Trojaner-Board - Eine Art Bundespolizei-Trojaner?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Eine Art Bundespolizei-Trojaner? (https://www.trojaner-board.de/111866-art-bundespolizei-trojaner.html)

Eine Art Bundespolizei-Trojaner?

Hallo allerseits,
habe offenbar so eine Art Bundespolizei-Trojaner auf dem Rechner. Wobei er sich bis jetzt nur sporadisch gemeldet hat, nach dem Rechner- Neustart hatte ich wieder (für ein paar Minuten!) Ruhe. Verlangt wird hier ein angebliches, natürl. kostenpflichtiges 'Antiviren- Update'. Hab mal nen Malwarebytes- Durchlauf gemacht und die Datei (mit Funden) angehängt.
Wie muss ich weiter verfahren?
Vielen Dank schon mal
sandero

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo,
Malwarebytes hat nichts gefunden. (Das vorletzte abgespeicherte Log ist das bereits gepostete.) Aber bei ESET gab's einige Ergebnisse:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=69aaf80d8ff61548b9aec7ed9677eaa6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-01 11:15:35

# local_time=2011-09-01 01:15:35 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16775129 100 93 304855 51407811 297623 0

# compatibility_mode=8192 67108863 100 0 808 808 0 0

# scanned=94956

# found=5

# cleaned=0

# scan_time=4747

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16\40a44ad0-51068740        Java/Agent.DJ trojan (unable to clean)        00000000000000000000000000000000        I

C:\_OTL\MovedFiles.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I

D:\Install_\Nero-7.10.1.0_deu_update.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I

D:\Install_\registrybooster.exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I

D:\Nutzerdateien\LUDKuer\nerv.zip        probably a variant of Win32/Agent.FHUJTXH trojan (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=69aaf80d8ff61548b9aec7ed9677eaa6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-25 09:42:25

# local_time=2012-03-25 11:42:25 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16775141 100 93 119834 69242345 213851 0

# compatibility_mode=8192 67108863 100 0 17835342 17835342 0 0

# scanned=221760

# found=8

# cleaned=0

# scan_time=6224

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42\48b4186a-138b7f3c        a variant of Java/TrojanDownloader.Agent.NDR trojan (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5\654bf205-2110ffa5        a variant of Java/Exploit.Blacole.AN trojan (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\jar_cache5742365651121357786.tmp        Java/TrojanDownloader.Agent.NDR trojan (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\HQ95S85D\traffcount[1].htm        JS/Kryptik.KP.Gen trojan (unable to clean)        00000000000000000000000000000000        I

C:\System Volume Information\_restore{948B4474-1004-4138-8F3F-1AA1E2621247}\RP43\A0005722.exe        a variant of Win32/Kryptik.ACVF trojan (unable to clean)        00000000000000000000000000000000        I

C:\_OTL\MovedFiles.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I

D:\Install_\Nero-7.10.1.0_deu_update.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I

D:\Nutzerdateien\***\nerv.zip        probably a variant of Win32/Agent.FHUJTXH trojan (unable to clean)        00000000000000000000000000000000        I

Gruß,
sandero

Zitat:

D:\Nutzerdateien\LUDKuer\nerv.zip

Was soll das denn sein?

Irgendein Mist, der mal über einen Bekannten als Anhang einer 'Scherzmail' ankam. Hab ich letztlich nie aufgemacht- und inzwischen dann auch gelöscht. Wusste gar nicht, dass ich das noch hatte.

sandero

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo,
hier nun meine OTL-Logdatei:
OTL Logfile:

Code:

OTL logfile created on: 28.03.2012 18:15:58 - Run 10

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 145,00 Gb Total Space | 121,51 Gb Free Space | 83,80% Space Free | Partition Type: NTFS

Drive D: | 87,89 Gb Total Space | 78,14 Gb Free Space | 88,91% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive H: | 3,91 Gb Total Space | 3,77 Gb Free Space | 96,32% Space Free | Partition Type: FAT32

Drive I: | 1,92 Gb Total Space | 1,57 Gb Free Space | 81,69% Space Free | Partition Type: FAT

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.08.28 23:15:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.04.30 14:06:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe

PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe

PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe

PRC - [2011.04.11 12:51:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.05.21 01:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin

PRC - [2010.05.21 01:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.06.01 14:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

PRC - [2004.06.09 17:08:50 | 000,385,024 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\S.A.D\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe

PRC - [2003.02.11 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Programme\WinZip\WZQKPICK.EXE

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.04.11 12:51:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] --  -- (HidServ)

SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)

SRV - [2011.08.28 23:15:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.30 14:06:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)

SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2010.12.31 13:25:57 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.08.28 23:15:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.08.28 23:15:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.10.31 05:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008.03.25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008.03.25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2008.01.25 14:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)

DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005.10.09 17:13:58 | 000,015,571 | ---- | M] (ProDyne) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PDDSLADP.SYS -- (PDDSLADP)

DRV - [2005.10.09 17:13:58 | 000,015,187 | ---- | M] (ProDyne) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PDDSLHND.SYS -- (PDDSLHND)

DRV - [2000.05.12 15:48:04 | 000,008,768 | ---- | M] (VOB Computersysteme GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alice-dsl.de/

IE - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.04 15:17:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.14 18:27:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.08.23 16:20:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

 

[2010.12.29 15:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2010.12.29 15:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.12.29 02:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\fbwy9sr7.default\extensions

[2011.10.24 10:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.04 14:26:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011.10.24 10:30:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011.10.04 14:26:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011.06.27 01:29:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll

[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.12.07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.08.31 00:28:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Programme\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004..\Run: [pdfSaver3] C:\Programme\S.A.D\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)

O4 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004..\Run: [SkypePM]  File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Programme\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt -  File not found

NetSvcs: HidServ -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - 

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {84E92906-0E3C-B657-6DAE-511B6497244B} - NetShow

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS

ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.28 18:13:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2012.03.25 21:48:51 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.28 17:55:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.28 15:55:43 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.03.28 15:55:41 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.27 23:48:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.25 21:49:10 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe

[2012.03.25 17:47:12 | 000,492,308 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.03.25 17:47:12 | 000,472,866 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.03.25 17:47:12 | 000,090,952 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.03.25 17:47:12 | 000,075,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.03.15 16:26:33 | 000,537,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.03.15 02:38:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.03.09 00:39:49 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.15 02:33:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.06.20 19:27:10 | 000,003,663 | ---- | C] () -- C:\WINDOWS\iexplore.ini

[2011.01.27 00:46:37 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.31 22:40:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010.12.31 17:37:24 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc

[2010.12.31 14:34:36 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2010.12.31 14:34:36 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2010.12.31 14:34:36 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2010.12.31 14:34:36 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2010.12.31 14:34:36 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2010.12.31 14:34:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010.12.31 14:34:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2010.12.31 14:34:35 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2010.12.31 14:34:35 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2010.12.31 14:34:35 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2010.12.31 14:34:35 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2010.12.31 14:34:35 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2010.12.31 14:34:35 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2010.12.31 14:34:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2010.12.31 14:34:35 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2010.12.31 14:34:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2010.12.31 14:34:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2010.12.31 14:34:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2010.12.31 14:34:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2010.12.31 14:30:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini

[2010.12.31 14:26:20 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010.12.29 02:00:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010.12.29 00:40:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll

[2010.12.29 00:32:38 | 000,042,982 | ---- | C] () -- C:\WINDOWS\System32\PDDSLADP.DLL

[2010.12.28 23:47:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2010.12.28 23:45:42 | 000,005,760 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010.12.28 23:45:40 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010.12.28 15:13:48 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010.12.28 15:05:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.12.28 15:03:54 | 000,537,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008.05.02 16:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008.05.02 16:46:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2008.05.02 16:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008.05.02 16:46:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2008.05.02 16:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008.05.02 16:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008.05.02 16:46:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2008.05.02 16:46:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2008.05.02 16:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006.02.28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.02.28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.02.28 14:00:00 | 000,492,308 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006.02.28 14:00:00 | 000,472,866 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.02.28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.02.28 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006.02.28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.02.28 14:00:00 | 000,090,952 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006.02.28 14:00:00 | 000,075,960 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.02.28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.02.28 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006.02.28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.02.28 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.02.28 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.02.28 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006.02.28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 
 ========== LOP Check ==========

 

[2010.12.31 14:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON

[2011.06.25 06:36:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vladovsoft

[2011.05.21 05:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Comms

[2011.10.31 17:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DirectoryListPrintPro

[2011.01.18 17:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON

[2011.01.15 19:28:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2010.12.31 16:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera

[2011.04.27 23:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Philipp Winterberg

[2012.01.28 00:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Rename Expert

[2011.03.13 15:03:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Steinberg

[2011.04.30 14:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SumatraPDF

[2010.12.29 15:35:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird

[2011.05.21 11:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Txttree

[2011.04.11 12:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.01.28 03:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe

[2011.02.27 23:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ahead

[2010.12.29 15:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira

[2011.05.21 05:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Comms

[2011.10.31 17:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DirectoryListPrintPro

[2011.01.18 17:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON

[2012.02.15 16:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help

[2010.12.28 15:30:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities

[2010.12.28 23:56:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield

[2010.12.31 15:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia

[2010.12.29 15:41:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2012.03.11 14:21:11 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft

[2010.12.29 02:00:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla

[2011.01.15 19:28:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2010.12.31 16:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera

[2011.04.27 23:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Philipp Winterberg

[2012.01.28 00:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Rename Expert

[2011.03.13 15:03:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Steinberg

[2011.04.30 14:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SumatraPDF

[2010.12.31 17:14:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun

[2010.12.29 15:35:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird

[2011.05.21 11:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Txttree

[2011.04.11 12:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue

[2010.12.31 22:27:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc

[2011.09.07 12:45:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

 
 < MD5 for: NVGTS.SYS  >

[2008.01.25 14:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\WINDOWS\system32\drivers\nvgts.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2010.12.28 16:03:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2010.12.28 16:03:05 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2010.12.28 16:03:05 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

[/CODE]

Gruß,
sandero

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004..\Run: [SkypePM]  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O32 - HKLM CDRom: AutoRun - 1

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo,
dies hier ist beim OTL- Fix rausgekommen:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

 

User: ***

->Temp folder emptied: 795731607 bytes

->Temporary Internet Files folder emptied: 231864969 bytes

->Java cache emptied: 684786 bytes

->FireFox cache emptied: 996688434 bytes

->Opera cache emptied: 10268658 bytes

->Flash cache emptied: 6228 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 385847 bytes

RecycleBin emptied: 5235657 bytes

 

Total Files Cleaned = 1.946,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: ***

->Flash cache emptied: 0 bytes

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.22.3 log created on 03302012_160214
 

Files\Folders moved on Reboot...

C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\WCESLog.log moved successfully.
 

Registry entries deleted on Reboot...

Gruß,
sandero

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hallo,
das hat TDSS rausgefunden:

Code:

13:38:02.0156 3780        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

13:38:02.0343 3780        ============================================================

13:38:02.0343 3780        Current date / time: 2012/03/31 13:38:02.0343

13:38:02.0343 3780        SystemInfo:

13:38:02.0343 3780        

13:38:02.0343 3780        OS Version: 5.1.2600 ServicePack: 3.0

13:38:02.0343 3780        Product type: Workstation

13:38:02.0343 3780        ComputerName: ***

13:38:02.0343 3780        UserName: ***

13:38:02.0343 3780        Windows directory: C:\WINDOWS

13:38:02.0343 3780        System windows directory: C:\WINDOWS

13:38:02.0343 3780        Processor architecture: Intel x86

13:38:02.0343 3780        Number of processors: 2

13:38:02.0343 3780        Page size: 0x1000

13:38:02.0343 3780        Boot type: Normal boot

13:38:02.0343 3780        ============================================================

13:38:03.0406 3780        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

13:38:03.0406 3780        Drive \Device\Harddisk1\DR3 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:38:03.0406 3780        Drive \Device\Harddisk2\DR4 - Size: 0xFB000000 (3.92 Gb), SectorSize: 0x200, Cylinders: 0x1FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:38:03.0406 3780        \Device\Harddisk0\DR0:

13:38:03.0406 3780        MBR used

13:38:03.0406 3780        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFC6752

13:38:03.0406 3780        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAFC6800, BlocksNum 0x121FEDD5

13:38:03.0406 3780        \Device\Harddisk1\DR3:

13:38:03.0421 3780        MBR used

13:38:03.0421 3780        \Device\Harddisk1\DR3\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D77E0

13:38:03.0421 3780        \Device\Harddisk2\DR4:

13:38:03.0421 3780        MBR used

13:38:03.0515 3780        Initialize success

13:38:03.0515 3780        ============================================================

13:40:55.0500 2124        ============================================================

13:40:55.0500 2124        Scan started

13:40:55.0500 2124        Mode: Manual; SigCheck; TDLFS; 

13:40:55.0500 2124        ============================================================

13:40:55.0640 2124        Abiosdsk - ok

13:40:55.0656 2124        abp480n5 - ok

13:40:55.0718 2124        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:40:56.0750 2124        ACPI - ok

13:40:56.0828 2124        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:40:56.0937 2124        ACPIEC - ok

13:40:57.0015 2124        Adobe LM Service (6ef096317e127aecf4cb61081d88ad0b) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

13:40:57.0031 2124        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning

13:40:57.0031 2124        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)

13:40:57.0171 2124        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:40:57.0187 2124        AdobeFlashPlayerUpdateSvc - ok

13:40:57.0203 2124        adpu160m - ok

13:40:57.0265 2124        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:40:57.0375 2124        aec - ok

13:40:57.0437 2124        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:40:57.0484 2124        AFD - ok

13:40:57.0562 2124        Aha154x - ok

13:40:57.0578 2124        aic78u2 - ok

13:40:57.0578 2124        aic78xx - ok

13:40:57.0625 2124        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

13:40:57.0718 2124        Alerter - ok

13:40:57.0765 2124        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

13:40:57.0875 2124        ALG - ok

13:40:57.0875 2124        AliIde - ok

13:40:58.0015 2124        AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

13:40:58.0062 2124        AmdK8 - ok

13:40:58.0062 2124        amsint - ok

13:40:58.0187 2124        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe

13:40:58.0203 2124        AntiVirSchedulerService - ok

13:40:58.0218 2124        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe

13:40:58.0218 2124        AntiVirService - ok

13:40:58.0296 2124        AppMgmt - ok

13:40:58.0343 2124        Asapi           (1e0eeb62964513f4f1e18fee3c69c43d) C:\WINDOWS\system32\drivers\Asapi.sys

13:40:58.0359 2124        Asapi ( UnsignedFile.Multi.Generic ) - warning

13:40:58.0359 2124        Asapi - detected UnsignedFile.Multi.Generic (1)

13:40:58.0375 2124        asc - ok

13:40:58.0375 2124        asc3350p - ok

13:40:58.0390 2124        asc3550 - ok

13:40:58.0468 2124        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:40:58.0484 2124        aspnet_state - ok

13:40:58.0578 2124        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:40:58.0687 2124        AsyncMac - ok

13:40:58.0718 2124        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:40:58.0828 2124        atapi - ok

13:40:58.0859 2124        Atdisk - ok

13:40:58.0890 2124        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:40:58.0984 2124        Atmarpc - ok

13:40:59.0078 2124        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

13:40:59.0187 2124        AudioSrv - ok

13:40:59.0250 2124        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:40:59.0375 2124        audstub - ok

13:40:59.0500 2124        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

13:40:59.0515 2124        avgio - ok

13:40:59.0578 2124        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

13:40:59.0593 2124        avgntflt - ok

13:40:59.0625 2124        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

13:40:59.0640 2124        avipbb - ok

13:40:59.0703 2124        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:40:59.0843 2124        Beep - ok

13:40:59.0875 2124        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

13:40:59.0984 2124        BITS - ok

13:41:00.0078 2124        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

13:41:00.0187 2124        Browser - ok

13:41:00.0359 2124        catchme - ok

13:41:00.0437 2124        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:41:00.0562 2124        cbidf2k - ok

13:41:00.0562 2124        cd20xrnt - ok

13:41:00.0625 2124        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:41:00.0718 2124        Cdaudio - ok

13:41:00.0765 2124        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:41:00.0859 2124        Cdfs - ok

13:41:00.0921 2124        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:41:01.0015 2124        Cdrom - ok

13:41:01.0046 2124        Changer - ok

13:41:01.0093 2124        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

13:41:01.0187 2124        CiSvc - ok

13:41:01.0187 2124        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

13:41:01.0281 2124        ClipSrv - ok

13:41:01.0375 2124        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:41:01.0390 2124        clr_optimization_v2.0.50727_32 - ok

13:41:01.0453 2124        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:41:01.0468 2124        clr_optimization_v4.0.30319_32 - ok

13:41:01.0515 2124        CmdIde - ok

13:41:01.0531 2124        COMSysApp - ok

13:41:01.0531 2124        Cpqarray - ok

13:41:01.0593 2124        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

13:41:01.0687 2124        CryptSvc - ok

13:41:01.0687 2124        dac2w2k - ok

13:41:01.0703 2124        dac960nt - ok

13:41:01.0750 2124        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

13:41:01.0828 2124        DcomLaunch - ok

13:41:01.0953 2124        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

13:41:02.0046 2124        Dhcp - ok

13:41:02.0125 2124        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:41:02.0218 2124        Disk - ok

13:41:02.0218 2124        dmadmin - ok

13:41:02.0296 2124        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

13:41:02.0421 2124        dmboot - ok

13:41:02.0531 2124        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

13:41:02.0640 2124        dmio - ok

13:41:02.0671 2124        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:41:02.0781 2124        dmload - ok

13:41:02.0812 2124        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

13:41:02.0906 2124        dmserver - ok

13:41:02.0984 2124        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:41:03.0093 2124        DMusic - ok

13:41:03.0140 2124        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

13:41:03.0234 2124        Dnscache - ok

13:41:03.0312 2124        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

13:41:03.0406 2124        Dot3svc - ok

13:41:03.0453 2124        dpti2o - ok

13:41:03.0500 2124        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:41:03.0609 2124        drmkaud - ok

13:41:03.0656 2124        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

13:41:03.0734 2124        EapHost - ok

13:41:03.0796 2124        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

13:41:03.0890 2124        ERSvc - ok

13:41:03.0968 2124        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

13:41:04.0015 2124        Eventlog - ok

13:41:04.0109 2124        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

13:41:04.0156 2124        EventSystem - ok

13:41:04.0265 2124        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:41:04.0375 2124        Fastfat - ok

13:41:04.0421 2124        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

13:41:04.0468 2124        FastUserSwitchingCompatibility - ok

13:41:04.0578 2124        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

13:41:04.0656 2124        Fdc - ok

13:41:04.0687 2124        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

13:41:04.0796 2124        Fips - ok

13:41:04.0796 2124        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

13:41:04.0890 2124        Flpydisk - ok

13:41:04.0937 2124        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:41:05.0015 2124        FltMgr - ok

13:41:05.0093 2124        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:41:05.0093 2124        FontCache3.0.0.0 - ok

13:41:05.0203 2124        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:41:05.0328 2124        Fs_Rec - ok

13:41:05.0359 2124        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:41:05.0453 2124        Ftdisk - ok

13:41:05.0500 2124        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:41:05.0578 2124        Gpc - ok

13:41:05.0703 2124        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

13:41:05.0718 2124        gupdate - ok

13:41:05.0718 2124        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

13:41:05.0734 2124        gupdatem - ok

13:41:05.0859 2124        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:41:05.0968 2124        HDAudBus - ok

13:41:06.0031 2124        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:41:06.0140 2124        helpsvc - ok

13:41:06.0140 2124        HidServ - ok

13:41:06.0218 2124        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

13:41:06.0296 2124        hkmsvc - ok

13:41:06.0328 2124        hpn - ok

13:41:06.0375 2124        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:41:06.0406 2124        HTTP - ok

13:41:06.0484 2124        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

13:41:06.0578 2124        HTTPFilter - ok

13:41:06.0609 2124        i2omgmt - ok

13:41:06.0609 2124        i2omp - ok

13:41:06.0656 2124        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:41:06.0765 2124        i8042prt - ok

13:41:06.0890 2124        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:41:06.0937 2124        idsvc - ok

13:41:07.0031 2124        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:41:07.0140 2124        Imapi - ok

13:41:07.0187 2124        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

13:41:07.0281 2124        ImapiService - ok

13:41:07.0296 2124        ini910u - ok

13:41:07.0468 2124        IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys

13:41:07.0640 2124        IntcAzAudAddService - ok

13:41:07.0718 2124        IntelIde - ok

13:41:07.0750 2124        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:41:07.0843 2124        Ip6Fw - ok

13:41:07.0890 2124        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:41:08.0000 2124        IpFilterDriver - ok

13:41:08.0015 2124        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:41:08.0109 2124        IpInIp - ok

13:41:08.0218 2124        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:41:08.0328 2124        IpNat - ok

13:41:08.0359 2124        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:41:08.0453 2124        IPSec - ok

13:41:08.0468 2124        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:41:08.0578 2124        IRENUM - ok

13:41:08.0671 2124        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:41:08.0781 2124        isapnp - ok

13:41:08.0906 2124        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

13:41:08.0906 2124        JavaQuickStarterService - ok

13:41:09.0015 2124        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:41:09.0125 2124        Kbdclass - ok

13:41:09.0156 2124        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:41:09.0265 2124        kmixer - ok

13:41:09.0296 2124        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:41:09.0359 2124        KSecDD - ok

13:41:09.0468 2124        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

13:41:09.0500 2124        lanmanserver - ok

13:41:09.0546 2124        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

13:41:09.0609 2124        lanmanworkstation - ok

13:41:09.0625 2124        lbrtfdc - ok

13:41:09.0671 2124        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

13:41:09.0781 2124        LmHosts - ok

13:41:09.0796 2124        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

13:41:09.0890 2124        Messenger - ok

13:41:09.0937 2124        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:41:10.0046 2124        mnmdd - ok

13:41:10.0093 2124        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

13:41:10.0187 2124        mnmsrvc - ok

13:41:10.0281 2124        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

13:41:10.0375 2124        Modem - ok

13:41:10.0406 2124        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:41:10.0500 2124        Mouclass - ok

13:41:10.0531 2124        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:41:10.0625 2124        MountMgr - ok

13:41:10.0687 2124        mraid35x - ok

13:41:10.0718 2124        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:41:10.0812 2124        MRxDAV - ok

13:41:10.0875 2124        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:41:10.0937 2124        MRxSmb - ok

13:41:11.0031 2124        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

13:41:11.0109 2124        MSDTC - ok

13:41:11.0171 2124        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:41:11.0250 2124        Msfs - ok

13:41:11.0250 2124        MSIServer - ok

13:41:11.0281 2124        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:41:11.0375 2124        MSKSSRV - ok

13:41:11.0390 2124        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:41:11.0484 2124        MSPCLOCK - ok

13:41:11.0484 2124        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:41:11.0578 2124        MSPQM - ok

13:41:11.0687 2124        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:41:11.0765 2124        mssmbios - ok

13:41:11.0812 2124        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:41:11.0843 2124        Mup - ok

13:41:11.0906 2124        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

13:41:12.0015 2124        napagent - ok

13:41:12.0125 2124        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:41:12.0218 2124        NDIS - ok

13:41:12.0265 2124        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:41:12.0296 2124        NdisTapi - ok

13:41:12.0328 2124        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:41:12.0421 2124        Ndisuio - ok

13:41:12.0515 2124        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:41:12.0609 2124        NdisWan - ok

13:41:12.0640 2124        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:41:12.0703 2124        NDProxy - ok

13:41:12.0718 2124        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:41:12.0812 2124        NetBIOS - ok

13:41:12.0921 2124        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:41:13.0015 2124        NetBT - ok

13:41:13.0046 2124        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

13:41:13.0156 2124        NetDDE - ok

13:41:13.0156 2124        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

13:41:13.0234 2124        NetDDEdsdm - ok

13:41:13.0281 2124        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:13.0359 2124        Netlogon - ok

13:41:13.0437 2124        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

13:41:13.0531 2124        Netman - ok

13:41:13.0609 2124        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:41:13.0625 2124        NetTcpPortSharing - ok

13:41:13.0687 2124        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

13:41:13.0734 2124        Nla - ok

13:41:13.0828 2124        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:41:13.0906 2124        Npfs - ok

13:41:13.0921 2124        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:41:14.0046 2124        Ntfs - ok

13:41:14.0093 2124        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:14.0171 2124        NtLmSsp - ok

13:41:14.0250 2124        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

13:41:14.0343 2124        NtmsSvc - ok

13:41:14.0468 2124        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:41:14.0593 2124        Null - ok

13:41:14.0796 2124        nv              (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:41:15.0109 2124        nv - ok

13:41:15.0218 2124        NVENETFD        (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

13:41:15.0250 2124        NVENETFD - ok

13:41:15.0281 2124        nvgts           (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys

13:41:15.0312 2124        nvgts - ok

13:41:15.0375 2124        nvnetbus        (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

13:41:15.0421 2124        nvnetbus - ok

13:41:15.0531 2124        NVSvc           (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe

13:41:15.0546 2124        NVSvc - ok

13:41:15.0640 2124        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:41:15.0734 2124        NwlnkFlt - ok

13:41:15.0781 2124        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:41:15.0890 2124        NwlnkFwd - ok

13:41:15.0937 2124        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

13:41:16.0046 2124        Parport - ok

13:41:16.0093 2124        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:41:16.0187 2124        PartMgr - ok

13:41:16.0234 2124        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

13:41:16.0359 2124        ParVdm - ok

13:41:16.0406 2124        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

13:41:16.0500 2124        PCI - ok

13:41:16.0515 2124        PCIDump - ok

13:41:16.0531 2124        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:41:16.0640 2124        PCIIde - ok

13:41:16.0718 2124        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:41:16.0812 2124        Pcmcia - ok

13:41:16.0859 2124        PDCOMP - ok

13:41:16.0921 2124        PDDSLADP        (ab6f9ee08b82a46f2b4f0ab909f1fad9) C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS

13:41:16.0937 2124        PDDSLADP ( UnsignedFile.Multi.Generic ) - warning

13:41:16.0937 2124        PDDSLADP - detected UnsignedFile.Multi.Generic (1)

13:41:16.0968 2124        PDDSLHND        (49e3fa74798f192d4a6b299ee0b8e5f3) C:\WINDOWS\system32\drivers\PDDSLHND.sys

13:41:17.0000 2124        PDDSLHND ( UnsignedFile.Multi.Generic ) - warning

13:41:17.0000 2124        PDDSLHND - detected UnsignedFile.Multi.Generic (1)

13:41:17.0000 2124        PDFRAME - ok

13:41:17.0015 2124        PDRELI - ok

13:41:17.0015 2124        PDRFRAME - ok

13:41:17.0031 2124        perc2 - ok

13:41:17.0031 2124        perc2hib - ok

13:41:17.0093 2124        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

13:41:17.0125 2124        PlugPlay - ok

13:41:17.0187 2124        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:17.0265 2124        PolicyAgent - ok

13:41:17.0343 2124        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:41:17.0437 2124        PptpMiniport - ok

13:41:17.0468 2124        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

13:41:17.0578 2124        Processor - ok

13:41:17.0609 2124        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:17.0687 2124        ProtectedStorage - ok

13:41:17.0703 2124        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:41:17.0796 2124        PSched - ok

13:41:17.0921 2124        PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

13:41:17.0921 2124        PSI - ok

13:41:17.0937 2124        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:41:18.0062 2124        Ptilink - ok

13:41:18.0109 2124        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:41:18.0109 2124        PxHelp20 - ok

13:41:18.0125 2124        ql1080 - ok

13:41:18.0125 2124        Ql10wnt - ok

13:41:18.0140 2124        ql12160 - ok

13:41:18.0140 2124        ql1240 - ok

13:41:18.0156 2124        ql1280 - ok

13:41:18.0187 2124        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:41:18.0296 2124        RasAcd - ok

13:41:18.0343 2124        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

13:41:18.0437 2124        RasAuto - ok

13:41:18.0500 2124        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:41:18.0593 2124        Rasl2tp - ok

13:41:18.0671 2124        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

13:41:18.0765 2124        RasMan - ok

13:41:18.0781 2124        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:41:18.0875 2124        RasPppoe - ok

13:41:18.0921 2124        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:41:19.0031 2124        Raspti - ok

13:41:19.0062 2124        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:41:19.0140 2124        Rdbss - ok

13:41:19.0156 2124        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:41:19.0296 2124        RDPCDD - ok

13:41:19.0328 2124        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

13:41:19.0359 2124        RDPWD - ok

13:41:19.0468 2124        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

13:41:19.0562 2124        RDSessMgr - ok

13:41:19.0609 2124        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:41:19.0703 2124        redbook - ok

13:41:19.0750 2124        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

13:41:19.0843 2124        RemoteAccess - ok

13:41:19.0953 2124        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

13:41:20.0046 2124        RpcLocator - ok

13:41:20.0078 2124        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll

13:41:20.0156 2124        RpcSs - ok

13:41:20.0171 2124        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

13:41:20.0281 2124        RSVP - ok

13:41:20.0375 2124        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:20.0453 2124        SamSs - ok

13:41:20.0500 2124        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

13:41:20.0593 2124        SCardSvr - ok

13:41:20.0640 2124        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

13:41:20.0734 2124        Schedule - ok

13:41:20.0828 2124        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:41:20.0906 2124        Secdrv - ok

13:41:20.0937 2124        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

13:41:21.0015 2124        seclogon - ok

13:41:21.0078 2124        Secunia PSI Agent - ok

13:41:21.0093 2124        Secunia Update Agent - ok

13:41:21.0140 2124        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

13:41:21.0234 2124        SENS - ok

13:41:21.0328 2124        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:41:21.0437 2124        serenum - ok

13:41:21.0437 2124        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

13:41:21.0515 2124        Serial - ok

13:41:21.0609 2124        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:41:21.0703 2124        Sfloppy - ok

13:41:21.0812 2124        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

13:41:21.0906 2124        SharedAccess - ok

13:41:21.0953 2124        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

13:41:22.0000 2124        ShellHWDetection - ok

13:41:22.0015 2124        Simbad - ok

13:41:22.0093 2124        Sparrow - ok

13:41:22.0140 2124        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:41:22.0234 2124        splitter - ok

13:41:22.0281 2124        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

13:41:22.0343 2124        Spooler - ok

13:41:22.0453 2124        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

13:41:22.0546 2124        sr - ok

13:41:22.0593 2124        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

13:41:22.0687 2124        srservice - ok

13:41:22.0734 2124        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:41:22.0796 2124        Srv - ok

13:41:22.0906 2124        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

13:41:22.0984 2124        SSDPSRV - ok

13:41:23.0062 2124        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

13:41:23.0078 2124        ssmdrv - ok

13:41:23.0093 2124        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

13:41:23.0218 2124        stisvc - ok

13:41:23.0312 2124        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:41:23.0421 2124        swenum - ok

13:41:23.0437 2124        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:41:23.0546 2124        swmidi - ok

13:41:23.0546 2124        SwPrv - ok

13:41:23.0562 2124        symc810 - ok

13:41:23.0578 2124        symc8xx - ok

13:41:23.0578 2124        sym_hi - ok

13:41:23.0593 2124        sym_u3 - ok

13:41:23.0625 2124        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:41:23.0718 2124        sysaudio - ok

13:41:23.0781 2124        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

13:41:23.0875 2124        SysmonLog - ok

13:41:23.0953 2124        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

13:41:24.0046 2124        TapiSrv - ok

13:41:24.0093 2124        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:41:24.0171 2124        Tcpip - ok

13:41:24.0203 2124        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:41:24.0281 2124        TDPIPE - ok

13:41:24.0359 2124        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:41:24.0453 2124        TDTCP - ok

13:41:24.0484 2124        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:41:24.0578 2124        TermDD - ok

13:41:24.0609 2124        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

13:41:24.0703 2124        TermService - ok

13:41:24.0828 2124        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

13:41:24.0828 2124        Themes - ok

13:41:24.0859 2124        TosIde - ok

13:41:24.0906 2124        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

13:41:25.0015 2124        TrkWks - ok

13:41:25.0046 2124        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:41:25.0140 2124        Udfs - ok

13:41:25.0203 2124        ultra - ok

13:41:25.0234 2124        UMWdf           (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

13:41:25.0281 2124        UMWdf - ok

13:41:25.0328 2124        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:41:25.0437 2124        Update - ok

13:41:25.0546 2124        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

13:41:25.0671 2124        upnphost - ok

13:41:25.0703 2124        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

13:41:25.0796 2124        UPS - ok

13:41:25.0859 2124        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:41:25.0937 2124        usbccgp - ok

13:41:26.0046 2124        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:41:26.0140 2124        usbehci - ok

13:41:26.0171 2124        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:41:26.0265 2124        usbhub - ok

13:41:26.0312 2124        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

13:41:26.0390 2124        usbohci - ok

13:41:26.0421 2124        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:41:26.0500 2124        usbprint - ok

13:41:26.0562 2124        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:41:26.0640 2124        usbscan - ok

13:41:26.0671 2124        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:41:26.0765 2124        USBSTOR - ok

13:41:26.0812 2124        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:41:26.0906 2124        VgaSave - ok

13:41:26.0906 2124        ViaIde - ok

13:41:26.0937 2124        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

13:41:27.0031 2124        VolSnap - ok

13:41:27.0140 2124        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

13:41:27.0218 2124        VSS - ok

13:41:27.0250 2124        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

13:41:27.0343 2124        W32Time - ok

13:41:27.0421 2124        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:41:27.0515 2124        Wanarp - ok

13:41:27.0515 2124        WDICA - ok

13:41:27.0562 2124        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:41:27.0687 2124        wdmaud - ok

13:41:27.0718 2124        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

13:41:27.0812 2124        WebClient - ok

13:41:27.0937 2124        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

13:41:28.0031 2124        winmgmt - ok

13:41:28.0078 2124        WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll

13:41:28.0125 2124        WmdmPmSN - ok

13:41:28.0156 2124        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

13:41:28.0250 2124        WmiApSrv - ok

13:41:28.0484 2124        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:41:28.0500 2124        WPFFontCache_v0400 - ok

13:41:28.0593 2124        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

13:41:28.0687 2124        wscsvc - ok

13:41:28.0734 2124        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

13:41:28.0843 2124        wuauserv - ok

13:41:28.0890 2124        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

13:41:29.0015 2124        WZCSVC - ok

13:41:29.0093 2124        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

13:41:29.0187 2124        xmlprov - ok

13:41:29.0218 2124        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

13:41:29.0250 2124        \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected

13:41:29.0250 2124        \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)

13:41:29.0281 2124        MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3

13:41:40.0500 2124        \Device\Harddisk1\DR3 - ok

13:41:40.0515 2124        MBR (0x1B8)     (5f0c182b562b3e23431a346295e19b32) \Device\Harddisk2\DR4

13:41:41.0015 2124        \Device\Harddisk2\DR4 - ok

13:41:41.0031 2124        Boot (0x1200)   (83c2ad04c403d21c5fb18c3a9a6534b9) \Device\Harddisk0\DR0\Partition0

13:41:41.0031 2124        \Device\Harddisk0\DR0\Partition0 - ok

13:41:41.0046 2124        Boot (0x1200)   (63107a0dfc5a95a0a18d33084b699e2c) \Device\Harddisk0\DR0\Partition1

13:41:41.0046 2124        \Device\Harddisk0\DR0\Partition1 - ok

13:41:41.0046 2124        Boot (0x1200)   (575159508634dc095068102423bb2eae) \Device\Harddisk1\DR3\Partition0

13:41:41.0046 2124        \Device\Harddisk1\DR3\Partition0 - ok

13:41:41.0046 2124        ============================================================

13:41:41.0046 2124        Scan finished

13:41:41.0046 2124        ============================================================

13:41:41.0156 3608        Detected object count: 5

13:41:41.0156 3608        Actual detected object count: 5

Gruß,
sandero

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo,
der TDSS- Killer hat, obwohl ich's anders vorhatte, die Nr.5 der Funde beim nächsten Neustart automatisch gekillt. Die anderen vier Funde wurden aber (>'Skip') übersprungen. Muss ich die nicht erst löschen lassen?
Gruß,
sandero

Ja äh :balla:
Das seh ich jetzt erst, dass du das Log vom TDSS-Killer nicht vollständig gepostet hast
Die untere Zusammenfassung fehlt!

Huch, wie ist das denn passiert :crazy:? Hier dann jedenfalls die hoffentlich komplette Datei:

Code:

13:38:02.0156 3780        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

13:38:02.0343 3780        ============================================================

13:38:02.0343 3780        Current date / time: 2012/03/31 13:38:02.0343

13:38:02.0343 3780        SystemInfo:

13:38:02.0343 3780        

13:38:02.0343 3780        OS Version: 5.1.2600 ServicePack: 3.0

13:38:02.0343 3780        Product type: Workstation

13:38:02.0343 3780        ComputerName: ***

13:38:02.0343 3780        UserName: ***

13:38:02.0343 3780        Windows directory: C:\WINDOWS

13:38:02.0343 3780        System windows directory: C:\WINDOWS

13:38:02.0343 3780        Processor architecture: Intel x86

13:38:02.0343 3780        Number of processors: 2

13:38:02.0343 3780        Page size: 0x1000

13:38:02.0343 3780        Boot type: Normal boot

13:38:02.0343 3780        ============================================================

13:38:03.0406 3780        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

13:38:03.0406 3780        Drive \Device\Harddisk1\DR3 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:38:03.0406 3780        Drive \Device\Harddisk2\DR4 - Size: 0xFB000000 (3.92 Gb), SectorSize: 0x200, Cylinders: 0x1FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:38:03.0406 3780        \Device\Harddisk0\DR0:

13:38:03.0406 3780        MBR used

13:38:03.0406 3780        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFC6752

13:38:03.0406 3780        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAFC6800, BlocksNum 0x121FEDD5

13:38:03.0406 3780        \Device\Harddisk1\DR3:

13:38:03.0421 3780        MBR used

13:38:03.0421 3780        \Device\Harddisk1\DR3\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D77E0

13:38:03.0421 3780        \Device\Harddisk2\DR4:

13:38:03.0421 3780        MBR used

13:38:03.0515 3780        Initialize success

13:38:03.0515 3780        ============================================================

13:40:55.0500 2124        ============================================================

13:40:55.0500 2124        Scan started

13:40:55.0500 2124        Mode: Manual; SigCheck; TDLFS; 

13:40:55.0500 2124        ============================================================

13:40:55.0640 2124        Abiosdsk - ok

13:40:55.0656 2124        abp480n5 - ok

13:40:55.0718 2124        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:40:56.0750 2124        ACPI - ok

13:40:56.0828 2124        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:40:56.0937 2124        ACPIEC - ok

13:40:57.0015 2124        Adobe LM Service (6ef096317e127aecf4cb61081d88ad0b) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

13:40:57.0031 2124        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning

13:40:57.0031 2124        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)

13:40:57.0171 2124        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:40:57.0187 2124        AdobeFlashPlayerUpdateSvc - ok

13:40:57.0203 2124        adpu160m - ok

13:40:57.0265 2124        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:40:57.0375 2124        aec - ok

13:40:57.0437 2124        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:40:57.0484 2124        AFD - ok

13:40:57.0562 2124        Aha154x - ok

13:40:57.0578 2124        aic78u2 - ok

13:40:57.0578 2124        aic78xx - ok

13:40:57.0625 2124        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

13:40:57.0718 2124        Alerter - ok

13:40:57.0765 2124        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

13:40:57.0875 2124        ALG - ok

13:40:57.0875 2124        AliIde - ok

13:40:58.0015 2124        AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

13:40:58.0062 2124        AmdK8 - ok

13:40:58.0062 2124        amsint - ok

13:40:58.0187 2124        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe

13:40:58.0203 2124        AntiVirSchedulerService - ok

13:40:58.0218 2124        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe

13:40:58.0218 2124        AntiVirService - ok

13:40:58.0296 2124        AppMgmt - ok

13:40:58.0343 2124        Asapi           (1e0eeb62964513f4f1e18fee3c69c43d) C:\WINDOWS\system32\drivers\Asapi.sys

13:40:58.0359 2124        Asapi ( UnsignedFile.Multi.Generic ) - warning

13:40:58.0359 2124        Asapi - detected UnsignedFile.Multi.Generic (1)

13:40:58.0375 2124        asc - ok

13:40:58.0375 2124        asc3350p - ok

13:40:58.0390 2124        asc3550 - ok

13:40:58.0468 2124        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:40:58.0484 2124        aspnet_state - ok

13:40:58.0578 2124        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:40:58.0687 2124        AsyncMac - ok

13:40:58.0718 2124        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:40:58.0828 2124        atapi - ok

13:40:58.0859 2124        Atdisk - ok

13:40:58.0890 2124        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:40:58.0984 2124        Atmarpc - ok

13:40:59.0078 2124        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

13:40:59.0187 2124        AudioSrv - ok

13:40:59.0250 2124        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:40:59.0375 2124        audstub - ok

13:40:59.0500 2124        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

13:40:59.0515 2124        avgio - ok

13:40:59.0578 2124        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

13:40:59.0593 2124        avgntflt - ok

13:40:59.0625 2124        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

13:40:59.0640 2124        avipbb - ok

13:40:59.0703 2124        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:40:59.0843 2124        Beep - ok

13:40:59.0875 2124        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

13:40:59.0984 2124        BITS - ok

13:41:00.0078 2124        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

13:41:00.0187 2124        Browser - ok

13:41:00.0359 2124        catchme - ok

13:41:00.0437 2124        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:41:00.0562 2124        cbidf2k - ok

13:41:00.0562 2124        cd20xrnt - ok

13:41:00.0625 2124        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:41:00.0718 2124        Cdaudio - ok

13:41:00.0765 2124        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:41:00.0859 2124        Cdfs - ok

13:41:00.0921 2124        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:41:01.0015 2124        Cdrom - ok

13:41:01.0046 2124        Changer - ok

13:41:01.0093 2124        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

13:41:01.0187 2124        CiSvc - ok

13:41:01.0187 2124        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

13:41:01.0281 2124        ClipSrv - ok

13:41:01.0375 2124        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:41:01.0390 2124        clr_optimization_v2.0.50727_32 - ok

13:41:01.0453 2124        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:41:01.0468 2124        clr_optimization_v4.0.30319_32 - ok

13:41:01.0515 2124        CmdIde - ok

13:41:01.0531 2124        COMSysApp - ok

13:41:01.0531 2124        Cpqarray - ok

13:41:01.0593 2124        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

13:41:01.0687 2124        CryptSvc - ok

13:41:01.0687 2124        dac2w2k - ok

13:41:01.0703 2124        dac960nt - ok

13:41:01.0750 2124        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

13:41:01.0828 2124        DcomLaunch - ok

13:41:01.0953 2124        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

13:41:02.0046 2124        Dhcp - ok

13:41:02.0125 2124        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:41:02.0218 2124        Disk - ok

13:41:02.0218 2124        dmadmin - ok

13:41:02.0296 2124        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

13:41:02.0421 2124        dmboot - ok

13:41:02.0531 2124        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

13:41:02.0640 2124        dmio - ok

13:41:02.0671 2124        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:41:02.0781 2124        dmload - ok

13:41:02.0812 2124        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

13:41:02.0906 2124        dmserver - ok

13:41:02.0984 2124        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:41:03.0093 2124        DMusic - ok

13:41:03.0140 2124        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

13:41:03.0234 2124        Dnscache - ok

13:41:03.0312 2124        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

13:41:03.0406 2124        Dot3svc - ok

13:41:03.0453 2124        dpti2o - ok

13:41:03.0500 2124        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:41:03.0609 2124        drmkaud - ok

13:41:03.0656 2124        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

13:41:03.0734 2124        EapHost - ok

13:41:03.0796 2124        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

13:41:03.0890 2124        ERSvc - ok

13:41:03.0968 2124        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

13:41:04.0015 2124        Eventlog - ok

13:41:04.0109 2124        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

13:41:04.0156 2124        EventSystem - ok

13:41:04.0265 2124        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:41:04.0375 2124        Fastfat - ok

13:41:04.0421 2124        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

13:41:04.0468 2124        FastUserSwitchingCompatibility - ok

13:41:04.0578 2124        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

13:41:04.0656 2124        Fdc - ok

13:41:04.0687 2124        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

13:41:04.0796 2124        Fips - ok

13:41:04.0796 2124        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

13:41:04.0890 2124        Flpydisk - ok

13:41:04.0937 2124        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:41:05.0015 2124        FltMgr - ok

13:41:05.0093 2124        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:41:05.0093 2124        FontCache3.0.0.0 - ok

13:41:05.0203 2124        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:41:05.0328 2124        Fs_Rec - ok

13:41:05.0359 2124        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:41:05.0453 2124        Ftdisk - ok

13:41:05.0500 2124        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:41:05.0578 2124        Gpc - ok

13:41:05.0703 2124        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

13:41:05.0718 2124        gupdate - ok

13:41:05.0718 2124        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

13:41:05.0734 2124        gupdatem - ok

13:41:05.0859 2124        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:41:05.0968 2124        HDAudBus - ok

13:41:06.0031 2124        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:41:06.0140 2124        helpsvc - ok

13:41:06.0140 2124        HidServ - ok

13:41:06.0218 2124        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

13:41:06.0296 2124        hkmsvc - ok

13:41:06.0328 2124        hpn - ok

13:41:06.0375 2124        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:41:06.0406 2124        HTTP - ok

13:41:06.0484 2124        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

13:41:06.0578 2124        HTTPFilter - ok

13:41:06.0609 2124        i2omgmt - ok

13:41:06.0609 2124        i2omp - ok

13:41:06.0656 2124        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:41:06.0765 2124        i8042prt - ok

13:41:06.0890 2124        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:41:06.0937 2124        idsvc - ok

13:41:07.0031 2124        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:41:07.0140 2124        Imapi - ok

13:41:07.0187 2124        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

13:41:07.0281 2124        ImapiService - ok

13:41:07.0296 2124        ini910u - ok

13:41:07.0468 2124        IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys

13:41:07.0640 2124        IntcAzAudAddService - ok

13:41:07.0718 2124        IntelIde - ok

13:41:07.0750 2124        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:41:07.0843 2124        Ip6Fw - ok

13:41:07.0890 2124        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:41:08.0000 2124        IpFilterDriver - ok

13:41:08.0015 2124        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:41:08.0109 2124        IpInIp - ok

13:41:08.0218 2124        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:41:08.0328 2124        IpNat - ok

13:41:08.0359 2124        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:41:08.0453 2124        IPSec - ok

13:41:08.0468 2124        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:41:08.0578 2124        IRENUM - ok

13:41:08.0671 2124        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:41:08.0781 2124        isapnp - ok

13:41:08.0906 2124        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

13:41:08.0906 2124        JavaQuickStarterService - ok

13:41:09.0015 2124        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:41:09.0125 2124        Kbdclass - ok

13:41:09.0156 2124        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:41:09.0265 2124        kmixer - ok

13:41:09.0296 2124        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:41:09.0359 2124        KSecDD - ok

13:41:09.0468 2124        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

13:41:09.0500 2124        lanmanserver - ok

13:41:09.0546 2124        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

13:41:09.0609 2124        lanmanworkstation - ok

13:41:09.0625 2124        lbrtfdc - ok

13:41:09.0671 2124        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

13:41:09.0781 2124        LmHosts - ok

13:41:09.0796 2124        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

13:41:09.0890 2124        Messenger - ok

13:41:09.0937 2124        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:41:10.0046 2124        mnmdd - ok

13:41:10.0093 2124        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

13:41:10.0187 2124        mnmsrvc - ok

13:41:10.0281 2124        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

13:41:10.0375 2124        Modem - ok

13:41:10.0406 2124        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:41:10.0500 2124        Mouclass - ok

13:41:10.0531 2124        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:41:10.0625 2124        MountMgr - ok

13:41:10.0687 2124        mraid35x - ok

13:41:10.0718 2124        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:41:10.0812 2124        MRxDAV - ok

13:41:10.0875 2124        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:41:10.0937 2124        MRxSmb - ok

13:41:11.0031 2124        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

13:41:11.0109 2124        MSDTC - ok

13:41:11.0171 2124        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:41:11.0250 2124        Msfs - ok

13:41:11.0250 2124        MSIServer - ok

13:41:11.0281 2124        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:41:11.0375 2124        MSKSSRV - ok

13:41:11.0390 2124        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:41:11.0484 2124        MSPCLOCK - ok

13:41:11.0484 2124        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:41:11.0578 2124        MSPQM - ok

13:41:11.0687 2124        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:41:11.0765 2124        mssmbios - ok

13:41:11.0812 2124        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:41:11.0843 2124        Mup - ok

13:41:11.0906 2124        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

13:41:12.0015 2124        napagent - ok

13:41:12.0125 2124        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:41:12.0218 2124        NDIS - ok

13:41:12.0265 2124        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:41:12.0296 2124        NdisTapi - ok

13:41:12.0328 2124        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:41:12.0421 2124        Ndisuio - ok

13:41:12.0515 2124        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:41:12.0609 2124        NdisWan - ok

13:41:12.0640 2124        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:41:12.0703 2124        NDProxy - ok

13:41:12.0718 2124        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:41:12.0812 2124        NetBIOS - ok

13:41:12.0921 2124        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:41:13.0015 2124        NetBT - ok

13:41:13.0046 2124        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

13:41:13.0156 2124        NetDDE - ok

13:41:13.0156 2124        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

13:41:13.0234 2124        NetDDEdsdm - ok

13:41:13.0281 2124        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:13.0359 2124        Netlogon - ok

13:41:13.0437 2124        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

13:41:13.0531 2124        Netman - ok

13:41:13.0609 2124        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:41:13.0625 2124        NetTcpPortSharing - ok

13:41:13.0687 2124        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

13:41:13.0734 2124        Nla - ok

13:41:13.0828 2124        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:41:13.0906 2124        Npfs - ok

13:41:13.0921 2124        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:41:14.0046 2124        Ntfs - ok

13:41:14.0093 2124        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:14.0171 2124        NtLmSsp - ok

13:41:14.0250 2124        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

13:41:14.0343 2124        NtmsSvc - ok

13:41:14.0468 2124        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:41:14.0593 2124        Null - ok

13:41:14.0796 2124        nv              (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:41:15.0109 2124        nv - ok

13:41:15.0218 2124        NVENETFD        (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

13:41:15.0250 2124        NVENETFD - ok

13:41:15.0281 2124        nvgts           (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys

13:41:15.0312 2124        nvgts - ok

13:41:15.0375 2124        nvnetbus        (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

13:41:15.0421 2124        nvnetbus - ok

13:41:15.0531 2124        NVSvc           (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe

13:41:15.0546 2124        NVSvc - ok

13:41:15.0640 2124        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:41:15.0734 2124        NwlnkFlt - ok

13:41:15.0781 2124        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:41:15.0890 2124        NwlnkFwd - ok

13:41:15.0937 2124        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

13:41:16.0046 2124        Parport - ok

13:41:16.0093 2124        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:41:16.0187 2124        PartMgr - ok

13:41:16.0234 2124        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

13:41:16.0359 2124        ParVdm - ok

13:41:16.0406 2124        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

13:41:16.0500 2124        PCI - ok

13:41:16.0515 2124        PCIDump - ok

13:41:16.0531 2124        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:41:16.0640 2124        PCIIde - ok

13:41:16.0718 2124        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:41:16.0812 2124        Pcmcia - ok

13:41:16.0859 2124        PDCOMP - ok

13:41:16.0921 2124        PDDSLADP        (ab6f9ee08b82a46f2b4f0ab909f1fad9) C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS

13:41:16.0937 2124        PDDSLADP ( UnsignedFile.Multi.Generic ) - warning

13:41:16.0937 2124        PDDSLADP - detected UnsignedFile.Multi.Generic (1)

13:41:16.0968 2124        PDDSLHND        (49e3fa74798f192d4a6b299ee0b8e5f3) C:\WINDOWS\system32\drivers\PDDSLHND.sys

13:41:17.0000 2124        PDDSLHND ( UnsignedFile.Multi.Generic ) - warning

13:41:17.0000 2124        PDDSLHND - detected UnsignedFile.Multi.Generic (1)

13:41:17.0000 2124        PDFRAME - ok

13:41:17.0015 2124        PDRELI - ok

13:41:17.0015 2124        PDRFRAME - ok

13:41:17.0031 2124        perc2 - ok

13:41:17.0031 2124        perc2hib - ok

13:41:17.0093 2124        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

13:41:17.0125 2124        PlugPlay - ok

13:41:17.0187 2124        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:17.0265 2124        PolicyAgent - ok

13:41:17.0343 2124        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:41:17.0437 2124        PptpMiniport - ok

13:41:17.0468 2124        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

13:41:17.0578 2124        Processor - ok

13:41:17.0609 2124        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:17.0687 2124        ProtectedStorage - ok

13:41:17.0703 2124        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:41:17.0796 2124        PSched - ok

13:41:17.0921 2124        PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

13:41:17.0921 2124        PSI - ok

13:41:17.0937 2124        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:41:18.0062 2124        Ptilink - ok

13:41:18.0109 2124        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:41:18.0109 2124        PxHelp20 - ok

13:41:18.0125 2124        ql1080 - ok

13:41:18.0125 2124        Ql10wnt - ok

13:41:18.0140 2124        ql12160 - ok

13:41:18.0140 2124        ql1240 - ok

13:41:18.0156 2124        ql1280 - ok

13:41:18.0187 2124        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:41:18.0296 2124        RasAcd - ok

13:41:18.0343 2124        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

13:41:18.0437 2124        RasAuto - ok

13:41:18.0500 2124        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:41:18.0593 2124        Rasl2tp - ok

13:41:18.0671 2124        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

13:41:18.0765 2124        RasMan - ok

13:41:18.0781 2124        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:41:18.0875 2124        RasPppoe - ok

13:41:18.0921 2124        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:41:19.0031 2124        Raspti - ok

13:41:19.0062 2124        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:41:19.0140 2124        Rdbss - ok

13:41:19.0156 2124        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:41:19.0296 2124        RDPCDD - ok

13:41:19.0328 2124        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

13:41:19.0359 2124        RDPWD - ok

13:41:19.0468 2124        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

13:41:19.0562 2124        RDSessMgr - ok

13:41:19.0609 2124        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:41:19.0703 2124        redbook - ok

13:41:19.0750 2124        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

13:41:19.0843 2124        RemoteAccess - ok

13:41:19.0953 2124        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

13:41:20.0046 2124        RpcLocator - ok

13:41:20.0078 2124        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll

13:41:20.0156 2124        RpcSs - ok

13:41:20.0171 2124        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

13:41:20.0281 2124        RSVP - ok

13:41:20.0375 2124        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

13:41:20.0453 2124        SamSs - ok

13:41:20.0500 2124        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

13:41:20.0593 2124        SCardSvr - ok

13:41:20.0640 2124        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

13:41:20.0734 2124        Schedule - ok

13:41:20.0828 2124        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:41:20.0906 2124        Secdrv - ok

13:41:20.0937 2124        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

13:41:21.0015 2124        seclogon - ok

13:41:21.0078 2124        Secunia PSI Agent - ok

13:41:21.0093 2124        Secunia Update Agent - ok

13:41:21.0140 2124        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

13:41:21.0234 2124        SENS - ok

13:41:21.0328 2124        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:41:21.0437 2124        serenum - ok

13:41:21.0437 2124        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

13:41:21.0515 2124        Serial - ok

13:41:21.0609 2124        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:41:21.0703 2124        Sfloppy - ok

13:41:21.0812 2124        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

13:41:21.0906 2124        SharedAccess - ok

13:41:21.0953 2124        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

13:41:22.0000 2124        ShellHWDetection - ok

13:41:22.0015 2124        Simbad - ok

13:41:22.0093 2124        Sparrow - ok

13:41:22.0140 2124        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:41:22.0234 2124        splitter - ok

13:41:22.0281 2124        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

13:41:22.0343 2124        Spooler - ok

13:41:22.0453 2124        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

13:41:22.0546 2124        sr - ok

13:41:22.0593 2124        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

13:41:22.0687 2124        srservice - ok

13:41:22.0734 2124        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:41:22.0796 2124        Srv - ok

13:41:22.0906 2124        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

13:41:22.0984 2124        SSDPSRV - ok

13:41:23.0062 2124        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

13:41:23.0078 2124        ssmdrv - ok

13:41:23.0093 2124        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

13:41:23.0218 2124        stisvc - ok

13:41:23.0312 2124        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:41:23.0421 2124        swenum - ok

13:41:23.0437 2124        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:41:23.0546 2124        swmidi - ok

13:41:23.0546 2124        SwPrv - ok

13:41:23.0562 2124        symc810 - ok

13:41:23.0578 2124        symc8xx - ok

13:41:23.0578 2124        sym_hi - ok

13:41:23.0593 2124        sym_u3 - ok

13:41:23.0625 2124        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:41:23.0718 2124        sysaudio - ok

13:41:23.0781 2124        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

13:41:23.0875 2124        SysmonLog - ok

13:41:23.0953 2124        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

13:41:24.0046 2124        TapiSrv - ok

13:41:24.0093 2124        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:41:24.0171 2124        Tcpip - ok

13:41:24.0203 2124        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:41:24.0281 2124        TDPIPE - ok

13:41:24.0359 2124        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:41:24.0453 2124        TDTCP - ok

13:41:24.0484 2124        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:41:24.0578 2124        TermDD - ok

13:41:24.0609 2124        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

13:41:24.0703 2124        TermService - ok

13:41:24.0828 2124        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

13:41:24.0828 2124        Themes - ok

13:41:24.0859 2124        TosIde - ok

13:41:24.0906 2124        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

13:41:25.0015 2124        TrkWks - ok

13:41:25.0046 2124        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:41:25.0140 2124        Udfs - ok

13:41:25.0203 2124        ultra - ok

13:41:25.0234 2124        UMWdf           (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

13:41:25.0281 2124        UMWdf - ok

13:41:25.0328 2124        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:41:25.0437 2124        Update - ok

13:41:25.0546 2124        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

13:41:25.0671 2124        upnphost - ok

13:41:25.0703 2124        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

13:41:25.0796 2124        UPS - ok

13:41:25.0859 2124        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:41:25.0937 2124        usbccgp - ok

13:41:26.0046 2124        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:41:26.0140 2124        usbehci - ok

13:41:26.0171 2124        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:41:26.0265 2124        usbhub - ok

13:41:26.0312 2124        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

13:41:26.0390 2124        usbohci - ok

13:41:26.0421 2124        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:41:26.0500 2124        usbprint - ok

13:41:26.0562 2124        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:41:26.0640 2124        usbscan - ok

13:41:26.0671 2124        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:41:26.0765 2124        USBSTOR - ok

13:41:26.0812 2124        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:41:26.0906 2124        VgaSave - ok

13:41:26.0906 2124        ViaIde - ok

13:41:26.0937 2124        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

13:41:27.0031 2124        VolSnap - ok

13:41:27.0140 2124        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

13:41:27.0218 2124        VSS - ok

13:41:27.0250 2124        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

13:41:27.0343 2124        W32Time - ok

13:41:27.0421 2124        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:41:27.0515 2124        Wanarp - ok

13:41:27.0515 2124        WDICA - ok

13:41:27.0562 2124        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:41:27.0687 2124        wdmaud - ok

13:41:27.0718 2124        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

13:41:27.0812 2124        WebClient - ok

13:41:27.0937 2124        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

13:41:28.0031 2124        winmgmt - ok

13:41:28.0078 2124        WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll

13:41:28.0125 2124        WmdmPmSN - ok

13:41:28.0156 2124        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

13:41:28.0250 2124        WmiApSrv - ok

13:41:28.0484 2124        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:41:28.0500 2124        WPFFontCache_v0400 - ok

13:41:28.0593 2124        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

13:41:28.0687 2124        wscsvc - ok

13:41:28.0734 2124        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

13:41:28.0843 2124        wuauserv - ok

13:41:28.0890 2124        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

13:41:29.0015 2124        WZCSVC - ok

13:41:29.0093 2124        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

13:41:29.0187 2124        xmlprov - ok

13:41:29.0218 2124        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

13:41:29.0250 2124        \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected

13:41:29.0250 2124        \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)

13:41:29.0281 2124        MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3

13:41:40.0500 2124        \Device\Harddisk1\DR3 - ok

13:41:40.0515 2124        MBR (0x1B8)     (5f0c182b562b3e23431a346295e19b32) \Device\Harddisk2\DR4

13:41:41.0015 2124        \Device\Harddisk2\DR4 - ok

13:41:41.0031 2124        Boot (0x1200)   (83c2ad04c403d21c5fb18c3a9a6534b9) \Device\Harddisk0\DR0\Partition0

13:41:41.0031 2124        \Device\Harddisk0\DR0\Partition0 - ok

13:41:41.0046 2124        Boot (0x1200)   (63107a0dfc5a95a0a18d33084b699e2c) \Device\Harddisk0\DR0\Partition1

13:41:41.0046 2124        \Device\Harddisk0\DR0\Partition1 - ok

13:41:41.0046 2124        Boot (0x1200)   (575159508634dc095068102423bb2eae) \Device\Harddisk1\DR3\Partition0

13:41:41.0046 2124        \Device\Harddisk1\DR3\Partition0 - ok

13:41:41.0046 2124        ============================================================

13:41:41.0046 2124        Scan finished

13:41:41.0046 2124        ============================================================

13:41:41.0156 3608        Detected object count: 5

13:41:41.0156 3608        Actual detected object count: 5

19:38:09.0828 3608        Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user

19:38:09.0828 3608        Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:38:09.0828 3608        Asapi ( UnsignedFile.Multi.Generic ) - skipped by user

19:38:09.0828 3608        Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:38:09.0828 3608        PDDSLADP ( UnsignedFile.Multi.Generic ) - skipped by user

19:38:09.0828 3608        PDDSLADP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:38:09.0828 3608        PDDSLHND ( UnsignedFile.Multi.Generic ) - skipped by user

19:38:09.0828 3608        PDDSLHND ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:38:10.0187 3608        \Device\Harddisk0\DR0\# - copied to quarantine

19:38:10.0187 3608        \Device\Harddisk0\DR0 - copied to quarantine

19:38:10.0218 3608        \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot

19:38:10.0234 3608        \Device\Harddisk0\DR0 - ok

19:38:10.0234 3608        \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure 

19:38:42.0625 3784        Deinitialize success