2
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\(* 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Anwendungsdaten\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\(* Ü]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Anwendungsdaten\\Intel\\Wireless\\"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3884)
c:\dokume~1\Erich\LOKALE~1\TempIadHide5.dll
c:\programme\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Intel\Wireless\Bin\WLKeeper.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\Dell\QuickSet\NICCONFIGSVC.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\ScsiAccess.EXE
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\msiexec.exe
c:\programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
c:\programme\Java\jre1.5.0_10\bin\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-31  18:45:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-31 17:45
.
Vor Suchlauf: 19 Verzeichnis(se), 21.894.090.752 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 22.037.590.016 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B23074251F57E512CACC1126ADD9DB4C
--- --- ---
Alt 31.01.2013, 19:56   #10
markusg
/// Malware-holic
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


hi
bitte ausführen:
http://download.bleepingcomputer.com...xp/winmgmt.reg
nachfrage bestätigen, neustarten.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.02.2013, 09:26   #11
yaggi
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


hallo,
hier das log! Ich bin dann ab heute Mittag weg und erst ab Sonntag wieder online! Ich melde mich dann bei Dir! Jetzt erst mal Vielen Vielen Dank

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.31.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Erich :: PC-GREINER-3 [Administrator]

31.01.2013 20:31:17
MBAM-log-2013-02-01 (09-24-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381220
Laufzeit: 2 Stunde(n), 18 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\01312013_152020\C_Dokumente und Einstellungen\Erich\28269578.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.

(Ende)

Alt 02.02.2013, 20:06   #12
markusg
/// Malware-holic
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


hi
- internet explorer 8, auch wenn du nen andern browser nutzt, muss er aktuell sein.
Download: Windows Internet Explorer 8 für Windows XP - Microsoft Download Center - Download Details
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.02.2013, 15:13   #13
yaggi
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


Ich kann natürlich für meinen Onkel keine Entscheidungen treffen, welche Programme er benörigt und welche nicht?!

Trotzdem hier mal die Liste, vielleicht ist ja was dabei "was gar nicht geht"?!

Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 25.01.2013 11.5.502.146
Adobe Reader 7.0.9 - Deutsch Adobe Systems Incorporated 10.01.2008 78,12MB 7.0.9
ArcSoft Print Creations ArcSoft 10.06.2009 2.6.255.207
ArcSoft Print Creations - Album Page ArcSoft 10.06.2009
ArcSoft Print Creations - Funhouse ArcSoft 10.06.2009
ArcSoft Print Creations - Greeting Card ArcSoft 10.06.2009
ArcSoft Print Creations - Photo Book ArcSoft 10.06.2009
ArcSoft Print Creations - Photo Calendar ArcSoft 10.06.2009
ArcSoft Print Creations - Scrapbook ArcSoft 10.06.2009
ArcSoft Print Creations - Slimline Card ArcSoft 10.06.2009
ARTEuro Dell 15.09.2006 1.00.0000
Ask Toolbar Ask.com 19.07.2012 3,56MB 1.15.4.0
Ask Toolbar Updater Ask.com 19.07.2012 1.2.2.23821
Avira Free Antivirus Avira 03.02.2013 13.0.0.2890
AVRStudio4 Atmel 25.12.2008 4.13.528
BackUpDutyLite BackUpDutyLite 19.07.2012 1.1.0.1
beacon -light- 1.0b DL5SWB 28.11.2008
Broadcom Management Programs Broadcom Corporation 15.09.2006 8.65.05
Canon MP Navigator EX 1.0 09.07.2008
Canon MP610 series 09.07.2008
Canon MP610 series Benutzerregistrierung 09.07.2008
Canon My Printer 09.07.2008
Canon Utilities Easy-PhotoPrint EX 09.07.2008
Canon Utilities Solution Menu 09.07.2008
CCleaner Piriform 23.01.2013 3.27
CD-LabelPrint 09.07.2008
Ch Editor 06.01.2012
Conexant HDA D110 MDC V.92 Modem 03.01.2013
Dell Media Experience Dell 15.09.2006 3.00
Dell Network Assistant Dell Inc. 15.09.2006 3.0.0.0
Dell Support 3.2 Dell 15.09.2006 5.5.2038
Dell System Restore Ihr Firmenname 15.09.2006 2.00.0000
Digital Line Detect BVRP Software, Inc 15.09.2006 1.15
Driver Mender Driver Mender 03.06.2012 9,24MB 8.1
EasyPal 01X/DEC/08 VK4AES 03.01.2013
EasyPal version 14BB 30.12.2011 14BB
English Network 2 Aussprache-CD-ROM Langenscheidt 05.10.2007 46,12MB 1.0.0000
English Network Starter Aussprache-CD-ROM Langenscheidt ELT 04.01.2008 20,43MB 1.1.0000
Free WMA to MP3 Converter 1.16 Jodix Technologies Ltd. 19.06.2009
Frontplatten Designer 3.51 29.10.2009
Google Desktop Google 22.02.2011 5.9.1005.12335
Google Earth Google 26.11.2011 92,77MB 6.1.0.5001
Google Toolbar for Internet Explorer Google Inc. 29.04.2009 7.4.3607.2246
Google Updater Google Inc. 24.09.2011 2.4.2432.1652
High Definition Audio Driver Package - KB835221 Microsoft Corporation 15.09.2006 20040219.000000
Intel(R) Graphics Media Accelerator Driver 15.09.2006 6.14.10.4446
Intel(R) PROSet/Wireless Software Intel Corporation 03.02.2013 10.1.1.4
J2SE Runtime Environment 5.0 Update 10 Sun Microsystems, Inc. 17.08.2008 120,00MB 1.5.0.100
J2SE Runtime Environment 5.0 Update 6 Sun Microsystems, Inc. 15.09.2006 152,00MB 1.5.0.60
Java(TM) 6 Update 39 Oracle 03.02.2013 91,90MB 6.0.390
Karte Europa 28.07.2007
Kithara Tool Suite 7 Runtime 03.01.2013
Kodak EasyShare Software Eastman Kodak Company 03.06.2012
KODAK Share-Tastenanwendung Eastman Kodak Company 11.04.2012 41,44MB 4.01.0000.0000
LED 16.03.06 Röhrenwendy 08.10.2011
Lewetz Real-time Driver 03.01.2013
LiveUpdate 2.6 (Symantec Corporation) Symantec Corporation 15.09.2006 2.6.14.0
Logitech Desktop Messenger Logitech, Inc. 07.10.2006 2.52.18
Logitech SetPoint Logitech 07.10.2006 2.40
Marco Polo Mobile Navigator 3 MAP&GUIDE GmbH 17.09.2007 8.00
Microsoft .NET Framework 1.1 10.01.2013
Microsoft .NET Framework 1.1 German Language Pack Microsoft 18.08.2004 3,02MB 1.1.4322
Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft Corporation 03.02.2013
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 10.01.2013 185,00MB 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 10.01.2013 253,00MB 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10.01.2013
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 26.06.2007 1
Microsoft Encarta Weltatlas - Version 98 02.07.2007
Microsoft IntelliType Pro 5.2 Microsoft 07.10.2006 6,60MB 5.20.413.0
Microsoft Office Visio Professional 2003 Microsoft Corporation 07.10.2006 318,00MB 11.0.3216.5614
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 07.10.2006 496,00MB 10.0.2701.0
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 26.06.2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 11.04.2012 4,48MB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25.12.2009 10,28MB 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 25.12.2011 11,13MB 10.0.40219
Microsoft Works Microsoft Corporation 15.09.2006 08.05.0822
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket Microsoft Corporation 03.02.2013
mini dB-Rechner 1.3.2 DL5SWB 02.12.2008
mini Ringkern-Rechner 1.2 DL5SWB 01.12.2008 1.2
Mixer 15.09.2006
Modem Helper BVRP Software 29.11.2008 3.01
Mozilla Firefox 18.0.1 (x86 de) Mozilla 31.01.2013 18.0.1
Mozilla Maintenance Service Mozilla 31.01.2013 18.0.1
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 03.12.2006 2,56MB 4.20.9841.0
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 18.09.2007 2,62MB 4.20.9848.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.12.2008 2,67MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 16.01.2011 2,86MB 4.20.9876.0
MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 07.03.2011 1,40MB 6.20.2003.0
Musicmatch® Jukebox 13.04.2012 9.00.5100
NetWaiting BVRP Software, Inc 26.11.2009 2.5.23
phase-6 Feeding Tool 1.1.4 phase-6 29.04.2009 1.1.4
phase6_19 phase6 24.06.2009 14,32MB 1.90.0000
phase6_197 phase6 29.04.2009 79,62MB 1.97.0000
PowerDVD 28.07.2007
QuickSet 15.09.2006 7.1.10
QuickTime 22.09.2006
ScanSoft OmniPage SE 4 Nuance Communications, Inc. 09.07.2008 164,00MB 15.2.0020
SearchAssist 19.07.2012
Sonic DLA Sonic Solutions 15.09.2006 4.95
Sonic MyDVD LE Sonic Solutions 15.09.2006 6.1.1
Sonic RecordNow Audio Sonic Solutions 15.09.2006 2.0.0
Sonic RecordNow Copy Sonic Solutions 15.09.2006 2.0.0
Sonic RecordNow Data Sonic Solutions 15.09.2006 2.0.0
Sonic Update Manager Sonic Solutions 15.09.2006 3.0.0
Sony Ericsson PC Suite Ihr Firmenname 05.10.2006 112,00MB 1.0.16
Sound Blaster Audigy ADVANCED MB Demo 15.09.2006
SPAMfighter Spamfighter ApS 17.01.2013 7.6.14
Synaptics Pointing Device Driver Synaptics 15.09.2006 8.2.4.6
Total Commander (Remove or Repair) 31.01.2013
URL Assistant
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 03.02.2013
Windows Installer 3.1 (KB893803) Microsoft Corporation
Windows Internet Explorer 8 Microsoft Corporation 03.02.2013 20090308.140743
Windows Management Framework Core Microsoft Corporation 03.02.2013
Windows Media Format 11 runtime 17.12.2011
Windows Media Player 11 17.12.2011
Windows Search 4.0 Microsoft Corporation 03.02.2013 04.00.6001.503
Windows XP Service Pack 3 Microsoft Corporation 17.12.2011 20080414.031514
WinPC-NC Economy Demo Burkhard Lewetz, Hard- und Software 25.11.2011 2.00
YAKUMO EazyGo 05.10.2006

Alt 04.02.2013, 11:08   #14
markusg
/// Malware-holic
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


und warum fragst du ihn dann nicht? bitte bearbeitet die Liste dann noch mal.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.02.2013, 13:13   #15
yaggi
 
GVU Trojaner an bord :-( - Standard

GVU Trojaner an bord :-(


nach besten wissen und gewissen:

Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 25.01.2013 11.5.502.146 notwendig
Adobe Reader 7.0.9 - Deutsch Adobe Systems Incorporated 10.01.2008 78,12MB 7.0.9 notwendig
ArcSoft Print Creations ArcSoft 10.06.2009 2.6.255.207 unbekannt
ArcSoft Print Creations - Album Page ArcSoft 10.06.2009 unbekannt
ArcSoft Print Creations - Funhouse ArcSoft 10.06.2009 unbekannt
ArcSoft Print Creations - Greeting Card ArcSoft 10.06.2009 unbekannt
ArcSoft Print Creations - Photo Book ArcSoft 10.06.2009 unbekannt
ArcSoft Print Creations - Photo Calendar ArcSoft 10.06.2009 unbekannt
ArcSoft Print Creations - Scrapbook ArcSoft 10.06.2009 unbekannt
ArcSoft Print Creations - Slimline Card ArcSoft 10.06.2009 unbekannt
ARTEuro Dell 15.09.2006 1.00.0000 unbekannt
Ask Toolbar Ask.com 19.07.2012 3,56MB 1.15.4.0
Ask Toolbar Updater Ask.com 19.07.2012 1.2.2.23821
Avira Free Antivirus Avira 03.02.2013 13.0.0.2890 notwendig
AVRStudio4 Atmel 25.12.2008 4.13.528 unbekannt
BackUpDutyLite BackUpDutyLite 19.07.2012 1.1.0.1 unbekannt
beacon -light- 1.0b DL5SWB 28.11.2008 unbekannt
Broadcom Management Programs Broadcom Corporation 15.09.2006 8.65.05 unbekannt
Canon MP Navigator EX 1.0 09.07.2008 unbekannt
Canon MP610 series 09.07.2008 unbekannt
Canon MP610 series Benutzerregistrierung 09.07.2008 unbekannt
Canon My Printer 09.07.2008 unbekannt
Canon Utilities Easy-PhotoPrint EX 09.07.2008 unbekannt
Canon Utilities Solution Menu 09.07.2008 unbekannt
CCleaner Piriform 23.01.2013 3.27 unbekannt
CD-LabelPrint 09.07.2008 unbekannt
Ch Editor 06.01.2012 unbekannt
Conexant HDA D110 MDC V.92 Modem 03.01.2013 unbekannt
Dell Media Experience Dell 15.09.2006 3.00 unbekannt
Dell Network Assistant Dell Inc. 15.09.2006 3.0.0.0 unbekannt
Dell Support 3.2 Dell 15.09.2006 5.5.2038 unbekannt
Dell System Restore Ihr Firmenname 15.09.2006 2.00.0000 unbekannt
Digital Line Detect BVRP Software, Inc 15.09.2006 1.15 unbekannt
Driver Mender Driver Mender 03.06.2012 9,24MB 8.1 unbekannt
EasyPal 01X/DEC/08 VK4AES 03.01.2013 unbekannt
EasyPal version 14BB 30.12.2011 14BB unbekannt
English Network 2 Aussprache-CD-ROM Langenscheidt 05.10.2007 46,12MB 1.0.0000 notwendig
English Network Starter Aussprache-CD-ROM Langenscheidt ELT 04.01.2008 20,43MB 1.1.0000 notwendig
Free WMA to MP3 Converter 1.16 Jodix Technologies Ltd. 19.06.2009 unbekannt
Frontplatten Designer 3.51 29.10.2009 notwendig
Google Desktop Google 22.02.2011 5.9.1005.12335 unnötig
Google Earth Google 26.11.2011 92,77MB 6.1.0.5001 unnötig
Google Toolbar for Internet Explorer Google Inc. 29.04.2009 7.4.3607.2246 unnötig
Google Updater Google Inc. 24.09.2011 2.4.2432.1652 unnötig
High Definition Audio Driver Package - KB835221 Microsoft Corporation 15.09.2006 20040219.000000 unbekannt
Intel(R) Graphics Media Accelerator Driver 15.09.2006 6.14.10.4446 unbekannt
Intel(R) PROSet/Wireless Software Intel Corporation 03.02.2013 10.1.1.4 unbekannt
J2SE Runtime Environment 5.0 Update 10 Sun Microsystems, Inc. 17.08.2008 120,00MB 1.5.0.100 unbekannt
J2SE Runtime Environment 5.0 Update 6 Sun Microsystems, Inc. 15.09.2006 152,00MB 1.5.0.60unbekannt
Java(TM) 6 Update 39 Oracle 03.02.2013 91,90MB 6.0.390 unbekannt
Karte Europa 28.07.2007 notwendig
Kithara Tool Suite 7 Runtime 03.01.2013 unbekannt
Kodak EasyShare Software Eastman Kodak Company 03.06.2012 notwendig
KODAK Share-Tastenanwendung Eastman Kodak Company 11.04.2012 41,44MB 4.01.0000.0000 unbekannt
LED 16.03.06 Röhrenwendy 08.10.2011 notwendig
Lewetz Real-time Driver 03.01.2013 unbekannt
LiveUpdate 2.6 (Symantec Corporation) Symantec Corporation 15.09.2006 2.6.14.0 unbekannt
Logitech Desktop Messenger Logitech, Inc. 07.10.2006 2.52.18 unbekannt
Logitech SetPoint Logitech 07.10.2006 2.40 unbekannt
Marco Polo Mobile Navigator 3 MAP&GUIDE GmbH 17.09.2007 8.00 notwendig
Microsoft .NET Framework 1.1 10.01.2013 unbekannt
Microsoft .NET Framework 1.1 German Language Pack Microsoft 18.08.2004 3,02MB 1.1.4322 unbekannt
Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft Corporation 03.02.2013 unbekannt
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 10.01.2013 185,00MB 2.2.30729 unbekannt
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 10.01.2013 253,00MB 3.2.30729 unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10.01.2013 unbekannt
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 26.06.2007 unbekannt 1
Microsoft Encarta Weltatlas - Version 98 02.07.2007 unbekannt
Microsoft IntelliType Pro 5.2 Microsoft 07.10.2006 6,60MB 5.20.413.0 unbekannt
Microsoft Office Visio Professional 2003 Microsoft Corporation 07.10.2006 318,00MB 11.0.3216.5614 notwendig
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 07.10.2006 496,00MB 10.0.2701.0 notwendig
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 26.06.2007 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 11.04.2012 4,48MB 9.0.21022.218unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25.12.2009 10,28MB 9.0.30729 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 25.12.2011 11,13MB 10.0.40219 unbekannt
Microsoft Works Microsoft Corporation 15.09.2006 08.05.0822 notwendig
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket Microsoft Corporation 03.02.2013 unbekannt
mini dB-Rechner 1.3.2 DL5SWB 02.12.2008 notwendig
mini Ringkern-Rechner 1.2 DL5SWB 01.12.2008 1.2 notwendig
Mixer 15.09.2006 unbekannt
Modem Helper BVRP Software 29.11.2008 3.01unbekannt
Mozilla Firefox 18.0.1 (x86 de) Mozilla 31.01.2013 18.0.1 notwendig
Mozilla Maintenance Service Mozilla 31.01.2013 18.0.1 unbekannt
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 03.12.2006 2,56MB 4.20.9841.0 unbekannt
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 18.09.2007 2,62MB 4.20.9848.0unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.12.2008 2,67MB 4.20.9870.0unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 16.01.2011 2,86MB 4.20.9876.0unbekannt
MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 07.03.2011 1,40MB 6.20.2003.0unbekannt
Musicmatch® Jukebox 13.04.2012 9.00.5100unbekannt
NetWaiting BVRP Software, Inc 26.11.2009 2.5.23unbekannt
phase-6 Feeding Tool 1.1.4 phase-6 29.04.2009 1.1.4 notwendig
phase6_19 phase6 24.06.2009 14,32MB 1.90.0000 notwendig
phase6_197 phase6 29.04.2009 79,62MB 1.97.0000 notwendig
PowerDVD 28.07.2007 unbekannt
QuickSet 15.09.2006 7.1.10 unbekannt
QuickTime 22.09.2006 unbekannt
ScanSoft OmniPage SE 4 Nuance Communications, Inc. 09.07.2008 164,00MB 15.2.0020 notwendig
SearchAssist 19.07.2012 unbekannt
Sonic DLA Sonic Solutions 15.09.2006 4.95 unbekannt
Sonic MyDVD LE Sonic Solutions 15.09.2006 6.1.1 unbekannt
Sonic RecordNow Audio Sonic Solutions 15.09.2006 2.0.0 unbekannt
Sonic RecordNow Copy Sonic Solutions 15.09.2006 2.0.0 unbekannt
Sonic RecordNow Data Sonic Solutions 15.09.2006 2.0.0 unbekannt
Sonic Update Manager Sonic Solutions 15.09.2006 3.0.0 unbekannt
Sony Ericsson PC Suite Ihr Firmenname 05.10.2006 112,00MB 1.0.16 unbekannt
Sound Blaster Audigy ADVANCED MB Demo 15.09.2006 unbekannt
SPAMfighter Spamfighter ApS 17.01.2013 7.6.14unbekannt
Synaptics Pointing Device Driver Synaptics 15.09.2006 8.2.4.6 unbekannt
Total Commander (Remove or Repair) 31.01.2013 notwendig
URL Assistant unbekannt
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 03.02.2013 unbekannt
Windows Installer 3.1 (KB893803) Microsoft Corporation unbekannt
Windows Internet Explorer 8 Microsoft Corporation 03.02.2013 20090308.140743 unbekannt
Windows Management Framework Core Microsoft Corporation 03.02.2013 unbekannt
Windows Media Format 11 runtime 17.12.2011 unbekannt
Windows Media Player 11 17.12.2011 unbekannt
Windows Search 4.0 Microsoft Corporation 03.02.2013 04.00.6001.503 unbekannt
Windows XP Service Pack 3 Microsoft Corporation 17.12.2011 20080414.031514 unbekannt
WinPC-NC Economy Demo Burkhard Lewetz, Hard- und Software 25.11.2011 2.00 unbekannt
YAKUMO EazyGo 05.10.2006 unbekannt

Antwort
Seite 1 von 2 1 2

Themen zu GVU Trojaner an bord :-(
anleitung, applaus, arten, bereinigung, bezahlen, gvu trojaner, gvu-trojaner, job, leitung, neues, scan, schei, schlau, selbstversuche, starte, starten, thema, toller, troja, trojaner, versuche


« habe 2 Trojaner gefunden >> TR/Tobfy.F.37 und TR/Tobfy.A.185 | GVU-Trojaner von selbst gelöscht? »


Ähnliche Themen: GVU Trojaner an bord :-(


  1. Trojaner an Bord
    Log-Analyse und Auswertung - 20.03.2015 (9)
  2. Trojaner an Bord....
    Plagegeister aller Art und deren Bekämpfung - 01.02.2014 (19)
  3. Trojaner an Bord: searchnu 406
    Log-Analyse und Auswertung - 19.04.2013 (12)
  4. Ein Trojaner an Bord?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2011 (28)
  5. Trojaner an bord
    Log-Analyse und Auswertung - 28.02.2010 (1)
  6. Trojaner an Bord
    Log-Analyse und Auswertung - 13.03.2009 (4)
  7. Trojaner on bord
    Plagegeister aller Art und deren Bekämpfung - 29.01.2009 (0)
  8. Trojaner an Bord
    Plagegeister aller Art und deren Bekämpfung - 08.01.2009 (1)
  9. 5 Trojaner an Bord
    Mülltonne - 19.10.2008 (0)
  10. Trojaner an Bord ?
    Mülltonne - 24.08.2008 (0)
  11. Trojaner an Bord, was nun?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2008 (4)
  12. Trojaner an Bord?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2006 (4)
  13. Trojaner an Bord
    Plagegeister aller Art und deren Bekämpfung - 05.02.2006 (1)
  14. Trojaner an Bord
    Log-Analyse und Auswertung - 17.01.2005 (3)
  15. Trojaner an Bord...
    Plagegeister aller Art und deren Bekämpfung - 17.01.2005 (3)
  16. Trojaner an Bord???
    Log-Analyse und Auswertung - 10.08.2004 (1)
  17. Trojaner an Bord?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2003 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner an bord :-( - mein Onkel hat sich einen GVU-Trojaner zugezogen! Gott sei Dank war die Dame an der Kasse so schlau ihm vom Bezahlen der 100,-€ abzuraten, sonst wären sie ersten Moneten schon - GVU Trojaner an bord :-(...
Archiv
Du betrachtest: GVU Trojaner an bord :-( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131