Polizei Virus ohne abgesicherter modus

franky1210 · 01.03.2013, 23:06

hey Leute hab seit einiger zeit einen Virus .... ich habe zwar gesucht und einiges ausprobiert aber alles leider erfolglos!

So hier mein Problem: ich habe einen Polizei Virus der auch im abgesicherten Modus ist.

Den Pc will ich nicht unbedingt neu ausfsetzen weil ich gerne die Fotos etc beibehalten möchte!

Könnte mir vielleicht wer dabei helfen ?

danke im voraus

mfg robert

markusg · 01.03.2013, 23:10

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade

OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Bebilderte Anleitung: OTLpe-Scan

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

franky1210 · 02.03.2013, 18:58

hey danke für die schnelle antwort

hat zwar etwas gedauert aber es hat alles ohne probleme funktioniert.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 3/2/2013 2:48:20 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 93.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149.04 Gb Total Space | 70.50 Gb Free Space | 47.30% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.84 Gb Free Space | 76.31% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (TeamViewer6)
SRV - File not found [On_Demand] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto] --  -- (mysql)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - File not found [Auto] --  -- (Apache2)
SRV - [2012/03/27 18:19:12 | 003,417,376 | ---- | M] () [Auto] -- C:\programme\gemeinsame dateien\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2011/06/29 07:09:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 03:58:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/05 00:15:58 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/02 17:06:07 | 000,604,416 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/07/02 17:06:06 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/10/06 19:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/18 04:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/04/27 07:21:36 | 000,028,928 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/05/04 04:39:24 | 000,267,824 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/19 06:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/01/19 05:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005/04/03 17:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (XDva370)
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (USBModem)
DRV - File not found [Kernel | On_Demand] --  -- (usbbus)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/06/29 07:09:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 07:09:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/25 12:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/17 08:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 08:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/10/06 19:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/12 11:21:40 | 000,500,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2009/04/30 16:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/03/18 11:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/05/12 10:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2006/09/12 06:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/14 08:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/26 07:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/03/24 11:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/03/13 04:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/07/14 04:55:36 | 000,029,696 | ---- | M] () [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\cel90xbe.sys -- (cel90xbe)
DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=002efc2100000000000000179a7525c1&tlver=1.4.19.19&affID=17159
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
IE - HKU\Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\Roswitha_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=002efc2100000000000000179a7525c1&tlver=1.4.19.19&affID=17159
IE - HKU\Roswitha_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Roswitha_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Roswitha_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 0B 66 4A D5 B8 CB 01  [binary data]
IE - HKU\Roswitha_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Roswitha_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/22 10:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/03/22 08:26:16 | 000,000,000 | ---D | M]
 
[2011/11/10 23:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/11/08 09:31:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/03/22 10:45:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010/11/12 12:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2006/09/26 06:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/03/22 10:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/06/07 16:54:20 | 000,002,423 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012/03/22 10:44:58 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/03/22 10:44:58 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/22 10:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/22 10:44:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/22 10:44:57 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004/11/11 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Roswitha_ON_C\..\Toolbar\WebBrowser: (no name) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe (the VideoLAN Team)
O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O4 - HKU\Besitzer_ON_C..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Besitzer_ON_C..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Besitzer_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O4 - HKU\Roswitha_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O4 - HKU\Roswitha_ON_C..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Roswitha_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe (the VideoLAN Team)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Besitzer_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O20 - HKU\Besitzer_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Roswitha_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O20 - HKU\Roswitha_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/02 12:10:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk - C:\Programme\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: D-Link AirPlus G DWL-G510 - hkey= - key= - C:\Programme\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link)
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig - StartUpReg: EPSON Stylus CX3600 Series - hkey= - key= -  File not found
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: Logitech Vid - hkey= - key= - C:\Programme\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: PlusService - hkey= - key= - C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programme\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/01 10:15:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache
[2013/03/01 10:15:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2013/03/01 10:15:02 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2013/03/01 10:15:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo
[2013/03/01 10:15:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
[2013/03/01 10:15:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör
[2013/03/01 10:15:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü
[2013/03/01 10:15:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
[2013/03/01 10:15:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies
[2013/03/01 10:15:02 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen
[2013/03/01 10:15:02 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2013/03/01 10:15:02 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
[2013/03/01 10:15:02 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
[2013/03/01 10:15:02 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
[2013/03/01 10:15:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2013/03/01 10:15:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2013/03/01 10:15:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten
[2013/03/01 10:15:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/01 11:29:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/01 10:12:17 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/03/01 10:12:17 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/01 10:12:17 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/03/01 10:12:17 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/01 10:10:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/01 10:15:03 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
[2013/03/01 10:15:03 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk
[2012/03/21 15:05:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/26 13:38:32 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2012/02/06 05:08:49 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2012/02/06 05:08:49 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2012/02/06 05:08:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2012/02/06 05:03:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini
[2012/02/06 04:58:36 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/02/06 04:58:36 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/02/06 04:58:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/02/02 15:06:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2012/01/22 13:44:26 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012/01/18 15:00:42 | 000,000,185 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2012/01/02 17:32:05 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\Roswitha\default.pls
[2012/01/01 19:20:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/12/30 08:43:24 | 000,013,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/26 12:49:56 | 000,003,535 | ---- | C] () -- C:\WINDOWS\my.ini
[2011/08/17 07:33:30 | 000,063,904 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011/07/09 13:13:01 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2011/04/09 11:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/02/12 16:06:07 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2011/02/12 16:06:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2011/02/12 14:58:52 | 000,004,990 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe
[2010/11/17 09:17:43 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/10/27 08:28:59 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/05 13:31:08 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Roswitha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 09:54:34 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\default.pls
[2010/07/19 09:54:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/02 16:55:07 | 000,061,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 16:51:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/02 13:02:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/02 13:01:47 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/02 13:01:46 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/02 13:01:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/02 13:01:19 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/02 13:01:17 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/02 12:54:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 12:54:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/02 12:38:47 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/07/02 12:38:47 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/07/02 12:35:51 | 000,004,364 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/07/02 12:35:49 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/07/02 12:11:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 12:07:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/06 19:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/06 19:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/02 03:58:12 | 000,017,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2004/11/11 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/11 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/11 07:00:00 | 000,459,250 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/11/11 07:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/11 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/11 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/11/11 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/11 07:00:00 | 000,084,754 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/11/11 07:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/11 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/11 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/11/11 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/11 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/11 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/11 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/11 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/01/04 07:32:56 | 000,442,437 | ---- | C] () -- C:\WINDOWS\System32\Pajant.dll
 
========== LOP Check ==========
 
[2013/03/01 10:15:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2012/03/02 16:24:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\.minecraft
[2011/06/07 18:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\BabylonToolbar
[2011/02/12 14:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Carambis
[2012/02/15 06:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\cerasus.media
[2011/07/09 13:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DragonicaSCB
[2011/12/09 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoft
[2010/12/15 12:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011/04/24 14:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Garena
[2012/03/28 00:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gema
[2010/12/22 16:14:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\GetRightToGo
[2011/03/12 12:16:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\id Software
[2011/12/21 08:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Leadertech
[2010/12/07 18:31:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\LolClient
[2010/08/11 08:35:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong
[2012/03/05 13:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Rainmeter
[2010/10/20 14:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TS3Client
[2010/07/02 17:04:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TuneUp Software
[2011/12/25 11:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ubisoft
[2010/12/22 16:21:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Zylom
[2011/06/07 16:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\BabylonToolbar
[2012/03/28 00:55:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\gema
[2011/01/03 07:57:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\LolClient
[2010/08/01 09:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\PhotoScape
[2010/10/19 15:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\TuneUp Software
[2012/01/05 16:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2012/03/28 00:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2011/03/12 12:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2011/08/14 06:48:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit
[2012/01/01 20:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2010/08/31 15:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2010/12/22 16:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2010/10/17 15:10:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nexon
[2012/03/27 19:07:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010/11/07 09:09:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ReviverSoft
[2011/03/04 12:03:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2010/07/02 17:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012/02/06 05:11:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011/01/29 14:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xOcean
[2010/12/22 16:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2010/07/02 17:04:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2012/03/28 00:54:50 | 000,000,498 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/03/15 05:36:34 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/08/17 08:17:17 | 000,000,000 | ---D | M] -- C:\1e45216d4b3af75af433fcae83547d
[2010/11/18 08:31:55 | 000,000,000 | ---D | M] -- C:\44edae7a82caaac79da7bbcaad
[2010/08/01 09:05:47 | 000,000,000 | ---D | M] -- C:\67ba3680eb975e5687ee3896fc093d35
[2011/08/17 08:23:37 | 000,000,000 | ---D | M] -- C:\a313f45994dd3552446aa15b
[2012/03/24 11:17:57 | 000,000,000 | ---D | M] -- C:\AeriaGames
[2011/09/05 13:36:04 | 000,000,000 | ---D | M] -- C:\BV-Admin
[2012/03/24 05:46:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2013/03/01 10:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010/10/17 13:26:43 | 000,000,000 | ---D | M] -- C:\gPotato.eu
[2011/02/12 15:06:14 | 000,000,000 | ---D | M] -- C:\HANBIT
[2010/12/28 13:37:07 | 000,000,000 | -H-D | M] -- C:\kleaner.tmp
[2012/01/22 13:28:44 | 000,000,000 | ---D | M] -- C:\log
[2010/09/02 16:26:47 | 000,000,000 | ---D | M] -- C:\models
[2010/07/02 13:01:12 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012/01/01 19:18:22 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/01/05 16:50:59 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/03/25 16:59:52 | 000,000,000 | R--D | M] -- C:\Programme
[2010/07/16 03:08:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/01/18 15:04:49 | 000,000,000 | ---D | M] -- C:\SIERRA
[2010/12/28 13:40:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/01/01 19:51:27 | 000,000,000 | ---D | M] -- C:\Temp
[2011/06/10 10:47:56 | 000,000,000 | ---D | M] -- C:\Users
[2012/02/06 07:06:14 | 000,000,000 | ---D | M] -- C:\Valve
[2013/03/01 10:10:59 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/11/11 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/08/11 20:52:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/08/11 20:52:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/08/11 20:52:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/11/11 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/08/11 20:52:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/08/11 20:52:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/08/11 20:52:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/11/11 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/11/11 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/11/11 07:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/11/11 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/11/11 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/11/11 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/11/11 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/11/11 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=DB37D307003055ED09711CB3417814C7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/11/11 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/11/11 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010/07/02 14:00:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/07/02 14:00:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/07/02 14:00:16 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/12/18 08:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/12/17 14:43:23 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 21:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 21:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 09:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >

--- --- ---

markusg · 03.03.2013, 18:41

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\Roswitha_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O4 - HKU\Besitzer_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (the VideoLAN Team)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe
(the VideoLAN Team)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe (the VideoLAN Team)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe
(the VideoLAN Team)
O20 - HKU\Besitzer_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gema\gema.exe
(the VideoLAN Team)
O20 - HKU\Roswitha_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\gema\gema.exe
(the VideoLAN Team)
:Files
C:\Dokumente und Einstellungen\Roswitha\Anwendungsdaten\gema
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

franky1210 · 03.03.2013, 20:19

hey es gab so manche probleme ...

ich bin jz zwar wieder im benutzerkonto drinnen und der virus hat sich nicht gemeldet aber ich habe keinen _otl ordner oder log bekommen :S

was soll ich da jetzt tun ?

markusg · 03.03.2013, 20:49

was heißt manche probleme, ich sitze nich am pc.
evtl. ist _OTL auf nem anderen laufwerk /usb stick

franky1210 · 03.03.2013, 20:59

ja ich hab auf meinen stickgeschaut da ist auch kein ordner oder sonstiges anderes laufwerk habe ich nicht :S

nja zuerst konnte ich nicht run fix drücken
dann hat er auch nicht neugestartet was ich dann manuell gemacht habe
dann hat er pausenlos neugestartet wo ich die festplatte dann in ein anderen pc eingebaut habe und dann hat es einwandfrei funktioniert und war auch nichts mehr vom virus zu sehen ...

markusg · 03.03.2013, 21:21

dann ist derordner auf dem anderen pc

franky1210 · 03.03.2013, 21:29

ne leider auch nicht ...

das ist nicht gut oder ??

markusg · 04.03.2013, 20:23

weiter damit:
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

franky1210 · 05.03.2013, 12:27

ok hier hier der log :

Zitat:

12:23:26.0609 3376 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:23:26.0703 3376 ============================================================
12:23:26.0703 3376 Current date / time: 2013/03/05 12:23:26.0703
12:23:26.0703 3376 SystemInfo:
12:23:26.0703 3376
12:23:26.0703 3376 OS Version: 5.1.2600 ServicePack: 3.0
12:23:26.0703 3376 Product type: Workstation
12:23:26.0703 3376 ComputerName: BV-TESAR
12:23:26.0703 3376 UserName: Besitzer
12:23:26.0703 3376 Windows directory: C:\WINDOWS
12:23:26.0703 3376 System windows directory: C:\WINDOWS
12:23:26.0703 3376 Processor architecture: Intel x86
12:23:26.0703 3376 Number of processors: 2
12:23:26.0703 3376 Page size: 0x1000
12:23:26.0703 3376 Boot type: Normal boot
12:23:26.0703 3376 ============================================================
12:23:27.0484 3376 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:23:27.0515 3376 ============================================================
12:23:27.0515 3376 \Device\Harddisk0\DR0:
12:23:27.0515 3376 MBR partitions:
12:23:27.0515 3376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
12:23:27.0515 3376 ============================================================
12:23:27.0546 3376 C: <-> \Device\Harddisk0\DR0\Partition1
12:23:27.0546 3376 ============================================================
12:23:27.0546 3376 Initialize success
12:23:27.0546 3376 ============================================================
12:23:30.0203 2612 ============================================================
12:23:30.0203 2612 Scan started
12:23:30.0203 2612 Mode: Manual;
12:23:30.0203 2612 ============================================================
12:23:31.0031 2612 ================ Scan system memory ========================
12:23:31.0031 2612 System memory - ok
12:23:31.0031 2612 ================ Scan services =============================
12:23:31.0140 2612 Abiosdsk - ok
12:23:31.0156 2612 abp480n5 - ok
12:23:31.0171 2612 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:23:31.0187 2612 ACPI - ok
12:23:31.0203 2612 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:23:31.0218 2612 ACPIEC - ok
12:23:31.0218 2612 adpu160m - ok
12:23:31.0234 2612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:23:31.0265 2612 aec - ok
12:23:31.0296 2612 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:23:31.0296 2612 AFD - ok
12:23:31.0296 2612 Aha154x - ok
12:23:31.0296 2612 aic78u2 - ok
12:23:31.0312 2612 aic78xx - ok
12:23:31.0468 2612 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll
12:23:31.0468 2612 Suspicious file (Hidden): c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
12:23:31.0484 2612 Akamai ( HiddenFile.Multi.Generic ) - warning
12:23:31.0484 2612 Akamai - detected HiddenFile.Multi.Generic (1)
12:23:31.0515 2612 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:23:31.0515 2612 Alerter - ok
12:23:31.0531 2612 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
12:23:31.0531 2612 ALG - ok
12:23:31.0546 2612 AliIde - ok
12:23:31.0546 2612 amsint - ok
12:23:31.0578 2612 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
12:23:31.0593 2612 AntiVirSchedulerService - ok
12:23:31.0609 2612 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:23:31.0609 2612 AntiVirService - ok
12:23:31.0656 2612 Apache2 - ok
12:23:31.0656 2612 AppMgmt - ok
12:23:31.0671 2612 asc - ok
12:23:31.0671 2612 asc3350p - ok
12:23:31.0671 2612 asc3550 - ok
12:23:31.0750 2612 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:23:31.0781 2612 aspnet_state - ok
12:23:31.0812 2612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:23:31.0828 2612 AsyncMac - ok
12:23:31.0843 2612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:23:31.0859 2612 atapi - ok
12:23:31.0859 2612 Atdisk - ok
12:23:31.0953 2612 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:23:31.0984 2612 Ati HotKey Poller - ok
12:23:32.0046 2612 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
12:23:32.0312 2612 ATI Smart - ok
12:23:32.0500 2612 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:23:32.0718 2612 ati2mtag - ok
12:23:32.0734 2612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:23:32.0734 2612 Atmarpc - ok
12:23:32.0765 2612 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:23:32.0765 2612 AudioSrv - ok
12:23:32.0796 2612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:23:32.0796 2612 audstub - ok
12:23:32.0828 2612 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:23:32.0828 2612 avgntflt - ok
12:23:32.0859 2612 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:23:32.0875 2612 avipbb - ok
12:23:32.0906 2612 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:23:32.0906 2612 avkmgr - ok
12:23:32.0937 2612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:23:32.0937 2612 Beep - ok
12:23:32.0984 2612 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
12:23:33.0031 2612 BITS - ok
12:23:33.0046 2612 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
12:23:33.0046 2612 Browser - ok
12:23:33.0078 2612 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:23:33.0078 2612 BthEnum - ok
12:23:33.0093 2612 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
12:23:33.0093 2612 BTHMODEM - ok
12:23:33.0125 2612 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:23:33.0125 2612 BthPan - ok
12:23:33.0171 2612 [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
12:23:33.0171 2612 BTHPORT - ok
12:23:33.0203 2612 [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ C:\WINDOWS\System32\bthserv.dll
12:23:33.0203 2612 BthServ - ok
12:23:33.0218 2612 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:23:33.0218 2612 BTHUSB - ok
12:23:33.0265 2612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:23:33.0265 2612 cbidf2k - ok
12:23:33.0281 2612 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:23:33.0296 2612 CCDECODE - ok
12:23:33.0296 2612 cd20xrnt - ok
12:23:33.0328 2612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:23:33.0328 2612 Cdaudio - ok
12:23:33.0343 2612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:23:33.0359 2612 Cdfs - ok
12:23:33.0375 2612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:23:33.0390 2612 Cdrom - ok
12:23:33.0421 2612 cel90xbe - ok
12:23:33.0421 2612 Changer - ok
12:23:33.0453 2612 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:23:33.0468 2612 CiSvc - ok
12:23:33.0484 2612 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:23:33.0484 2612 ClipSrv - ok
12:23:33.0546 2612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:23:33.0609 2612 clr_optimization_v2.0.50727_32 - ok
12:23:33.0609 2612 CmdIde - ok
12:23:33.0625 2612 COMSysApp - ok
12:23:33.0625 2612 Cpqarray - ok
12:23:33.0656 2612 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:23:33.0656 2612 CryptSvc - ok
12:23:33.0671 2612 dac2w2k - ok
12:23:33.0671 2612 dac960nt - ok
12:23:33.0687 2612 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:23:33.0703 2612 DcomLaunch - ok
12:23:33.0734 2612 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:23:33.0734 2612 Dhcp - ok
12:23:33.0750 2612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:23:33.0750 2612 Disk - ok
12:23:33.0750 2612 dmadmin - ok
12:23:33.0796 2612 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:23:33.0812 2612 dmboot - ok
12:23:33.0843 2612 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:23:33.0843 2612 dmio - ok
12:23:33.0875 2612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:23:33.0875 2612 dmload - ok
12:23:33.0890 2612 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:23:33.0906 2612 dmserver - ok
12:23:33.0906 2612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:23:33.0921 2612 DMusic - ok
12:23:33.0937 2612 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:23:33.0937 2612 Dnscache - ok
12:23:33.0968 2612 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:23:33.0984 2612 Dot3svc - ok
12:23:33.0984 2612 dpti2o - ok
12:23:34.0000 2612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:23:34.0000 2612 drmkaud - ok
12:23:34.0015 2612 EagleNT - ok
12:23:34.0015 2612 EagleXNt - ok
12:23:34.0031 2612 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:23:34.0031 2612 EapHost - ok
12:23:34.0062 2612 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:23:34.0062 2612 ERSvc - ok
12:23:34.0093 2612 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
12:23:34.0093 2612 Eventlog - ok
12:23:34.0125 2612 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
12:23:34.0125 2612 EventSystem - ok
12:23:34.0140 2612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:23:34.0156 2612 Fastfat - ok
12:23:34.0187 2612 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:23:34.0187 2612 FastUserSwitchingCompatibility - ok
12:23:34.0203 2612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:23:34.0203 2612 Fdc - ok
12:23:34.0218 2612 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:23:34.0234 2612 Fips - ok
12:23:34.0250 2612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:23:34.0250 2612 Flpydisk - ok
12:23:34.0281 2612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:23:34.0281 2612 FltMgr - ok
12:23:34.0328 2612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:23:34.0343 2612 FontCache3.0.0.0 - ok
12:23:34.0343 2612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:23:34.0343 2612 Fs_Rec - ok
12:23:34.0375 2612 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:23:34.0375 2612 Ftdisk - ok
12:23:34.0390 2612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:23:34.0390 2612 Gpc - ok
12:23:34.0421 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
12:23:34.0421 2612 gupdate - ok
12:23:34.0437 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
12:23:34.0437 2612 gupdatem - ok
12:23:34.0468 2612 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
12:23:34.0468 2612 hamachi - ok
12:23:34.0484 2612 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:23:34.0484 2612 HDAudBus - ok
12:23:34.0531 2612 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:23:34.0531 2612 helpsvc - ok
12:23:34.0562 2612 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
12:23:34.0562 2612 HidServ - ok
12:23:34.0578 2612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:23:34.0593 2612 hidusb - ok
12:23:34.0625 2612 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:23:34.0625 2612 hkmsvc - ok
12:23:34.0625 2612 hpn - ok
12:23:34.0656 2612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:23:34.0671 2612 HTTP - ok
12:23:34.0687 2612 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:23:34.0687 2612 HTTPFilter - ok
12:23:34.0687 2612 i2omgmt - ok
12:23:34.0703 2612 i2omp - ok
12:23:34.0718 2612 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
12:23:34.0718 2612 i8042prt - ok
12:23:34.0750 2612 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:23:34.0765 2612 IDriverT - ok
12:23:34.0812 2612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:23:34.0921 2612 idsvc - ok
12:23:34.0953 2612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:23:34.0953 2612 Imapi - ok
12:23:34.0984 2612 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
12:23:34.0984 2612 ImapiService - ok
12:23:34.0984 2612 ini910u - ok
12:23:35.0109 2612 [ A5D5B8C427F4B67580FB2B511291A89D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:23:35.0203 2612 IntcAzAudAddService - ok
12:23:35.0218 2612 IntelIde - ok
12:23:35.0312 2612 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:23:35.0312 2612 intelppm - ok
12:23:35.0328 2612 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:23:35.0343 2612 Ip6Fw - ok
12:23:35.0359 2612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:23:35.0359 2612 IpFilterDriver - ok
12:23:35.0375 2612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:23:35.0375 2612 IpInIp - ok
12:23:35.0406 2612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:23:35.0406 2612 IpNat - ok
12:23:35.0421 2612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:23:35.0421 2612 IPSec - ok
12:23:35.0437 2612 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
12:23:35.0453 2612 irda - ok
12:23:35.0468 2612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:23:35.0468 2612 IRENUM - ok
12:23:35.0484 2612 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
12:23:35.0484 2612 Irmon - ok
12:23:35.0515 2612 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
12:23:35.0515 2612 irsir - ok
12:23:35.0531 2612 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:23:35.0531 2612 isapnp - ok
12:23:35.0593 2612 [ E731921DB2E17DCD3DB472FAD5549C57 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
12:23:35.0593 2612 JavaQuickStarterService - ok
12:23:35.0609 2612 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:23:35.0609 2612 Kbdclass - ok
12:23:35.0640 2612 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:23:35.0640 2612 kbdhid - ok
12:23:35.0656 2612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:23:35.0671 2612 kmixer - ok
12:23:35.0687 2612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:23:35.0703 2612 KSecDD - ok
12:23:35.0718 2612 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:23:35.0734 2612 lanmanserver - ok
12:23:35.0750 2612 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:23:35.0750 2612 lanmanworkstation - ok
12:23:35.0750 2612 lbrtfdc - ok
12:23:35.0796 2612 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
12:23:35.0796 2612 LightScribeService - ok
12:23:35.0812 2612 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:23:35.0812 2612 LmHosts - ok
12:23:35.0843 2612 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
12:23:35.0859 2612 LVPr2Mon - ok
12:23:35.0875 2612 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
12:23:35.0890 2612 LVPrcSrv - ok
12:23:35.0906 2612 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:23:35.0906 2612 Messenger - ok
12:23:35.0937 2612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:23:35.0937 2612 mnmdd - ok
12:23:35.0953 2612 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:23:35.0968 2612 mnmsrvc - ok
12:23:35.0984 2612 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:23:35.0984 2612 Modem - ok
12:23:36.0000 2612 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:23:36.0015 2612 Mouclass - ok
12:23:36.0046 2612 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:23:36.0062 2612 mouhid - ok
12:23:36.0078 2612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:23:36.0078 2612 MountMgr - ok
12:23:36.0078 2612 mraid35x - ok
12:23:36.0093 2612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:23:36.0109 2612 MRxDAV - ok
12:23:36.0156 2612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:23:36.0156 2612 MRxSmb - ok
12:23:36.0187 2612 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:23:36.0203 2612 MSDTC - ok
12:23:36.0218 2612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:23:36.0218 2612 Msfs - ok
12:23:36.0218 2612 MSIServer - ok
12:23:36.0265 2612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:23:36.0265 2612 MSKSSRV - ok
12:23:36.0281 2612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:23:36.0281 2612 MSPCLOCK - ok
12:23:36.0296 2612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:23:36.0312 2612 MSPQM - ok
12:23:36.0343 2612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:23:36.0343 2612 mssmbios - ok
12:23:36.0375 2612 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:23:36.0375 2612 MSTEE - ok
12:23:36.0406 2612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:23:36.0406 2612 Mup - ok
12:23:36.0406 2612 mysql - ok
12:23:36.0437 2612 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:23:36.0453 2612 NABTSFEC - ok
12:23:36.0468 2612 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
12:23:36.0500 2612 napagent - ok
12:23:36.0515 2612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:23:36.0531 2612 NDIS - ok
12:23:36.0546 2612 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:23:36.0546 2612 NdisIP - ok
12:23:36.0578 2612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:23:36.0578 2612 NdisTapi - ok
12:23:36.0578 2612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:23:36.0593 2612 Ndisuio - ok
12:23:36.0593 2612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:23:36.0609 2612 NdisWan - ok
12:23:36.0625 2612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:23:36.0625 2612 NDProxy - ok
12:23:36.0640 2612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:23:36.0640 2612 NetBIOS - ok
12:23:36.0656 2612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:23:36.0671 2612 NetBT - ok
12:23:36.0703 2612 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
12:23:36.0718 2612 NetDDE - ok
12:23:36.0734 2612 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:23:36.0734 2612 NetDDEdsdm - ok
12:23:36.0750 2612 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:23:36.0750 2612 Netlogon - ok
12:23:36.0765 2612 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
12:23:36.0781 2612 Netman - ok
12:23:36.0796 2612 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:23:36.0812 2612 NetTcpPortSharing - ok
12:23:36.0828 2612 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
12:23:36.0843 2612 Nla - ok
12:23:36.0859 2612 NMIndexingService - ok
12:23:36.0875 2612 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
12:23:36.0890 2612 NPF - ok
12:23:36.0906 2612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:23:36.0906 2612 Npfs - ok
12:23:36.0921 2612 npggsvc - ok
12:23:36.0937 2612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:23:36.0953 2612 Ntfs - ok
12:23:36.0968 2612 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:23:36.0968 2612 NtLmSsp - ok
12:23:37.0000 2612 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:23:37.0015 2612 NtmsSvc - ok
12:23:37.0031 2612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:23:37.0031 2612 Null - ok
12:23:37.0343 2612 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:23:37.0578 2612 nv - ok
12:23:37.0609 2612 [ 1982E96B2C5C2EFFEF38EFC37293A42E ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:23:37.0609 2612 NVSvc - ok
12:23:37.0656 2612 [ E6568D2D90028207587CB43CD8E5FD01 ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:23:37.0687 2612 nvUpdatusService - ok
12:23:37.0718 2612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:23:37.0718 2612 NwlnkFlt - ok
12:23:37.0734 2612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:23:37.0750 2612 NwlnkFwd - ok
12:23:37.0765 2612 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:23:37.0765 2612 ohci1394 - ok
12:23:37.0796 2612 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:23:37.0796 2612 Parport - ok
12:23:37.0812 2612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:23:37.0812 2612 PartMgr - ok
12:23:37.0843 2612 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:23:37.0843 2612 ParVdm - ok
12:23:37.0859 2612 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:23:37.0859 2612 PCI - ok
12:23:37.0859 2612 PCIDump - ok
12:23:37.0875 2612 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:23:37.0875 2612 PCIIde - ok
12:23:37.0890 2612 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:23:37.0906 2612 Pcmcia - ok
12:23:37.0906 2612 PDCOMP - ok
12:23:37.0906 2612 PDFRAME - ok
12:23:37.0906 2612 PDRELI - ok
12:23:37.0921 2612 PDRFRAME - ok
12:23:37.0921 2612 perc2 - ok
12:23:37.0921 2612 perc2hib - ok
12:23:38.0015 2612 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
12:23:38.0062 2612 PID_PEPI - ok
12:23:38.0078 2612 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
12:23:38.0093 2612 PlugPlay - ok
12:23:38.0109 2612 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:23:38.0109 2612 PolicyAgent - ok
12:23:38.0125 2612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:23:38.0125 2612 PptpMiniport - ok
12:23:38.0140 2612 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
12:23:38.0140 2612 Processor - ok
12:23:38.0140 2612 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:23:38.0156 2612 ProtectedStorage - ok
12:23:38.0156 2612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:23:38.0171 2612 PSched - ok
12:23:38.0171 2612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:23:38.0187 2612 Ptilink - ok
12:23:38.0187 2612 ql1080 - ok
12:23:38.0187 2612 Ql10wnt - ok
12:23:38.0203 2612 ql12160 - ok
12:23:38.0203 2612 ql1240 - ok
12:23:38.0203 2612 ql1280 - ok
12:23:38.0234 2612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:23:38.0234 2612 RasAcd - ok
12:23:38.0265 2612 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:23:38.0281 2612 RasAuto - ok
12:23:38.0296 2612 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:23:38.0296 2612 Rasirda - ok
12:23:38.0312 2612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:23:38.0312 2612 Rasl2tp - ok
12:23:38.0343 2612 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:23:38.0343 2612 RasMan - ok
12:23:38.0375 2612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:23:38.0375 2612 RasPppoe - ok
12:23:38.0390 2612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:23:38.0390 2612 Raspti - ok
12:23:38.0421 2612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:23:38.0421 2612 Rdbss - ok
12:23:38.0437 2612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:23:38.0453 2612 RDPCDD - ok
12:23:38.0468 2612 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:23:38.0468 2612 RDPWD - ok
12:23:38.0500 2612 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:23:38.0515 2612 RDSessMgr - ok
12:23:38.0531 2612 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:23:38.0531 2612 redbook - ok
12:23:38.0578 2612 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:23:38.0609 2612 RemoteAccess - ok
12:23:38.0640 2612 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:23:38.0671 2612 RFCOMM - ok
12:23:38.0718 2612 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Programme\WinPcap\rpcapd.exe
12:23:38.0734 2612 rpcapd - ok
12:23:38.0765 2612 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:23:38.0781 2612 RpcLocator - ok
12:23:38.0828 2612 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:23:38.0828 2612 RpcSs - ok
12:23:38.0875 2612 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:23:38.0906 2612 RSVP - ok
12:23:38.0953 2612 [ 57F390BF7AF0F68BB804387CBC3A4F0D ] RT61 C:\WINDOWS\system32\DRIVERS\RT61.sys
12:23:39.0046 2612 RT61 - ok
12:23:39.0078 2612 [ 25BE98C05808C57E4D8D26477DC12D39 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:23:39.0093 2612 RTLE8023xp - ok
12:23:39.0125 2612 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
12:23:39.0125 2612 SamSs - ok
12:23:39.0140 2612 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:23:39.0187 2612 SCardSvr - ok
12:23:39.0218 2612 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:23:39.0234 2612 Schedule - ok
12:23:39.0281 2612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:23:39.0312 2612 Secdrv - ok
12:23:39.0328 2612 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
12:23:39.0343 2612 seclogon - ok
12:23:39.0375 2612 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
12:23:39.0390 2612 SENS - ok
12:23:39.0437 2612 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:23:39.0453 2612 serenum - ok
12:23:39.0468 2612 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:23:39.0500 2612 Serial - ok
12:23:39.0515 2612 [ 9E7DEE11FD5A4355941A45F13C0ED59A ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
12:23:39.0515 2612 sfdrv01 - ok
12:23:39.0562 2612 [ ECEFB59D2206D281E6D317AF0EA0D8BD ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
12:23:39.0562 2612 sfhlp02 - ok
12:23:39.0593 2612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:23:39.0609 2612 Sfloppy - ok
12:23:39.0640 2612 [ 05E3038180CD846B0BCA0E915163606A ] sfsync04 C:\WINDOWS\system32\drivers\sfsync04.sys
12:23:39.0640 2612 sfsync04 - ok
12:23:39.0734 2612 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:23:39.0781 2612 SharedAccess - ok
12:23:39.0843 2612 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:23:39.0843 2612 ShellHWDetection - ok
12:23:39.0843 2612 Simbad - ok
12:23:39.0875 2612 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
12:23:39.0890 2612 SkypeUpdate - ok
12:23:39.0937 2612 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:23:39.0937 2612 SLIP - ok
12:23:39.0937 2612 Sparrow - ok
12:23:39.0968 2612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:23:39.0984 2612 splitter - ok
12:23:40.0015 2612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:23:40.0015 2612 Spooler - ok
12:23:40.0062 2612 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:23:40.0062 2612 sr - ok
12:23:40.0093 2612 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
12:23:40.0109 2612 srservice - ok
12:23:40.0171 2612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:23:40.0218 2612 Srv - ok
12:23:40.0234 2612 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:23:40.0250 2612 SSDPSRV - ok
12:23:40.0281 2612 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:23:40.0312 2612 ssmdrv - ok
12:23:40.0359 2612 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:23:40.0390 2612 stisvc - ok
12:23:40.0406 2612 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:23:40.0421 2612 streamip - ok
12:23:40.0453 2612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:23:40.0453 2612 swenum - ok
12:23:40.0468 2612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:23:40.0484 2612 swmidi - ok
12:23:40.0484 2612 SwPrv - ok
12:23:40.0484 2612 symc810 - ok
12:23:40.0500 2612 symc8xx - ok
12:23:40.0500 2612 sym_hi - ok
12:23:40.0500 2612 sym_u3 - ok
12:23:40.0531 2612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:23:40.0531 2612 sysaudio - ok
12:23:40.0562 2612 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:23:40.0562 2612 SysmonLog - ok
12:23:40.0593 2612 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:23:40.0593 2612 TapiSrv - ok
12:23:40.0625 2612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:23:40.0656 2612 Tcpip - ok
12:23:40.0703 2612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:23:40.0703 2612 TDPIPE - ok
12:23:40.0734 2612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:23:40.0750 2612 TDTCP - ok
12:23:40.0812 2612 TeamViewer6 - ok
12:23:40.0812 2612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:23:40.0828 2612 TermDD - ok
12:23:40.0843 2612 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
12:23:40.0859 2612 TermService - ok
12:23:40.0906 2612 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:23:40.0906 2612 Themes - ok
12:23:40.0921 2612 TosIde - ok
12:23:40.0921 2612 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:23:40.0937 2612 TrkWks - ok
12:23:40.0953 2612 [ 195664ACFB0DD5A296672E0A7B20F380 ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
12:23:40.0984 2612 TuneUp.Defrag - ok
12:23:41.0015 2612 [ F21C3B0BD8CF9509CBB333001BC6C24D ] TuneUp.ProgramStatisticsSvc C:\WINDOWS\System32\TUProgSt.exe
12:23:41.0046 2612 TuneUp.ProgramStatisticsSvc - ok
12:23:41.0062 2612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:23:41.0078 2612 Udfs - ok
12:23:41.0078 2612 ultra - ok
12:23:41.0109 2612 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:23:41.0109 2612 UMWdf - ok
12:23:41.0250 2612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:23:41.0281 2612 Update - ok
12:23:41.0312 2612 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:23:41.0343 2612 upnphost - ok
12:23:41.0375 2612 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
12:23:41.0375 2612 UPS - ok
12:23:41.0421 2612 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:23:41.0437 2612 usbaudio - ok
12:23:41.0437 2612 usbbus - ok
12:23:41.0468 2612 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:23:41.0484 2612 usbccgp - ok
12:23:41.0500 2612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:23:41.0500 2612 usbehci - ok
12:23:41.0515 2612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:23:41.0531 2612 usbhub - ok
12:23:41.0531 2612 USBModem - ok
12:23:41.0546 2612 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:23:41.0562 2612 usbohci - ok
12:23:41.0578 2612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:23:41.0578 2612 usbprint - ok
12:23:41.0609 2612 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:23:41.0609 2612 usbscan - ok
12:23:41.0625 2612 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:23:41.0625 2612 usbstor - ok
12:23:41.0656 2612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:23:41.0656 2612 usbuhci - ok
12:23:41.0671 2612 [ A98E8E3CF1E8375B7E13596DE52F558C ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
12:23:41.0687 2612 UxTuneUp - ok
12:23:41.0687 2612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:23:41.0703 2612 VgaSave - ok
12:23:41.0703 2612 ViaIde - ok
12:23:41.0718 2612 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:23:41.0718 2612 VolSnap - ok
12:23:41.0734 2612 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
12:23:41.0750 2612 VSS - ok
12:23:41.0765 2612 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
12:23:41.0781 2612 W32Time - ok
12:23:41.0796 2612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:23:41.0796 2612 Wanarp - ok
12:23:41.0796 2612 WDICA - ok
12:23:41.0812 2612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:23:41.0828 2612 wdmaud - ok
12:23:41.0828 2612 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:23:41.0843 2612 WebClient - ok
12:23:41.0890 2612 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:23:41.0890 2612 winmgmt - ok
12:23:41.0968 2612 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:23:42.0000 2612 wlidsvc - ok
12:23:42.0015 2612 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:23:42.0031 2612 WmdmPmSN - ok
12:23:42.0046 2612 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:23:42.0046 2612 WmiApSrv - ok
12:23:42.0078 2612 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
12:23:42.0093 2612 WpdUsb - ok
12:23:42.0109 2612 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:23:42.0109 2612 wscsvc - ok
12:23:42.0140 2612 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:23:42.0156 2612 WSTCODEC - ok
12:23:42.0171 2612 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:23:42.0171 2612 wuauserv - ok
12:23:42.0187 2612 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:23:42.0203 2612 WudfPf - ok
12:23:42.0218 2612 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:23:42.0234 2612 WudfRd - ok
12:23:42.0265 2612 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:23:42.0281 2612 WudfSvc - ok
12:23:42.0312 2612 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:23:42.0359 2612 WZCSVC - ok
12:23:42.0375 2612 XDva370 - ok
12:23:42.0390 2612 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:23:42.0406 2612 xmlprov - ok
12:23:42.0421 2612 ================ Scan global ===============================
12:23:42.0437 2612 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
12:23:42.0468 2612 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:23:42.0484 2612 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:23:42.0500 2612 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
12:23:42.0500 2612 [Global] - ok
12:23:42.0500 2612 ================ Scan MBR ==================================
12:23:42.0515 2612 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
12:23:42.0640 2612 \Device\Harddisk0\DR0 - ok
12:23:42.0640 2612 ================ Scan VBR ==================================
12:23:42.0640 2612 [ 5123ACE1FB9D6B985AD9BBC47F76D35C ] \Device\Harddisk0\DR0\Partition1
12:23:42.0640 2612 \Device\Harddisk0\DR0\Partition1 - ok
12:23:42.0640 2612 ============================================================
12:23:42.0640 2612 Scan finished
12:23:42.0640 2612 ============================================================
12:23:42.0656 0404 Detected object count: 1
12:23:42.0656 0404 Actual detected object count: 1
12:24:40.0937 0404 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:24:40.0937 0404 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

markusg · 05.03.2013, 18:46

anleitung lesen bitte und noch mal scannen, konfiguration war falsch

franky1210 · 06.03.2013, 02:30

sry :S

hier der neue mit richtiger konfi:

Zitat:

02:27:43.0984 2312 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:27:44.0171 2312 ============================================================
02:27:44.0171 2312 Current date / time: 2013/03/06 02:27:44.0171
02:27:44.0171 2312 SystemInfo:
02:27:44.0171 2312
02:27:44.0171 2312 OS Version: 5.1.2600 ServicePack: 3.0
02:27:44.0171 2312 Product type: Workstation
02:27:44.0171 2312 ComputerName: BV-TESAR
02:27:44.0171 2312 UserName: Besitzer
02:27:44.0171 2312 Windows directory: C:\WINDOWS
02:27:44.0171 2312 System windows directory: C:\WINDOWS
02:27:44.0171 2312 Processor architecture: Intel x86
02:27:44.0171 2312 Number of processors: 2
02:27:44.0171 2312 Page size: 0x1000
02:27:44.0171 2312 Boot type: Normal boot
02:27:44.0171 2312 ============================================================
02:27:44.0625 2312 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:27:44.0656 2312 ============================================================
02:27:44.0656 2312 \Device\Harddisk0\DR0:
02:27:44.0656 2312 MBR partitions:
02:27:44.0656 2312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
02:27:44.0656 2312 ============================================================
02:27:44.0671 2312 C: <-> \Device\Harddisk0\DR0\Partition1
02:27:44.0671 2312 ============================================================
02:27:44.0671 2312 Initialize success
02:27:44.0671 2312 ============================================================
02:28:05.0468 4684 ============================================================
02:28:05.0468 4684 Scan started
02:28:05.0468 4684 Mode: Manual; SigCheck; TDLFS;
02:28:05.0468 4684 ============================================================
02:28:05.0828 4684 ================ Scan system memory ========================
02:28:05.0828 4684 System memory - ok
02:28:05.0828 4684 ================ Scan services =============================
02:28:05.0968 4684 Abiosdsk - ok
02:28:05.0984 4684 abp480n5 - ok
02:28:06.0015 4684 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:28:06.0843 4684 ACPI - ok
02:28:06.0859 4684 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:28:06.0968 4684 ACPIEC - ok
02:28:06.0968 4684 adpu160m - ok
02:28:06.0984 4684 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:28:07.0093 4684 aec - ok
02:28:07.0125 4684 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:28:07.0187 4684 AFD - ok
02:28:07.0187 4684 Aha154x - ok
02:28:07.0203 4684 aic78u2 - ok
02:28:07.0203 4684 aic78xx - ok
02:28:07.0359 4684 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll
02:28:07.0359 4684 Suspicious file (Hidden): c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
02:28:07.0375 4684 Akamai ( HiddenFile.Multi.Generic ) - warning
02:28:07.0375 4684 Akamai - detected HiddenFile.Multi.Generic (1)
02:28:07.0406 4684 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:28:07.0515 4684 Alerter - ok
02:28:07.0531 4684 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
02:28:07.0640 4684 ALG - ok
02:28:07.0656 4684 AliIde - ok
02:28:07.0656 4684 amsint - ok
02:28:07.0703 4684 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
02:28:07.0718 4684 AntiVirSchedulerService - ok
02:28:07.0734 4684 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
02:28:07.0750 4684 AntiVirService - ok
02:28:07.0796 4684 Apache2 - ok
02:28:07.0812 4684 AppMgmt - ok
02:28:07.0812 4684 asc - ok
02:28:07.0812 4684 asc3350p - ok
02:28:07.0828 4684 asc3550 - ok
02:28:07.0906 4684 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:28:07.0921 4684 aspnet_state - ok
02:28:07.0937 4684 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:28:08.0046 4684 AsyncMac - ok
02:28:08.0062 4684 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:28:08.0156 4684 atapi - ok
02:28:08.0171 4684 Atdisk - ok
02:28:08.0234 4684 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
02:28:08.0265 4684 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
02:28:08.0265 4684 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
02:28:08.0312 4684 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
02:28:08.0359 4684 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
02:28:08.0359 4684 ATI Smart - detected UnsignedFile.Multi.Generic (1)
02:28:08.0578 4684 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:28:08.0890 4684 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
02:28:08.0890 4684 ati2mtag - detected UnsignedFile.Multi.Generic (1)
02:28:08.0906 4684 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:28:09.0000 4684 Atmarpc - ok
02:28:09.0015 4684 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:28:09.0125 4684 AudioSrv - ok
02:28:09.0140 4684 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:28:09.0234 4684 audstub - ok
02:28:09.0265 4684 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
02:28:09.0406 4684 avgntflt - ok
02:28:09.0437 4684 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
02:28:09.0453 4684 avipbb - ok
02:28:09.0484 4684 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
02:28:09.0484 4684 avkmgr - ok
02:28:09.0515 4684 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:28:09.0625 4684 Beep - ok
02:28:09.0656 4684 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
02:28:09.0843 4684 BITS - ok
02:28:09.0875 4684 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
02:28:09.0906 4684 Browser - ok
02:28:09.0937 4684 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
02:28:10.0046 4684 BthEnum - ok
02:28:10.0062 4684 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
02:28:10.0156 4684 BTHMODEM - ok
02:28:10.0171 4684 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
02:28:10.0265 4684 BthPan - ok
02:28:10.0312 4684 [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
02:28:10.0343 4684 BTHPORT - ok
02:28:10.0359 4684 [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ C:\WINDOWS\System32\bthserv.dll
02:28:10.0468 4684 BthServ - ok
02:28:10.0484 4684 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
02:28:10.0593 4684 BTHUSB - ok
02:28:10.0609 4684 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:28:10.0718 4684 cbidf2k - ok
02:28:10.0750 4684 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:28:10.0843 4684 CCDECODE - ok
02:28:10.0843 4684 cd20xrnt - ok
02:28:10.0875 4684 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:28:10.0984 4684 Cdaudio - ok
02:28:11.0000 4684 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:28:11.0109 4684 Cdfs - ok
02:28:11.0125 4684 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:28:11.0218 4684 Cdrom - ok
02:28:11.0250 4684 cel90xbe - ok
02:28:11.0265 4684 Changer - ok
02:28:11.0281 4684 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:28:11.0375 4684 CiSvc - ok
02:28:11.0406 4684 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:28:11.0500 4684 ClipSrv - ok
02:28:11.0531 4684 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:28:11.0546 4684 clr_optimization_v2.0.50727_32 - ok
02:28:11.0546 4684 CmdIde - ok
02:28:11.0546 4684 COMSysApp - ok
02:28:11.0562 4684 Cpqarray - ok
02:28:11.0593 4684 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:28:11.0687 4684 CryptSvc - ok
02:28:11.0703 4684 dac2w2k - ok
02:28:11.0703 4684 dac960nt - ok
02:28:11.0734 4684 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:28:11.0812 4684 DcomLaunch - ok
02:28:11.0843 4684 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:28:11.0953 4684 Dhcp - ok
02:28:11.0984 4684 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:28:12.0078 4684 Disk - ok
02:28:12.0078 4684 dmadmin - ok
02:28:12.0125 4684 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:28:12.0250 4684 dmboot - ok
02:28:12.0265 4684 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:28:12.0375 4684 dmio - ok
02:28:12.0406 4684 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:28:12.0484 4684 dmload - ok
02:28:12.0515 4684 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:28:12.0625 4684 dmserver - ok
02:28:12.0640 4684 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:28:12.0750 4684 DMusic - ok
02:28:12.0765 4684 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:28:12.0828 4684 Dnscache - ok
02:28:12.0843 4684 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:28:12.0953 4684 Dot3svc - ok
02:28:12.0953 4684 dpti2o - ok
02:28:12.0968 4684 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:28:13.0062 4684 drmkaud - ok
02:28:13.0078 4684 EagleNT - ok
02:28:13.0078 4684 EagleXNt - ok
02:28:13.0093 4684 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:28:13.0187 4684 EapHost - ok
02:28:13.0218 4684 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:28:13.0296 4684 ERSvc - ok
02:28:13.0328 4684 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
02:28:13.0375 4684 Eventlog - ok
02:28:13.0390 4684 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
02:28:13.0421 4684 EventSystem - ok
02:28:13.0437 4684 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:28:13.0531 4684 Fastfat - ok
02:28:13.0562 4684 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:28:13.0609 4684 FastUserSwitchingCompatibility - ok
02:28:13.0625 4684 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
02:28:13.0703 4684 Fdc - ok
02:28:13.0734 4684 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:28:13.0828 4684 Fips - ok
02:28:13.0843 4684 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:28:13.0937 4684 Flpydisk - ok
02:28:13.0968 4684 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:28:14.0062 4684 FltMgr - ok
02:28:14.0109 4684 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:28:14.0125 4684 FontCache3.0.0.0 - ok
02:28:14.0140 4684 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:28:14.0234 4684 Fs_Rec - ok
02:28:14.0250 4684 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:28:14.0359 4684 Ftdisk - ok
02:28:14.0375 4684 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:28:14.0468 4684 Gpc - ok
02:28:14.0500 4684 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
02:28:14.0515 4684 gupdate - ok
02:28:14.0531 4684 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
02:28:14.0546 4684 gupdatem - ok
02:28:14.0562 4684 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
02:28:14.0578 4684 hamachi - ok
02:28:14.0593 4684 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:28:14.0687 4684 HDAudBus - ok
02:28:14.0734 4684 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:28:14.0828 4684 helpsvc - ok
02:28:14.0859 4684 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
02:28:14.0953 4684 HidServ - ok
02:28:14.0984 4684 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:28:15.0093 4684 hidusb - ok
02:28:15.0125 4684 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:28:15.0218 4684 hkmsvc - ok
02:28:15.0218 4684 hpn - ok
02:28:15.0250 4684 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:28:15.0296 4684 HTTP - ok
02:28:15.0296 4684 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:28:15.0406 4684 HTTPFilter - ok
02:28:15.0406 4684 i2omgmt - ok
02:28:15.0406 4684 i2omp - ok
02:28:15.0437 4684 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
02:28:15.0531 4684 i8042prt - ok
02:28:15.0562 4684 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:28:15.0578 4684 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:28:15.0578 4684 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:28:15.0625 4684 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:28:15.0671 4684 idsvc - ok
02:28:15.0734 4684 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:28:15.0828 4684 Imapi - ok
02:28:15.0859 4684 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
02:28:15.0953 4684 ImapiService - ok
02:28:15.0968 4684 ini910u - ok
02:28:16.0078 4684 [ A5D5B8C427F4B67580FB2B511291A89D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:28:16.0296 4684 IntcAzAudAddService - ok
02:28:16.0296 4684 IntelIde - ok
02:28:16.0312 4684 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:28:16.0421 4684 intelppm - ok
02:28:16.0437 4684 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:28:16.0515 4684 Ip6Fw - ok
02:28:16.0546 4684 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:28:16.0640 4684 IpFilterDriver - ok
02:28:16.0656 4684 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:28:16.0750 4684 IpInIp - ok
02:28:16.0765 4684 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:28:16.0859 4684 IpNat - ok
02:28:16.0875 4684 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:28:16.0968 4684 IPSec - ok
02:28:16.0984 4684 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
02:28:17.0093 4684 irda - ok
02:28:17.0109 4684 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:28:17.0203 4684 IRENUM - ok
02:28:17.0234 4684 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
02:28:17.0328 4684 Irmon - ok
02:28:17.0343 4684 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
02:28:17.0406 4684 irsir - ok
02:28:17.0421 4684 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:28:17.0515 4684 isapnp - ok
02:28:17.0562 4684 [ E731921DB2E17DCD3DB472FAD5549C57 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
02:28:17.0578 4684 JavaQuickStarterService - ok
02:28:17.0609 4684 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:28:17.0750 4684 Kbdclass - ok
02:28:17.0765 4684 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:28:17.0875 4684 kbdhid - ok
02:28:17.0890 4684 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:28:18.0000 4684 kmixer - ok
02:28:18.0031 4684 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:28:18.0078 4684 KSecDD - ok
02:28:18.0109 4684 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:28:18.0156 4684 lanmanserver - ok
02:28:18.0187 4684 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:28:18.0218 4684 lanmanworkstation - ok
02:28:18.0218 4684 lbrtfdc - ok
02:28:18.0250 4684 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
02:28:18.0265 4684 LightScribeService - ok
02:28:18.0281 4684 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:28:18.0375 4684 LmHosts - ok
02:28:18.0406 4684 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
02:28:18.0421 4684 LVPr2Mon - ok
02:28:18.0453 4684 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
02:28:18.0468 4684 LVPrcSrv - ok
02:28:18.0484 4684 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:28:18.0593 4684 Messenger - ok
02:28:18.0609 4684 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:28:18.0703 4684 mnmdd - ok
02:28:18.0734 4684 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:28:18.0828 4684 mnmsrvc - ok
02:28:18.0859 4684 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:28:18.0968 4684 Modem - ok
02:28:18.0984 4684 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:28:19.0078 4684 Mouclass - ok
02:28:19.0109 4684 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:28:19.0203 4684 mouhid - ok
02:28:19.0218 4684 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:28:19.0312 4684 MountMgr - ok
02:28:19.0359 4684 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
02:28:19.0375 4684 MozillaMaintenance - ok
02:28:19.0390 4684 mraid35x - ok
02:28:19.0406 4684 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:28:19.0515 4684 MRxDAV - ok
02:28:19.0562 4684 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:28:19.0593 4684 MRxSmb - ok
02:28:19.0640 4684 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:28:19.0734 4684 MSDTC - ok
02:28:19.0750 4684 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:28:19.0859 4684 Msfs - ok
02:28:19.0875 4684 MSIServer - ok
02:28:19.0890 4684 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:28:20.0000 4684 MSKSSRV - ok
02:28:20.0000 4684 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:28:20.0093 4684 MSPCLOCK - ok
02:28:20.0109 4684 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:28:20.0218 4684 MSPQM - ok
02:28:20.0234 4684 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:28:20.0328 4684 mssmbios - ok
02:28:20.0343 4684 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:28:20.0453 4684 MSTEE - ok
02:28:20.0484 4684 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:28:20.0515 4684 Mup - ok
02:28:20.0515 4684 mysql - ok
02:28:20.0531 4684 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:28:20.0640 4684 NABTSFEC - ok
02:28:20.0671 4684 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
02:28:20.0765 4684 napagent - ok
02:28:20.0796 4684 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:28:20.0890 4684 NDIS - ok
02:28:20.0906 4684 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:28:21.0015 4684 NdisIP - ok
02:28:21.0031 4684 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:28:21.0046 4684 NdisTapi - ok
02:28:21.0062 4684 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:28:21.0171 4684 Ndisuio - ok
02:28:21.0187 4684 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:28:21.0281 4684 NdisWan - ok
02:28:21.0312 4684 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:28:21.0328 4684 NDProxy - ok
02:28:21.0359 4684 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:28:21.0453 4684 NetBIOS - ok
02:28:21.0468 4684 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:28:21.0562 4684 NetBT - ok
02:28:21.0593 4684 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
02:28:21.0687 4684 NetDDE - ok
02:28:21.0703 4684 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:28:21.0781 4684 NetDDEdsdm - ok
02:28:21.0812 4684 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:28:21.0906 4684 Netlogon - ok
02:28:21.0937 4684 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
02:28:22.0031 4684 Netman - ok
02:28:22.0062 4684 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:28:22.0078 4684 NetTcpPortSharing - ok
02:28:22.0109 4684 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
02:28:22.0171 4684 Nla - ok
02:28:22.0203 4684 NMIndexingService - ok
02:28:22.0218 4684 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
02:28:22.0234 4684 NPF - ok
02:28:22.0265 4684 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:28:22.0343 4684 Npfs - ok
02:28:22.0359 4684 npggsvc - ok
02:28:22.0375 4684 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:28:22.0500 4684 Ntfs - ok
02:28:22.0515 4684 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:28:22.0609 4684 NtLmSsp - ok
02:28:22.0640 4684 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:28:22.0750 4684 NtmsSvc - ok
02:28:22.0765 4684 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:28:22.0875 4684 Null - ok
02:28:23.0156 4684 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:28:23.0687 4684 nv - ok
02:28:23.0703 4684 [ 1982E96B2C5C2EFFEF38EFC37293A42E ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
02:28:23.0718 4684 NVSvc - ok
02:28:23.0781 4684 [ E6568D2D90028207587CB43CD8E5FD01 ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:28:23.0843 4684 nvUpdatusService - ok
02:28:23.0890 4684 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:28:24.0000 4684 NwlnkFlt - ok
02:28:24.0015 4684 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:28:24.0125 4684 NwlnkFwd - ok
02:28:24.0140 4684 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:28:24.0234 4684 ohci1394 - ok
02:28:24.0265 4684 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:28:24.0359 4684 Parport - ok
02:28:24.0406 4684 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:28:24.0531 4684 PartMgr - ok
02:28:24.0562 4684 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:28:24.0671 4684 ParVdm - ok
02:28:24.0687 4684 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:28:24.0781 4684 PCI - ok
02:28:24.0796 4684 PCIDump - ok
02:28:24.0812 4684 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:28:24.0906 4684 PCIIde - ok
02:28:24.0937 4684 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:28:25.0031 4684 Pcmcia - ok
02:28:25.0046 4684 PDCOMP - ok
02:28:25.0046 4684 PDFRAME - ok
02:28:25.0046 4684 PDRELI - ok
02:28:25.0062 4684 PDRFRAME - ok
02:28:25.0062 4684 perc2 - ok
02:28:25.0062 4684 perc2hib - ok
02:28:25.0156 4684 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
02:28:25.0281 4684 PID_PEPI - ok
02:28:25.0296 4684 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
02:28:25.0343 4684 PlugPlay - ok
02:28:25.0359 4684 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:28:25.0453 4684 PolicyAgent - ok
02:28:25.0468 4684 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:28:25.0562 4684 PptpMiniport - ok
02:28:25.0578 4684 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
02:28:25.0671 4684 Processor - ok
02:28:25.0687 4684 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:28:25.0781 4684 ProtectedStorage - ok
02:28:25.0796 4684 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:28:25.0875 4684 PSched - ok
02:28:25.0890 4684 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:28:26.0000 4684 Ptilink - ok
02:28:26.0000 4684 ql1080 - ok
02:28:26.0015 4684 Ql10wnt - ok
02:28:26.0015 4684 ql12160 - ok
02:28:26.0015 4684 ql1240 - ok
02:28:26.0015 4684 ql1280 - ok
02:28:26.0046 4684 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:28:26.0140 4684 RasAcd - ok
02:28:26.0171 4684 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:28:26.0265 4684 RasAuto - ok
02:28:26.0281 4684 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
02:28:26.0343 4684 Rasirda - ok
02:28:26.0359 4684 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:28:26.0468 4684 Rasl2tp - ok
02:28:26.0484 4684 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:28:26.0593 4684 RasMan - ok
02:28:26.0609 4684 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:28:26.0703 4684 RasPppoe - ok
02:28:26.0718 4684 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:28:26.0828 4684 Raspti - ok
02:28:26.0843 4684 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:28:26.0953 4684 Rdbss - ok
02:28:26.0953 4684 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:28:27.0078 4684 RDPCDD - ok
02:28:27.0109 4684 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:28:27.0140 4684 RDPWD - ok
02:28:27.0171 4684 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:28:27.0265 4684 RDSessMgr - ok
02:28:27.0281 4684 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:28:27.0375 4684 redbook - ok
02:28:27.0406 4684 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:28:27.0500 4684 RemoteAccess - ok
02:28:27.0531 4684 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
02:28:27.0609 4684 RFCOMM - ok
02:28:27.0625 4684 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Programme\WinPcap\rpcapd.exe
02:28:27.0640 4684 rpcapd - ok
02:28:27.0671 4684 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
02:28:27.0750 4684 RpcLocator - ok
02:28:27.0781 4684 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
02:28:27.0828 4684 RpcSs - ok
02:28:27.0843 4684 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:28:27.0953 4684 RSVP - ok
02:28:27.0984 4684 [ 57F390BF7AF0F68BB804387CBC3A4F0D ] RT61 C:\WINDOWS\system32\DRIVERS\RT61.sys
02:28:28.0000 4684 RT61 ( UnsignedFile.Multi.Generic ) - warning
02:28:28.0000 4684 RT61 - detected UnsignedFile.Multi.Generic (1)
02:28:28.0031 4684 [ 25BE98C05808C57E4D8D26477DC12D39 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
02:28:28.0062 4684 RTLE8023xp - ok
02:28:28.0093 4684 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
02:28:28.0187 4684 SamSs - ok
02:28:28.0218 4684 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:28:28.0343 4684 SCardSvr - ok
02:28:28.0359 4684 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:28:28.0468 4684 Schedule - ok
02:28:28.0484 4684 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:28:28.0578 4684 Secdrv - ok
02:28:28.0593 4684 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
02:28:28.0703 4684 seclogon - ok
02:28:28.0718 4684 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
02:28:28.0812 4684 SENS - ok
02:28:28.0843 4684 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:28:28.0921 4684 serenum - ok
02:28:28.0937 4684 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:28:29.0046 4684 Serial - ok
02:28:29.0078 4684 [ 9E7DEE11FD5A4355941A45F13C0ED59A ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
02:28:29.0078 4684 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
02:28:29.0078 4684 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
02:28:29.0109 4684 [ ECEFB59D2206D281E6D317AF0EA0D8BD ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
02:28:29.0125 4684 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
02:28:29.0125 4684 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
02:28:29.0140 4684 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
02:28:29.0234 4684 Sfloppy - ok
02:28:29.0250 4684 [ 05E3038180CD846B0BCA0E915163606A ] sfsync04 C:\WINDOWS\system32\drivers\sfsync04.sys
02:28:29.0265 4684 sfsync04 ( UnsignedFile.Multi.Generic ) - warning
02:28:29.0265 4684 sfsync04 - detected UnsignedFile.Multi.Generic (1)
02:28:29.0296 4684 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:28:29.0406 4684 SharedAccess - ok
02:28:29.0406 4684 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:28:29.0437 4684 ShellHWDetection - ok
02:28:29.0437 4684 Simbad - ok
02:28:29.0468 4684 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
02:28:29.0484 4684 SkypeUpdate - ok
02:28:29.0515 4684 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:28:29.0593 4684 SLIP - ok
02:28:29.0609 4684 Sparrow - ok
02:28:29.0625 4684 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:28:29.0718 4684 splitter - ok
02:28:29.0734 4684 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:28:29.0781 4684 Spooler - ok
02:28:29.0796 4684 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:28:29.0890 4684 sr - ok
02:28:29.0906 4684 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
02:28:30.0015 4684 srservice - ok
02:28:30.0046 4684 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:28:30.0093 4684 Srv - ok
02:28:30.0125 4684 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:28:30.0234 4684 SSDPSRV - ok
02:28:30.0265 4684 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
02:28:30.0265 4684 ssmdrv - ok
02:28:30.0296 4684 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:28:30.0390 4684 stisvc - ok
02:28:30.0421 4684 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:28:30.0515 4684 streamip - ok
02:28:30.0531 4684 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:28:30.0640 4684 swenum - ok
02:28:30.0656 4684 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:28:30.0750 4684 swmidi - ok
02:28:30.0750 4684 SwPrv - ok
02:28:30.0750 4684 symc810 - ok
02:28:30.0765 4684 symc8xx - ok
02:28:30.0765 4684 sym_hi - ok
02:28:30.0765 4684 sym_u3 - ok
02:28:30.0781 4684 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:28:30.0875 4684 sysaudio - ok
02:28:30.0906 4684 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:28:31.0015 4684 SysmonLog - ok
02:28:31.0031 4684 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:28:31.0140 4684 TapiSrv - ok
02:28:31.0171 4684 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:28:31.0203 4684 Tcpip - ok
02:28:31.0250 4684 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:28:31.0328 4684 TDPIPE - ok
02:28:31.0343 4684 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:28:31.0437 4684 TDTCP - ok
02:28:31.0500 4684 TeamViewer6 - ok
02:28:31.0515 4684 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:28:31.0609 4684 TermDD - ok
02:28:31.0656 4684 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
02:28:31.0750 4684 TermService - ok
02:28:31.0765 4684 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
02:28:31.0781 4684 Themes - ok
02:28:31.0781 4684 TosIde - ok
02:28:31.0796 4684 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:28:31.0890 4684 TrkWks - ok
02:28:31.0921 4684 [ 195664ACFB0DD5A296672E0A7B20F380 ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
02:28:31.0937 4684 TuneUp.Defrag - ok
02:28:31.0984 4684 [ F21C3B0BD8CF9509CBB333001BC6C24D ] TuneUp.ProgramStatisticsSvc C:\WINDOWS\System32\TUProgSt.exe
02:28:32.0031 4684 TuneUp.ProgramStatisticsSvc - ok
02:28:32.0046 4684 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:28:32.0140 4684 Udfs - ok
02:28:32.0156 4684 ultra - ok
02:28:32.0187 4684 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
02:28:32.0234 4684 UMWdf - ok
02:28:32.0265 4684 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:28:32.0375 4684 Update - ok
02:28:32.0406 4684 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:28:32.0500 4684 upnphost - ok
02:28:32.0515 4684 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
02:28:32.0609 4684 UPS - ok
02:28:32.0625 4684 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
02:28:32.0718 4684 usbaudio - ok
02:28:32.0718 4684 usbbus - ok
02:28:32.0750 4684 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:28:32.0843 4684 usbccgp - ok
02:28:32.0859 4684 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:28:32.0953 4684 usbehci - ok
02:28:32.0968 4684 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:28:33.0046 4684 usbhub - ok
02:28:33.0046 4684 USBModem - ok
02:28:33.0078 4684 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:28:33.0171 4684 usbohci - ok
02:28:33.0187 4684 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:28:33.0281 4684 usbprint - ok
02:28:33.0312 4684 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:28:33.0406 4684 usbscan - ok
02:28:33.0421 4684 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:28:33.0515 4684 usbstor - ok
02:28:33.0515 4684 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:28:33.0609 4684 usbuhci - ok
02:28:33.0625 4684 [ A98E8E3CF1E8375B7E13596DE52F558C ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
02:28:33.0640 4684 UxTuneUp - ok
02:28:33.0640 4684 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:28:33.0734 4684 VgaSave - ok
02:28:33.0750 4684 ViaIde - ok
02:28:33.0765 4684 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:28:33.0859 4684 VolSnap - ok
02:28:33.0890 4684 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
02:28:33.0984 4684 VSS - ok
02:28:34.0000 4684 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
02:28:34.0093 4684 W32Time - ok
02:28:34.0109 4684 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:28:34.0203 4684 Wanarp - ok
02:28:34.0203 4684 WDICA - ok
02:28:34.0218 4684 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:28:34.0312 4684 wdmaud - ok
02:28:34.0328 4684 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:28:34.0421 4684 WebClient - ok
02:28:34.0468 4684 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:28:34.0562 4684 winmgmt - ok
02:28:34.0640 4684 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:28:34.0703 4684 wlidsvc - ok
02:28:34.0734 4684 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
02:28:34.0781 4684 WmdmPmSN - ok
02:28:34.0796 4684 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:28:34.0906 4684 WmiApSrv - ok
02:28:34.0921 4684 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
02:28:34.0953 4684 WpdUsb - ok
02:28:34.0984 4684 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:28:35.0062 4684 wscsvc - ok
02:28:35.0078 4684 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:28:35.0187 4684 WSTCODEC - ok
02:28:35.0203 4684 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:28:35.0296 4684 wuauserv - ok
02:28:35.0312 4684 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:28:35.0343 4684 WudfPf - ok
02:28:35.0359 4684 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:28:35.0390 4684 WudfRd - ok
02:28:35.0406 4684 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:28:35.0437 4684 WudfSvc - ok
02:28:35.0468 4684 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:28:35.0609 4684 WZCSVC - ok
02:28:35.0609 4684 XDva370 - ok
02:28:35.0640 4684 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:28:35.0765 4684 xmlprov - ok
02:28:35.0781 4684 ================ Scan global ===============================
02:28:35.0796 4684 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
02:28:35.0828 4684 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
02:28:35.0843 4684 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
02:28:35.0859 4684 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
02:28:35.0859 4684 [Global] - ok
02:28:35.0859 4684 ================ Scan MBR ==================================
02:28:35.0875 4684 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
02:28:36.0046 4684 \Device\Harddisk0\DR0 - ok
02:28:36.0046 4684 ================ Scan VBR ==================================
02:28:36.0046 4684 [ 5123ACE1FB9D6B985AD9BBC47F76D35C ] \Device\Harddisk0\DR0\Partition1
02:28:36.0046 4684 \Device\Harddisk0\DR0\Partition1 - ok
02:28:36.0046 4684 ============================================================
02:28:36.0046 4684 Scan finished
02:28:36.0046 4684 ============================================================
02:28:36.0156 1544 Detected object count: 9
02:28:36.0156 1544 Actual detected object count: 9
02:29:00.0546 1544 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
02:29:00.0546 1544 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
02:29:00.0546 1544 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
02:29:00.0546 1544 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:29:00.0562 1544 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
02:29:00.0562 1544 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:29:00.0562 1544 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
02:29:00.0562 1544 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:29:00.0562 1544 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:29:00.0562 1544 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:29:00.0562 1544 RT61 ( UnsignedFile.Multi.Generic ) - skipped by user
02:29:00.0562 1544 RT61 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:29:00.0562 1544 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
02:29:00.0562 1544 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:29:00.0562 1544 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
02:29:00.0562 1544 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:29:00.0562 1544 sfsync04 ( UnsignedFile.Multi.Generic ) - skipped by user
02:29:00.0562 1544 sfsync04 ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 06.03.2013, 17:40

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

03.03.2013, 20:49	#6
markusg /// Malware-holic	Polizei Virus ohne abgesicherter modus was heißt manche probleme, ich sitze nich am pc. evtl. ist _OTL auf nem anderen laufwerk /usb stick __________________ --> Polizei Virus ohne abgesicherter modus

03.03.2013, 21:21	#8
markusg /// Malware-holic	Polizei Virus ohne abgesicherter modus dann ist derordner auf dem anderen pc __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

05.03.2013, 18:46	#12
markusg /// Malware-holic	Polizei Virus ohne abgesicherter modus anleitung lesen bitte und noch mal scannen, konfiguration war falsch __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Polizei Virus ohne abgesicherter modus

Plagegeister aller Art und deren Bekämpfung: Polizei Virus ohne abgesicherter modus