| |
| |||||||
Log-Analyse und Auswertung: System Care Antivirus - OTL log beigefügtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2013, 17:07
| #1 |
 |  System Care Antivirus - OTL log beigefügt Hi zusammen, eben beim Hochfahren ging das Biest los. Rechner habe ich sofort wieder runtergefahren und hier gesucht. Deshalb habe ich auch gleich im Abgesichteren Modus ein OTL Scan durchgeführt. Hier die Ergebnisse. Hoffe ihr könnt dort was erkennen: Code:
ATTFilter OTL logfile created on: 20.05.2013 17:27:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,48 Mb Total Physical Memory | 811,37 Mb Available Physical Memory | 79,27% Memory free 1,65 Gb Paging File | 1,55 Gb Available in Paging File | 93,87% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 208,45 Gb Total Space | 83,69 Gb Free Space | 40,15% Space Free | Partition Type: NTFS Drive D: | 24,42 Gb Total Space | 24,33 Gb Free Space | 99,61% Space Free | Partition Type: NTFS Computer Name: COMPUTER2 | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.20 17:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe PRC - [2008.08.08 21:41:25 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2007.08.18 09:54:28 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm MOD - [2002.08.29 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.04.05 18:19:11 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.06 00:18:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service) SRV - [2012.02.06 00:09:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.06.28 21:40:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.11.18 07:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Stopped] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.08.29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.08.08 21:41:25 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice) SRV - [2008.02.18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007.11.06 22:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2007.06.19 22:55:26 | 000,561,936 | ---- | M] (media21.de) [Auto | Stopped] -- C:\Programme\Calling-Us\bin\callice.exe -- (m21callrunsrv) SRV - [2007.02.21 17:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Auto | Stopped] -- C:\WINDOWS\system32\nisvcloc.exe -- (niSvcLoc) SRV - [2007.02.14 22:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2007.02.14 22:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync) SRV - [2007.02.14 22:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds) SRV - [2007.01.29 15:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2007.01.22 11:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer) SRV - [2003.07.28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.03.19 10:55:56 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\msqpdxhxdkbwul.sys -- (msqpdxserv.sys) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.10.27 03:25:52 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2011.10.27 03:25:52 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) DRV - [2011.10.27 03:25:52 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2011.10.27 03:25:44 | 000,016,384 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flashusb.sys -- (flashusb) DRV - [2011.10.27 03:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.10.27 03:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.10.27 03:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.06.28 21:40:51 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 21:40:51 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.08.05 11:58:15 | 000,845,184 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ksaud.sys -- (ksaud) DRV - [2008.10.24 12:27:05 | 001,830,912 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ksaudfl.sys -- (ksaudfl) DRV - [2008.08.29 14:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2007.11.14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2007.11.06 22:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2007.02.21 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2002.12.13 05:53:10 | 000,546,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2002.10.25 14:11:00 | 000,236,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) DRV - [2002.10.25 14:11:00 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) DRV - [2002.10.23 14:48:38 | 000,026,880 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune) DRV - [2002.10.23 14:46:14 | 000,423,008 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) DRV - [2002.09.26 17:46:26 | 000,178,688 | ---- | M] (VOB Computersysteme GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw) DRV - [2002.09.24 04:37:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET) DRV - [2002.09.18 12:04:14 | 000,061,440 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Cdrdrv.sys -- (cdrdrv) DRV - [2002.07.15 12:43:06 | 000,073,660 | ---- | M] (elmeg Kommunikationstechnik) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElgTaDrv.sys -- (ElgTaDrv) DRV - [2002.05.14 07:36:18 | 000,035,580 | ---- | M] (Conexant Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher) DRV - [2002.05.14 07:33:32 | 000,167,491 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2002.05.14 07:32:58 | 001,172,000 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2002.05.14 07:26:50 | 000,600,560 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2002.04.17 21:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi) DRV - [2001.12.19 11:42:00 | 000,067,694 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2) DRV - [2001.12.19 11:42:00 | 000,050,990 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2) DRV - [2001.12.19 11:42:00 | 000,022,206 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2) DRV - [2001.12.19 11:42:00 | 000,005,838 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2) DRV - [2001.12.17 11:42:00 | 000,010,496 | ---- | M] (Logitech Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) DRV - [2001.10.04 12:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom) DRV - [2001.08.17 13:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2001.08.17 13:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-606747145-583907252-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.05 18:19:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.05 18:16:53 | 000,000,000 | ---D | M] [2013.05.20 17:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2013.04.05 18:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.05 18:19:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.12.15 21:10:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2006.01.23 10:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\NPLV80Win32.dll [2007.02.08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\NPLV82Win32.dll [2013.03.30 20:37:03 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.30 20:37:03 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.03.30 20:37:03 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.03.30 20:37:03 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.30 20:37:03 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.30 20:37:03 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2002.08.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Creative KSRun Persistence Module] C:\WINDOWS\System32\KSRun.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [EM_EXEC] C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. ) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Module Loader] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. ) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Calling-Us Client.lnk = C:\Programme\Calling-Us\bin\callclient.exe (media21.de) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Kassel.LNK = C:\Programme\Cisco Systems\VPN Client\ipsecdialer.exe (Cisco Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-606747145-583907252-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB7BC0B5-F68A-42D0-9A2F-71AAEC405E93}: NameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.03.05 18:41:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2019.01.04 13:14:49 | 000,000,000 | RHSD | C] -- C:\resycled [2013.05.20 17:22:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien [2013.05.20 17:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads [2013.05.20 17:18:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla [2013.05.20 17:18:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla [2013.05.20 17:18:27 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache [2013.05.18 17:41:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3CB78AE58525A18200003CB74E33A6F2 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.20 17:17:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.20 17:01:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.18 09:18:55 | 000,195,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.17 21:49:16 | 000,463,954 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.17 21:49:16 | 000,445,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.17 21:49:16 | 000,072,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.17 21:49:15 | 000,086,674 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.17 21:46:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.17 20:16:15 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2013.05.07 06:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.05.04 19:33:05 | 000,001,565 | ---- | M] () -- C:\WINDOWS\XI420Ke.INI [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.06 00:11:54 | 000,029,518 | R--- | C] () -- C:\WINDOWS\System32\ksaud.ini [2012.02.06 00:11:35 | 000,190,976 | R--- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll [2012.02.06 00:11:35 | 000,033,120 | R--- | C] () -- C:\WINDOWS\System32\kschimp.ini [2012.02.06 00:11:35 | 000,000,029 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2011.12.23 11:30:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2008.03.11 22:37:23 | 000,000,000 | ---- | C] () -- C:\Programme\error.dat ========== ZeroAccess Check ========== [2008.04.11 16:00:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.05.2013 17:27:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 811,37 Mb Available Physical Memory | 79,27% Memory free
1,65 Gb Paging File | 1,55 Gb Available in Paging File | 93,87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 208,45 Gb Total Space | 83,69 Gb Free Space | 40,15% Space Free | Partition Type: NTFS
Drive D: | 24,42 Gb Total Space | 24,33 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
Computer Name: COMPUTER2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480 -- ()
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE" = C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word -- (Microsoft Corporation)
"C:\Programme\WS_FTP Pro\wsftppro.exe" = C:\Programme\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Programme\Calling-Us\bin\callclient.exe" = C:\Programme\Calling-Us\bin\callclient.exe:*:Enabled:callclient -- (media21.de)
"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***\Desktop\blobby\volley.exe" = C:\Dokumente und Einstellungen\***\Desktop\blobby\volley.exe:*:Enabled:volley
"J:\blobby\volley.exe" = J:\blobby\volley.exe:*:Enabled:volley
"C:\Programme\Windows Media Player\wmplayer.exe" = C:\Programme\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"E:\WINDOWS\DSASSISTANT\DSASSISTANT.EXE" = E:\WINDOWS\DSASSISTANT\DSASSISTANT.EXE:*:Enabled:DSAssistant
"C:\Programme\Synology\Assistant\DSAssistant.exe" = C:\Programme\Synology\Assistant\DSAssistant.exe:*:Enabled:DSAssistant -- ()
"C:\Programme\Cisco Systems\VPN Client\vpngui.exe" = C:\Programme\Cisco Systems\VPN Client\vpngui.exe:*:Enabled:vpngui.exe -- (Cisco Systems, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0087583F-1ED8-4A92-88A4-D49DCD56FC6B}" = NI Circuit Design Suite 10 Core
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{047DB692-BBD4-4768-91CC-ABD418B494B8}" = NI USI 1.4.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
"{25F138F7-89D9-4836-A9F5-642DEA06564C}" = NI LabWindows/CVI 8.1 Run-Time Engine
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{414C1019-21ED-479A-A2F0-1F2383674BD1}" = Brother DCP-7025
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5535426F-E814-4B34-9B36-726E9DBEB7A7}" = NI Logos 4.7
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.42 .1
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{63E921D9-799A-44F9-A742-DE3DC968AFEF}" = Microsoft .NET Framework SDK (German) 1.1
"{682ABE6A-2CCE-4C6C-AA82-0FE5AB8033F3}" = Sunny Design
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D2737AE-8898-4BE1-AE46-555B7DB540A8}" = NI MDF Support
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{78231F18-FD98-4B03-A932-DE9329594D08}" = NI TDMS
"{7998C54B-5D31-48A6-93D1-72C73FFFC043}" = NI Circuit Design Suite Support and Upgrade Utility
"{7A2FD295-38D2-4AAF-BF41-2C95EBB96126}" = Moorhuhn Kart 2 XXL
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}" = Borland Turbo Delphi
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8c166c68-277c-41dd-890e-317b12fff7cf}.sdb" = Calling-Us Compatibility System
"{8EAC192B-1E5B-4276-A2D8-59A303ECD2DE}" = Visual J# .NET Redistributable 1.1- German Language Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{927AE974-7B5B-463B-A672-D3B048664D6B}" = T-Concept XI420
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{946BA398-5A53-454E-8D39-1C02959C1727}" = AAVUpdateManager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFAA820A-C7D8-42AE-A3BA-CE118F3F0802}" = NI Service Locator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech-Handbuch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6FAEBB1-90E0-4CF8-9A41-9087E6789D11}" = NI EULA Depot
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DD541310-3901-404D-8ADF-E15A92AF5DA5}" = NI Circuit Design Suite 10 Pro
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8991297-B702-44AA-ABAA-02C12045D8E9}" = NI Uninstaller
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
"{F0BA5720-E189-11D4-9EA1-0050BAE317E1}" = PowerVCR II
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BAHN384r3a_is1" = BAHN 3.84r3a
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"Bridge Builder" = Bridge Builder
"Bridge Construction Set Demo" = Bridge Construction Set Demo
"Calling-Us" = Calling-Us MAX 2007 (Rev. 2)
"CCleaner" = CCleaner (remove only)
"Cool Edit 2000" = Cool Edit 2000
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Electronics_Workbench_V5" = Electronics Workbench V5.12
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download version 2.10.28
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HijackThis" = HijackThis 2.0.2
"ICQLite" = ICQ 5.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstantCD/DVD" = InstantCD/DVD
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniLyrics" = Minilyrics(remove only)
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"NI Uninstaller" = National Instruments-Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Phoner_is1" = Phoner 2.26
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PV Design Tool 1.0.3.9" = PV Design Tool 1.0.3.9 1.0.3.9
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"R-Studio 5.4NSIS" = R-Studio 5.4
"Schnaeppchen-Tool.de" = Schnaeppchen-Tool.de
"Sunny Design DE" = Sunny Design DE
"Sunny Design Update 1.48.0" = Sunny Design Update 1.48.0
"Sunny Design Update 1.49.0" = Sunny Design Update 1.49.0
"Synology Assistant" = Synology Assistant (remove only)
"SysInfo" = Creative Systeminformationen
"Train Simulator 1.0" = Microsoft Train Simulator
"Tunatic" = Tunatic
"Ultravnc2_is1" = UltraVNC 1.0.5.6
"Uninstall_is1" = Uninstall 1.0.0.1
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"UnrealTournament" = Unreal Tournament
"VLC media player" = VLC media player 2.0.1
"WeBo2008" = WeBo2008
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.2
"WinZip" = WinZip
"Wireshark" = Wireshark 1.0.4
"WMFDist11" = Windows Media Format 11 runtime
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zusi - Der Zugsimulator DEMO_is1" = Zusi 2.3 DEMO
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2012 05:14:25 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung securedownloadmanager.exe, Version 3.0.0.4,
fehlgeschlagenes Modul securedownloadmanager.exe, Version 3.0.0.4, Fehleradresse
0x00004971.
Error - 15.07.2012 09:30:54 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul divxdech264.ax, Version 9.0.1.21, Fehleradresse 0x0014e00e.
Error - 07.12.2012 15:34:57 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung smapp.exe, Version 2.2.0.24, fehlgeschlagenes
Modul smanager.dll, Version 2.2.0.24, Fehleradresse 0x0000239e.
Error - 03.02.2013 07:59:53 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung QuickTimePlayer.exe, Version 7.4.5.67, fehlgeschlagenes
Modul QuickTimePlayer.exe, Version 7.4.5.67, Fehleradresse 0x0000130d.
Error - 03.02.2013 08:01:59 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung QuickTimePlayer.exe, Version 7.4.5.67, fehlgeschlagenes
Modul QuickTimePlayer.exe, Version 7.4.5.67, Fehleradresse 0x0000130d.
Error - 03.02.2013 08:02:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung QuickTimePlayer.exe, Version 7.4.5.67, fehlgeschlagenes
Modul QuickTimePlayer.exe, Version 7.4.5.67, Fehleradresse 0x0000130d.
Error - 03.02.2013 14:03:43 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung QuickTimePlayer.exe, Version 7.4.5.67, fehlgeschlagenes
Modul QuickTimePlayer.exe, Version 7.4.5.67, Fehleradresse 0x0000130d.
Error - 02.03.2013 17:48:06 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 8.1.0.137, fehlgeschlagenes
Modul drvdx9.x3d, Version 8.1.0.0, Fehleradresse 0x000021c8.
Error - 21.04.2013 04:01:54 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rundll32.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x7fb72c64.
Error - 03.05.2013 12:36:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung smapp.exe, Version 2.2.0.24, fehlgeschlagenes
Modul smanager.dll, Version 2.2.0.24, Fehleradresse 0x0000239e.
[ System Events ]
Error - 20.05.2013 11:18:04 | Computer Name = COMPUTER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 20.05.2013 11:18:16 | Computer Name = COMPUTER2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.05.2013 11:19:14 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AmdK7 avgio avipbb Fips ssmdrv
Error - 20.05.2013 11:27:00 | Computer Name = COMPUTER2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.05.2013 11:27:44 | Computer Name = COMPUTER2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.05.2013 11:40:41 | Computer Name = COMPUTER2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.05.2013 11:45:30 | Computer Name = COMPUTER2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.05.2013 11:45:31 | Computer Name = COMPUTER2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.05.2013 11:45:31 | Computer Name = COMPUTER2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.05.2013 11:45:33 | Computer Name = COMPUTER2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
< End of report >
|
|
20.05.2013, 17:09
| #2 |
| /// Malware-holic   | System Care Antivirus - OTL log beigefügt Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
[2013.05.18 17:41:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3CB78AE58525A18200003CB74E33A6F2
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden falls alles läuft: Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
20.05.2013, 18:07
| #3 |
| | System Care Antivirus - OTL log beigefügt So hier das Ergebnis:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3CB78AE58525A18200003CB74E33A6F2\ not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 216882 bytes
->FireFox cache emptied: 6078851 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ***
->Temp folder emptied: 1218028523 bytes
->Temporary Internet Files folder emptied: 815181244 bytes
->Java cache emptied: 115785737 bytes
->FireFox cache emptied: 1131197334 bytes
->Flash cache emptied: 2095321 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 104458931 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139177 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77170942 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3.311,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05202013_182520
|
|
20.05.2013, 19:16
| #4 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt wenns geht, ja, und dann den Upload
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2013, 21:32
| #5 |
| | System Care Antivirus - OTL log beigefügt So habs hochgeladen. Aber wo steht das jetzt? Den Inhalt hab ich doch auch oben schon gepostet. |
|
23.05.2013, 00:02
| #6 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt ok, dann weiter: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> System Care Antivirus - OTL log beigefügt |
|
23.05.2013, 19:35
| #7 |
| | System Care Antivirus - OTL log beigefügt Oh wei 15 Stück wurden gefunden eins davon mit High risk. Habe erstmal alle auf skip gestellt. Hier der log Code:
ATTFilter 20:29:01.0921 3592 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:29:02.0250 3592 ============================================================
20:29:02.0250 3592 Current date / time: 2013/05/23 20:29:02.0250
20:29:02.0250 3592 SystemInfo:
20:29:02.0250 3592
20:29:02.0250 3592 OS Version: 5.1.2600 ServicePack: 3.0
20:29:02.0250 3592 Product type: Workstation
20:29:02.0250 3592 ComputerName: COMPUTER2
20:29:02.0250 3592 UserName: ****
20:29:02.0250 3592 Windows directory: C:\WINDOWS
20:29:02.0250 3592 System windows directory: C:\WINDOWS
20:29:02.0250 3592 Processor architecture: Intel x86
20:29:02.0250 3592 Number of processors: 1
20:29:02.0250 3592 Page size: 0x1000
20:29:02.0250 3592 Boot type: Normal boot
20:29:02.0250 3592 ============================================================
20:29:05.0062 3592 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:29:05.0484 3592 ============================================================
20:29:05.0484 3592 \Device\Harddisk0\DR0:
20:29:05.0484 3592 MBR partitions:
20:29:05.0484 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1A0E8B0D
20:29:05.0500 3592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A0E8B8B, BlocksNum 0x30D7B35
20:29:05.0500 3592 ============================================================
20:29:05.0531 3592 C: <-> \Device\Harddisk0\DR0\Partition1
20:29:05.0562 3592 D: <-> \Device\Harddisk0\DR0\Partition2
20:29:05.0609 3592 ============================================================
20:29:05.0625 3592 Initialize success
20:29:05.0625 3592 ============================================================
20:29:38.0546 3908 ============================================================
20:29:38.0546 3908 Scan started
20:29:38.0546 3908 Mode: Manual; SigCheck; TDLFS;
20:29:38.0546 3908 ============================================================
20:29:39.0921 3908 ================ Scan system memory ========================
20:29:39.0937 3908 System memory - ok
20:29:39.0937 3908 ================ Scan services =============================
20:29:40.0109 3908 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
20:29:40.0312 3908 AAV UpdateService - ok
20:29:40.0406 3908 [ 17067069B9A7865028C1F2E6971D0CCC ] aawservice C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
20:29:40.0484 3908 aawservice - ok
20:29:40.0625 3908 Abiosdsk - ok
20:29:40.0656 3908 abp480n5 - ok
20:29:40.0718 3908 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:29:41.0796 3908 ACPI - ok
20:29:41.0828 3908 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:29:42.0125 3908 ACPIEC - ok
20:29:42.0156 3908 adpu160m - ok
20:29:42.0203 3908 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:29:42.0500 3908 aec - ok
20:29:42.0562 3908 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:29:42.0625 3908 AFD - ok
20:29:42.0687 3908 Aha154x - ok
20:29:42.0718 3908 aic78u2 - ok
20:29:42.0750 3908 aic78xx - ok
20:29:42.0812 3908 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:29:43.0109 3908 Alerter - ok
20:29:43.0156 3908 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
20:29:43.0421 3908 ALG - ok
20:29:43.0437 3908 AliIde - ok
20:29:43.0484 3908 [ 3A0DAFAC778236559C14C7203FB550EB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:29:43.0765 3908 AmdK7 - ok
20:29:43.0796 3908 amsint - ok
20:29:43.0890 3908 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:29:43.0921 3908 AntiVirSchedulerService - ok
20:29:43.0968 3908 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:29:44.0000 3908 AntiVirService - ok
20:29:44.0093 3908 [ 1961CB10BB48EB4D97E37DB6373E9E63 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:29:44.0093 3908 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
20:29:44.0093 3908 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
20:29:44.0109 3908 AppMgmt - ok
20:29:44.0156 3908 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:29:44.0421 3908 Arp1394 - ok
20:29:44.0484 3908 [ 875F9079CABEE679D34B49E466B61701 ] Asapi C:\WINDOWS\system32\drivers\Asapi.sys
20:29:44.0546 3908 Asapi ( UnsignedFile.Multi.Generic ) - warning
20:29:44.0546 3908 Asapi - detected UnsignedFile.Multi.Generic (1)
20:29:44.0546 3908 asc - ok
20:29:44.0593 3908 asc3350p - ok
20:29:44.0609 3908 asc3550 - ok
20:29:44.0750 3908 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:29:44.0812 3908 aspnet_state - ok
20:29:44.0828 3908 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:29:45.0109 3908 AsyncMac - ok
20:29:45.0140 3908 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:29:45.0406 3908 atapi - ok
20:29:45.0437 3908 Atdisk - ok
20:29:45.0484 3908 [ 67BCF3BA282C90F88794A32E6357056B ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
20:29:45.0656 3908 Ati HotKey Poller - ok
20:29:45.0718 3908 [ 46032087886FB622BB24C674FEDF59FF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:29:45.0828 3908 ati2mtag - ok
20:29:45.0875 3908 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:29:46.0125 3908 Atmarpc - ok
20:29:46.0187 3908 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:29:46.0593 3908 AudioSrv - ok
20:29:46.0609 3908 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:29:46.0937 3908 audstub - ok
20:29:46.0968 3908 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
20:29:47.0000 3908 avgio - ok
20:29:47.0031 3908 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:29:47.0171 3908 avgntflt - ok
20:29:47.0187 3908 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:29:47.0234 3908 avipbb - ok
20:29:47.0265 3908 [ C997AF59C54D69232FB7BBEA4DAD86E2 ] AVMWAN C:\WINDOWS\system32\DRIVERS\avmwan.sys
20:29:47.0656 3908 AVMWAN - ok
20:29:47.0703 3908 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:29:48.0031 3908 Beep - ok
20:29:48.0109 3908 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
20:29:48.0484 3908 BITS - ok
20:29:48.0531 3908 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
20:29:48.0625 3908 Browser - ok
20:29:48.0671 3908 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
20:29:48.0750 3908 BrScnUsb - ok
20:29:48.0843 3908 [ A4ADBD6EDA5EA715DE3EDC08EF6AA640 ] Cap7134 C:\WINDOWS\system32\DRIVERS\Cap7134.sys
20:29:48.0984 3908 Cap7134 - ok
20:29:49.0031 3908 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:29:49.0406 3908 cbidf2k - ok
20:29:49.0421 3908 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:29:49.0687 3908 CCDECODE - ok
20:29:49.0687 3908 cd20xrnt - ok
20:29:49.0750 3908 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:29:50.0062 3908 Cdaudio - ok
20:29:50.0125 3908 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:29:50.0375 3908 Cdfs - ok
20:29:50.0437 3908 [ 882A774895697D6CEB130A3CF42AC9F4 ] cdrdrv C:\WINDOWS\system32\drivers\cdrdrv.sys
20:29:50.0484 3908 cdrdrv ( UnsignedFile.Multi.Generic ) - warning
20:29:50.0484 3908 cdrdrv - detected UnsignedFile.Multi.Generic (1)
20:29:50.0500 3908 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:29:50.0921 3908 Cdrom - ok
20:29:50.0937 3908 Changer - ok
20:29:50.0968 3908 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:29:51.0187 3908 CiSvc - ok
20:29:51.0203 3908 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:29:51.0500 3908 ClipSrv - ok
20:29:51.0546 3908 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:29:51.0718 3908 clr_optimization_v2.0.50727_32 - ok
20:29:51.0734 3908 CmdIde - ok
20:29:51.0734 3908 COMSysApp - ok
20:29:51.0796 3908 Cpqarray - ok
20:29:51.0875 3908 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
20:29:51.0953 3908 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:29:51.0953 3908 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:29:52.0031 3908 [ D03466C36EF0E5C7694FF38B45271D9D ] Creative Media Toolbox 6 Licensing Service C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe
20:29:52.0093 3908 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:29:52.0093 3908 Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:29:52.0125 3908 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
20:29:52.0171 3908 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
20:29:52.0171 3908 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
20:29:52.0203 3908 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:29:52.0468 3908 CryptSvc - ok
20:29:52.0562 3908 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Programme\Creative\Shared Files\CTAudSvc.exe
20:29:52.0656 3908 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
20:29:52.0656 3908 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
20:29:52.0718 3908 [ DBD89BC0DBE00DCD245BE8F61DBEE291 ] cvintdrv C:\WINDOWS\system32\drivers\cvintdrv.sys
20:29:52.0781 3908 cvintdrv ( UnsignedFile.Multi.Generic ) - warning
20:29:52.0796 3908 cvintdrv - detected UnsignedFile.Multi.Generic (1)
20:29:52.0843 3908 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:29:52.0968 3908 CVirtA - ok
20:29:53.0109 3908 [ 8B8B082010775093081DEBE9621BEDF0 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
20:29:53.0343 3908 CVPND - ok
20:29:53.0406 3908 [ 720482888C3778F26EEB83D286A6CDC3 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
20:29:53.0562 3908 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
20:29:53.0562 3908 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
20:29:53.0593 3908 dac2w2k - ok
20:29:53.0609 3908 dac960nt - ok
20:29:53.0687 3908 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:29:53.0843 3908 DcomLaunch - ok
20:29:53.0906 3908 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:29:54.0125 3908 Dhcp - ok
20:29:54.0156 3908 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:29:54.0484 3908 Disk - ok
20:29:54.0500 3908 dmadmin - ok
20:29:54.0593 3908 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:29:54.0875 3908 dmboot - ok
20:29:54.0906 3908 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:29:55.0171 3908 dmio - ok
20:29:55.0218 3908 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:29:55.0500 3908 dmload - ok
20:29:55.0593 3908 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:29:55.0796 3908 dmserver - ok
20:29:55.0843 3908 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:29:56.0062 3908 DMusic - ok
20:29:56.0109 3908 [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:29:56.0171 3908 DNE - ok
20:29:56.0218 3908 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:29:56.0312 3908 Dnscache - ok
20:29:56.0343 3908 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:29:56.0593 3908 Dot3svc - ok
20:29:56.0609 3908 dpti2o - ok
20:29:56.0656 3908 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:29:56.0875 3908 drmkaud - ok
20:29:56.0937 3908 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:29:57.0234 3908 EapHost - ok
20:29:57.0281 3908 [ B687F79CB390E103AF36DCBB5C417044 ] ElgTaDrv C:\WINDOWS\system32\Drivers\ElgTaDrv.sys
20:29:57.0296 3908 ElgTaDrv ( UnsignedFile.Multi.Generic ) - warning
20:29:57.0296 3908 ElgTaDrv - detected UnsignedFile.Multi.Generic (1)
20:29:57.0343 3908 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:29:57.0593 3908 ERSvc - ok
20:29:57.0625 3908 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
20:29:57.0687 3908 Eventlog - ok
20:29:57.0765 3908 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
20:29:57.0812 3908 EventSystem - ok
20:29:57.0890 3908 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:29:58.0125 3908 Fastfat - ok
20:29:58.0156 3908 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:29:58.0250 3908 FastUserSwitchingCompatibility - ok
20:29:58.0296 3908 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
20:29:58.0531 3908 Fax - ok
20:29:58.0578 3908 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:29:58.0796 3908 Fdc - ok
20:29:58.0828 3908 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:29:59.0046 3908 Fips - ok
20:29:59.0093 3908 [ 9F3E4061C09AE1B809FBA8B8FEE647DD ] flashusb C:\WINDOWS\system32\DRIVERS\flashusb.sys
20:29:59.0171 3908 flashusb - ok
20:29:59.0218 3908 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:29:59.0421 3908 Flpydisk - ok
20:29:59.0468 3908 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:29:59.0687 3908 FltMgr - ok
20:29:59.0796 3908 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:29:59.0843 3908 FontCache3.0.0.0 - ok
20:29:59.0906 3908 [ 45B5129AEAE91EA096A9BBEBFF99E098 ] fpcibase C:\WINDOWS\system32\DRIVERS\fpcibase.sys
20:30:00.0234 3908 fpcibase - ok
20:30:00.0265 3908 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:30:00.0609 3908 Fs_Rec - ok
20:30:00.0640 3908 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:30:01.0000 3908 Ftdisk - ok
20:30:01.0046 3908 [ 5DC17164F66380CBFEFD895C18467773 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:30:01.0062 3908 GEARAspiWDM - ok
20:30:01.0125 3908 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:30:01.0437 3908 Gpc - ok
20:30:01.0531 3908 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:30:01.0796 3908 helpsvc - ok
20:30:01.0812 3908 HidServ - ok
20:30:01.0843 3908 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:30:02.0062 3908 HidUsb - ok
20:30:02.0125 3908 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:30:02.0359 3908 hkmsvc - ok
20:30:02.0359 3908 hpn - ok
20:30:02.0406 3908 [ 4FE90F168EADB512653F3D8F2D4F9ECD ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:30:02.0468 3908 HSFHWBS2 - ok
20:30:02.0546 3908 [ F54BFC0568BE4753245D8C3E249253F9 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:30:02.0687 3908 HSF_DP - ok
20:30:02.0828 3908 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:30:02.0906 3908 HTTP - ok
20:30:02.0984 3908 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:30:03.0234 3908 HTTPFilter - ok
20:30:03.0250 3908 i2omgmt - ok
20:30:03.0296 3908 i2omp - ok
20:30:03.0359 3908 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:30:03.0625 3908 i8042prt - ok
20:30:03.0734 3908 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:30:03.0875 3908 idsvc - ok
20:30:03.0937 3908 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:30:04.0171 3908 Imapi - ok
20:30:04.0234 3908 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
20:30:04.0671 3908 ImapiService - ok
20:30:04.0687 3908 ini910u - ok
20:30:04.0734 3908 IntelIde - ok
20:30:04.0781 3908 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:30:05.0125 3908 ip6fw - ok
20:30:05.0156 3908 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:30:05.0531 3908 IpFilterDriver - ok
20:30:05.0546 3908 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:30:05.0781 3908 IpInIp - ok
20:30:05.0812 3908 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:30:06.0062 3908 IpNat - ok
20:30:06.0125 3908 [ 1CB96E83FD76EB5580451CEF29E24303 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
20:30:06.0312 3908 iPod Service - ok
20:30:06.0359 3908 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:30:06.0609 3908 IPSec - ok
20:30:06.0640 3908 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:30:06.0859 3908 IRENUM - ok
20:30:06.0875 3908 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:30:07.0109 3908 isapnp - ok
20:30:07.0156 3908 [ E28B9746A8888C6536691D6F72FC6A61 ] itchfltr C:\WINDOWS\system32\DRIVERS\itchfltr.sys
20:30:07.0250 3908 itchfltr - ok
20:30:07.0406 3908 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
20:30:07.0421 3908 JavaQuickStarterService - ok
20:30:07.0453 3908 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:30:07.0687 3908 Kbdclass - ok
20:30:07.0750 3908 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:30:07.0984 3908 kmixer - ok
20:30:08.0062 3908 [ 08A5204A361191C25AD21188CAA4824C ] ksaud C:\WINDOWS\system32\drivers\ksaud.sys
20:30:08.0250 3908 ksaud - ok
20:30:08.0359 3908 [ DEB94F7B8D2BC94DC68870C41DA5ED26 ] ksaudfl C:\WINDOWS\system32\drivers\ksaudfl.sys
20:30:08.0562 3908 ksaudfl - ok
20:30:08.0640 3908 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:30:08.0750 3908 KSecDD - ok
20:30:08.0812 3908 [ CB129B5B0E47B0F34BE950939DA52E7F ] l8042pr2 C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
20:30:08.0875 3908 l8042pr2 - ok
20:30:08.0937 3908 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:30:09.0046 3908 lanmanserver - ok
20:30:09.0093 3908 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:30:09.0156 3908 lanmanworkstation - ok
20:30:09.0156 3908 lbrtfdc - ok
20:30:09.0187 3908 [ E8E25EDB0D3AB0BC459405BCAF824FDF ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
20:30:09.0234 3908 LHidFlt2 - ok
20:30:09.0250 3908 [ 18E48E9D5683860773A078C7C3837DAF ] LKbdFlt2 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
20:30:09.0296 3908 LKbdFlt2 - ok
20:30:09.0375 3908 [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\WINDOWS\system32\lkcitdl.exe
20:30:09.0500 3908 LkCitadelServer - ok
20:30:09.0515 3908 [ 78B0A5AA493995C7409B3168E8BE3E90 ] lkClassAds C:\WINDOWS\system32\lkads.exe
20:30:09.0546 3908 lkClassAds - ok
20:30:09.0562 3908 [ 53A2A034AA22696B05A1EC722187E811 ] lkTimeSync C:\WINDOWS\system32\lktsrv.exe
20:30:09.0593 3908 lkTimeSync - ok
20:30:09.0640 3908 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:30:09.0859 3908 LmHosts - ok
20:30:09.0890 3908 [ D1D5F7CBECEF5C0C9F019B0C534BE289 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
20:30:09.0968 3908 LMouFlt2 - ok
20:30:10.0093 3908 [ C6E5D5466E944CDE5C9432EF7175337F ] m21callrunsrv C:\PROGRA~1\CALLIN~1\bin\callice.exe
20:30:10.0156 3908 m21callrunsrv - ok
20:30:10.0187 3908 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
20:30:10.0234 3908 MBAMSwissArmy - ok
20:30:10.0281 3908 [ F19FB53B183C6371A9B4591B638A8C3A ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
20:30:10.0312 3908 MDM ( UnsignedFile.Multi.Generic ) - warning
20:30:10.0312 3908 MDM - detected UnsignedFile.Multi.Generic (1)
20:30:10.0328 3908 [ A1E9D936EAC07EE9386E87BAC1377FAD ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:30:10.0359 3908 mdmxsdk - ok
20:30:10.0406 3908 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:30:10.0609 3908 Messenger - ok
20:30:10.0656 3908 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:30:10.0984 3908 mnmdd - ok
20:30:11.0031 3908 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:30:11.0250 3908 mnmsrvc - ok
20:30:11.0281 3908 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:30:11.0500 3908 Modem - ok
20:30:11.0578 3908 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:30:11.0921 3908 MODEMCSA - ok
20:30:11.0968 3908 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:30:12.0171 3908 Mouclass - ok
20:30:12.0218 3908 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:30:12.0593 3908 mouhid - ok
20:30:12.0625 3908 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:30:12.0921 3908 MountMgr - ok
20:30:12.0968 3908 [ 1C9B83F6A2D1F414F0ACD28D75605607 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:30:13.0000 3908 MozillaMaintenance - ok
20:30:13.0031 3908 mraid35x - ok
20:30:13.0062 3908 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:30:13.0343 3908 MRxDAV - ok
20:30:13.0406 3908 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:30:13.0500 3908 MRxSmb - ok
20:30:13.0531 3908 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:30:13.0796 3908 MSDTC - ok
20:30:13.0796 3908 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:30:14.0046 3908 Msfs - ok
20:30:14.0062 3908 MSIServer - ok
20:30:14.0078 3908 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:30:14.0375 3908 MSKSSRV - ok
20:30:14.0421 3908 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:30:14.0640 3908 MSPCLOCK - ok
20:30:14.0671 3908 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:30:14.0906 3908 MSPQM - ok
20:30:14.0921 3908 msqpdxserv.sys ( Rootkit.Win32.TDSS.tdl2 ) - infected
20:30:14.0921 3908 msqpdxserv.sys - detected Rootkit.Win32.TDSS.tdl2 (0)
20:30:14.0968 3908 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:30:15.0187 3908 mssmbios - ok
20:30:15.0187 3908 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:30:15.0437 3908 MSTEE - ok
20:30:15.0484 3908 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:30:15.0531 3908 Mup - ok
20:30:15.0609 3908 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:30:16.0125 3908 NABTSFEC - ok
20:30:16.0171 3908 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
20:30:16.0437 3908 napagent - ok
20:30:16.0468 3908 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:30:16.0750 3908 NDIS - ok
20:30:16.0765 3908 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:30:17.0031 3908 NdisIP - ok
20:30:17.0062 3908 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:30:17.0109 3908 NdisTapi - ok
20:30:17.0140 3908 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:30:17.0375 3908 Ndisuio - ok
20:30:17.0406 3908 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:30:17.0718 3908 NdisWan - ok
20:30:17.0781 3908 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:30:18.0000 3908 NDProxy - ok
20:30:18.0015 3908 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:30:18.0234 3908 NetBIOS - ok
20:30:18.0250 3908 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:30:18.0625 3908 NetBT - ok
20:30:18.0656 3908 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
20:30:19.0031 3908 NetDDE - ok
20:30:19.0031 3908 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:30:19.0250 3908 NetDDEdsdm - ok
20:30:19.0281 3908 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
20:30:19.0500 3908 Netlogon - ok
20:30:19.0546 3908 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
20:30:19.0796 3908 Netman - ok
20:30:19.0859 3908 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:30:19.0921 3908 NetTcpPortSharing - ok
20:30:19.0937 3908 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:30:20.0171 3908 NIC1394 - ok
20:30:20.0265 3908 [ 69AB64AD87FC57004DD7E28AA0270C7B ] NIDomainService C:\Programme\National Instruments\Shared\Security\nidmsrv.exe
20:30:20.0453 3908 NIDomainService - ok
20:30:20.0812 3908 [ B17093B9A2C5F874975C732C1A8BA771 ] NILM License Manager C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe
20:30:21.0015 3908 NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
20:30:21.0015 3908 NILM License Manager - detected UnsignedFile.Multi.Generic (1)
20:30:21.0015 3908 niSvcLoc - ok
20:30:21.0062 3908 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
20:30:21.0125 3908 Nla - ok
20:30:21.0140 3908 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:30:21.0453 3908 nm - ok
20:30:21.0515 3908 [ 6623E51595C0076755C29C00846C4EB2 ] NPF C:\WINDOWS\system32\drivers\npf.sys
20:30:21.0546 3908 NPF - ok
20:30:21.0578 3908 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:30:21.0828 3908 Npfs - ok
20:30:21.0890 3908 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:30:22.0187 3908 Ntfs - ok
20:30:22.0218 3908 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:30:22.0453 3908 NtLmSsp - ok
20:30:22.0484 3908 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:30:22.0796 3908 NtmsSvc - ok
20:30:22.0828 3908 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:30:23.0171 3908 Null - ok
20:30:23.0203 3908 [ 53613D03039D7554C6CD728C61F9FD94 ] nvax C:\WINDOWS\system32\drivers\nvax.sys
20:30:23.0312 3908 nvax - ok
20:30:23.0359 3908 [ FBE448EFA5484A256528E1D02B959BBC ] NVENET C:\WINDOWS\system32\DRIVERS\NVENET.sys
20:30:23.0421 3908 NVENET - ok
20:30:23.0453 3908 [ C47A3D4850298F60BFDD7BB1F86E2821 ] nvnforce C:\WINDOWS\system32\drivers\nvapu.sys
20:30:23.0515 3908 nvnforce - ok
20:30:23.0546 3908 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:30:23.0890 3908 NwlnkFlt - ok
20:30:23.0921 3908 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:30:24.0203 3908 NwlnkFwd - ok
20:30:24.0218 3908 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:30:24.0390 3908 ohci1394 - ok
20:30:24.0421 3908 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:30:24.0453 3908 ose - ok
20:30:24.0500 3908 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:30:24.0687 3908 Parport - ok
20:30:24.0687 3908 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:30:24.0859 3908 PartMgr - ok
20:30:24.0875 3908 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:30:25.0140 3908 ParVdm - ok
20:30:25.0156 3908 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:30:25.0328 3908 PCI - ok
20:30:25.0343 3908 PCIDump - ok
20:30:25.0343 3908 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:30:25.0562 3908 PCIIde - ok
20:30:25.0578 3908 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:30:25.0750 3908 Pcmcia - ok
20:30:25.0765 3908 PDCOMP - ok
20:30:25.0781 3908 PDFRAME - ok
20:30:25.0781 3908 PDRELI - ok
20:30:25.0796 3908 PDRFRAME - ok
20:30:25.0812 3908 perc2 - ok
20:30:25.0828 3908 perc2hib - ok
20:30:25.0890 3908 [ BD50118D655DF97AD69CCA95B81008B7 ] PhTVTune C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
20:30:25.0953 3908 PhTVTune - ok
20:30:25.0984 3908 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
20:30:26.0000 3908 PlugPlay - ok
20:30:26.0015 3908 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
20:30:26.0156 3908 PolicyAgent - ok
20:30:26.0187 3908 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:30:26.0343 3908 PptpMiniport - ok
20:30:26.0359 3908 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:30:26.0500 3908 ProtectedStorage - ok
20:30:26.0515 3908 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:30:26.0687 3908 PSched - ok
20:30:26.0703 3908 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:30:26.0953 3908 Ptilink - ok
20:30:26.0968 3908 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:30:27.0046 3908 PxHelp20 - ok
20:30:27.0046 3908 ql1080 - ok
20:30:27.0062 3908 Ql10wnt - ok
20:30:27.0078 3908 ql12160 - ok
20:30:27.0093 3908 ql1240 - ok
20:30:27.0109 3908 ql1280 - ok
20:30:27.0156 3908 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:30:27.0390 3908 RasAcd - ok
20:30:27.0421 3908 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:30:27.0671 3908 RasAuto - ok
20:30:27.0703 3908 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:30:27.0953 3908 Rasl2tp - ok
20:30:28.0046 3908 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:30:28.0265 3908 RasMan - ok
20:30:28.0296 3908 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:30:28.0500 3908 RasPppoe - ok
20:30:28.0515 3908 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:30:29.0015 3908 Raspti - ok
20:30:29.0093 3908 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:30:29.0375 3908 Rdbss - ok
20:30:29.0390 3908 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:30:29.0984 3908 RDPCDD - ok
20:30:30.0078 3908 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:30:30.0234 3908 RDPWD - ok
20:30:30.0265 3908 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:30:30.0718 3908 RDSessMgr - ok
20:30:30.0765 3908 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:30:31.0000 3908 redbook - ok
20:30:31.0078 3908 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:30:31.0312 3908 RemoteAccess - ok
20:30:31.0343 3908 [ E51A8D02B4BD33EBA1F7A5B76C3766ED ] rpcapd C:\Programme\WinPcap\rpcapd.exe
20:30:31.0390 3908 rpcapd - ok
20:30:31.0421 3908 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
20:30:31.0687 3908 RpcLocator - ok
20:30:31.0734 3908 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:30:31.0796 3908 RpcSs - ok
20:30:31.0859 3908 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:30:32.0187 3908 RSVP - ok
20:30:32.0250 3908 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
20:30:32.0484 3908 SamSs - ok
20:30:32.0515 3908 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:30:32.0781 3908 SCardSvr - ok
20:30:32.0843 3908 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:30:33.0218 3908 Schedule - ok
20:30:33.0281 3908 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:30:33.0515 3908 Secdrv - ok
20:30:33.0546 3908 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:30:33.0796 3908 seclogon - ok
20:30:33.0828 3908 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
20:30:34.0031 3908 SENS - ok
20:30:34.0078 3908 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:30:34.0328 3908 serenum - ok
20:30:34.0375 3908 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:30:34.0625 3908 Serial - ok
20:30:34.0687 3908 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:30:34.0890 3908 Sfloppy - ok
20:30:34.0953 3908 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:30:35.0234 3908 SharedAccess - ok
20:30:35.0265 3908 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:30:35.0296 3908 ShellHWDetection - ok
20:30:35.0312 3908 Simbad - ok
20:30:35.0343 3908 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:30:35.0562 3908 SLIP - ok
20:30:35.0593 3908 Sparrow - ok
20:30:35.0640 3908 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:30:36.0015 3908 splitter - ok
20:30:36.0062 3908 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:30:36.0125 3908 Spooler - ok
20:30:36.0140 3908 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:30:36.0421 3908 sr - ok
20:30:36.0484 3908 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
20:30:36.0703 3908 srservice - ok
20:30:36.0750 3908 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:30:36.0828 3908 Srv - ok
20:30:36.0906 3908 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
20:30:37.0000 3908 ssadbus - ok
20:30:37.0015 3908 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
20:30:37.0109 3908 ssadmdfl - ok
20:30:37.0140 3908 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
20:30:37.0234 3908 ssadmdm - ok
20:30:37.0265 3908 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:30:37.0328 3908 sscdbus - ok
20:30:37.0390 3908 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
20:30:37.0421 3908 sscdmdfl - ok
20:30:37.0468 3908 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:30:37.0531 3908 sscdmdm - ok
20:30:37.0578 3908 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:30:37.0828 3908 SSDPSRV - ok
20:30:37.0890 3908 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:30:37.0937 3908 ssmdrv - ok
20:30:38.0000 3908 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:30:38.0234 3908 stisvc - ok
20:30:38.0250 3908 [ FDCC8C21420745C9491612EF912B7DE6 ] StreamDispatcher C:\WINDOWS\system32\DRIVERS\strmdisp.sys
20:30:38.0312 3908 StreamDispatcher - ok
20:30:38.0343 3908 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:30:38.0562 3908 streamip - ok
20:30:38.0609 3908 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:30:38.0812 3908 swenum - ok
20:30:38.0859 3908 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:30:39.0062 3908 swmidi - ok
20:30:39.0109 3908 SwPrv - ok
20:30:39.0140 3908 symc810 - ok
20:30:39.0171 3908 symc8xx - ok
20:30:39.0187 3908 sym_hi - ok
20:30:39.0234 3908 sym_u3 - ok
20:30:39.0250 3908 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:30:39.0484 3908 sysaudio - ok
20:30:39.0531 3908 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:30:39.0765 3908 SysmonLog - ok
20:30:39.0828 3908 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:30:40.0046 3908 TapiSrv - ok
20:30:40.0109 3908 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:30:40.0171 3908 Tcpip - ok
20:30:40.0203 3908 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:30:40.0531 3908 TDPIPE - ok
20:30:40.0562 3908 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:30:40.0859 3908 TDTCP - ok
20:30:40.0937 3908 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:30:41.0250 3908 TermDD - ok
20:30:41.0281 3908 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
20:30:41.0593 3908 TermService - ok
20:30:41.0656 3908 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:30:41.0718 3908 Themes - ok
20:30:41.0750 3908 TosIde - ok
20:30:41.0796 3908 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:30:42.0140 3908 TrkWks - ok
20:30:42.0203 3908 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:30:42.0531 3908 Udfs - ok
20:30:42.0546 3908 ultra - ok
20:30:42.0609 3908 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:30:42.0890 3908 Update - ok
20:30:42.0953 3908 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:30:43.0203 3908 upnphost - ok
20:30:43.0234 3908 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
20:30:43.0468 3908 UPS - ok
20:30:43.0515 3908 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:30:43.0718 3908 usbaudio - ok
20:30:43.0781 3908 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:30:44.0015 3908 usbccgp - ok
20:30:44.0078 3908 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:30:44.0281 3908 usbehci - ok
20:30:44.0328 3908 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:30:44.0562 3908 usbhub - ok
20:30:44.0625 3908 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:30:44.0812 3908 usbohci - ok
20:30:44.0843 3908 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:30:45.0171 3908 usbprint - ok
20:30:45.0265 3908 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:30:45.0468 3908 usbscan - ok
20:30:45.0484 3908 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:30:45.0703 3908 USBSTOR - ok
20:30:45.0765 3908 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:30:46.0015 3908 VgaSave - ok
20:30:46.0031 3908 ViaIde - ok
20:30:46.0078 3908 [ 705C36BC6E13FDB304486898D6D8512B ] vobcom C:\WINDOWS\system32\drivers\vobcom.sys
20:30:46.0109 3908 vobcom ( UnsignedFile.Multi.Generic ) - warning
20:30:46.0109 3908 vobcom - detected UnsignedFile.Multi.Generic (1)
20:30:46.0125 3908 [ DB41870A0FE1433EF6E0CF13E3059401 ] vobiw C:\WINDOWS\system32\drivers\vobiw.sys
20:30:46.0171 3908 vobiw ( UnsignedFile.Multi.Generic ) - warning
20:30:46.0171 3908 vobiw - detected UnsignedFile.Multi.Generic (1)
20:30:46.0203 3908 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:30:46.0453 3908 VolSnap - ok
20:30:46.0515 3908 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
20:30:46.0578 3908 vsdatant - ok
20:30:46.0640 3908 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
20:30:46.0984 3908 VSS - ok
20:30:47.0015 3908 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
20:30:47.0234 3908 W32Time - ok
20:30:47.0265 3908 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:30:47.0515 3908 Wanarp - ok
20:30:47.0515 3908 WDICA - ok
20:30:47.0546 3908 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:30:47.0796 3908 wdmaud - ok
20:30:47.0828 3908 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:30:48.0015 3908 WebClient - ok
20:30:48.0078 3908 [ D026B0CAD0818E5A119C85EBA6BEFB91 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:30:48.0203 3908 winachsf - ok
20:30:48.0312 3908 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:30:48.0531 3908 winmgmt - ok
20:30:48.0609 3908 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:30:48.0718 3908 WmdmPmSN - ok
20:30:48.0781 3908 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:30:49.0031 3908 WmiApSrv - ok
20:30:49.0093 3908 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
20:30:49.0171 3908 WpdUsb - ok
20:30:49.0234 3908 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:30:49.0484 3908 wscsvc - ok
20:30:49.0546 3908 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:30:49.0781 3908 WSTCODEC - ok
20:30:49.0828 3908 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:30:50.0046 3908 wuauserv - ok
20:30:50.0125 3908 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:30:50.0218 3908 WudfPf - ok
20:30:50.0250 3908 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:30:50.0296 3908 WudfRd - ok
20:30:50.0359 3908 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:30:50.0406 3908 WudfSvc - ok
20:30:50.0468 3908 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:30:50.0718 3908 WZCSVC - ok
20:30:50.0750 3908 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:30:51.0015 3908 xmlprov - ok
20:30:51.0093 3908 ================ Scan global ===============================
20:30:51.0140 3908 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:30:51.0187 3908 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
20:30:51.0234 3908 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
20:30:51.0265 3908 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:30:51.0265 3908 [Global] - ok
20:30:51.0281 3908 ================ Scan MBR ==================================
20:30:51.0312 3908 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
20:30:51.0671 3908 \Device\Harddisk0\DR0 - ok
20:30:51.0687 3908 ================ Scan VBR ==================================
20:30:51.0703 3908 [ E8F3ABE195872636F3CFDA4C4D8EF958 ] \Device\Harddisk0\DR0\Partition1
20:30:51.0703 3908 \Device\Harddisk0\DR0\Partition1 - ok
20:30:51.0718 3908 [ FA5253EC59E7BDF8A6157F8EA2E7AAEB ] \Device\Harddisk0\DR0\Partition2
20:30:51.0718 3908 \Device\Harddisk0\DR0\Partition2 - ok
20:30:51.0718 3908 ============================================================
20:30:51.0718 3908 Scan finished
20:30:51.0718 3908 ============================================================
20:30:51.0859 0892 Detected object count: 15
20:30:51.0859 0892 Actual detected object count: 15
20:31:37.0671 0892 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0671 0892 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0671 0892 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0671 0892 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0671 0892 cdrdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0671 0892 cdrdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0671 0892 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0671 0892 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0671 0892 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0671 0892 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0687 0892 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0687 0892 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0687 0892 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0687 0892 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0703 0892 cvintdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0703 0892 cvintdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0703 0892 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0703 0892 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0703 0892 ElgTaDrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0703 0892 ElgTaDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0703 0892 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0703 0892 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0718 0892 msqpdxserv.sys ( Rootkit.Win32.TDSS.tdl2 ) - skipped by user
20:31:37.0718 0892 msqpdxserv.sys ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Skip
20:31:37.0718 0892 NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0718 0892 NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0718 0892 vobcom ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0718 0892 vobcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:37.0718 0892 vobiw ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:37.0718 0892 vobiw ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
23.05.2013, 21:09
| #8 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt scanne noch mal mit den von uns gemachten einstellungen und wähle für: msqpdxserv.sys ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Skip cure. starte dann neu und scanne noch mal, neues log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet Geändert von markusg (23.05.2013 um 21:17 Uhr) |
|
23.05.2013, 21:30
| #9 |
| | System Care Antivirus - OTL log beigefügt Bei mir kommt nach dem Scan ein anderes Fenster als in der Anleitung. Ich kann auch nur zwischen Skip, Delete und Copy to Quarantäne wählen.  |
|
23.05.2013, 21:31
| #10 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt dann nimm delete.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.05.2013, 21:48
| #11 |
| | System Care Antivirus - OTL log beigefügt alles klar Beim Starten kam direkt  . Hängt der TDSSKiller im Autostart drin?hier der Scan nach dem Neustarten Code:
ATTFilter 22:38:54.0156 0792 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:38:54.0640 0792 ============================================================
22:38:54.0640 0792 Current date / time: 2013/05/23 22:38:54.0640
22:38:54.0640 0792 SystemInfo:
22:38:54.0640 0792
22:38:54.0640 0792 OS Version: 5.1.2600 ServicePack: 3.0
22:38:54.0640 0792 Product type: Workstation
22:38:54.0640 0792 ComputerName: COMPUTER2
22:38:54.0640 0792 UserName: ***
22:38:54.0640 0792 Windows directory: C:\WINDOWS
22:38:54.0640 0792 System windows directory: C:\WINDOWS
22:38:54.0640 0792 Processor architecture: Intel x86
22:38:54.0640 0792 Number of processors: 1
22:38:54.0640 0792 Page size: 0x1000
22:38:54.0640 0792 Boot type: Normal boot
22:38:54.0640 0792 ============================================================
22:38:56.0625 0792 BG loaded
22:38:59.0500 0792 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:38:59.0515 0792 ============================================================
22:38:59.0515 0792 \Device\Harddisk0\DR0:
22:38:59.0515 0792 MBR partitions:
22:38:59.0515 0792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1A0E8B0D
22:38:59.0531 0792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A0E8B8B, BlocksNum 0x30D7B35
22:38:59.0531 0792 ============================================================
22:38:59.0578 0792 C: <-> \Device\Harddisk0\DR0\Partition1
22:38:59.0609 0792 D: <-> \Device\Harddisk0\DR0\Partition2
22:38:59.0640 0792 ============================================================
22:38:59.0640 0792 Initialize success
22:38:59.0640 0792 ============================================================
22:39:53.0140 0392 ============================================================
22:39:53.0140 0392 Scan started
22:39:53.0140 0392 Mode: Manual; SigCheck; TDLFS;
22:39:53.0140 0392 ============================================================
22:39:53.0875 0392 ================ Scan system memory ========================
22:39:53.0875 0392 System memory - ok
22:39:53.0906 0392 ================ Scan services =============================
22:39:54.0125 0392 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
22:39:54.0203 0392 AAV UpdateService - ok
22:39:54.0312 0392 [ 17067069B9A7865028C1F2E6971D0CCC ] aawservice C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
22:39:54.0359 0392 aawservice - ok
22:39:54.0500 0392 Abiosdsk - ok
22:39:54.0546 0392 abp480n5 - ok
22:39:54.0609 0392 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:39:54.0843 0392 ACPI - ok
22:39:54.0890 0392 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:39:55.0093 0392 ACPIEC - ok
22:39:55.0109 0392 adpu160m - ok
22:39:55.0171 0392 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:39:55.0375 0392 aec - ok
22:39:55.0437 0392 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:39:55.0484 0392 AFD - ok
22:39:55.0515 0392 Aha154x - ok
22:39:55.0531 0392 aic78u2 - ok
22:39:55.0578 0392 aic78xx - ok
22:39:55.0640 0392 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:39:55.0843 0392 Alerter - ok
22:39:55.0890 0392 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
22:39:56.0046 0392 ALG - ok
22:39:56.0078 0392 AliIde - ok
22:39:56.0140 0392 [ 3A0DAFAC778236559C14C7203FB550EB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
22:39:56.0312 0392 AmdK7 - ok
22:39:56.0328 0392 amsint - ok
22:39:56.0421 0392 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
22:39:56.0453 0392 AntiVirSchedulerService - ok
22:39:56.0500 0392 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
22:39:56.0531 0392 AntiVirService - ok
22:39:56.0625 0392 [ 1961CB10BB48EB4D97E37DB6373E9E63 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
22:39:56.0625 0392 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
22:39:56.0625 0392 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
22:39:56.0671 0392 AppMgmt - ok
22:39:56.0703 0392 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:39:56.0875 0392 Arp1394 - ok
22:39:56.0937 0392 [ 875F9079CABEE679D34B49E466B61701 ] Asapi C:\WINDOWS\system32\drivers\Asapi.sys
22:39:56.0953 0392 Asapi ( UnsignedFile.Multi.Generic ) - warning
22:39:56.0953 0392 Asapi - detected UnsignedFile.Multi.Generic (1)
22:39:56.0968 0392 asc - ok
22:39:57.0015 0392 asc3350p - ok
22:39:57.0062 0392 asc3550 - ok
22:39:57.0203 0392 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:39:57.0250 0392 aspnet_state - ok
22:39:57.0281 0392 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:39:57.0468 0392 AsyncMac - ok
22:39:57.0515 0392 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:39:57.0687 0392 atapi - ok
22:39:57.0718 0392 Atdisk - ok
22:39:57.0781 0392 [ 67BCF3BA282C90F88794A32E6357056B ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
22:39:57.0843 0392 Ati HotKey Poller - ok
22:39:57.0906 0392 [ 46032087886FB622BB24C674FEDF59FF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:39:58.0015 0392 ati2mtag - ok
22:39:58.0062 0392 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:39:58.0265 0392 Atmarpc - ok
22:39:58.0328 0392 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:39:58.0500 0392 AudioSrv - ok
22:39:58.0578 0392 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:39:58.0765 0392 audstub - ok
22:39:58.0828 0392 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
22:39:58.0843 0392 avgio - ok
22:39:58.0890 0392 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:39:59.0015 0392 avgntflt - ok
22:39:59.0062 0392 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:39:59.0093 0392 avipbb - ok
22:39:59.0140 0392 [ C997AF59C54D69232FB7BBEA4DAD86E2 ] AVMWAN C:\WINDOWS\system32\DRIVERS\avmwan.sys
22:39:59.0375 0392 AVMWAN - ok
22:39:59.0437 0392 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:39:59.0671 0392 Beep - ok
22:39:59.0781 0392 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
22:40:00.0046 0392 BITS - ok
22:40:00.0109 0392 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
22:40:00.0187 0392 Browser - ok
22:40:00.0234 0392 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
22:40:00.0296 0392 BrScnUsb - ok
22:40:00.0375 0392 [ A4ADBD6EDA5EA715DE3EDC08EF6AA640 ] Cap7134 C:\WINDOWS\system32\DRIVERS\Cap7134.sys
22:40:00.0453 0392 Cap7134 - ok
22:40:00.0500 0392 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:40:00.0734 0392 cbidf2k - ok
22:40:00.0781 0392 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:40:00.0968 0392 CCDECODE - ok
22:40:00.0984 0392 cd20xrnt - ok
22:40:01.0062 0392 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:40:01.0296 0392 Cdaudio - ok
22:40:01.0343 0392 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:40:01.0515 0392 Cdfs - ok
22:40:01.0578 0392 [ 882A774895697D6CEB130A3CF42AC9F4 ] cdrdrv C:\WINDOWS\system32\drivers\cdrdrv.sys
22:40:01.0593 0392 cdrdrv ( UnsignedFile.Multi.Generic ) - warning
22:40:01.0593 0392 cdrdrv - detected UnsignedFile.Multi.Generic (1)
22:40:01.0625 0392 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:40:01.0812 0392 Cdrom - ok
22:40:01.0843 0392 Changer - ok
22:40:01.0921 0392 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:40:02.0078 0392 CiSvc - ok
22:40:02.0125 0392 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:40:02.0312 0392 ClipSrv - ok
22:40:02.0375 0392 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:02.0562 0392 clr_optimization_v2.0.50727_32 - ok
22:40:02.0593 0392 CmdIde - ok
22:40:02.0625 0392 COMSysApp - ok
22:40:02.0703 0392 Cpqarray - ok
22:40:02.0765 0392 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
22:40:02.0812 0392 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:40:02.0812 0392 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:40:02.0875 0392 [ D03466C36EF0E5C7694FF38B45271D9D ] Creative Media Toolbox 6 Licensing Service C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe
22:40:02.0921 0392 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:40:02.0921 0392 Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:40:02.0968 0392 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
22:40:02.0984 0392 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
22:40:02.0984 0392 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
22:40:03.0031 0392 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:40:03.0218 0392 CryptSvc - ok
22:40:03.0312 0392 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Programme\Creative\Shared Files\CTAudSvc.exe
22:40:03.0343 0392 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
22:40:03.0343 0392 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
22:40:03.0406 0392 [ DBD89BC0DBE00DCD245BE8F61DBEE291 ] cvintdrv C:\WINDOWS\system32\drivers\cvintdrv.sys
22:40:03.0421 0392 cvintdrv ( UnsignedFile.Multi.Generic ) - warning
22:40:03.0421 0392 cvintdrv - detected UnsignedFile.Multi.Generic (1)
22:40:03.0468 0392 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:40:03.0500 0392 CVirtA - ok
22:40:03.0625 0392 [ 8B8B082010775093081DEBE9621BEDF0 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
22:40:03.0750 0392 CVPND - ok
22:40:03.0796 0392 [ 720482888C3778F26EEB83D286A6CDC3 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
22:40:03.0859 0392 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:40:03.0859 0392 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:40:03.0906 0392 dac2w2k - ok
22:40:03.0937 0392 dac960nt - ok
22:40:04.0031 0392 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:40:04.0109 0392 DcomLaunch - ok
22:40:04.0187 0392 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:40:04.0328 0392 Dhcp - ok
22:40:04.0390 0392 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:40:04.0546 0392 Disk - ok
22:40:04.0593 0392 dmadmin - ok
22:40:04.0671 0392 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:40:04.0875 0392 dmboot - ok
22:40:04.0937 0392 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:40:05.0125 0392 dmio - ok
22:40:05.0187 0392 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:40:05.0390 0392 dmload - ok
22:40:05.0468 0392 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:40:05.0640 0392 dmserver - ok
22:40:05.0718 0392 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:40:05.0875 0392 DMusic - ok
22:40:05.0953 0392 [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
22:40:05.0984 0392 DNE - ok
22:40:06.0046 0392 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:40:06.0156 0392 Dnscache - ok
22:40:06.0203 0392 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:40:06.0375 0392 Dot3svc - ok
22:40:06.0406 0392 dpti2o - ok
22:40:06.0468 0392 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:40:06.0625 0392 drmkaud - ok
22:40:06.0671 0392 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:40:06.0828 0392 EapHost - ok
22:40:06.0875 0392 [ B687F79CB390E103AF36DCBB5C417044 ] ElgTaDrv C:\WINDOWS\system32\Drivers\ElgTaDrv.sys
22:40:06.0890 0392 ElgTaDrv ( UnsignedFile.Multi.Generic ) - warning
22:40:06.0890 0392 ElgTaDrv - detected UnsignedFile.Multi.Generic (1)
22:40:06.0937 0392 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:40:07.0109 0392 ERSvc - ok
22:40:07.0171 0392 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
22:40:07.0187 0392 Eventlog - ok
22:40:07.0265 0392 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
22:40:07.0312 0392 EventSystem - ok
22:40:07.0375 0392 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:40:07.0531 0392 Fastfat - ok
22:40:07.0578 0392 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:40:07.0671 0392 FastUserSwitchingCompatibility - ok
22:40:07.0734 0392 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
22:40:07.0906 0392 Fax - ok
22:40:07.0953 0392 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:40:08.0078 0392 Fdc - ok
22:40:08.0109 0392 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:40:08.0296 0392 Fips - ok
22:40:08.0359 0392 [ 9F3E4061C09AE1B809FBA8B8FEE647DD ] flashusb C:\WINDOWS\system32\DRIVERS\flashusb.sys
22:40:08.0453 0392 flashusb - ok
22:40:08.0484 0392 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:40:08.0640 0392 Flpydisk - ok
22:40:08.0703 0392 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:40:08.0890 0392 FltMgr - ok
22:40:09.0015 0392 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:40:09.0031 0392 FontCache3.0.0.0 - ok
22:40:09.0093 0392 [ 45B5129AEAE91EA096A9BBEBFF99E098 ] fpcibase C:\WINDOWS\system32\DRIVERS\fpcibase.sys
22:40:09.0359 0392 fpcibase - ok
22:40:09.0390 0392 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:40:09.0609 0392 Fs_Rec - ok
22:40:09.0656 0392 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:40:09.0890 0392 Ftdisk - ok
22:40:09.0953 0392 [ 5DC17164F66380CBFEFD895C18467773 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:40:10.0000 0392 GEARAspiWDM - ok
22:40:10.0031 0392 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:40:10.0171 0392 Gpc - ok
22:40:10.0265 0392 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:40:10.0406 0392 helpsvc - ok
22:40:10.0453 0392 HidServ - ok
22:40:10.0500 0392 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:40:10.0671 0392 HidUsb - ok
22:40:10.0718 0392 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:40:10.0875 0392 hkmsvc - ok
22:40:10.0906 0392 hpn - ok
22:40:10.0968 0392 [ 4FE90F168EADB512653F3D8F2D4F9ECD ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:40:11.0015 0392 HSFHWBS2 - ok
22:40:11.0078 0392 [ F54BFC0568BE4753245D8C3E249253F9 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:40:11.0171 0392 HSF_DP - ok
22:40:11.0218 0392 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:40:11.0281 0392 HTTP - ok
22:40:11.0312 0392 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:40:11.0500 0392 HTTPFilter - ok
22:40:11.0515 0392 i2omgmt - ok
22:40:11.0562 0392 i2omp - ok
22:40:11.0625 0392 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:40:11.0765 0392 i8042prt - ok
22:40:11.0859 0392 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:40:11.0953 0392 idsvc - ok
22:40:12.0015 0392 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:40:12.0171 0392 Imapi - ok
22:40:12.0250 0392 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
22:40:12.0406 0392 ImapiService - ok
22:40:12.0453 0392 ini910u - ok
22:40:12.0515 0392 IntelIde - ok
22:40:12.0562 0392 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:40:12.0718 0392 ip6fw - ok
22:40:12.0765 0392 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:40:13.0015 0392 IpFilterDriver - ok
22:40:13.0062 0392 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:40:13.0218 0392 IpInIp - ok
22:40:13.0296 0392 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:40:13.0468 0392 IpNat - ok
22:40:13.0625 0392 [ 1CB96E83FD76EB5580451CEF29E24303 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
22:40:13.0718 0392 iPod Service - ok
22:40:13.0765 0392 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:40:13.0921 0392 IPSec - ok
22:40:13.0953 0392 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:40:14.0125 0392 IRENUM - ok
22:40:14.0171 0392 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:40:14.0359 0392 isapnp - ok
22:40:14.0406 0392 [ E28B9746A8888C6536691D6F72FC6A61 ] itchfltr C:\WINDOWS\system32\DRIVERS\itchfltr.sys
22:40:14.0453 0392 itchfltr - ok
22:40:14.0562 0392 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
22:40:14.0578 0392 JavaQuickStarterService - ok
22:40:14.0609 0392 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:40:14.0765 0392 Kbdclass - ok
22:40:14.0812 0392 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:40:14.0984 0392 kmixer - ok
22:40:15.0078 0392 [ 08A5204A361191C25AD21188CAA4824C ] ksaud C:\WINDOWS\system32\drivers\ksaud.sys
22:40:15.0250 0392 ksaud - ok
22:40:15.0328 0392 [ DEB94F7B8D2BC94DC68870C41DA5ED26 ] ksaudfl C:\WINDOWS\system32\drivers\ksaudfl.sys
22:40:15.0468 0392 ksaudfl - ok
22:40:15.0515 0392 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:40:15.0640 0392 KSecDD - ok
22:40:15.0703 0392 [ CB129B5B0E47B0F34BE950939DA52E7F ] l8042pr2 C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
22:40:15.0750 0392 l8042pr2 - ok
22:40:15.0843 0392 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:40:15.0890 0392 lanmanserver - ok
22:40:15.0953 0392 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:40:16.0015 0392 lanmanworkstation - ok
22:40:16.0031 0392 lbrtfdc - ok
22:40:16.0109 0392 [ E8E25EDB0D3AB0BC459405BCAF824FDF ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
22:40:16.0156 0392 LHidFlt2 - ok
22:40:16.0187 0392 [ 18E48E9D5683860773A078C7C3837DAF ] LKbdFlt2 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
22:40:16.0250 0392 LKbdFlt2 - ok
22:40:16.0359 0392 [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\WINDOWS\system32\lkcitdl.exe
22:40:16.0421 0392 LkCitadelServer - ok
22:40:16.0437 0392 [ 78B0A5AA493995C7409B3168E8BE3E90 ] lkClassAds C:\WINDOWS\system32\lkads.exe
22:40:16.0468 0392 lkClassAds - ok
22:40:16.0500 0392 [ 53A2A034AA22696B05A1EC722187E811 ] lkTimeSync C:\WINDOWS\system32\lktsrv.exe
22:40:16.0531 0392 lkTimeSync - ok
22:40:16.0578 0392 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:40:16.0734 0392 LmHosts - ok
22:40:16.0765 0392 [ D1D5F7CBECEF5C0C9F019B0C534BE289 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
22:40:16.0796 0392 LMouFlt2 - ok
22:40:16.0937 0392 [ C6E5D5466E944CDE5C9432EF7175337F ] m21callrunsrv C:\PROGRA~1\CALLIN~1\bin\callice.exe
22:40:16.0984 0392 m21callrunsrv - ok
22:40:17.0031 0392 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:40:17.0062 0392 MBAMSwissArmy - ok
22:40:17.0156 0392 [ F19FB53B183C6371A9B4591B638A8C3A ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
22:40:17.0203 0392 MDM ( UnsignedFile.Multi.Generic ) - warning
22:40:17.0203 0392 MDM - detected UnsignedFile.Multi.Generic (1)
22:40:17.0250 0392 [ A1E9D936EAC07EE9386E87BAC1377FAD ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:40:17.0296 0392 mdmxsdk - ok
22:40:17.0343 0392 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:40:17.0515 0392 Messenger - ok
22:40:17.0578 0392 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:40:17.0781 0392 mnmdd - ok
22:40:17.0843 0392 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
22:40:17.0984 0392 mnmsrvc - ok
22:40:18.0031 0392 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:40:18.0187 0392 Modem - ok
22:40:18.0234 0392 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:40:18.0468 0392 MODEMCSA - ok
22:40:18.0515 0392 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:40:18.0671 0392 Mouclass - ok
22:40:18.0734 0392 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:40:18.0921 0392 mouhid - ok
22:40:18.0968 0392 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:40:19.0125 0392 MountMgr - ok
22:40:19.0187 0392 [ 1C9B83F6A2D1F414F0ACD28D75605607 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
22:40:19.0218 0392 MozillaMaintenance - ok
22:40:19.0250 0392 mraid35x - ok
22:40:19.0296 0392 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:40:19.0484 0392 MRxDAV - ok
22:40:19.0578 0392 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:40:19.0671 0392 MRxSmb - ok
22:40:19.0718 0392 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:40:19.0875 0392 MSDTC - ok
22:40:19.0937 0392 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:40:20.0109 0392 Msfs - ok
22:40:20.0125 0392 MSIServer - ok
22:40:20.0140 0392 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:40:20.0296 0392 MSKSSRV - ok
22:40:20.0343 0392 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:40:20.0484 0392 MSPCLOCK - ok
22:40:20.0531 0392 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:40:20.0703 0392 MSPQM - ok
22:40:20.0765 0392 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:40:20.0906 0392 mssmbios - ok
22:40:20.0921 0392 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:40:21.0109 0392 MSTEE - ok
22:40:21.0171 0392 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:40:21.0234 0392 Mup - ok
22:40:21.0281 0392 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:40:21.0421 0392 NABTSFEC - ok
22:40:21.0468 0392 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
22:40:21.0640 0392 napagent - ok
22:40:21.0687 0392 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:40:21.0875 0392 NDIS - ok
22:40:21.0921 0392 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:40:22.0078 0392 NdisIP - ok
22:40:22.0125 0392 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:40:22.0156 0392 NdisTapi - ok
22:40:22.0187 0392 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:40:22.0343 0392 Ndisuio - ok
22:40:22.0375 0392 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:40:22.0562 0392 NdisWan - ok
22:40:22.0609 0392 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:40:22.0687 0392 NDProxy - ok
22:40:22.0718 0392 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:40:22.0875 0392 NetBIOS - ok
22:40:22.0906 0392 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:40:23.0078 0392 NetBT - ok
22:40:23.0140 0392 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
22:40:23.0312 0392 NetDDE - ok
22:40:23.0328 0392 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:40:23.0500 0392 NetDDEdsdm - ok
22:40:23.0562 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
22:40:23.0703 0392 Netlogon - ok
22:40:23.0734 0392 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
22:40:23.0906 0392 Netman - ok
22:40:23.0953 0392 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:40:23.0984 0392 NetTcpPortSharing - ok
22:40:24.0031 0392 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:40:24.0218 0392 NIC1394 - ok
22:40:24.0296 0392 [ 69AB64AD87FC57004DD7E28AA0270C7B ] NIDomainService C:\Programme\National Instruments\Shared\Security\nidmsrv.exe
22:40:24.0312 0392 NIDomainService - ok
22:40:24.0437 0392 [ B17093B9A2C5F874975C732C1A8BA771 ] NILM License Manager C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe
22:40:24.0546 0392 NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
22:40:24.0546 0392 NILM License Manager - detected UnsignedFile.Multi.Generic (1)
22:40:24.0593 0392 niSvcLoc - ok
22:40:24.0656 0392 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
22:40:24.0671 0392 Nla - ok
22:40:24.0718 0392 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
22:40:24.0875 0392 nm - ok
22:40:24.0953 0392 [ 6623E51595C0076755C29C00846C4EB2 ] NPF C:\WINDOWS\system32\drivers\npf.sys
22:40:24.0968 0392 NPF - ok
22:40:25.0015 0392 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:40:25.0156 0392 Npfs - ok
22:40:25.0265 0392 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:40:25.0453 0392 Ntfs - ok
22:40:25.0484 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
22:40:25.0609 0392 NtLmSsp - ok
22:40:25.0671 0392 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:40:25.0875 0392 NtmsSvc - ok
22:40:25.0921 0392 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:40:26.0125 0392 Null - ok
22:40:26.0187 0392 [ 53613D03039D7554C6CD728C61F9FD94 ] nvax C:\WINDOWS\system32\drivers\nvax.sys
22:40:26.0281 0392 nvax - ok
22:40:26.0312 0392 [ FBE448EFA5484A256528E1D02B959BBC ] NVENET C:\WINDOWS\system32\DRIVERS\NVENET.sys
22:40:26.0375 0392 NVENET - ok
22:40:26.0437 0392 [ C47A3D4850298F60BFDD7BB1F86E2821 ] nvnforce C:\WINDOWS\system32\drivers\nvapu.sys
22:40:26.0468 0392 nvnforce - ok
22:40:26.0531 0392 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:40:26.0734 0392 NwlnkFlt - ok
22:40:26.0781 0392 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:40:26.0984 0392 NwlnkFwd - ok
22:40:27.0015 0392 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:40:27.0187 0392 ohci1394 - ok
22:40:27.0250 0392 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:40:27.0312 0392 ose - ok
22:40:27.0375 0392 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:40:27.0515 0392 Parport - ok
22:40:27.0562 0392 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:40:27.0718 0392 PartMgr - ok
22:40:27.0781 0392 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:40:27.0968 0392 ParVdm - ok
22:40:28.0000 0392 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:40:28.0203 0392 PCI - ok
22:40:28.0234 0392 PCIDump - ok
22:40:28.0265 0392 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:40:28.0515 0392 PCIIde - ok
22:40:28.0546 0392 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:40:28.0718 0392 Pcmcia - ok
22:40:28.0750 0392 PDCOMP - ok
22:40:28.0781 0392 PDFRAME - ok
22:40:28.0828 0392 PDRELI - ok
22:40:28.0859 0392 PDRFRAME - ok
22:40:28.0906 0392 perc2 - ok
22:40:28.0921 0392 perc2hib - ok
22:40:29.0062 0392 [ BD50118D655DF97AD69CCA95B81008B7 ] PhTVTune C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
22:40:29.0109 0392 PhTVTune - ok
22:40:29.0156 0392 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
22:40:29.0187 0392 PlugPlay - ok
22:40:29.0218 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
22:40:29.0359 0392 PolicyAgent - ok
22:40:29.0390 0392 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:40:29.0546 0392 PptpMiniport - ok
22:40:29.0578 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:40:29.0734 0392 ProtectedStorage - ok
22:40:29.0765 0392 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:40:29.0968 0392 PSched - ok
22:40:29.0984 0392 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:40:30.0234 0392 Ptilink - ok
22:40:30.0265 0392 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:40:30.0312 0392 PxHelp20 - ok
22:40:30.0328 0392 ql1080 - ok
22:40:30.0375 0392 Ql10wnt - ok
22:40:30.0406 0392 ql12160 - ok
22:40:30.0437 0392 ql1240 - ok
22:40:30.0468 0392 ql1280 - ok
22:40:30.0531 0392 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:40:30.0718 0392 RasAcd - ok
22:40:30.0781 0392 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:40:30.0937 0392 RasAuto - ok
22:40:30.0968 0392 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:40:31.0125 0392 Rasl2tp - ok
22:40:31.0203 0392 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:40:31.0359 0392 RasMan - ok
22:40:31.0406 0392 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:40:31.0562 0392 RasPppoe - ok
22:40:31.0593 0392 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:40:31.0796 0392 Raspti - ok
22:40:31.0843 0392 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:40:32.0000 0392 Rdbss - ok
22:40:32.0015 0392 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:40:32.0234 0392 RDPCDD - ok
22:40:32.0328 0392 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:40:32.0406 0392 RDPWD - ok
22:40:32.0468 0392 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:40:32.0640 0392 RDSessMgr - ok
22:40:32.0687 0392 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:40:32.0843 0392 redbook - ok
22:40:32.0890 0392 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:40:33.0046 0392 RemoteAccess - ok
22:40:33.0093 0392 [ E51A8D02B4BD33EBA1F7A5B76C3766ED ] rpcapd C:\Programme\WinPcap\rpcapd.exe
22:40:33.0140 0392 rpcapd - ok
22:40:33.0171 0392 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
22:40:33.0343 0392 RpcLocator - ok
22:40:33.0375 0392 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:40:33.0437 0392 RpcSs - ok
22:40:33.0484 0392 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
22:40:33.0718 0392 RSVP - ok
22:40:33.0765 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
22:40:33.0890 0392 SamSs - ok
22:40:33.0921 0392 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:40:34.0093 0392 SCardSvr - ok
22:40:34.0156 0392 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:40:34.0296 0392 Schedule - ok
22:40:34.0375 0392 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:40:34.0531 0392 Secdrv - ok
22:40:34.0578 0392 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
22:40:34.0734 0392 seclogon - ok
22:40:34.0765 0392 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
22:40:34.0906 0392 SENS - ok
22:40:34.0968 0392 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:40:35.0125 0392 serenum - ok
22:40:35.0156 0392 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:40:35.0328 0392 Serial - ok
22:40:35.0421 0392 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:40:35.0578 0392 Sfloppy - ok
22:40:35.0656 0392 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:40:35.0812 0392 SharedAccess - ok
22:40:35.0859 0392 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:40:35.0875 0392 ShellHWDetection - ok
22:40:35.0890 0392 Simbad - ok
22:40:35.0953 0392 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:40:36.0109 0392 SLIP - ok
22:40:36.0156 0392 Sparrow - ok
22:40:36.0203 0392 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:40:36.0359 0392 splitter - ok
22:40:36.0421 0392 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:40:36.0546 0392 Spooler - ok
22:40:36.0578 0392 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:40:36.0750 0392 sr - ok
22:40:36.0828 0392 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
22:40:36.0984 0392 srservice - ok
22:40:37.0062 0392 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:40:37.0156 0392 Srv - ok
22:40:37.0234 0392 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
22:40:37.0296 0392 ssadbus - ok
22:40:37.0328 0392 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
22:40:37.0421 0392 ssadmdfl - ok
22:40:37.0484 0392 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
22:40:37.0531 0392 ssadmdm - ok
22:40:37.0593 0392 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
22:40:37.0609 0392 sscdbus - ok
22:40:37.0656 0392 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
22:40:37.0703 0392 sscdmdfl - ok
22:40:37.0750 0392 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
22:40:37.0781 0392 sscdmdm - ok
22:40:37.0843 0392 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:40:38.0000 0392 SSDPSRV - ok
22:40:38.0062 0392 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:40:38.0078 0392 ssmdrv - ok
22:40:38.0140 0392 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:40:38.0312 0392 stisvc - ok
22:40:38.0343 0392 [ FDCC8C21420745C9491612EF912B7DE6 ] StreamDispatcher C:\WINDOWS\system32\DRIVERS\strmdisp.sys
22:40:38.0390 0392 StreamDispatcher - ok
22:40:38.0437 0392 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:40:38.0593 0392 streamip - ok
22:40:38.0656 0392 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:40:38.0812 0392 swenum - ok
22:40:38.0859 0392 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:40:39.0000 0392 swmidi - ok
22:40:39.0031 0392 SwPrv - ok
22:40:39.0062 0392 symc810 - ok
22:40:39.0109 0392 symc8xx - ok
22:40:39.0156 0392 sym_hi - ok
22:40:39.0187 0392 sym_u3 - ok
22:40:39.0234 0392 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:40:39.0421 0392 sysaudio - ok
22:40:39.0468 0392 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:40:39.0656 0392 SysmonLog - ok
22:40:39.0687 0392 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:40:39.0843 0392 TapiSrv - ok
22:40:39.0921 0392 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:40:39.0968 0392 Tcpip - ok
22:40:40.0031 0392 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:40:40.0187 0392 TDPIPE - ok
22:40:40.0234 0392 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:40:40.0375 0392 TDTCP - ok
22:40:40.0437 0392 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:40:40.0578 0392 TermDD - ok
22:40:40.0625 0392 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
22:40:40.0781 0392 TermService - ok
22:40:40.0812 0392 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:40:40.0828 0392 Themes - ok
22:40:40.0859 0392 TosIde - ok
22:40:40.0906 0392 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:40:41.0046 0392 TrkWks - ok
22:40:41.0125 0392 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:40:41.0265 0392 Udfs - ok
22:40:41.0296 0392 ultra - ok
22:40:41.0390 0392 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:40:41.0546 0392 Update - ok
22:40:41.0593 0392 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:40:41.0765 0392 upnphost - ok
22:40:41.0812 0392 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
22:40:41.0953 0392 UPS - ok
22:40:42.0015 0392 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:40:42.0140 0392 usbaudio - ok
22:40:42.0218 0392 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:40:42.0359 0392 usbccgp - ok
22:40:42.0406 0392 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:40:42.0562 0392 usbehci - ok
22:40:42.0593 0392 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:40:42.0765 0392 usbhub - ok
22:40:42.0781 0392 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:40:42.0921 0392 usbohci - ok
22:40:42.0953 0392 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:40:43.0109 0392 usbprint - ok
22:40:43.0171 0392 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:40:43.0343 0392 usbscan - ok
22:40:43.0359 0392 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:40:43.0546 0392 USBSTOR - ok
22:40:43.0578 0392 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:40:43.0750 0392 VgaSave - ok
22:40:43.0781 0392 ViaIde - ok
22:40:43.0828 0392 [ 705C36BC6E13FDB304486898D6D8512B ] vobcom C:\WINDOWS\system32\drivers\vobcom.sys
22:40:43.0859 0392 vobcom ( UnsignedFile.Multi.Generic ) - warning
22:40:43.0859 0392 vobcom - detected UnsignedFile.Multi.Generic (1)
22:40:43.0906 0392 [ DB41870A0FE1433EF6E0CF13E3059401 ] vobiw C:\WINDOWS\system32\drivers\vobiw.sys
22:40:43.0937 0392 vobiw ( UnsignedFile.Multi.Generic ) - warning
22:40:43.0937 0392 vobiw - detected UnsignedFile.Multi.Generic (1)
22:40:43.0984 0392 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:40:44.0140 0392 VolSnap - ok
22:40:44.0234 0392 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
22:40:44.0281 0392 vsdatant - ok
22:40:44.0343 0392 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
22:40:44.0484 0392 VSS - ok
22:40:44.0546 0392 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
22:40:44.0703 0392 W32Time - ok
22:40:44.0750 0392 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:40:44.0968 0392 Wanarp - ok
22:40:45.0000 0392 WDICA - ok
22:40:45.0031 0392 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:40:45.0250 0392 wdmaud - ok
22:40:45.0328 0392 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:40:45.0500 0392 WebClient - ok
22:40:45.0562 0392 [ D026B0CAD0818E5A119C85EBA6BEFB91 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:40:45.0859 0392 winachsf - ok
22:40:46.0312 0392 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:40:46.0484 0392 winmgmt - ok
22:40:46.0625 0392 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:40:46.0750 0392 WmdmPmSN - ok
22:40:46.0859 0392 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:40:47.0015 0392 WmiApSrv - ok
22:40:47.0046 0392 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
22:40:47.0109 0392 WpdUsb - ok
22:40:47.0171 0392 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:40:47.0343 0392 wscsvc - ok
22:40:47.0390 0392 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:40:47.0562 0392 WSTCODEC - ok
22:40:47.0593 0392 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:40:47.0796 0392 wuauserv - ok
22:40:47.0859 0392 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:40:47.0937 0392 WudfPf - ok
22:40:47.0968 0392 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:40:48.0046 0392 WudfRd - ok
22:40:48.0078 0392 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:40:48.0125 0392 WudfSvc - ok
22:40:48.0203 0392 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:40:48.0375 0392 WZCSVC - ok
22:40:48.0500 0392 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:40:48.0765 0392 xmlprov - ok
22:40:48.0859 0392 ================ Scan global ===============================
22:40:48.0937 0392 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:40:49.0093 0392 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
22:40:49.0140 0392 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
22:40:49.0171 0392 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:40:49.0171 0392 [Global] - ok
22:40:49.0171 0392 ================ Scan MBR ==================================
22:40:49.0218 0392 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
22:40:54.0875 0392 \Device\Harddisk0\DR0 - ok
22:40:54.0875 0392 ================ Scan VBR ==================================
22:40:54.0890 0392 [ E8F3ABE195872636F3CFDA4C4D8EF958 ] \Device\Harddisk0\DR0\Partition1
22:40:54.0906 0392 \Device\Harddisk0\DR0\Partition1 - ok
22:40:54.0937 0392 [ FA5253EC59E7BDF8A6157F8EA2E7AAEB ] \Device\Harddisk0\DR0\Partition2
22:40:54.0937 0392 \Device\Harddisk0\DR0\Partition2 - ok
22:40:54.0937 0392 ============================================================
22:40:54.0937 0392 Scan finished
22:40:54.0937 0392 ============================================================
22:40:55.0062 0348 Detected object count: 14
22:40:55.0062 0348 Actual detected object count: 14
22:41:16.0625 0348 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0625 0348 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0625 0348 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0625 0348 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0625 0348 cdrdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0625 0348 cdrdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0625 0348 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0625 0348 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0656 0348 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0656 0348 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0656 0348 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0656 0348 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0671 0348 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0671 0348 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0671 0348 cvintdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0671 0348 cvintdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0687 0348 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0687 0348 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0687 0348 ElgTaDrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0687 0348 ElgTaDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0687 0348 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0687 0348 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0687 0348 NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0687 0348 NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0687 0348 vobcom ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0687 0348 vobcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:16.0687 0348 vobiw ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:16.0687 0348 vobiw ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
24.05.2013, 11:21
| #12 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt Hi, warscheinlich war ein Neustart nötig. Nutzt du den PC fürs Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.05.2013, 13:37
| #13 |
| | System Care Antivirus - OTL log beigefügt Schon gelegentlich. Muss noch irgendwas gescannt werden oder kann ich die Zugangsdaten gleich ändern? |
|
24.05.2013, 13:40
| #14 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt Hi bitte Bank anrufen, falls diese zu hatt, Notfallnummer: 116 116 Onlinebanking wegen TDSS Rootkits sperren lassen. Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC für onlinebanking, verwendest Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Da rootkits einiges am System ändern was wir evtl. nicht nachvollziehen können, würde ich, wenn es mein PC währe ihn neu aufsetzen und dann mal richtig absichern, anleitungen bekomst du von uns. Entscheidung liegt bei dir.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.05.2013, 14:48
| #15 |
| | System Care Antivirus - OTL log beigefügt Onlinebanking hab ich erledigt. Auf dem Rechner ist noch XP installiert. Aber das ist eh abgekündigt und es muss ein neues Betriebssystem her (sofern der Rechner das noch packt). Allerdings hab ich mich noch nicht drum gekümmert. Ich kann bei dem Rechner auf Onlinebanking usw. verzichten. Nutze ihn nur noch ab und zu um ein paar Fotos zu bearbeiten/anzugucken, Musik zu höhren und docs oder xls zu bearbeiten. Es ist noch eine Software für die ISDN-Anlage installiert, wo ich mich erstmal erkundigen muss, ob die unter win7 oder höher läuft. Ich bin bereit, weiter mitzumachen. Auf jedenfall schon mal ein großes  für die gute Unterstützung. |
|
| Themen zu System Care Antivirus - OTL log beigefügt |
| ad-aware, antivir, antivirus, avira, bho, browser, canon, desktop, error, firefox, flash player, format, ftp, google, hijack, hijackthis, home, logfile, mozilla, national, object, plug-in, recuva, registry, rundll, scan, security, software, synology, system, system care, windows internet |
Textbox. 
Linear-Darstellung
