Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.6760809 im Receycler und System Volume Information

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.11.2012, 20:52   #1
EDDK
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Guten Tag,

- auf meinem Rechner wurde von G Data Trojan.Generic.6760809 im Receycler und System Volume Information gefunden

- nach Löschung Papierkorb und System Volume Information keine Funde mehr mit G Data

- Eset Online findet nur

C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\ICReinstall\cnet2_CMI8738_WDM_0639XP_zip.exe -> Variante von Win32/InstallCore.D Anwendung

C:\Dokumente und Einstellungen\Simulator\Lokale Einstellungen\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2631.exe -> Win32/OpenCandy Anwendung

C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe -> Win32/Toolbar.Widgi Anwendung

Laut Virus total alles Fehlalarme - alle anderen Scans ohne Befund

- Rechner ansonsten völlig ohne Auffälligkeiten

- Bitte um Überprüfung der beigefügten Logs, ob wieder alles ok ist. Vielen Dank !









Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: AIRBORNE1 [administrator]

09.11.2012 11:00:08
mbam-log-2012-11-09 (11-00-08).txt

Scan type: Full scan (C:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349100
Time elapsed: 4 hour(s), 37 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

***************************************************************************************************************************


GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-09 20:16:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 WDC_WD2502ABYS-02B7A0 rev.02.03B03
Running: 480wtml6.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\uflcqpog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB903B000, 0x2C28EE, 0xE8000020]

---- EOF - GMER 1.0.15 ----


**********************************************************************************************************************************


Code:
ATTFilter
OTL logfile created on: 06.11.2012 19:45:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,50 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 70,03% Memory free
2,35 Gb Paging File | 1,79 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 233,81 Gb Total Space | 20,47 Gb Free Space | 8,75% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 986,24 Gb Free Space | 70,58% Space Free | Partition Type: NTFS
 
Computer Name: AIRBORNE1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.06 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe
PRC - [2012.01.27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.02.13 11:54:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2002.07.12 15:33:12 | 001,581,056 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.06 10:52:05 | 001,828,864 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\G Data\AVKScanP\Avast5\defs\12110601\algo.dll
MOD - [2011.03.27 21:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.02.13 11:54:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.29 22:23:35 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.08 22:06:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.02.13 11:54:21 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.11.03 18:25:10 | 000,069,552 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2012.11.03 18:21:25 | 000,053,536 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2012.11.03 18:21:24 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012.11.03 18:21:24 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012.11.03 17:22:01 | 000,030,200 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)
DRV - [2012.11.03 17:21:58 | 000,046,840 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.08 05:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 05:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.12.08 05:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.12.08 05:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.12.08 05:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.11.10 04:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.11.16 15:07:38 | 000,058,496 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2010.11.16 15:07:38 | 000,019,656 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2010.09.23 08:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.02.20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005.09.14 21:01:14 | 000,824,512 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys -- (hcwPVRP2)
DRV - [2003.11.21 15:20:10 | 000,113,152 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2002.07.16 09:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci)
DRV - [2001.03.01 03:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 84 24 3A 9E A5 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.edkb.de/wetter/edkb.html"
FF - prefs.js..extensions.enabledAddons: listit@csail.mit.edu:0.5.0.2
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "65.51.181.123"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.28 09:31:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.28 09:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.29 22:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.12.02 23:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2010.12.02 23:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.03 08:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions
[2012.08.09 20:25:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.11.03 08:37:51 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.22 00:19:00 | 001,085,841 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\listit@csail.mit.edu.xpi
[2012.08.05 21:17:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.28 09:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.03 18:21:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.10.28 09:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.28 09:31:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.06.19 22:43:28 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 21:08:48 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.19 22:43:28 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 22:43:28 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 22:43:28 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 22:43:28 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.29 22:25:45 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 18 00 00 00  [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2178DDF3-43FF-403C-9D39-9E2062495B6C}: DhcpNameServer = 192.168.0.100
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\programme\g data\internetsecurity\avkkid\avkcks.exe) - c:\Programme\G Data\InternetSecurity\AVKKid\AvkCKS.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.27 10:17:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.07.10 03:14:07 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 13:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.06 18:16:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2012.11.04 12:18:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent
[2012.11.04 12:04:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2012.11.04 11:54:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.03 18:25:11 | 000,015,600 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys
[2012.11.03 18:25:10 | 000,069,552 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2012.11.03 18:21:23 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\GdScrSv.de.dll
[2012.11.03 17:22:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\G Data InternetSecurity 2013
[2012.11.03 17:22:01 | 000,030,200 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2012.11.03 17:22:00 | 000,053,536 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2012.11.03 17:21:58 | 000,046,840 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2012.11.03 17:21:57 | 000,093,728 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2012.11.03 17:21:57 | 000,041,888 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\G Data
[2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2012.10.29 22:23:27 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2012.10.28 09:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2012.10.08 22:43:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Sun
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.06 20:06:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.06 18:19:11 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2012.11.06 18:18:34 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2012.11.06 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2012.11.06 17:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.06 14:50:39 | 000,855,193 | ---- | M] () -- C:\WINDOWS\System32\sig.bin
[2012.11.06 14:50:39 | 000,045,869 | ---- | M] () -- C:\WINDOWS\System32\nmp.map
[2012.11.05 18:09:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.04 13:40:25 | 000,060,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.04 13:17:37 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012.11.04 12:05:51 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.11.03 22:17:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.11.03 18:25:11 | 000,015,600 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys
[2012.11.03 18:25:10 | 000,069,552 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2012.11.03 18:21:25 | 000,053,536 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2012.11.03 18:21:24 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2012.11.03 18:21:24 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2012.11.03 17:22:01 | 000,030,200 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2012.11.03 17:21:58 | 000,046,840 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2012.11.03 17:21:52 | 000,001,829 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\G Data InternetSecurity.lnk
[2012.11.03 17:16:03 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.11.03 08:54:19 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.31 23:05:28 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT
[2012.10.28 09:32:16 | 000,517,474 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.28 09:32:16 | 000,494,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.28 09:32:16 | 000,101,628 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.28 09:32:16 | 000,084,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.23 19:20:03 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT
[2012.10.13 14:58:31 | 000,017,442 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Diät Lilli.odt
[2012.10.11 21:11:19 | 000,420,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller - ergänze Angaben.pdf
[2012.10.11 20:56:08 | 000,476,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller.pdf
[2012.10.09 16:32:37 | 000,013,684 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RES_T6G9CF15135_0.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.06 18:19:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2012.11.06 18:18:33 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2012.11.04 07:40:08 | 000,855,193 | ---- | C] () -- C:\WINDOWS\System32\sig.bin
[2012.11.04 07:40:08 | 000,045,869 | ---- | C] () -- C:\WINDOWS\System32\nmp.map
[2012.11.03 17:21:52 | 000,001,829 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\G Data InternetSecurity.lnk
[2012.11.03 09:06:44 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012.10.12 18:44:39 | 000,017,442 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Diät Lilli.odt
[2012.10.11 21:11:19 | 000,420,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller - ergänze Angaben.pdf
[2012.10.11 20:56:08 | 000,476,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller.pdf
[2012.10.09 16:32:37 | 000,013,684 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RES_T6G9CF15135_0.pdf
[2012.09.26 22:52:49 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel
[2012.08.22 22:42:43 | 000,001,607 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.08.16 21:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2012.08.16 19:56:17 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Analog Mono
[2012.08.16 19:56:17 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Action Clauses
[2012.08.16 19:56:17 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT
[2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Analog Pad
[2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ambient
[2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Alerts
[2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Action
[2012.08.16 19:54:51 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT
[2012.08.16 19:54:51 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT
[2012.08.16 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Authentication
[2012.08.16 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Applications
[2012.08.16 19:54:28 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLeo.DAT
[2012.04.03 22:48:42 | 000,036,932 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2012.04.03 22:48:42 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2012.04.03 22:48:42 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2012.02.15 17:30:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.12 13:46:45 | 000,000,125 | ---- | C] () -- C:\WINDOWS\TKWIN.INI
[2012.02.05 21:49:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.09.08 21:18:23 | 000,558,128 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1275210071-2049760794-839522115-1003-0.dat
[2011.09.08 21:18:23 | 000,136,238 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.07.21 16:24:15 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.04.04 21:37:10 | 000,000,715 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2011.03.23 09:41:27 | 000,000,488 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2011.03.13 15:52:00 | 000,004,726 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini
[2011.02.24 21:45:48 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2011.02.13 11:54:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2011.01.07 20:08:35 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2011.01.07 20:08:16 | 000,002,285 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2011.01.06 21:30:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.01.06 21:29:45 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.01.06 17:44:22 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.12.12 16:41:47 | 000,006,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mdbu.bin
[2010.12.11 20:51:52 | 000,060,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.27 22:57:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2010.11.27 22:54:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2010.11.27 21:18:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010.11.27 21:06:29 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.11.27 20:54:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\scrub2k.exe
[2010.11.27 20:54:50 | 000,000,443 | ---- | C] () -- C:\WINDOWS\hpw0460k.ini
[2010.11.27 20:53:35 | 000,000,092 | ---- | C] () -- C:\WINDOWS\hpdj460.ini
[2010.11.27 20:53:31 | 000,001,445 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2010.11.27 20:37:30 | 000,035,344 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010.11.27 20:37:08 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.11.27 20:36:54 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe
[2010.11.27 20:27:01 | 000,000,199 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010.11.27 20:27:01 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010.11.27 17:49:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.11.27 13:15:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.11.27 10:18:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.11.27 10:15:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.11.27 10:06:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.11.27 10:05:41 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
[2010.11.27 17:46:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2010.09.09 15:17:08 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.04 12:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AIMP3
[2011.03.13 17:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Auslogics
[2011.04.04 21:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service
[2010.12.12 12:53:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Canneverbe Limited
[2012.11.04 11:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular
[2011.04.02 12:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla
[2012.08.09 20:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Garmin
[2010.12.30 21:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Greenshot
[2010.12.12 11:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\KeePass
[2011.12.10 00:03:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LibreOffice
[2012.06.03 13:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LogView
[2011.04.01 21:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MrJobs
[2012.08.16 20:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Nikon
[2012.04.13 22:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Notepad++
[2010.12.10 17:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org
[2010.12.11 17:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Panasonic
[2011.09.18 15:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\pdfforge
[2012.08.24 13:06:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PhotoScape
[2011.03.13 16:09:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Q-Dir
[2011.12.11 13:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\RavensburgerTipToi
[2012.03.04 17:02:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Samsung
[2012.01.27 21:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TeamViewer
[2010.12.02 23:11:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird
[2011.06.20 17:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Tracker Software
[2012.11.04 17:21:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Wireshark
[2010.11.27 12:45:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2012.08.16 21:04:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2011.04.04 21:37:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2010.12.05 00:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.02.13 12:31:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2012.11.04 11:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2012.08.16 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2012.08.16 19:54:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flange Saw
[2012.08.16 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Framework
[2012.11.03 18:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2012.08.16 19:54:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gems
[2012.08.16 21:02:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2011.05.28 16:24:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2010.11.27 17:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security
[2012.08.16 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Perl
[2012.11.04 12:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.02.13 14:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SMART Technologies
[2011.12.18 14:23:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012.08.16 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
 
========== Purity Check ==========
 
 

< End of report >
         

********************************************************************************************************************


Code:
ATTFilter
OTL Extras logfile created on: 06.11.2012 19:45:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,50 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 70,03% Memory free
2,35 Gb Paging File | 1,79 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 233,81 Gb Total Space | 20,47 Gb Free Space | 8,75% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 986,24 Gb Free Space | 70,58% Space Free | Partition Type: NTFS
 
Computer Name: AIRBORNE1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" = C:\Programme\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe:*:Disabled:Toolbox for HP Printing System for Windows -- (Hewlett-Packard Company)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\PhoenixRC\phoenixRC.exe" = C:\Programme\PhoenixRC\phoenixRC.exe:*:Enabled:phoenixRC -- ()
"C:\Programme\RealVNC\VNC4\vncviewer.exe" = C:\Programme\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Programme\RealVNC\VNC4\winvnc4.exe" = C:\Programme\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{147E4062-DC7C-4B74-B64F-0991516C53B0}_is1" = CodeVisionAVR V2.03.4 ATM18 Evaluation
"{18941178-396B-0CC4-2168-17112315EBB8}" = ccc-utility
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2C7946AF-8AE9-6369-0075-7A3419F59441}" = Catalyst Control Center InstallProxy
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37B3776C-6DE6-4DD4-9AC6-C14952083932}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{579CB8A1-9966-4223-943F-05B3CF84C841}" = Microsoft Visual C++ 2008 Samples
"{59F646AD-A378-4783-8638-EA1AD92E1153}_is1" = MPEG-VCR 3.14.7.5 (09/2010)
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{656E92B7-1C9A-464F-8269-0D3F6AFDACBB}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{790F6156-B231-F7D6-BAE4-741E7CB0ACB1}" = ccc-utility
"{7A03BEDC-6390-440E-8D13-721A22F0BD1F}" = PhoenixRC
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{810AD6B3-C830-A74C-300E-D14820CE1850}" = Catalyst Control Center InstallProxy
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B361E4-A86E-4335-99FF-6C3604788DAB}" = HD Writer AE 1.0 for HDC
"{9875BF9C-8565-4085-B6A4-5D8D838FB5C3}" = HP Deskjet 460
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36579B4-313E-DC6B-D817-41824D46EF5D}" = CCC Help English
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3BA6488-5C3E-A4EF-BA64-74C54ABCEE03}" = ccc-core-static
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EDD654B3-6FE9-67AC-CE7D-5FE3698439DB}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"DVD-lab PRO_is1" = DVD-lab PRO 1.51 Full
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.4.0
"GIMP-2_is1" = GIMP 2.8.0
"Greenshot_is1" = Greenshot
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"hp deskjet 460 series" = HP Deskjet 460 Series
"ie8" = Windows Internet Explorer 8
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.21
"LogView V2" = LogView V2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG-VCR" = MPEG-VCR 3.14.7.5 (09/2010)
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Notepad++" = Notepad++
"PCI Audio Driver" = PCI Audio Driver
"PE Builder_is1" = PE Builder 3.1.10a
"Picasa 3" = Picasa 3
"PSPad editor_is1" = PSPad editor
"RealVNC_is1" = VNC Free Edition 4.1.3
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 2.0.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.5
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.4
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"LogView V2 2" = LogView V2 2
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.09.2011 16:10:26 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien 
gefunden.
 
Error - 08.09.2011 16:10:26 | Computer Name = AIRBORNE1 | Source = .NET Runtime | ID = 1026
Description = Anwendung: HelpLibAgent.exe Frameworkversion: v4.0.30319 Beschreibung:
 Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen:
 System.Net.HttpListenerException Stapel:    bei Microsoft.Help.HelpHttpServer.ConnectionManagerThreadStart()

   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)    bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
 System.Threading.ContextCallback, System.Object, Boolean)    bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
 System.Threading.ContextCallback, System.Object)    bei System.Threading.ThreadHelper.ThreadStart()

 
Error - 09.09.2011 16:18:12 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien 
gefunden.
 
Error - 09.09.2011 16:18:15 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien 
gefunden.
 
Error - 14.10.2011 10:31:38 | Computer Name = AIRBORNE1 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
Error - 15.10.2011 08:53:16 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 7.0.1.4288, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.11.2011 18:08:49 | Computer Name = AIRBORNE1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wintv.exe, Version 6.0.26080.0, fehlgeschlagenes
 Modul mfc42.dll, Version 6.2.8081.0, Fehleradresse 0x000022be.
 
Error - 09.12.2011 14:20:41 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 09.12.2011 14:20:42 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 09.12.2011 14:20:42 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 03.11.2012 12:26:33 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 03.11.2012 13:23:10 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 04.11.2012 02:37:01 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 04.11.2012 03:37:41 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 04.11.2012 10:03:25 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 04.11.2012 11:19:51 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 05.11.2012 13:09:49 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 06.11.2012 02:01:51 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 06.11.2012 09:40:10 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 06.11.2012 12:56:34 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
 
< End of report >
         

Alt 12.11.2012, 11:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Zitat:
- auf meinem Rechner wurde von G Data Trojan.Generic.6760809 im Receycler und System Volume Information gefunden
- nach Löschung Papierkorb und System Volume Information keine Funde mehr mit G Data
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520

Zitat:
Windows XP Professional Edition
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2178DDF3-43FF-403C-9D39-9E2062495B6C}: DhcpNameServer = 192.168.0.100
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________

__________________

Alt 12.11.2012, 17:33   #3
EDDK
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Guten Tag,

-die Log Dateien liegen nicht mehr vor, da ich wieder auf Avast zurück gewechselt bin :-( (mein Rechner hatte nicht die Performance für G Data)

- die Funde lagen in Dateien wie z.B. A0084417.exe in System Volume Information\_restore{BE8EECC4-C1BB-45D6-8C2A-F88C1C98C680}\RP515, soweit meine Notizen noch hergeben

- es handelt sich um einen privaten Bürorechner

Schon mal Danke für die Mühe ...

Thomas
__________________

Alt 12.11.2012, 18:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Zitat:
- es handelt sich um einen privaten Bürorechner
Was denn nun?
Privat oder ein Büro-/Firmenrechner?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.11.2012, 21:45   #5
EDDK
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Guten Tag,

mein privater Rechner, der in meinem privaten Arbeitszimmer steht - also zur reinen privaten Nutzung ....

Thomas


Alt 12.11.2012, 22:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Ok - aber was ist mit Malwarebytes, hatte dieses Tool denn niemals Funde?
__________________
--> Trojan.Generic.6760809 im Receycler und System Volume Information

Alt 12.11.2012, 22:53   #7
EDDK
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



- Malewarebytes und Avast haben auf dem Rechner noch nie angeschlagen. Nur G Data und ESET.

- Evtl. besteht ein Zusammenhang mit gelöschten Mails ...

- Deshalb die Frage, ob Ihr anhand der Logs (oder zus. Logs) etwas auffälliges finden könnt.

Thomas

Alt 12.11.2012, 23:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.11.2012, 23:35   #9
EDDK
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 23:21:05
-----------------------------
23:21:05.265    OS Version: Windows 5.1.2600 Service Pack 3
23:21:05.265    Number of processors: 1 586 0x304
23:21:05.265    ComputerName: AIRBORNE1  UserName: Admin
23:21:05.937    Initialize success
23:21:06.578    AVAST engine defs: 12111201
23:21:29.671    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
23:21:29.671    Disk 0 Vendor: WDC_WD2502ABYS-02B7A0 02.03B03 Size: 239429MB BusType: 3
23:21:29.687    Disk 0 MBR read successfully
23:21:29.687    Disk 0 MBR scan
23:21:29.687    Disk 0 Windows XP default MBR code
23:21:29.687    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       239417 MB offset 63
23:21:29.703    Disk 0 scanning sectors +490326480
23:21:29.750    Disk 0 scanning C:\WINDOWS\system32\drivers
23:21:35.750    Service scanning
23:21:44.515    Modules scanning
23:21:47.515    Disk 0 trace - called modules:
23:21:47.531    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
23:21:47.531    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89eb2ab8]
23:21:47.531    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005d[0x89ee2900]
23:21:47.546    5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x89e81d98]
23:21:48.046    AVAST engine scan C:\WINDOWS
23:21:50.421    AVAST engine scan C:\WINDOWS\system32
23:24:06.703    AVAST engine scan C:\WINDOWS\system32\drivers
23:24:23.296    AVAST engine scan C:\Dokumente und Einstellungen\Admin
23:27:12.906    AVAST engine scan C:\Dokumente und Einstellungen\All Users
23:28:16.281    Scan finished successfully
23:28:34.812    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\MBR.dat"
23:28:34.812    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\aswMBR.txt"
         


Code:
ATTFilter
23:29:51.0875 1136  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:29:51.0890 1136  ============================================================
23:29:51.0890 1136  Current date / time: 2012/11/12 23:29:51.0890
23:29:51.0890 1136  SystemInfo:
23:29:51.0890 1136  
23:29:51.0890 1136  OS Version: 5.1.2600 ServicePack: 3.0
23:29:51.0890 1136  Product type: Workstation
23:29:51.0890 1136  ComputerName: AIRBORNE1
23:29:51.0890 1136  UserName: Admin
23:29:51.0890 1136  Windows directory: C:\WINDOWS
23:29:51.0890 1136  System windows directory: C:\WINDOWS
23:29:51.0890 1136  Processor architecture: Intel x86
23:29:51.0890 1136  Number of processors: 1
23:29:51.0890 1136  Page size: 0x1000
23:29:51.0890 1136  Boot type: Normal boot
23:29:51.0890 1136  ============================================================
23:29:52.0984 1136  Drive \Device\Harddisk0\DR0 - Size: 0x3A7450A000 (233.82 Gb), SectorSize: 0x200, Cylinders: 0x7EAE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:29:52.0984 1136  Drive \Device\Harddisk1\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:29:59.0796 1136  ============================================================
23:29:59.0796 1136  \Device\Harddisk0\DR0:
23:29:59.0796 1136  MBR partitions:
23:29:59.0796 1136  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D39C991
23:29:59.0796 1136  \Device\Harddisk1\DR2:
23:29:59.0796 1136  MBR partitions:
23:29:59.0796 1136  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
23:29:59.0796 1136  ============================================================
23:29:59.0828 1136  C: <-> \Device\Harddisk0\DR0\Partition1
23:29:59.0875 1136  G: <-> \Device\Harddisk1\DR2\Partition1
23:29:59.0875 1136  ============================================================
23:29:59.0875 1136  Initialize success
23:29:59.0875 1136  ============================================================
23:30:30.0656 0400  ============================================================
23:30:30.0656 0400  Scan started
23:30:30.0656 0400  Mode: Manual; SigCheck; TDLFS; 
23:30:30.0656 0400  ============================================================
23:30:30.0984 0400  ================ Scan system memory ========================
23:30:30.0984 0400  System memory - ok
23:30:30.0984 0400  ================ Scan services =============================
23:30:31.0109 0400  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
23:30:31.0234 0400  Aavmker4 - ok
23:30:31.0250 0400  Abiosdsk - ok
23:30:31.0250 0400  abp480n5 - ok
23:30:31.0281 0400  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:30:31.0484 0400  ACPI - ok
23:30:31.0500 0400  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:30:31.0640 0400  ACPIEC - ok
23:30:31.0718 0400  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:30:31.0750 0400  AdobeFlashPlayerUpdateSvc - ok
23:30:31.0750 0400  adpu160m - ok
23:30:31.0796 0400  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:30:31.0937 0400  aec - ok
23:30:31.0968 0400  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:30:32.0000 0400  AFD - ok
23:30:32.0015 0400  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
23:30:32.0156 0400  agp440 - ok
23:30:32.0171 0400  Aha154x - ok
23:30:32.0171 0400  aic78u2 - ok
23:30:32.0187 0400  aic78xx - ok
23:30:32.0203 0400  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:30:32.0343 0400  Alerter - ok
23:30:32.0359 0400  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
23:30:32.0500 0400  ALG - ok
23:30:32.0515 0400  AliIde - ok
23:30:32.0515 0400  amsint - ok
23:30:32.0546 0400  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\WINDOWS\system32\Drivers\ssadadb.sys
23:30:32.0609 0400  androidusb - ok
23:30:32.0640 0400  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:30:32.0765 0400  AppMgmt - ok
23:30:32.0765 0400  asc - ok
23:30:32.0781 0400  asc3350p - ok
23:30:32.0796 0400  asc3550 - ok
23:30:32.0906 0400  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:30:32.0937 0400  aspnet_state - ok
23:30:32.0953 0400  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:30:32.0968 0400  aswFsBlk - ok
23:30:33.0015 0400  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
23:30:33.0031 0400  aswMon2 - ok
23:30:33.0062 0400  [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
23:30:33.0078 0400  AswRdr - ok
23:30:33.0109 0400  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
23:30:33.0156 0400  aswSnx - ok
23:30:33.0203 0400  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
23:30:33.0234 0400  aswSP - ok
23:30:33.0250 0400  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
23:30:33.0265 0400  aswTdi - ok
23:30:33.0281 0400  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:30:33.0421 0400  AsyncMac - ok
23:30:33.0437 0400  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:30:33.0578 0400  atapi - ok
23:30:33.0593 0400  Atdisk - ok
23:30:33.0640 0400  [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:30:33.0687 0400  Ati HotKey Poller - ok
23:30:33.0875 0400  [ C832BF76F003999D2E91E5115583C69E ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:30:34.0171 0400  ati2mtag - ok
23:30:34.0203 0400  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:30:34.0328 0400  Atmarpc - ok
23:30:34.0359 0400  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:30:34.0484 0400  AudioSrv - ok
23:30:34.0531 0400  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:30:34.0656 0400  audstub - ok
23:30:34.0734 0400  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
23:30:34.0750 0400  avast! Antivirus - ok
23:30:34.0781 0400  [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:30:34.0812 0400  b57w2k - ok
23:30:34.0843 0400  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:30:34.0984 0400  Beep - ok
23:30:35.0031 0400  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\WINDOWS\system32\bgsvcgen.exe
23:30:35.0046 0400  bgsvcgen - ok
23:30:35.0078 0400  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\System32\qmgr.dll
23:30:35.0218 0400  BITS - ok
23:30:35.0250 0400  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
23:30:35.0296 0400  Browser - ok
23:30:35.0328 0400  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:30:35.0453 0400  cbidf2k - ok
23:30:35.0484 0400  [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:30:35.0515 0400  CCDECODE - ok
23:30:35.0531 0400  cd20xrnt - ok
23:30:35.0562 0400  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:30:35.0703 0400  Cdaudio - ok
23:30:35.0718 0400  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:30:35.0859 0400  Cdfs - ok
23:30:35.0875 0400  [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
23:30:35.0890 0400  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
23:30:35.0890 0400  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
23:30:35.0890 0400  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:30:36.0031 0400  Cdrom - ok
23:30:36.0046 0400  Changer - ok
23:30:36.0093 0400  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:30:36.0218 0400  CiSvc - ok
23:30:36.0234 0400  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:30:36.0375 0400  ClipSrv - ok
23:30:36.0437 0400  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:36.0484 0400  clr_optimization_v2.0.50727_32 - ok
23:30:36.0515 0400  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:36.0593 0400  clr_optimization_v4.0.30319_32 - ok
23:30:36.0593 0400  CmdIde - ok
23:30:36.0625 0400  [ FD40439BB258B9AA9AD314BF5948EF46 ] cmpci           C:\WINDOWS\system32\drivers\cmaudio.sys
23:30:36.0703 0400  cmpci - ok
23:30:36.0718 0400  COMSysApp - ok
23:30:36.0734 0400  Cpqarray - ok
23:30:36.0781 0400  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:30:36.0921 0400  CryptSvc - ok
23:30:36.0921 0400  dac2w2k - ok
23:30:36.0921 0400  dac960nt - ok
23:30:36.0968 0400  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:30:37.0062 0400  DcomLaunch - ok
23:30:37.0109 0400  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:30:37.0234 0400  Dhcp - ok
23:30:37.0265 0400  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:30:37.0390 0400  Disk - ok
23:30:37.0406 0400  dmadmin - ok
23:30:37.0437 0400  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:30:37.0609 0400  dmboot - ok
23:30:37.0625 0400  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:30:37.0765 0400  dmio - ok
23:30:37.0796 0400  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:30:37.0937 0400  dmload - ok
23:30:37.0968 0400  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:30:38.0109 0400  dmserver - ok
23:30:38.0156 0400  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:30:38.0281 0400  DMusic - ok
23:30:38.0296 0400  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:30:38.0343 0400  Dnscache - ok
23:30:38.0375 0400  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:30:38.0500 0400  Dot3svc - ok
23:30:38.0515 0400  dpti2o - ok
23:30:38.0546 0400  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:30:38.0671 0400  drmkaud - ok
23:30:38.0671 0400  EagleXNt - ok
23:30:38.0703 0400  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:30:38.0843 0400  EapHost - ok
23:30:38.0875 0400  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:30:39.0015 0400  ERSvc - ok
23:30:39.0062 0400  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
23:30:39.0109 0400  Eventlog - ok
23:30:39.0156 0400  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\System32\es.dll
23:30:39.0203 0400  EventSystem - ok
23:30:39.0203 0400  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:30:39.0328 0400  Fastfat - ok
23:30:39.0359 0400  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:30:39.0406 0400  FastUserSwitchingCompatibility - ok
23:30:39.0437 0400  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:30:39.0562 0400  Fdc - ok
23:30:39.0578 0400  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:30:39.0703 0400  Fips - ok
23:30:39.0703 0400  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:30:39.0828 0400  Flpydisk - ok
23:30:39.0875 0400  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
23:30:40.0000 0400  FltMgr - ok
23:30:40.0062 0400  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:30:40.0078 0400  FontCache3.0.0.0 - ok
23:30:40.0078 0400  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:30:40.0218 0400  Fs_Rec - ok
23:30:40.0218 0400  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:30:40.0343 0400  Ftdisk - ok
23:30:40.0359 0400  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:30:40.0484 0400  gameenum - ok
23:30:40.0500 0400  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:30:40.0640 0400  Gpc - ok
23:30:40.0687 0400  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
23:30:40.0703 0400  gusvc - ok
23:30:40.0750 0400  [ FC7DCDEF8F17D3C5DECC880673EA5BD5 ] hcwPVRP2        C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys
23:30:40.0812 0400  hcwPVRP2 - ok
23:30:40.0906 0400  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:30:41.0046 0400  helpsvc - ok
23:30:41.0078 0400  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
23:30:41.0218 0400  HidServ - ok
23:30:41.0250 0400  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:30:41.0375 0400  hidusb - ok
23:30:41.0406 0400  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:30:41.0531 0400  hkmsvc - ok
23:30:41.0546 0400  hpn - ok
23:30:41.0593 0400  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:30:41.0640 0400  HTTP - ok
23:30:41.0687 0400  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:30:41.0921 0400  HTTPFilter - ok
23:30:41.0937 0400  i2omgmt - ok
23:30:41.0937 0400  i2omp - ok
23:30:41.0953 0400  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:30:42.0093 0400  i8042prt - ok
23:30:42.0156 0400  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:30:42.0171 0400  IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:30:42.0171 0400  IDriverT - detected UnsignedFile.Multi.Generic (1)
23:30:42.0265 0400  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:30:42.0312 0400  idsvc - ok
23:30:42.0343 0400  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:30:42.0468 0400  Imapi - ok
23:30:42.0500 0400  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\System32\imapi.exe
23:30:42.0640 0400  ImapiService - ok
23:30:42.0656 0400  ini910u - ok
23:30:42.0671 0400  IntelIde - ok
23:30:42.0687 0400  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:30:42.0828 0400  intelppm - ok
23:30:42.0859 0400  [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort          C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
23:30:42.0875 0400  IOPort ( UnsignedFile.Multi.Generic ) - warning
23:30:42.0875 0400  IOPort - detected UnsignedFile.Multi.Generic (1)
23:30:42.0890 0400  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
23:30:43.0031 0400  ip6fw - ok
23:30:43.0062 0400  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:30:43.0187 0400  IpFilterDriver - ok
23:30:43.0203 0400  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:30:43.0328 0400  IpInIp - ok
23:30:43.0343 0400  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:30:43.0500 0400  IpNat - ok
23:30:43.0515 0400  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:30:43.0640 0400  IPSec - ok
23:30:43.0671 0400  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:30:43.0781 0400  IRENUM - ok
23:30:43.0812 0400  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:30:43.0937 0400  isapnp - ok
23:30:43.0953 0400  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:30:44.0078 0400  Kbdclass - ok
23:30:44.0093 0400  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:30:44.0234 0400  kbdhid - ok
23:30:44.0265 0400  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:30:44.0406 0400  kmixer - ok
23:30:44.0437 0400  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:30:44.0484 0400  KSecDD - ok
23:30:44.0515 0400  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
23:30:44.0562 0400  lanmanserver - ok
23:30:44.0609 0400  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:30:44.0640 0400  lanmanworkstation - ok
23:30:44.0671 0400  [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd             C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:30:44.0687 0400  Lbd - ok
23:30:44.0703 0400  lbrtfdc - ok
23:30:44.0734 0400  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:30:44.0875 0400  LmHosts - ok
23:30:44.0906 0400  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
23:30:44.0937 0400  MBAMProtector - ok
23:30:45.0015 0400  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:30:45.0031 0400  MBAMScheduler - ok
23:30:45.0078 0400  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
23:30:45.0109 0400  MBAMService - ok
23:30:45.0140 0400  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:30:45.0281 0400  Messenger - ok
23:30:45.0281 0400  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:30:45.0406 0400  mnmdd - ok
23:30:45.0437 0400  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
23:30:45.0562 0400  mnmsrvc - ok
23:30:45.0593 0400  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:30:45.0734 0400  Modem - ok
23:30:45.0781 0400  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:30:45.0906 0400  Mouclass - ok
23:30:45.0937 0400  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:30:46.0062 0400  mouhid - ok
23:30:46.0062 0400  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:30:46.0187 0400  MountMgr - ok
23:30:46.0218 0400  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:30:46.0250 0400  MozillaMaintenance - ok
23:30:46.0250 0400  mraid35x - ok
23:30:46.0265 0400  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:30:46.0390 0400  MRxDAV - ok
23:30:46.0437 0400  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:30:46.0500 0400  MRxSmb - ok
23:30:46.0531 0400  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
23:30:46.0671 0400  MSDTC - ok
23:30:46.0687 0400  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:30:46.0812 0400  Msfs - ok
23:30:46.0812 0400  MSIServer - ok
23:30:46.0843 0400  [ 85736F804191CB420A31ACA2A7F0674F ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:30:46.0875 0400  MSKSSRV - ok
23:30:46.0906 0400  [ E943ADB93D83C5CBC0CA3F53F53B48CC ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:30:46.0953 0400  MSPCLOCK - ok
23:30:47.0000 0400  [ F6A726B8832DB1F88326B8BE98B11981 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:30:47.0062 0400  MSPQM - ok
23:30:47.0093 0400  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:30:47.0218 0400  mssmbios - ok
23:30:47.0234 0400  [ D5059366B361F0E1124753447AF08AA2 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
23:30:47.0281 0400  MSTEE - ok
23:30:47.0296 0400  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:30:47.0328 0400  Mup - ok
23:30:47.0359 0400  [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:30:47.0375 0400  NABTSFEC - ok
23:30:47.0406 0400  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:30:47.0562 0400  napagent - ok
23:30:47.0562 0400  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:30:47.0703 0400  NDIS - ok
23:30:47.0734 0400  [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:30:47.0765 0400  NdisIP - ok
23:30:47.0812 0400  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:30:47.0828 0400  NdisTapi - ok
23:30:47.0859 0400  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:30:47.0984 0400  Ndisuio - ok
23:30:48.0000 0400  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:30:48.0109 0400  NdisWan - ok
23:30:48.0140 0400  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:30:48.0171 0400  NDProxy - ok
23:30:48.0203 0400  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:30:48.0328 0400  NetBIOS - ok
23:30:48.0359 0400  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:30:48.0484 0400  NetBT - ok
23:30:48.0531 0400  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:30:48.0656 0400  NetDDE - ok
23:30:48.0656 0400  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:30:48.0796 0400  NetDDEdsdm - ok
23:30:48.0828 0400  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\System32\lsass.exe
23:30:48.0953 0400  Netlogon - ok
23:30:48.0984 0400  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
23:30:49.0125 0400  Netman - ok
23:30:49.0171 0400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:30:49.0203 0400  NetTcpPortSharing - ok
23:30:49.0234 0400  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:30:49.0281 0400  Nla - ok
23:30:49.0328 0400  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Programme\CDBurnerXP\NMSAccessU.exe
23:30:49.0343 0400  NMSAccess - ok
23:30:49.0390 0400  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\WINDOWS\system32\drivers\npf.sys
23:30:49.0406 0400  NPF - ok
23:30:49.0421 0400  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:30:49.0546 0400  Npfs - ok
23:30:49.0578 0400  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:30:49.0750 0400  Ntfs - ok
23:30:49.0750 0400  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
23:30:49.0875 0400  NtLmSsp - ok
23:30:49.0906 0400  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:30:50.0093 0400  NtmsSvc - ok
23:30:50.0109 0400  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:30:50.0218 0400  Null - ok
23:30:50.0234 0400  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:30:50.0390 0400  NwlnkFlt - ok
23:30:50.0421 0400  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:30:50.0546 0400  NwlnkFwd - ok
23:30:50.0578 0400  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:30:50.0718 0400  Parport - ok
23:30:50.0718 0400  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:30:50.0843 0400  PartMgr - ok
23:30:50.0859 0400  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:30:51.0000 0400  ParVdm - ok
23:30:51.0015 0400  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:30:51.0125 0400  PCI - ok
23:30:51.0140 0400  PCIDump - ok
23:30:51.0156 0400  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:30:51.0296 0400  PCIIde - ok
23:30:51.0328 0400  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:30:51.0453 0400  Pcmcia - ok
23:30:51.0468 0400  PDCOMP - ok
23:30:51.0468 0400  PDFRAME - ok
23:30:51.0484 0400  PDRELI - ok
23:30:51.0484 0400  PDRFRAME - ok
23:30:51.0500 0400  perc2 - ok
23:30:51.0515 0400  perc2hib - ok
23:30:51.0546 0400  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
23:30:51.0578 0400  PlugPlay - ok
23:30:51.0578 0400  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
23:30:51.0703 0400  PolicyAgent - ok
23:30:51.0718 0400  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:30:51.0859 0400  PptpMiniport - ok
23:30:51.0875 0400  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
23:30:52.0000 0400  Processor - ok
23:30:52.0015 0400  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:30:52.0140 0400  ProtectedStorage - ok
23:30:52.0156 0400  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:30:52.0281 0400  PSched - ok
23:30:52.0281 0400  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:30:52.0421 0400  Ptilink - ok
23:30:52.0468 0400  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:30:52.0484 0400  PxHelp20 - ok
23:30:52.0484 0400  ql1080 - ok
23:30:52.0500 0400  Ql10wnt - ok
23:30:52.0500 0400  ql12160 - ok
23:30:52.0515 0400  ql1240 - ok
23:30:52.0515 0400  ql1280 - ok
23:30:52.0531 0400  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:30:52.0656 0400  RasAcd - ok
23:30:52.0703 0400  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:30:52.0828 0400  RasAuto - ok
23:30:52.0828 0400  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:30:52.0953 0400  Rasl2tp - ok
23:30:53.0000 0400  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:30:53.0156 0400  RasMan - ok
23:30:53.0156 0400  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:30:53.0281 0400  RasPppoe - ok
23:30:53.0296 0400  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:30:53.0437 0400  Raspti - ok
23:30:53.0437 0400  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:30:53.0562 0400  Rdbss - ok
23:30:53.0578 0400  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:30:53.0703 0400  RDPCDD - ok
23:30:53.0718 0400  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:30:53.0843 0400  rdpdr - ok
23:30:53.0890 0400  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:30:53.0937 0400  RDPWD - ok
23:30:53.0984 0400  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:30:54.0109 0400  RDSessMgr - ok
23:30:54.0125 0400  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:30:54.0250 0400  redbook - ok
23:30:54.0281 0400  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:30:54.0406 0400  RemoteAccess - ok
23:30:54.0453 0400  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
23:30:54.0578 0400  RemoteRegistry - ok
23:30:54.0625 0400  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Programme\WinPcap\rpcapd.exe
23:30:54.0640 0400  rpcapd - ok
23:30:54.0656 0400  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\System32\locator.exe
23:30:54.0796 0400  RpcLocator - ok
23:30:54.0812 0400  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
23:30:54.0843 0400  RpcSs - ok
23:30:54.0890 0400  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\System32\rsvp.exe
23:30:55.0031 0400  RSVP - ok
23:30:55.0062 0400  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:30:55.0171 0400  SamSs - ok
23:30:55.0203 0400  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:30:55.0343 0400  SCardSvr - ok
23:30:55.0390 0400  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:30:55.0531 0400  Schedule - ok
23:30:55.0531 0400  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:30:55.0656 0400  Secdrv - ok
23:30:55.0687 0400  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:30:55.0812 0400  seclogon - ok
23:30:55.0843 0400  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
23:30:55.0968 0400  SENS - ok
23:30:55.0984 0400  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:30:56.0125 0400  serenum - ok
23:30:56.0125 0400  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:30:56.0250 0400  Serial - ok
23:30:56.0312 0400  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:30:56.0421 0400  Sfloppy - ok
23:30:56.0468 0400  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:30:56.0640 0400  SharedAccess - ok
23:30:56.0656 0400  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:30:56.0671 0400  ShellHWDetection - ok
23:30:56.0718 0400  [ 4AABD176758CDBCFB834A72BD01CD02F ] silabenm        C:\WINDOWS\system32\DRIVERS\silabenm.sys
23:30:56.0734 0400  silabenm ( UnsignedFile.Multi.Generic ) - warning
23:30:56.0734 0400  silabenm - detected UnsignedFile.Multi.Generic (1)
23:30:56.0765 0400  [ F5460535EDE7ADEB0721BC56587554EA ] silabser        C:\WINDOWS\system32\DRIVERS\silabser.sys
23:30:56.0796 0400  silabser ( UnsignedFile.Multi.Generic ) - warning
23:30:56.0796 0400  silabser - detected UnsignedFile.Multi.Generic (1)
23:30:56.0796 0400  Simbad - ok
23:30:56.0828 0400  [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:30:56.0859 0400  SLIP - ok
23:30:56.0875 0400  Sparrow - ok
23:30:56.0921 0400  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:30:57.0046 0400  splitter - ok
23:30:57.0078 0400  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:30:57.0109 0400  Spooler - ok
23:30:57.0140 0400  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:30:57.0265 0400  sr - ok
23:30:57.0296 0400  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\System32\srsvc.dll
23:30:57.0421 0400  srservice - ok
23:30:57.0468 0400  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:30:57.0500 0400  Srv - ok
23:30:57.0546 0400  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\WINDOWS\system32\DRIVERS\ssadbus.sys
23:30:57.0578 0400  ssadbus - ok
23:30:57.0609 0400  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
23:30:57.0625 0400  ssadmdfl - ok
23:30:57.0640 0400  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
23:30:57.0671 0400  ssadmdm - ok
23:30:57.0703 0400  [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd        C:\WINDOWS\system32\DRIVERS\ssadserd.sys
23:30:57.0750 0400  ssadserd - ok
23:30:57.0765 0400  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:30:57.0906 0400  SSDPSRV - ok
23:30:57.0953 0400  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
23:30:57.0953 0400  StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:30:57.0953 0400  StarOpen - detected UnsignedFile.Multi.Generic (1)
23:30:58.0000 0400  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:30:58.0156 0400  stisvc - ok
23:30:58.0187 0400  [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:30:58.0203 0400  streamip - ok
23:30:58.0250 0400  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:30:58.0359 0400  swenum - ok
23:30:58.0375 0400  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:30:58.0500 0400  swmidi - ok
23:30:58.0515 0400  SwPrv - ok
23:30:58.0531 0400  symc810 - ok
23:30:58.0546 0400  symc8xx - ok
23:30:58.0546 0400  sym_hi - ok
23:30:58.0562 0400  sym_u3 - ok
23:30:58.0625 0400  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:30:58.0750 0400  sysaudio - ok
23:30:58.0781 0400  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:30:58.0906 0400  SysmonLog - ok
23:30:58.0937 0400  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:30:59.0078 0400  TapiSrv - ok
23:30:59.0125 0400  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:30:59.0187 0400  Tcpip - ok
23:30:59.0234 0400  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:30:59.0343 0400  TDPIPE - ok
23:30:59.0375 0400  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:30:59.0500 0400  TDTCP - ok
23:30:59.0515 0400  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:30:59.0625 0400  TermDD - ok
23:30:59.0656 0400  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
23:30:59.0812 0400  TermService - ok
23:30:59.0828 0400  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:30:59.0859 0400  Themes - ok
23:30:59.0906 0400  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
23:31:00.0046 0400  TlntSvr - ok
23:31:00.0046 0400  TosIde - ok
23:31:00.0078 0400  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:31:00.0203 0400  TrkWks - ok
23:31:00.0250 0400  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:31:00.0359 0400  Udfs - ok
23:31:00.0359 0400  ultra - ok
23:31:00.0406 0400  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:31:00.0562 0400  Update - ok
23:31:00.0578 0400  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:31:00.0718 0400  upnphost - ok
23:31:00.0734 0400  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
23:31:00.0859 0400  UPS - ok
23:31:00.0890 0400  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
23:31:01.0031 0400  usbaudio - ok
23:31:01.0046 0400  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:31:01.0156 0400  usbccgp - ok
23:31:01.0187 0400  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:31:01.0296 0400  usbehci - ok
23:31:01.0312 0400  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:31:01.0437 0400  usbhub - ok
23:31:01.0453 0400  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:31:01.0593 0400  usbprint - ok
23:31:01.0640 0400  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:31:01.0765 0400  usbscan - ok
23:31:01.0781 0400  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:31:01.0906 0400  USBSTOR - ok
23:31:01.0953 0400  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:31:02.0062 0400  usbuhci - ok
23:31:02.0109 0400  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
23:31:02.0234 0400  usbvideo - ok
23:31:02.0265 0400  [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI          C:\WINDOWS\system32\UTSCSI.EXE
23:31:02.0296 0400  UTSCSI ( UnsignedFile.Multi.Generic ) - warning
23:31:02.0296 0400  UTSCSI - detected UnsignedFile.Multi.Generic (1)
23:31:02.0343 0400  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:31:02.0453 0400  VgaSave - ok
23:31:02.0468 0400  ViaIde - ok
23:31:02.0500 0400  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:31:02.0609 0400  VolSnap - ok
23:31:02.0640 0400  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
23:31:02.0781 0400  VSS - ok
23:31:02.0812 0400  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\System32\w32time.dll
23:31:02.0937 0400  W32Time - ok
23:31:02.0984 0400  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:31:03.0109 0400  Wanarp - ok
23:31:03.0156 0400  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
23:31:03.0187 0400  Wdf01000 - ok
23:31:03.0203 0400  WDICA - ok
23:31:03.0234 0400  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:31:03.0359 0400  wdmaud - ok
23:31:03.0390 0400  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:31:03.0515 0400  WebClient - ok
23:31:03.0609 0400  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:31:03.0718 0400  winmgmt - ok
23:31:03.0781 0400  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
23:31:03.0812 0400  WmdmPmSN - ok
23:31:03.0843 0400  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:31:03.0906 0400  Wmi - ok
23:31:03.0937 0400  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:31:04.0062 0400  WmiApSrv - ok
23:31:04.0078 0400  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:31:04.0093 0400  WpdUsb - ok
23:31:04.0187 0400  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:31:04.0218 0400  WPFFontCache_v0400 - ok
23:31:04.0250 0400  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:31:04.0406 0400  wscsvc - ok
23:31:04.0421 0400  [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:31:04.0437 0400  WSTCODEC - ok
23:31:04.0453 0400  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:31:04.0578 0400  wuauserv - ok
23:31:04.0625 0400  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:31:04.0640 0400  WudfPf - ok
23:31:04.0656 0400  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:31:04.0671 0400  WudfRd - ok
23:31:04.0703 0400  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
23:31:04.0750 0400  WudfSvc - ok
23:31:04.0796 0400  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:31:04.0968 0400  WZCSVC - ok
23:31:05.0000 0400  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:31:05.0156 0400  xmlprov - ok
23:31:05.0156 0400  ================ Scan global ===============================
23:31:05.0187 0400  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
23:31:05.0250 0400  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
23:31:05.0265 0400  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
23:31:05.0296 0400  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
23:31:05.0312 0400  [Global] - ok
23:31:05.0312 0400  ================ Scan MBR ==================================
23:31:05.0328 0400  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
23:31:05.0531 0400  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:31:05.0531 0400  \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:31:05.0546 0400  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
23:31:06.0093 0400  \Device\Harddisk1\DR2 - ok
23:31:06.0093 0400  ================ Scan VBR ==================================
23:31:06.0093 0400  [ D964B52BD354518261E5B697C98E79D1 ] \Device\Harddisk0\DR0\Partition1
23:31:06.0109 0400  \Device\Harddisk0\DR0\Partition1 - ok
23:31:06.0125 0400  [ F17264F44C7DBECAC0FD14C51ED6F082 ] \Device\Harddisk1\DR2\Partition1
23:31:06.0125 0400  \Device\Harddisk1\DR2\Partition1 - ok
23:31:06.0125 0400  ============================================================
23:31:06.0125 0400  Scan finished
23:31:06.0125 0400  ============================================================
23:31:06.0234 1652  Detected object count: 8
23:31:06.0234 1652  Actual detected object count: 8
23:32:16.0843 1652  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0843 1652  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:32:16.0859 1652  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:32:16.0859 1652  IOPort ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652  IOPort ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:32:16.0859 1652  silabenm ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652  silabenm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:32:16.0859 1652  silabser ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652  silabser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:32:16.0859 1652  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:32:16.0859 1652  UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:16.0859 1652  UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:32:16.0859 1652  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:32:16.0859 1652  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         

Alt 12.11.2012, 23:39   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Du hast ein TDSS drin! Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.11.2012, 00:00   #11
EDDK
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-12.03 - Admin 12.11.2012  23:51:10.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2559.1902 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\embedded
c:\windows\system32\embedded\License.txt
c:\windows\system32\embedded\uninstall.exe
c:\windows\system32\embedded\WizardImage.bmp
c:\windows\system32\embedded\WizardSmallImage.bmp
G:\autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-12 bis 2012-11-12  ))))))))))))))))))))))))))))))
.
.
2012-11-12 21:58 . 2012-11-12 21:58	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\WinPatrol
2012-11-12 21:58 . 2012-11-12 21:58	--------	d-----w-	c:\programme\BillP Studios
2012-11-12 21:58 . 2012-11-12 21:58	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallMate
2012-11-10 15:02 . 2012-11-10 23:00	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\vlc
2012-11-09 19:45 . 2012-10-30 22:51	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-11-09 19:45 . 2012-10-30 22:51	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-11-09 19:45 . 2012-10-30 22:51	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-11-09 19:45 . 2012-10-30 22:51	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-11-09 19:45 . 2012-10-30 22:51	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-11-09 19:45 . 2012-10-30 22:51	97608	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-11-09 19:45 . 2012-10-30 22:51	89752	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-11-09 19:45 . 2012-10-30 22:51	25256	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-11-09 19:43 . 2012-10-30 22:51	41224	----a-w-	c:\windows\avastSS.scr
2012-11-09 19:43 . 2012-10-30 22:50	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-11-09 19:43 . 2012-11-09 19:43	--------	d-----w-	c:\programme\AVAST Software
2012-11-09 19:43 . 2012-11-09 19:43	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVAST Software
2012-11-08 21:05 . 2012-11-08 21:05	--------	d-----w-	c:\programme\Gemeinsame Dateien\Adobe
2012-11-04 11:04 . 2012-11-04 11:09	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2012-11-04 06:40 . 2012-11-09 09:55	861312	----a-w-	c:\windows\system32\sig.bin
2012-11-03 17:25 . 2012-11-03 17:25	15600	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2012-11-03 17:25 . 2012-11-03 17:25	69552	----a-w-	c:\windows\system32\drivers\GRD.sys
2012-11-03 17:21 . 2012-05-29 07:24	10792	----a-w-	c:\windows\system32\GdScrSv.de.dll
2012-11-03 16:26 . 2012-11-03 16:26	--------	d-sh--w-	c:\dokumente und einstellungen\NetworkService\IETldCache
2012-11-03 16:21 . 2012-11-09 17:19	--------	d-----w-	c:\programme\Gemeinsame Dateien\G Data
2012-11-03 16:21 . 2012-11-09 17:18	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\G DATA
2012-10-29 21:23 . 2012-10-30 07:05	--------	d-----w-	c:\programme\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 15:35 . 2012-04-02 18:49	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-08 15:35 . 2011-10-06 18:27	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2010-11-27 11:20	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-13 16:18 . 2012-09-13 16:18	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 16:18 . 2012-06-16 18:28	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-09-13 16:18 . 2012-06-16 18:28	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-13 16:18 . 2010-11-27 20:35	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-28 15:05 . 2002-08-29 01:43	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2002-08-29 01:43	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-08-28 15:05 . 2002-08-29 01:43	43520	------w-	c:\windows\system32\licmgr10.dll
2012-08-28 12:07 . 2010-11-27 11:48	385024	----a-w-	c:\windows\system32\html.iec
2012-08-24 13:53 . 2001-08-18 19:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2002-08-29 03:41	2071936	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:26 . 2002-08-29 01:41	2195200	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-16 18:57 . 2012-08-16 18:57	57344	----a-r-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-08-16 18:54 . 2012-08-16 18:55	106496	----a-w-	c:\windows\system32\ATL71.DLL
2012-08-15 16:52 . 2012-08-15 16:52	4472832	----a-w-	c:\windows\system32\GPhotos.scr
2012-10-28 08:31 . 2012-10-28 08:31	261600	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"WinPatrol"="c:\programme\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HD Writer AE 1.0.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HD Writer AE 1.0.lnk
backup=c:\windows\pss\HD Writer AE 1.0.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-29 18:54	766536	----a-w-	c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2011-10-30 13:44	571392	----a-w-	c:\programme\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Hewlett-Packard\\hp deskjet 460 series\\Toolbox\\HPWRTBX.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\PhoenixRC\\phoenixRC.exe"=
"c:\\Programme\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Programme\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.11.2010 22:17 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [09.11.2012 20:45 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09.11.2012 20:45 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09.11.2012 20:45 21256]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [29.11.2010 20:56 6144]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [03.11.2012 08:54 399432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.11.2010 12:20 22856]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [27.11.2010 12:20 676936]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [04.03.2012 17:01 30312]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.06.2010 18:07 35088]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [23.01.2011 13:41 19656]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [23.01.2011 13:41 58496]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [04.03.2012 17:01 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [04.03.2012 17:01 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [04.03.2012 17:01 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [04.03.2012 17:01 114280]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 16231840
*NewlyCreated* - ASWMBR
*Deregistered* - 16231840
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:35]
.
2012-11-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-09 22:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Connection Wizard,ShellNext = ftp://ftp1893756@ftp-web.funpic.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.edkb.de/wetter/edkb.html
FF - prefs.js: network.proxy.http - 65.51.181.123
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-03 08:37; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2012-11-09 20:49; wrc@avast.com; c:\programme\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe ARM - c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-KiesHelper - c:\programme\Samsung\Kies\KiesHelper.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\programme\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-12 23:56
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Zeit der Fertigstellung: 2012-11-12  23:57:54
ComboFix-quarantined-files.txt  2012-11-12 22:57
.
Vor Suchlauf: 27 Verzeichnis(se), 27.171.815.424 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 27.286.384.640 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 43ABA41916D65E59822521F162294232
         
--- --- ---

Alt 13.11.2012, 10:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Ok, mach bitte neue Logs mit aswMBR und dem TDSS-Killer - genauso wie vorher auch
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.11.2012, 17:32   #13
EDDK
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Code:
ATTFilter
17:27:20.0453 3768  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:27:20.0468 3768  ============================================================
17:27:20.0468 3768  Current date / time: 2012/11/13 17:27:20.0468
17:27:20.0468 3768  SystemInfo:
17:27:20.0468 3768  
17:27:20.0468 3768  OS Version: 5.1.2600 ServicePack: 3.0
17:27:20.0468 3768  Product type: Workstation
17:27:20.0468 3768  ComputerName: AIRBORNE1
17:27:20.0468 3768  UserName: Admin
17:27:20.0468 3768  Windows directory: C:\WINDOWS
17:27:20.0468 3768  System windows directory: C:\WINDOWS
17:27:20.0468 3768  Processor architecture: Intel x86
17:27:20.0468 3768  Number of processors: 1
17:27:20.0468 3768  Page size: 0x1000
17:27:20.0468 3768  Boot type: Normal boot
17:27:20.0468 3768  ============================================================
17:27:21.0593 3768  Drive \Device\Harddisk0\DR0 - Size: 0x3A7450A000 (233.82 Gb), SectorSize: 0x200, Cylinders: 0x7EAE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:27:21.0609 3768  Drive \Device\Harddisk1\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:27:21.0609 3768  ============================================================
17:27:21.0609 3768  \Device\Harddisk0\DR0:
17:27:21.0609 3768  MBR partitions:
17:27:21.0609 3768  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D39C991
17:27:21.0609 3768  \Device\Harddisk1\DR2:
17:27:21.0609 3768  MBR partitions:
17:27:21.0609 3768  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
17:27:21.0609 3768  ============================================================
17:27:21.0625 3768  C: <-> \Device\Harddisk0\DR0\Partition1
17:27:21.0656 3768  G: <-> \Device\Harddisk1\DR2\Partition1
17:27:21.0656 3768  ============================================================
17:27:21.0656 3768  Initialize success
17:27:21.0656 3768  ============================================================
17:27:36.0234 3804  ============================================================
17:27:36.0234 3804  Scan started
17:27:36.0234 3804  Mode: Manual; SigCheck; TDLFS; 
17:27:36.0234 3804  ============================================================
17:27:36.0531 3804  ================ Scan system memory ========================
17:27:36.0531 3804  System memory - ok
17:27:36.0531 3804  ================ Scan services =============================
17:27:36.0687 3804  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
17:27:36.0812 3804  Aavmker4 - ok
17:27:36.0828 3804  Abiosdsk - ok
17:27:36.0828 3804  abp480n5 - ok
17:27:36.0859 3804  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:27:37.0078 3804  ACPI - ok
17:27:37.0093 3804  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:27:37.0234 3804  ACPIEC - ok
17:27:37.0296 3804  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:27:37.0328 3804  AdobeFlashPlayerUpdateSvc - ok
17:27:37.0328 3804  adpu160m - ok
17:27:37.0375 3804  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:27:37.0515 3804  aec - ok
17:27:37.0546 3804  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:27:37.0578 3804  AFD - ok
17:27:37.0593 3804  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
17:27:37.0734 3804  agp440 - ok
17:27:37.0734 3804  Aha154x - ok
17:27:37.0750 3804  aic78u2 - ok
17:27:37.0765 3804  aic78xx - ok
17:27:37.0781 3804  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:27:37.0921 3804  Alerter - ok
17:27:37.0937 3804  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
17:27:38.0078 3804  ALG - ok
17:27:38.0093 3804  AliIde - ok
17:27:38.0109 3804  amsint - ok
17:27:38.0140 3804  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\WINDOWS\system32\Drivers\ssadadb.sys
17:27:38.0171 3804  androidusb - ok
17:27:38.0187 3804  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:27:38.0312 3804  AppMgmt - ok
17:27:38.0312 3804  asc - ok
17:27:38.0328 3804  asc3350p - ok
17:27:38.0328 3804  asc3550 - ok
17:27:38.0437 3804  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:27:38.0468 3804  aspnet_state - ok
17:27:38.0500 3804  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:27:38.0515 3804  aswFsBlk - ok
17:27:38.0562 3804  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
17:27:38.0578 3804  aswMon2 - ok
17:27:38.0593 3804  [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
17:27:38.0609 3804  AswRdr - ok
17:27:38.0656 3804  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
17:27:38.0687 3804  aswSnx - ok
17:27:38.0718 3804  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
17:27:38.0734 3804  aswSP - ok
17:27:38.0765 3804  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
17:27:38.0781 3804  aswTdi - ok
17:27:38.0796 3804  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:27:38.0937 3804  AsyncMac - ok
17:27:38.0953 3804  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:27:39.0093 3804  atapi - ok
17:27:39.0109 3804  Atdisk - ok
17:27:39.0156 3804  [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:27:39.0187 3804  Ati HotKey Poller - ok
17:27:39.0359 3804  [ C832BF76F003999D2E91E5115583C69E ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:27:39.0578 3804  ati2mtag - ok
17:27:39.0609 3804  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:27:39.0734 3804  Atmarpc - ok
17:27:39.0750 3804  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:27:39.0890 3804  AudioSrv - ok
17:27:39.0921 3804  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:27:40.0046 3804  audstub - ok
17:27:40.0109 3804  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
17:27:40.0125 3804  avast! Antivirus - ok
17:27:40.0156 3804  [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:27:40.0203 3804  b57w2k - ok
17:27:40.0234 3804  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:27:40.0375 3804  Beep - ok
17:27:40.0421 3804  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\WINDOWS\system32\bgsvcgen.exe
17:27:40.0437 3804  bgsvcgen - ok
17:27:40.0468 3804  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:27:40.0609 3804  BITS - ok
17:27:40.0640 3804  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
17:27:40.0671 3804  Browser - ok
17:27:40.0796 3804  catchme - ok
17:27:40.0812 3804  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:27:40.0937 3804  cbidf2k - ok
17:27:40.0953 3804  [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:27:40.0984 3804  CCDECODE - ok
17:27:40.0984 3804  cd20xrnt - ok
17:27:41.0031 3804  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:27:41.0171 3804  Cdaudio - ok
17:27:41.0187 3804  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:27:41.0312 3804  Cdfs - ok
17:27:41.0328 3804  [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
17:27:41.0328 3804  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
17:27:41.0328 3804  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
17:27:41.0343 3804  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:27:41.0468 3804  Cdrom - ok
17:27:41.0484 3804  Changer - ok
17:27:41.0515 3804  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:27:41.0640 3804  CiSvc - ok
17:27:41.0687 3804  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:27:41.0828 3804  ClipSrv - ok
17:27:41.0890 3804  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:41.0953 3804  clr_optimization_v2.0.50727_32 - ok
17:27:41.0984 3804  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:42.0046 3804  clr_optimization_v4.0.30319_32 - ok
17:27:42.0062 3804  CmdIde - ok
17:27:42.0093 3804  [ FD40439BB258B9AA9AD314BF5948EF46 ] cmpci           C:\WINDOWS\system32\drivers\cmaudio.sys
17:27:42.0156 3804  cmpci - ok
17:27:42.0171 3804  COMSysApp - ok
17:27:42.0187 3804  Cpqarray - ok
17:27:42.0218 3804  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:27:42.0359 3804  CryptSvc - ok
17:27:42.0375 3804  dac2w2k - ok
17:27:42.0375 3804  dac960nt - ok
17:27:42.0421 3804  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:27:42.0468 3804  DcomLaunch - ok
17:27:42.0484 3804  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:27:42.0609 3804  Dhcp - ok
17:27:42.0625 3804  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:27:42.0750 3804  Disk - ok
17:27:42.0750 3804  dmadmin - ok
17:27:42.0781 3804  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:27:42.0953 3804  dmboot - ok
17:27:42.0953 3804  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:27:43.0093 3804  dmio - ok
17:27:43.0125 3804  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:27:43.0265 3804  dmload - ok
17:27:43.0265 3804  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:27:43.0406 3804  dmserver - ok
17:27:43.0421 3804  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:27:43.0546 3804  DMusic - ok
17:27:43.0578 3804  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:27:43.0609 3804  Dnscache - ok
17:27:43.0640 3804  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:27:43.0765 3804  Dot3svc - ok
17:27:43.0765 3804  dpti2o - ok
17:27:43.0796 3804  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:27:43.0921 3804  drmkaud - ok
17:27:43.0937 3804  EagleXNt - ok
17:27:43.0968 3804  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:27:44.0109 3804  EapHost - ok
17:27:44.0125 3804  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:27:44.0250 3804  ERSvc - ok
17:27:44.0281 3804  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
17:27:44.0312 3804  Eventlog - ok
17:27:44.0359 3804  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\System32\es.dll
17:27:44.0390 3804  EventSystem - ok
17:27:44.0390 3804  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:27:44.0515 3804  Fastfat - ok
17:27:44.0562 3804  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:27:44.0609 3804  FastUserSwitchingCompatibility - ok
17:27:44.0625 3804  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:27:44.0734 3804  Fdc - ok
17:27:44.0765 3804  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:27:44.0890 3804  Fips - ok
17:27:44.0890 3804  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:27:45.0015 3804  Flpydisk - ok
17:27:45.0062 3804  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:27:45.0171 3804  FltMgr - ok
17:27:45.0234 3804  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:27:45.0250 3804  FontCache3.0.0.0 - ok
17:27:45.0250 3804  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:27:45.0375 3804  Fs_Rec - ok
17:27:45.0390 3804  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:27:45.0515 3804  Ftdisk - ok
17:27:45.0531 3804  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:27:45.0656 3804  gameenum - ok
17:27:45.0671 3804  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:27:45.0796 3804  Gpc - ok
17:27:45.0843 3804  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
17:27:45.0859 3804  gusvc - ok
17:27:45.0906 3804  [ FC7DCDEF8F17D3C5DECC880673EA5BD5 ] hcwPVRP2        C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys
17:27:45.0984 3804  hcwPVRP2 - ok
17:27:46.0062 3804  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:27:46.0203 3804  helpsvc - ok
17:27:46.0234 3804  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:27:46.0375 3804  HidServ - ok
17:27:46.0390 3804  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:27:46.0515 3804  hidusb - ok
17:27:46.0546 3804  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:27:46.0671 3804  hkmsvc - ok
17:27:46.0687 3804  hpn - ok
17:27:46.0734 3804  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:27:46.0765 3804  HTTP - ok
17:27:46.0796 3804  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:27:46.0953 3804  HTTPFilter - ok
17:27:46.0968 3804  i2omgmt - ok
17:27:46.0968 3804  i2omp - ok
17:27:46.0984 3804  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:27:47.0125 3804  i8042prt - ok
17:27:47.0203 3804  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:27:47.0218 3804  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:27:47.0218 3804  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:27:47.0312 3804  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:27:47.0375 3804  idsvc - ok
17:27:47.0390 3804  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:27:47.0515 3804  Imapi - ok
17:27:47.0546 3804  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:27:47.0687 3804  ImapiService - ok
17:27:47.0687 3804  ini910u - ok
17:27:47.0703 3804  IntelIde - ok
17:27:47.0718 3804  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:27:47.0843 3804  intelppm - ok
17:27:47.0859 3804  [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort          C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
17:27:47.0875 3804  IOPort ( UnsignedFile.Multi.Generic ) - warning
17:27:47.0875 3804  IOPort - detected UnsignedFile.Multi.Generic (1)
17:27:47.0890 3804  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:27:48.0031 3804  ip6fw - ok
17:27:48.0062 3804  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:27:48.0187 3804  IpFilterDriver - ok
17:27:48.0203 3804  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:27:48.0343 3804  IpInIp - ok
17:27:48.0359 3804  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:27:48.0484 3804  IpNat - ok
17:27:48.0515 3804  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:27:48.0640 3804  IPSec - ok
17:27:48.0656 3804  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:27:48.0765 3804  IRENUM - ok
17:27:48.0796 3804  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:27:48.0921 3804  isapnp - ok
17:27:48.0921 3804  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:27:49.0046 3804  Kbdclass - ok
17:27:49.0046 3804  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:27:49.0187 3804  kbdhid - ok
17:27:49.0203 3804  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:27:49.0343 3804  kmixer - ok
17:27:49.0375 3804  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:27:49.0390 3804  KSecDD - ok
17:27:49.0406 3804  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:27:49.0453 3804  lanmanserver - ok
17:27:49.0484 3804  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:27:49.0515 3804  lanmanworkstation - ok
17:27:49.0546 3804  [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd             C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:27:49.0562 3804  Lbd - ok
17:27:49.0578 3804  lbrtfdc - ok
17:27:49.0609 3804  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:27:49.0718 3804  LmHosts - ok
17:27:49.0750 3804  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
17:27:49.0765 3804  MBAMProtector - ok
17:27:49.0828 3804  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:27:49.0859 3804  MBAMScheduler - ok
17:27:49.0890 3804  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
17:27:49.0921 3804  MBAMService - ok
17:27:49.0953 3804  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:27:50.0078 3804  Messenger - ok
17:27:50.0093 3804  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:27:50.0218 3804  mnmdd - ok
17:27:50.0250 3804  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
17:27:50.0375 3804  mnmsrvc - ok
17:27:50.0390 3804  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:27:50.0531 3804  Modem - ok
17:27:50.0546 3804  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:27:50.0671 3804  Mouclass - ok
17:27:50.0703 3804  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:27:50.0828 3804  mouhid - ok
17:27:50.0843 3804  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:27:50.0968 3804  MountMgr - ok
17:27:51.0000 3804  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:27:51.0015 3804  MozillaMaintenance - ok
17:27:51.0015 3804  mraid35x - ok
17:27:51.0031 3804  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:27:51.0156 3804  MRxDAV - ok
17:27:51.0203 3804  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:27:51.0234 3804  MRxSmb - ok
17:27:51.0265 3804  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
17:27:51.0406 3804  MSDTC - ok
17:27:51.0421 3804  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:27:51.0531 3804  Msfs - ok
17:27:51.0546 3804  MSIServer - ok
17:27:51.0578 3804  [ 85736F804191CB420A31ACA2A7F0674F ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:27:51.0609 3804  MSKSSRV - ok
17:27:51.0640 3804  [ E943ADB93D83C5CBC0CA3F53F53B48CC ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:27:51.0687 3804  MSPCLOCK - ok
17:27:51.0718 3804  [ F6A726B8832DB1F88326B8BE98B11981 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:27:51.0781 3804  MSPQM - ok
17:27:51.0812 3804  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:27:51.0937 3804  mssmbios - ok
17:27:51.0953 3804  [ D5059366B361F0E1124753447AF08AA2 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
17:27:52.0000 3804  MSTEE - ok
17:27:52.0015 3804  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:27:52.0031 3804  Mup - ok
17:27:52.0046 3804  [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:27:52.0062 3804  NABTSFEC - ok
17:27:52.0093 3804  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:27:52.0250 3804  napagent - ok
17:27:52.0265 3804  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:27:52.0375 3804  NDIS - ok
17:27:52.0406 3804  [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:27:52.0437 3804  NdisIP - ok
17:27:52.0484 3804  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:27:52.0515 3804  NdisTapi - ok
17:27:52.0546 3804  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:27:52.0671 3804  Ndisuio - ok
17:27:52.0687 3804  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:27:52.0796 3804  NdisWan - ok
17:27:52.0812 3804  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:27:52.0828 3804  NDProxy - ok
17:27:52.0843 3804  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:27:52.0968 3804  NetBIOS - ok
17:27:53.0000 3804  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:27:53.0140 3804  NetBT - ok
17:27:53.0171 3804  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:27:53.0296 3804  NetDDE - ok
17:27:53.0312 3804  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:27:53.0437 3804  NetDDEdsdm - ok
17:27:53.0468 3804  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:27:53.0593 3804  Netlogon - ok
17:27:53.0640 3804  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
17:27:53.0765 3804  Netman - ok
17:27:53.0796 3804  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:27:53.0828 3804  NetTcpPortSharing - ok
17:27:53.0843 3804  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:27:53.0875 3804  Nla - ok
17:27:53.0921 3804  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Programme\CDBurnerXP\NMSAccessU.exe
17:27:53.0937 3804  NMSAccess - ok
17:27:53.0984 3804  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\WINDOWS\system32\drivers\npf.sys
17:27:54.0000 3804  NPF - ok
17:27:54.0015 3804  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:27:54.0140 3804  Npfs - ok
17:27:54.0156 3804  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:27:54.0328 3804  Ntfs - ok
17:27:54.0343 3804  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
17:27:54.0468 3804  NtLmSsp - ok
17:27:54.0515 3804  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:27:54.0687 3804  NtmsSvc - ok
17:27:54.0718 3804  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:27:54.0828 3804  Null - ok
17:27:54.0843 3804  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:27:54.0984 3804  NwlnkFlt - ok
17:27:55.0015 3804  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:27:55.0156 3804  NwlnkFwd - ok
17:27:55.0171 3804  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:27:55.0312 3804  Parport - ok
17:27:55.0312 3804  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:27:55.0437 3804  PartMgr - ok
17:27:55.0484 3804  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:27:55.0609 3804  ParVdm - ok
17:27:55.0625 3804  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:27:55.0750 3804  PCI - ok
17:27:55.0750 3804  PCIDump - ok
17:27:55.0781 3804  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:27:55.0921 3804  PCIIde - ok
17:27:55.0937 3804  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:27:56.0062 3804  Pcmcia - ok
17:27:56.0078 3804  PDCOMP - ok
17:27:56.0078 3804  PDFRAME - ok
17:27:56.0093 3804  PDRELI - ok
17:27:56.0093 3804  PDRFRAME - ok
17:27:56.0109 3804  perc2 - ok
17:27:56.0109 3804  perc2hib - ok
17:27:56.0156 3804  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
17:27:56.0187 3804  PlugPlay - ok
17:27:56.0187 3804  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:27:56.0312 3804  PolicyAgent - ok
17:27:56.0328 3804  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:27:56.0453 3804  PptpMiniport - ok
17:27:56.0468 3804  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
17:27:56.0593 3804  Processor - ok
17:27:56.0593 3804  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:27:56.0734 3804  ProtectedStorage - ok
17:27:56.0734 3804  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:27:56.0859 3804  PSched - ok
17:27:56.0875 3804  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:27:57.0015 3804  Ptilink - ok
17:27:57.0046 3804  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:27:57.0062 3804  PxHelp20 - ok
17:27:57.0078 3804  ql1080 - ok
17:27:57.0078 3804  Ql10wnt - ok
17:27:57.0093 3804  ql12160 - ok
17:27:57.0093 3804  ql1240 - ok
17:27:57.0109 3804  ql1280 - ok
17:27:57.0125 3804  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:27:57.0250 3804  RasAcd - ok
17:27:57.0281 3804  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:27:57.0421 3804  RasAuto - ok
17:27:57.0421 3804  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:27:57.0546 3804  Rasl2tp - ok
17:27:57.0593 3804  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:27:57.0750 3804  RasMan - ok
17:27:57.0750 3804  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:27:57.0875 3804  RasPppoe - ok
17:27:57.0890 3804  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:27:58.0031 3804  Raspti - ok
17:27:58.0046 3804  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:27:58.0171 3804  Rdbss - ok
17:27:58.0171 3804  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:27:58.0296 3804  RDPCDD - ok
17:27:58.0312 3804  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:27:58.0437 3804  rdpdr - ok
17:27:58.0484 3804  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:27:58.0515 3804  RDPWD - ok
17:27:58.0546 3804  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:27:58.0671 3804  RDSessMgr - ok
17:27:58.0687 3804  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:27:58.0812 3804  redbook - ok
17:27:58.0828 3804  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:27:58.0953 3804  RemoteAccess - ok
17:27:59.0000 3804  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:27:59.0140 3804  RemoteRegistry - ok
17:27:59.0171 3804  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Programme\WinPcap\rpcapd.exe
17:27:59.0203 3804  rpcapd - ok
17:27:59.0218 3804  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\System32\locator.exe
17:27:59.0343 3804  RpcLocator - ok
17:27:59.0375 3804  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
17:27:59.0406 3804  RpcSs - ok
17:27:59.0437 3804  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\System32\rsvp.exe
17:27:59.0578 3804  RSVP - ok
17:27:59.0609 3804  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:27:59.0734 3804  SamSs - ok
17:27:59.0750 3804  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:27:59.0890 3804  SCardSvr - ok
17:27:59.0937 3804  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:28:00.0062 3804  Schedule - ok
17:28:00.0078 3804  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:28:00.0203 3804  Secdrv - ok
17:28:00.0234 3804  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:28:00.0359 3804  seclogon - ok
17:28:00.0390 3804  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
17:28:00.0515 3804  SENS - ok
17:28:00.0531 3804  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:28:00.0671 3804  serenum - ok
17:28:00.0671 3804  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:28:00.0796 3804  Serial - ok
17:28:00.0859 3804  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:28:00.0968 3804  Sfloppy - ok
17:28:01.0015 3804  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:28:01.0156 3804  SharedAccess - ok
17:28:01.0187 3804  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:28:01.0203 3804  ShellHWDetection - ok
17:28:01.0250 3804  [ 4AABD176758CDBCFB834A72BD01CD02F ] silabenm        C:\WINDOWS\system32\DRIVERS\silabenm.sys
17:28:01.0265 3804  silabenm ( UnsignedFile.Multi.Generic ) - warning
17:28:01.0265 3804  silabenm - detected UnsignedFile.Multi.Generic (1)
17:28:01.0296 3804  [ F5460535EDE7ADEB0721BC56587554EA ] silabser        C:\WINDOWS\system32\DRIVERS\silabser.sys
17:28:01.0328 3804  silabser ( UnsignedFile.Multi.Generic ) - warning
17:28:01.0328 3804  silabser - detected UnsignedFile.Multi.Generic (1)
17:28:01.0328 3804  Simbad - ok
17:28:01.0359 3804  [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:28:01.0406 3804  SLIP - ok
17:28:01.0421 3804  Sparrow - ok
17:28:01.0468 3804  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:28:01.0578 3804  splitter - ok
17:28:01.0609 3804  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:28:01.0640 3804  Spooler - ok
17:28:01.0671 3804  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:28:01.0781 3804  sr - ok
17:28:01.0812 3804  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:28:01.0953 3804  srservice - ok
17:28:01.0984 3804  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:28:02.0015 3804  Srv - ok
17:28:02.0046 3804  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\WINDOWS\system32\DRIVERS\ssadbus.sys
17:28:02.0062 3804  ssadbus - ok
17:28:02.0078 3804  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
17:28:02.0109 3804  ssadmdfl - ok
17:28:02.0125 3804  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
17:28:02.0156 3804  ssadmdm - ok
17:28:02.0171 3804  [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd        C:\WINDOWS\system32\DRIVERS\ssadserd.sys
17:28:02.0218 3804  ssadserd - ok
17:28:02.0234 3804  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:28:02.0375 3804  SSDPSRV - ok
17:28:02.0421 3804  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
17:28:02.0437 3804  StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:28:02.0437 3804  StarOpen - detected UnsignedFile.Multi.Generic (1)
17:28:02.0468 3804  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:28:02.0625 3804  stisvc - ok
17:28:02.0656 3804  [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:28:02.0671 3804  streamip - ok
17:28:02.0718 3804  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:28:02.0843 3804  swenum - ok
17:28:02.0859 3804  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:28:02.0968 3804  swmidi - ok
17:28:02.0984 3804  SwPrv - ok
17:28:03.0000 3804  symc810 - ok
17:28:03.0000 3804  symc8xx - ok
17:28:03.0015 3804  sym_hi - ok
17:28:03.0015 3804  sym_u3 - ok
17:28:03.0062 3804  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:28:03.0187 3804  sysaudio - ok
17:28:03.0218 3804  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:28:03.0343 3804  SysmonLog - ok
17:28:03.0375 3804  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:28:03.0531 3804  TapiSrv - ok
17:28:03.0578 3804  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:28:03.0593 3804  Tcpip - ok
17:28:03.0609 3804  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:28:03.0734 3804  TDPIPE - ok
17:28:03.0765 3804  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:28:03.0875 3804  TDTCP - ok
17:28:03.0921 3804  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:28:04.0031 3804  TermDD - ok
17:28:04.0062 3804  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:28:04.0218 3804  TermService - ok
17:28:04.0234 3804  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:28:04.0250 3804  Themes - ok
17:28:04.0296 3804  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
17:28:04.0421 3804  TlntSvr - ok
17:28:04.0437 3804  TosIde - ok
17:28:04.0453 3804  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:28:04.0578 3804  TrkWks - ok
17:28:04.0609 3804  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:28:04.0734 3804  Udfs - ok
17:28:04.0734 3804  ultra - ok
17:28:04.0750 3804  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:28:04.0921 3804  Update - ok
17:28:04.0937 3804  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:28:05.0078 3804  upnphost - ok
17:28:05.0093 3804  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
17:28:05.0218 3804  UPS - ok
17:28:05.0234 3804  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
17:28:05.0375 3804  usbaudio - ok
17:28:05.0421 3804  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:28:05.0531 3804  usbccgp - ok
17:28:05.0546 3804  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:28:05.0671 3804  usbehci - ok
17:28:05.0671 3804  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:28:05.0796 3804  usbhub - ok
17:28:05.0843 3804  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:28:05.0968 3804  usbprint - ok
17:28:06.0015 3804  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:28:06.0140 3804  usbscan - ok
17:28:06.0156 3804  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:28:06.0296 3804  USBSTOR - ok
17:28:06.0312 3804  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:28:06.0437 3804  usbuhci - ok
17:28:06.0468 3804  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
17:28:06.0593 3804  usbvideo - ok
17:28:06.0625 3804  [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI          C:\WINDOWS\system32\UTSCSI.EXE
17:28:06.0656 3804  UTSCSI ( UnsignedFile.Multi.Generic ) - warning
17:28:06.0656 3804  UTSCSI - detected UnsignedFile.Multi.Generic (1)
17:28:06.0703 3804  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:28:06.0828 3804  VgaSave - ok
17:28:06.0828 3804  ViaIde - ok
17:28:06.0875 3804  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:28:06.0984 3804  VolSnap - ok
17:28:07.0015 3804  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
17:28:07.0156 3804  VSS - ok
17:28:07.0187 3804  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
17:28:07.0312 3804  W32Time - ok
17:28:07.0343 3804  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:28:07.0484 3804  Wanarp - ok
17:28:07.0531 3804  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
17:28:07.0562 3804  Wdf01000 - ok
17:28:07.0578 3804  WDICA - ok
17:28:07.0609 3804  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:28:07.0734 3804  wdmaud - ok
17:28:07.0765 3804  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:28:07.0890 3804  WebClient - ok
17:28:07.0968 3804  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:28:08.0093 3804  winmgmt - ok
17:28:08.0140 3804  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:28:08.0156 3804  WmdmPmSN - ok
17:28:08.0187 3804  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:28:08.0265 3804  Wmi - ok
17:28:08.0281 3804  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:28:08.0406 3804  WmiApSrv - ok
17:28:08.0421 3804  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:28:08.0437 3804  WpdUsb - ok
17:28:08.0515 3804  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:28:08.0562 3804  WPFFontCache_v0400 - ok
17:28:08.0593 3804  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:28:08.0734 3804  WS2IFSL - ok
17:28:08.0765 3804  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:28:08.0906 3804  wscsvc - ok
17:28:08.0937 3804  [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:28:08.0953 3804  WSTCODEC - ok
17:28:08.0984 3804  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:28:09.0109 3804  wuauserv - ok
17:28:09.0156 3804  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:28:09.0171 3804  WudfPf - ok
17:28:09.0187 3804  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:28:09.0203 3804  WudfRd - ok
17:28:09.0250 3804  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:28:09.0281 3804  WudfSvc - ok
17:28:09.0328 3804  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:28:09.0515 3804  WZCSVC - ok
17:28:09.0546 3804  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:28:09.0703 3804  xmlprov - ok
17:28:09.0718 3804  ================ Scan global ===============================
17:28:09.0750 3804  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:28:09.0812 3804  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:28:09.0828 3804  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:28:09.0875 3804  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:28:09.0890 3804  [Global] - ok
17:28:09.0890 3804  ================ Scan MBR ==================================
17:28:09.0906 3804  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:28:10.0109 3804  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:28:10.0109 3804  \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:28:10.0125 3804  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
17:28:10.0312 3804  \Device\Harddisk1\DR2 - ok
17:28:10.0312 3804  ================ Scan VBR ==================================
17:28:10.0328 3804  [ D964B52BD354518261E5B697C98E79D1 ] \Device\Harddisk0\DR0\Partition1
17:28:10.0328 3804  \Device\Harddisk0\DR0\Partition1 - ok
17:28:10.0328 3804  [ F17264F44C7DBECAC0FD14C51ED6F082 ] \Device\Harddisk1\DR2\Partition1
17:28:10.0328 3804  \Device\Harddisk1\DR2\Partition1 - ok
17:28:10.0328 3804  ============================================================
17:28:10.0328 3804  Scan finished
17:28:10.0328 3804  ============================================================
17:28:10.0437 3784  Detected object count: 8
17:28:10.0437 3784  Actual detected object count: 8
17:28:32.0812 3784  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:28:32.0812 3784  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:28:32.0812 3784  IOPort ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784  IOPort ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:28:32.0812 3784  silabenm ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784  silabenm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:28:32.0812 3784  silabser ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784  silabser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:28:32.0812 3784  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0812 3784  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:28:32.0828 3784  UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
17:28:32.0828 3784  UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:28:32.0828 3784  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:28:32.0828 3784  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         





Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-13 17:16:07
-----------------------------
17:16:07.468    OS Version: Windows 5.1.2600 Service Pack 3
17:16:07.468    Number of processors: 1 586 0x304
17:16:07.468    ComputerName: AIRBORNE1  UserName: Admin
17:16:08.328    Initialize success
17:16:08.500    AVAST engine defs: 12111300
17:16:50.859    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
17:16:50.859    Disk 0 Vendor: WDC_WD2502ABYS-02B7A0 02.03B03 Size: 239429MB BusType: 3
17:16:50.875    Disk 0 MBR read successfully
17:16:50.875    Disk 0 MBR scan
17:16:50.875    Disk 0 Windows XP default MBR code
17:16:50.875    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       239417 MB offset 63
17:16:50.890    Disk 0 scanning sectors +490326480
17:16:50.937    Disk 0 scanning C:\WINDOWS\system32\drivers
17:16:57.421    Service scanning
17:17:06.531    Modules scanning
17:17:09.296    Disk 0 trace - called modules:
17:17:09.312    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
17:17:09.312    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89f18ab8]
17:17:09.312    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005e[0x89eb7a00]
17:17:09.312    5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x89da7940]
17:17:09.828    AVAST engine scan C:\WINDOWS
17:17:12.015    AVAST engine scan C:\WINDOWS\system32
17:19:33.343    AVAST engine scan C:\WINDOWS\system32\drivers
17:19:49.890    AVAST engine scan C:\Dokumente und Einstellungen\Admin
17:22:35.609    AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:23:35.484    Scan finished successfully
17:26:38.937    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\MBR.dat"
17:26:38.953    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Desktop\aswMBR2.txt"
         

Alt 13.11.2012, 21:43   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Code:
ATTFilter
23:32:16.0859 1652  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
         
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.11.2012, 22:08   #15
EDDK
 
Trojan.Generic.6760809 im Receycler und System Volume Information - Standard

Trojan.Generic.6760809 im Receycler und System Volume Information



Code:
ATTFilter
21:53:22.0796 3480  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:53:22.0890 3480  ============================================================
21:53:22.0890 3480  Current date / time: 2012/11/13 21:53:22.0890
21:53:22.0890 3480  SystemInfo:
21:53:22.0890 3480  
21:53:22.0890 3480  OS Version: 5.1.2600 ServicePack: 3.0
21:53:22.0890 3480  Product type: Workstation
21:53:22.0890 3480  ComputerName: AIRBORNE1
21:53:22.0890 3480  UserName: Admin
21:53:22.0890 3480  Windows directory: C:\WINDOWS
21:53:22.0890 3480  System windows directory: C:\WINDOWS
21:53:22.0890 3480  Processor architecture: Intel x86
21:53:22.0890 3480  Number of processors: 1
21:53:22.0890 3480  Page size: 0x1000
21:53:22.0890 3480  Boot type: Normal boot
21:53:22.0890 3480  ============================================================
21:53:23.0984 3480  Drive \Device\Harddisk0\DR0 - Size: 0x3A7450A000 (233.82 Gb), SectorSize: 0x200, Cylinders: 0x7EAE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:53:24.0015 3480  Drive \Device\Harddisk1\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:53:30.0953 3480  ============================================================
21:53:30.0953 3480  \Device\Harddisk0\DR0:
21:53:30.0984 3480  MBR partitions:
21:53:30.0984 3480  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D39C991
21:53:30.0984 3480  \Device\Harddisk1\DR2:
21:53:30.0984 3480  MBR partitions:
21:53:30.0984 3480  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
21:53:30.0984 3480  ============================================================
21:53:31.0000 3480  C: <-> \Device\Harddisk0\DR0\Partition1
21:53:31.0031 3480  G: <-> \Device\Harddisk1\DR2\Partition1
21:53:31.0031 3480  ============================================================
21:53:31.0031 3480  Initialize success
21:53:31.0031 3480  ============================================================
21:53:41.0703 1492  ============================================================
21:53:41.0703 1492  Scan started
21:53:41.0703 1492  Mode: Manual; SigCheck; TDLFS; 
21:53:41.0703 1492  ============================================================
21:53:41.0906 1492  ================ Scan system memory ========================
21:53:41.0906 1492  System memory - ok
21:53:41.0906 1492  ================ Scan services =============================
21:53:42.0031 1492  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
21:53:42.0218 1492  Aavmker4 - ok
21:53:42.0234 1492  Abiosdsk - ok
21:53:42.0234 1492  abp480n5 - ok
21:53:42.0281 1492  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:53:42.0796 1492  ACPI - ok
21:53:42.0828 1492  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:53:42.0968 1492  ACPIEC - ok
21:53:43.0046 1492  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:53:43.0062 1492  AdobeFlashPlayerUpdateSvc - ok
21:53:43.0078 1492  adpu160m - ok
21:53:43.0109 1492  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:53:43.0265 1492  aec - ok
21:53:43.0312 1492  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:53:43.0343 1492  AFD - ok
21:53:43.0375 1492  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
21:53:43.0531 1492  agp440 - ok
21:53:43.0546 1492  Aha154x - ok
21:53:43.0546 1492  aic78u2 - ok
21:53:43.0562 1492  aic78xx - ok
21:53:43.0593 1492  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:53:43.0750 1492  Alerter - ok
21:53:43.0765 1492  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
21:53:43.0890 1492  ALG - ok
21:53:43.0890 1492  AliIde - ok
21:53:43.0906 1492  amsint - ok
21:53:43.0937 1492  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\WINDOWS\system32\Drivers\ssadadb.sys
21:53:44.0015 1492  androidusb - ok
21:53:44.0046 1492  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
21:53:44.0171 1492  AppMgmt - ok
21:53:44.0171 1492  asc - ok
21:53:44.0187 1492  asc3350p - ok
21:53:44.0187 1492  asc3550 - ok
21:53:44.0312 1492  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:53:44.0328 1492  aspnet_state - ok
21:53:44.0359 1492  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:53:44.0375 1492  aswFsBlk - ok
21:53:44.0421 1492  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
21:53:44.0437 1492  aswMon2 - ok
21:53:44.0453 1492  [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
21:53:44.0468 1492  AswRdr - ok
21:53:44.0484 1492  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
21:53:44.0546 1492  aswSnx - ok
21:53:44.0578 1492  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
21:53:44.0609 1492  aswSP - ok
21:53:44.0640 1492  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
21:53:44.0656 1492  aswTdi - ok
21:53:44.0671 1492  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:53:44.0812 1492  AsyncMac - ok
21:53:44.0843 1492  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:53:44.0984 1492  atapi - ok
21:53:45.0000 1492  Atdisk - ok
21:53:45.0046 1492  [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:53:45.0125 1492  Ati HotKey Poller - ok
21:53:45.0296 1492  [ C832BF76F003999D2E91E5115583C69E ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:53:45.0515 1492  ati2mtag - ok
21:53:45.0546 1492  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:53:45.0671 1492  Atmarpc - ok
21:53:45.0703 1492  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:53:45.0843 1492  AudioSrv - ok
21:53:45.0875 1492  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:53:46.0000 1492  audstub - ok
21:53:46.0078 1492  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
21:53:46.0093 1492  avast! Antivirus - ok
21:53:46.0125 1492  [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:53:46.0171 1492  b57w2k - ok
21:53:46.0218 1492  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:53:46.0343 1492  Beep - ok
21:53:46.0390 1492  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\WINDOWS\system32\bgsvcgen.exe
21:53:46.0406 1492  bgsvcgen - ok
21:53:46.0437 1492  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:53:46.0578 1492  BITS - ok
21:53:46.0609 1492  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
21:53:46.0656 1492  Browser - ok
21:53:46.0781 1492  catchme - ok
21:53:46.0812 1492  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:53:46.0937 1492  cbidf2k - ok
21:53:46.0953 1492  [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:53:47.0000 1492  CCDECODE - ok
21:53:47.0015 1492  cd20xrnt - ok
21:53:47.0046 1492  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:53:47.0187 1492  Cdaudio - ok
21:53:47.0218 1492  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:53:47.0343 1492  Cdfs - ok
21:53:47.0375 1492  [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
21:53:47.0375 1492  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
21:53:47.0375 1492  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
21:53:47.0390 1492  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:53:47.0531 1492  Cdrom - ok
21:53:47.0546 1492  Changer - ok
21:53:47.0578 1492  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:53:47.0703 1492  CiSvc - ok
21:53:47.0750 1492  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:53:47.0875 1492  ClipSrv - ok
21:53:47.0937 1492  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:53:47.0953 1492  clr_optimization_v2.0.50727_32 - ok
21:53:48.0000 1492  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:53:48.0015 1492  clr_optimization_v4.0.30319_32 - ok
21:53:48.0015 1492  CmdIde - ok
21:53:48.0062 1492  [ FD40439BB258B9AA9AD314BF5948EF46 ] cmpci           C:\WINDOWS\system32\drivers\cmaudio.sys
21:53:48.0125 1492  cmpci - ok
21:53:48.0125 1492  COMSysApp - ok
21:53:48.0140 1492  Cpqarray - ok
21:53:48.0171 1492  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:53:48.0312 1492  CryptSvc - ok
21:53:48.0328 1492  dac2w2k - ok
21:53:48.0328 1492  dac960nt - ok
21:53:48.0375 1492  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:53:48.0453 1492  DcomLaunch - ok
21:53:48.0500 1492  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:53:48.0625 1492  Dhcp - ok
21:53:48.0640 1492  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:53:48.0765 1492  Disk - ok
21:53:48.0781 1492  dmadmin - ok
21:53:48.0812 1492  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:53:48.0984 1492  dmboot - ok
21:53:49.0000 1492  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:53:49.0125 1492  dmio - ok
21:53:49.0156 1492  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:53:49.0296 1492  dmload - ok
21:53:49.0328 1492  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:53:49.0468 1492  dmserver - ok
21:53:49.0484 1492  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:53:49.0609 1492  DMusic - ok
21:53:49.0640 1492  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:53:49.0703 1492  Dnscache - ok
21:53:49.0734 1492  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:53:49.0859 1492  Dot3svc - ok
21:53:49.0875 1492  dpti2o - ok
21:53:49.0906 1492  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:53:50.0031 1492  drmkaud - ok
21:53:50.0046 1492  EagleXNt - ok
21:53:50.0078 1492  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:53:50.0234 1492  EapHost - ok
21:53:50.0250 1492  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:53:50.0390 1492  ERSvc - ok
21:53:50.0437 1492  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
21:53:50.0468 1492  Eventlog - ok
21:53:50.0515 1492  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\System32\es.dll
21:53:50.0562 1492  EventSystem - ok
21:53:50.0593 1492  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:53:50.0718 1492  Fastfat - ok
21:53:50.0734 1492  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:53:50.0781 1492  FastUserSwitchingCompatibility - ok
21:53:50.0812 1492  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:53:50.0937 1492  Fdc - ok
21:53:50.0953 1492  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:53:51.0078 1492  Fips - ok
21:53:51.0109 1492  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:53:51.0234 1492  Flpydisk - ok
21:53:51.0265 1492  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:53:51.0390 1492  FltMgr - ok
21:53:51.0453 1492  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:53:51.0468 1492  FontCache3.0.0.0 - ok
21:53:51.0484 1492  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:53:51.0609 1492  Fs_Rec - ok
21:53:51.0625 1492  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:53:51.0765 1492  Ftdisk - ok
21:53:51.0781 1492  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:53:51.0906 1492  gameenum - ok
21:53:51.0953 1492  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:53:52.0078 1492  Gpc - ok
21:53:52.0125 1492  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
21:53:52.0140 1492  gusvc - ok
21:53:52.0203 1492  [ FC7DCDEF8F17D3C5DECC880673EA5BD5 ] hcwPVRP2        C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys
21:53:52.0281 1492  hcwPVRP2 - ok
21:53:52.0359 1492  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:53:52.0500 1492  helpsvc - ok
21:53:52.0546 1492  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:53:52.0687 1492  HidServ - ok
21:53:52.0703 1492  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:53:52.0828 1492  hidusb - ok
21:53:52.0875 1492  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:53:53.0000 1492  hkmsvc - ok
21:53:53.0015 1492  hpn - ok
21:53:53.0062 1492  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:53:53.0109 1492  HTTP - ok
21:53:53.0156 1492  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:53:53.0328 1492  HTTPFilter - ok
21:53:53.0343 1492  i2omgmt - ok
21:53:53.0343 1492  i2omp - ok
21:53:53.0375 1492  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:53:53.0500 1492  i8042prt - ok
21:53:53.0578 1492  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:53:53.0593 1492  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:53:53.0593 1492  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:53:53.0671 1492  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:53:53.0703 1492  idsvc - ok
21:53:53.0734 1492  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:53:53.0859 1492  Imapi - ok
21:53:53.0906 1492  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:53:54.0046 1492  ImapiService - ok
21:53:54.0062 1492  ini910u - ok
21:53:54.0078 1492  IntelIde - ok
21:53:54.0093 1492  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:53:54.0234 1492  intelppm - ok
21:53:54.0281 1492  [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort          C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
21:53:54.0281 1492  IOPort ( UnsignedFile.Multi.Generic ) - warning
21:53:54.0281 1492  IOPort - detected UnsignedFile.Multi.Generic (1)
21:53:54.0312 1492  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:53:54.0437 1492  ip6fw - ok
21:53:54.0468 1492  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:53:54.0593 1492  IpFilterDriver - ok
21:53:54.0609 1492  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:53:54.0750 1492  IpInIp - ok
21:53:54.0781 1492  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:53:54.0906 1492  IpNat - ok
21:53:54.0921 1492  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:53:55.0046 1492  IPSec - ok
21:53:55.0078 1492  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:53:55.0203 1492  IRENUM - ok
21:53:55.0234 1492  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:53:55.0359 1492  isapnp - ok
21:53:55.0375 1492  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:53:55.0500 1492  Kbdclass - ok
21:53:55.0515 1492  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:53:55.0640 1492  kbdhid - ok
21:53:55.0671 1492  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:53:55.0812 1492  kmixer - ok
21:53:55.0843 1492  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:53:55.0875 1492  KSecDD - ok
21:53:55.0921 1492  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:53:55.0984 1492  lanmanserver - ok
21:53:56.0031 1492  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:53:56.0062 1492  lanmanworkstation - ok
21:53:56.0093 1492  [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd             C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:53:56.0109 1492  Lbd - ok
21:53:56.0109 1492  lbrtfdc - ok
21:53:56.0156 1492  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:53:56.0296 1492  LmHosts - ok
21:53:56.0343 1492  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
21:53:56.0359 1492  MBAMProtector - ok
21:53:56.0437 1492  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:53:56.0453 1492  MBAMScheduler - ok
21:53:56.0500 1492  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
21:53:56.0546 1492  MBAMService - ok
21:53:56.0562 1492  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:53:56.0687 1492  Messenger - ok
21:53:56.0734 1492  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:53:56.0875 1492  mnmdd - ok
21:53:56.0921 1492  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
21:53:57.0046 1492  mnmsrvc - ok
21:53:57.0062 1492  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:53:57.0203 1492  Modem - ok
21:53:57.0234 1492  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:53:57.0375 1492  Mouclass - ok
21:53:57.0421 1492  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:53:57.0562 1492  mouhid - ok
21:53:57.0562 1492  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:53:57.0687 1492  MountMgr - ok
21:53:57.0718 1492  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:53:57.0734 1492  MozillaMaintenance - ok
21:53:57.0734 1492  mraid35x - ok
21:53:57.0750 1492  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:53:57.0875 1492  MRxDAV - ok
21:53:57.0937 1492  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:53:58.0000 1492  MRxSmb - ok
21:53:58.0031 1492  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
21:53:58.0171 1492  MSDTC - ok
21:53:58.0171 1492  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:53:58.0312 1492  Msfs - ok
21:53:58.0312 1492  MSIServer - ok
21:53:58.0343 1492  [ 85736F804191CB420A31ACA2A7F0674F ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:53:58.0375 1492  MSKSSRV - ok
21:53:58.0406 1492  [ E943ADB93D83C5CBC0CA3F53F53B48CC ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:53:58.0468 1492  MSPCLOCK - ok
21:53:58.0500 1492  [ F6A726B8832DB1F88326B8BE98B11981 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:53:58.0562 1492  MSPQM - ok
21:53:58.0562 1492  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:53:58.0687 1492  mssmbios - ok
21:53:58.0718 1492  [ D5059366B361F0E1124753447AF08AA2 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:53:58.0765 1492  MSTEE - ok
21:53:58.0781 1492  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:53:58.0812 1492  Mup - ok
21:53:58.0843 1492  [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:53:58.0859 1492  NABTSFEC - ok
21:53:58.0906 1492  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:53:59.0046 1492  napagent - ok
21:53:59.0062 1492  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:53:59.0203 1492  NDIS - ok
21:53:59.0218 1492  [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:53:59.0250 1492  NdisIP - ok
21:53:59.0296 1492  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:53:59.0328 1492  NdisTapi - ok
21:53:59.0359 1492  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:53:59.0484 1492  Ndisuio - ok
21:53:59.0500 1492  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:53:59.0625 1492  NdisWan - ok
21:53:59.0656 1492  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:53:59.0687 1492  NDProxy - ok
21:53:59.0718 1492  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:53:59.0859 1492  NetBIOS - ok
21:53:59.0890 1492  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:54:00.0015 1492  NetBT - ok
21:54:00.0062 1492  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:54:00.0187 1492  NetDDE - ok
21:54:00.0203 1492  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:54:00.0328 1492  NetDDEdsdm - ok
21:54:00.0359 1492  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:54:00.0500 1492  Netlogon - ok
21:54:00.0546 1492  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
21:54:00.0687 1492  Netman - ok
21:54:00.0734 1492  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:54:00.0750 1492  NetTcpPortSharing - ok
21:54:00.0765 1492  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:54:00.0796 1492  Nla - ok
21:54:00.0875 1492  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Programme\CDBurnerXP\NMSAccessU.exe
21:54:00.0890 1492  NMSAccess - ok
21:54:00.0937 1492  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\WINDOWS\system32\drivers\npf.sys
21:54:00.0953 1492  NPF - ok
21:54:00.0968 1492  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:54:01.0109 1492  Npfs - ok
21:54:01.0140 1492  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:54:01.0281 1492  Ntfs - ok
21:54:01.0296 1492  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
21:54:01.0421 1492  NtLmSsp - ok
21:54:01.0453 1492  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:54:01.0625 1492  NtmsSvc - ok
21:54:01.0640 1492  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:54:01.0781 1492  Null - ok
21:54:01.0812 1492  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:54:01.0937 1492  NwlnkFlt - ok
21:54:01.0953 1492  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:54:02.0078 1492  NwlnkFwd - ok
21:54:02.0125 1492  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:54:02.0250 1492  Parport - ok
21:54:02.0265 1492  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:54:02.0390 1492  PartMgr - ok
21:54:02.0437 1492  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:54:02.0562 1492  ParVdm - ok
21:54:02.0578 1492  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:54:02.0703 1492  PCI - ok
21:54:02.0718 1492  PCIDump - ok
21:54:02.0734 1492  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:54:02.0875 1492  PCIIde - ok
21:54:02.0921 1492  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:54:03.0062 1492  Pcmcia - ok
21:54:03.0078 1492  PDCOMP - ok
21:54:03.0078 1492  PDFRAME - ok
21:54:03.0093 1492  PDRELI - ok
21:54:03.0109 1492  PDRFRAME - ok
21:54:03.0109 1492  perc2 - ok
21:54:03.0125 1492  perc2hib - ok
21:54:03.0156 1492  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
21:54:03.0187 1492  PlugPlay - ok
21:54:03.0187 1492  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:54:03.0312 1492  PolicyAgent - ok
21:54:03.0359 1492  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:54:03.0500 1492  PptpMiniport - ok
21:54:03.0515 1492  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
21:54:03.0625 1492  Processor - ok
21:54:03.0640 1492  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:54:03.0765 1492  ProtectedStorage - ok
21:54:03.0781 1492  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:54:03.0906 1492  PSched - ok
21:54:03.0937 1492  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:54:04.0093 1492  Ptilink - ok
21:54:04.0125 1492  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:54:04.0140 1492  PxHelp20 - ok
21:54:04.0140 1492  ql1080 - ok
21:54:04.0156 1492  Ql10wnt - ok
21:54:04.0156 1492  ql12160 - ok
21:54:04.0171 1492  ql1240 - ok
21:54:04.0171 1492  ql1280 - ok
21:54:04.0203 1492  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:54:04.0328 1492  RasAcd - ok
21:54:04.0375 1492  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:54:04.0500 1492  RasAuto - ok
21:54:04.0531 1492  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:54:04.0640 1492  Rasl2tp - ok
21:54:04.0671 1492  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:54:04.0828 1492  RasMan - ok
21:54:04.0843 1492  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:54:04.0968 1492  RasPppoe - ok
21:54:05.0000 1492  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:54:05.0140 1492  Raspti - ok
21:54:05.0140 1492  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:54:05.0281 1492  Rdbss - ok
21:54:05.0296 1492  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:54:05.0421 1492  RDPCDD - ok
21:54:05.0453 1492  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:54:05.0578 1492  rdpdr - ok
21:54:05.0625 1492  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:54:05.0671 1492  RDPWD - ok
21:54:05.0703 1492  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:54:05.0843 1492  RDSessMgr - ok
21:54:05.0890 1492  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:54:06.0000 1492  redbook - ok
21:54:06.0046 1492  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:54:06.0171 1492  RemoteAccess - ok
21:54:06.0203 1492  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:54:06.0343 1492  RemoteRegistry - ok
21:54:06.0390 1492  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Programme\WinPcap\rpcapd.exe
21:54:06.0406 1492  rpcapd - ok
21:54:06.0421 1492  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\System32\locator.exe
21:54:06.0578 1492  RpcLocator - ok
21:54:06.0593 1492  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
21:54:06.0625 1492  RpcSs - ok
21:54:06.0671 1492  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\System32\rsvp.exe
21:54:06.0828 1492  RSVP - ok
21:54:06.0843 1492  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:54:06.0953 1492  SamSs - ok
21:54:06.0968 1492  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:54:07.0125 1492  SCardSvr - ok
21:54:07.0156 1492  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:54:07.0296 1492  Schedule - ok
21:54:07.0343 1492  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:54:07.0468 1492  Secdrv - ok
21:54:07.0468 1492  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:54:07.0609 1492  seclogon - ok
21:54:07.0625 1492  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
21:54:07.0750 1492  SENS - ok
21:54:07.0765 1492  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:54:07.0890 1492  serenum - ok
21:54:07.0921 1492  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:54:08.0031 1492  Serial - ok
21:54:08.0093 1492  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:54:08.0218 1492  Sfloppy - ok
21:54:08.0250 1492  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:54:08.0375 1492  SharedAccess - ok
21:54:08.0406 1492  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:54:08.0437 1492  ShellHWDetection - ok
21:54:08.0484 1492  [ 4AABD176758CDBCFB834A72BD01CD02F ] silabenm        C:\WINDOWS\system32\DRIVERS\silabenm.sys
21:54:08.0500 1492  silabenm ( UnsignedFile.Multi.Generic ) - warning
21:54:08.0500 1492  silabenm - detected UnsignedFile.Multi.Generic (1)
21:54:08.0515 1492  [ F5460535EDE7ADEB0721BC56587554EA ] silabser        C:\WINDOWS\system32\DRIVERS\silabser.sys
21:54:08.0531 1492  silabser ( UnsignedFile.Multi.Generic ) - warning
21:54:08.0531 1492  silabser - detected UnsignedFile.Multi.Generic (1)
21:54:08.0546 1492  Simbad - ok
21:54:08.0546 1492  [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:54:08.0593 1492  SLIP - ok
21:54:08.0609 1492  Sparrow - ok
21:54:08.0640 1492  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:54:08.0765 1492  splitter - ok
21:54:08.0812 1492  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:54:08.0843 1492  Spooler - ok
21:54:08.0859 1492  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:54:08.0984 1492  sr - ok
21:54:09.0000 1492  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:54:09.0140 1492  srservice - ok
21:54:09.0187 1492  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:54:09.0234 1492  Srv - ok
21:54:09.0281 1492  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\WINDOWS\system32\DRIVERS\ssadbus.sys
21:54:09.0312 1492  ssadbus - ok
21:54:09.0328 1492  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
21:54:09.0359 1492  ssadmdfl - ok
21:54:09.0375 1492  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
21:54:09.0406 1492  ssadmdm - ok
21:54:09.0421 1492  [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd        C:\WINDOWS\system32\DRIVERS\ssadserd.sys
21:54:09.0468 1492  ssadserd - ok
21:54:09.0484 1492  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:54:09.0640 1492  SSDPSRV - ok
21:54:09.0671 1492  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
21:54:09.0687 1492  StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:54:09.0687 1492  StarOpen - detected UnsignedFile.Multi.Generic (1)
21:54:09.0734 1492  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:54:09.0890 1492  stisvc - ok
21:54:09.0921 1492  [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:54:09.0937 1492  streamip - ok
21:54:09.0968 1492  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:54:10.0093 1492  swenum - ok
21:54:10.0125 1492  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:54:10.0250 1492  swmidi - ok
21:54:10.0250 1492  SwPrv - ok
21:54:10.0265 1492  symc810 - ok
21:54:10.0281 1492  symc8xx - ok
21:54:10.0281 1492  sym_hi - ok
21:54:10.0296 1492  sym_u3 - ok
21:54:10.0343 1492  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:54:10.0468 1492  sysaudio - ok
21:54:10.0500 1492  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:54:10.0640 1492  SysmonLog - ok
21:54:10.0671 1492  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:54:10.0796 1492  TapiSrv - ok
21:54:10.0859 1492  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:54:10.0875 1492  Tcpip - ok
21:54:10.0906 1492  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:54:11.0015 1492  TDPIPE - ok
21:54:11.0046 1492  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:54:11.0171 1492  TDTCP - ok
21:54:11.0203 1492  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:54:11.0328 1492  TermDD - ok
21:54:11.0343 1492  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:54:11.0500 1492  TermService - ok
21:54:11.0515 1492  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:54:11.0546 1492  Themes - ok
21:54:11.0593 1492  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
21:54:11.0718 1492  TlntSvr - ok
21:54:11.0734 1492  TosIde - ok
21:54:11.0750 1492  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:54:11.0875 1492  TrkWks - ok
21:54:11.0906 1492  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:54:12.0031 1492  Udfs - ok
21:54:12.0046 1492  ultra - ok
21:54:12.0093 1492  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:54:12.0250 1492  Update - ok
21:54:12.0281 1492  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:54:12.0421 1492  upnphost - ok
21:54:12.0453 1492  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
21:54:12.0578 1492  UPS - ok
21:54:12.0609 1492  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
21:54:12.0734 1492  usbaudio - ok
21:54:12.0765 1492  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:54:12.0890 1492  usbccgp - ok
21:54:12.0906 1492  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:54:13.0031 1492  usbehci - ok
21:54:13.0031 1492  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:54:13.0187 1492  usbhub - ok
21:54:13.0218 1492  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:54:13.0359 1492  usbprint - ok
21:54:13.0406 1492  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:54:13.0531 1492  usbscan - ok
21:54:13.0546 1492  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:54:13.0687 1492  USBSTOR - ok
21:54:13.0718 1492  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:54:13.0843 1492  usbuhci - ok
21:54:13.0875 1492  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
21:54:14.0000 1492  usbvideo - ok
21:54:14.0031 1492  [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI          C:\WINDOWS\system32\UTSCSI.EXE
21:54:14.0078 1492  UTSCSI ( UnsignedFile.Multi.Generic ) - warning
21:54:14.0078 1492  UTSCSI - detected UnsignedFile.Multi.Generic (1)
21:54:14.0093 1492  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:54:14.0218 1492  VgaSave - ok
21:54:14.0218 1492  ViaIde - ok
21:54:14.0265 1492  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:54:14.0390 1492  VolSnap - ok
21:54:14.0406 1492  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
21:54:14.0546 1492  VSS - ok
21:54:14.0578 1492  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
21:54:14.0703 1492  W32Time - ok
21:54:14.0765 1492  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:54:14.0906 1492  Wanarp - ok
21:54:14.0937 1492  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
21:54:14.0968 1492  Wdf01000 - ok
21:54:14.0968 1492  WDICA - ok
21:54:15.0000 1492  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:54:15.0140 1492  wdmaud - ok
21:54:15.0156 1492  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:54:15.0296 1492  WebClient - ok
21:54:15.0375 1492  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:54:15.0515 1492  winmgmt - ok
21:54:15.0562 1492  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:54:15.0609 1492  WmdmPmSN - ok
21:54:15.0640 1492  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
21:54:15.0687 1492  Wmi - ok
21:54:15.0718 1492  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:54:15.0843 1492  WmiApSrv - ok
21:54:15.0859 1492  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:54:15.0875 1492  WpdUsb - ok
21:54:15.0968 1492  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:54:16.0000 1492  WPFFontCache_v0400 - ok
21:54:16.0031 1492  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:54:16.0171 1492  WS2IFSL - ok
21:54:16.0203 1492  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:54:16.0343 1492  wscsvc - ok
21:54:16.0375 1492  [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:54:16.0390 1492  WSTCODEC - ok
21:54:16.0421 1492  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:54:16.0562 1492  wuauserv - ok
21:54:16.0593 1492  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:54:16.0625 1492  WudfPf - ok
21:54:16.0640 1492  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:54:16.0671 1492  WudfRd - ok
21:54:16.0703 1492  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:54:16.0750 1492  WudfSvc - ok
21:54:16.0796 1492  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:54:16.0968 1492  WZCSVC - ok
21:54:17.0000 1492  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:54:17.0156 1492  xmlprov - ok
21:54:17.0171 1492  ================ Scan global ===============================
21:54:17.0187 1492  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:54:17.0234 1492  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:54:17.0265 1492  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:54:17.0296 1492  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:54:17.0312 1492  [Global] - ok
21:54:17.0312 1492  ================ Scan MBR ==================================
21:54:17.0328 1492  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:54:17.0531 1492  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:54:17.0531 1492  \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:54:17.0546 1492  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
21:54:17.0718 1492  \Device\Harddisk1\DR2 - ok
21:54:17.0734 1492  ================ Scan VBR ==================================
21:54:17.0734 1492  [ D964B52BD354518261E5B697C98E79D1 ] \Device\Harddisk0\DR0\Partition1
21:54:17.0734 1492  \Device\Harddisk0\DR0\Partition1 - ok
21:54:17.0750 1492  [ F17264F44C7DBECAC0FD14C51ED6F082 ] \Device\Harddisk1\DR2\Partition1
21:54:17.0750 1492  \Device\Harddisk1\DR2\Partition1 - ok
21:54:17.0750 1492  ============================================================
21:54:17.0750 1492  Scan finished
21:54:17.0750 1492  ============================================================
21:54:17.0859 0516  Detected object count: 8
21:54:17.0859 0516  Actual detected object count: 8
21:54:28.0828 0516  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:28.0828 0516  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:28.0828 0516  IOPort ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516  IOPort ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:28.0828 0516  silabenm ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516  silabenm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:28.0828 0516  silabser ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516  silabser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:28.0828 0516  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0828 0516  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:28.0843 0516  UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:28.0843 0516  UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:28.0875 0516  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
21:54:28.0875 0516  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:54:28.0875 0516  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
21:54:28.0890 0516  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:54:28.0937 0516  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:54:28.0937 0516  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:54:44.0656 0516  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:54:44.0781 0516  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:54:44.0859 0516  \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
21:54:44.0859 0516  \Device\Harddisk0\DR0\TDLFS - deleted
21:54:44.0859 0516  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
         
Code:
ATTFilter
22:02:59.0562 3584  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:02:59.0578 3584  ============================================================
22:02:59.0578 3584  Current date / time: 2012/11/13 22:02:59.0578
22:02:59.0578 3584  SystemInfo:
22:02:59.0578 3584  
22:02:59.0578 3584  OS Version: 5.1.2600 ServicePack: 3.0
22:02:59.0578 3584  Product type: Workstation
22:02:59.0578 3584  ComputerName: AIRBORNE1
22:02:59.0578 3584  UserName: Admin
22:02:59.0578 3584  Windows directory: C:\WINDOWS
22:02:59.0578 3584  System windows directory: C:\WINDOWS
22:02:59.0578 3584  Processor architecture: Intel x86
22:02:59.0578 3584  Number of processors: 1
22:02:59.0578 3584  Page size: 0x1000
22:02:59.0578 3584  Boot type: Normal boot
22:02:59.0578 3584  ============================================================
22:03:00.0734 3584  Drive \Device\Harddisk0\DR0 - Size: 0x3A7450A000 (233.82 Gb), SectorSize: 0x200, Cylinders: 0x7EAE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:03:00.0765 3584  Drive \Device\Harddisk1\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:03:00.0796 3584  ============================================================
22:03:00.0796 3584  \Device\Harddisk0\DR0:
22:03:00.0796 3584  MBR partitions:
22:03:00.0796 3584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D39C991
22:03:00.0796 3584  \Device\Harddisk1\DR2:
22:03:00.0796 3584  MBR partitions:
22:03:00.0796 3584  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
22:03:00.0796 3584  ============================================================
22:03:00.0890 3584  C: <-> \Device\Harddisk0\DR0\Partition1
22:03:00.0906 3584  G: <-> \Device\Harddisk1\DR2\Partition1
22:03:00.0937 3584  ============================================================
22:03:00.0937 3584  Initialize success
22:03:00.0937 3584  ============================================================
22:03:05.0968 3648  ============================================================
22:03:05.0968 3648  Scan started
22:03:05.0968 3648  Mode: Manual; SigCheck; TDLFS; 
22:03:05.0968 3648  ============================================================
22:03:07.0031 3648  ================ Scan system memory ========================
22:03:07.0031 3648  System memory - ok
22:03:07.0031 3648  ================ Scan services =============================
22:03:07.0156 3648  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
22:03:07.0281 3648  Aavmker4 - ok
22:03:07.0296 3648  Abiosdsk - ok
22:03:07.0296 3648  abp480n5 - ok
22:03:07.0328 3648  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:03:07.0546 3648  ACPI - ok
22:03:07.0562 3648  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
22:03:07.0703 3648  ACPIEC - ok
22:03:07.0781 3648  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:03:07.0796 3648  AdobeFlashPlayerUpdateSvc - ok
22:03:07.0812 3648  adpu160m - ok
22:03:07.0843 3648  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:03:07.0984 3648  aec - ok
22:03:08.0031 3648  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:03:08.0093 3648  AFD - ok
22:03:08.0125 3648  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
22:03:08.0265 3648  agp440 - ok
22:03:08.0281 3648  Aha154x - ok
22:03:08.0281 3648  aic78u2 - ok
22:03:08.0296 3648  aic78xx - ok
22:03:08.0328 3648  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:03:08.0484 3648  Alerter - ok
22:03:08.0500 3648  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
22:03:08.0640 3648  ALG - ok
22:03:08.0640 3648  AliIde - ok
22:03:08.0656 3648  amsint - ok
22:03:08.0687 3648  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\WINDOWS\system32\Drivers\ssadadb.sys
22:03:08.0750 3648  androidusb - ok
22:03:08.0781 3648  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
22:03:08.0921 3648  AppMgmt - ok
22:03:08.0937 3648  asc - ok
22:03:08.0937 3648  asc3350p - ok
22:03:08.0953 3648  asc3550 - ok
22:03:09.0062 3648  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:03:09.0109 3648  aspnet_state - ok
22:03:09.0140 3648  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:03:09.0156 3648  aswFsBlk - ok
22:03:09.0203 3648  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
22:03:09.0218 3648  aswMon2 - ok
22:03:09.0250 3648  [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
22:03:09.0265 3648  AswRdr - ok
22:03:09.0312 3648  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
22:03:09.0343 3648  aswSnx - ok
22:03:09.0375 3648  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
22:03:09.0390 3648  aswSP - ok
22:03:09.0421 3648  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
22:03:09.0437 3648  aswTdi - ok
22:03:09.0453 3648  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:03:09.0593 3648  AsyncMac - ok
22:03:09.0640 3648  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:03:09.0765 3648  atapi - ok
22:03:09.0796 3648  Atdisk - ok
22:03:09.0843 3648  [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:03:09.0968 3648  Ati HotKey Poller - ok
22:03:10.0156 3648  [ C832BF76F003999D2E91E5115583C69E ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:03:10.0359 3648  ati2mtag - ok
22:03:10.0406 3648  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:03:10.0531 3648  Atmarpc - ok
22:03:10.0562 3648  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:03:10.0703 3648  AudioSrv - ok
22:03:10.0734 3648  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:03:10.0843 3648  audstub - ok
22:03:10.0937 3648  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
22:03:10.0953 3648  avast! Antivirus - ok
22:03:11.0000 3648  [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:03:11.0062 3648  b57w2k - ok
22:03:11.0125 3648  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:03:11.0250 3648  Beep - ok
22:03:11.0281 3648  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\WINDOWS\system32\bgsvcgen.exe
22:03:11.0312 3648  bgsvcgen - ok
22:03:11.0390 3648  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
22:03:11.0828 3648  BITS - ok
22:03:11.0859 3648  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
22:03:12.0031 3648  Browser - ok
22:03:12.0171 3648  catchme - ok
22:03:12.0187 3648  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:03:12.0343 3648  cbidf2k - ok
22:03:12.0375 3648  [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:03:12.0484 3648  CCDECODE - ok
22:03:12.0484 3648  cd20xrnt - ok
22:03:12.0515 3648  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:03:12.0687 3648  Cdaudio - ok
22:03:12.0734 3648  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:03:12.0937 3648  Cdfs - ok
22:03:12.0984 3648  [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
22:03:13.0046 3648  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
22:03:13.0046 3648  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
22:03:13.0062 3648  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:03:13.0234 3648  Cdrom - ok
22:03:13.0234 3648  Changer - ok
22:03:13.0265 3648  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:03:13.0453 3648  CiSvc - ok
22:03:13.0500 3648  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:03:13.0687 3648  ClipSrv - ok
22:03:13.0734 3648  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:03:13.0796 3648  clr_optimization_v2.0.50727_32 - ok
22:03:13.0828 3648  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:03:13.0890 3648  clr_optimization_v4.0.30319_32 - ok
22:03:13.0906 3648  CmdIde - ok
22:03:13.0937 3648  [ FD40439BB258B9AA9AD314BF5948EF46 ] cmpci           C:\WINDOWS\system32\drivers\cmaudio.sys
22:03:14.0031 3648  cmpci - ok
22:03:14.0046 3648  COMSysApp - ok
22:03:14.0062 3648  Cpqarray - ok
22:03:14.0093 3648  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:03:14.0234 3648  CryptSvc - ok
22:03:14.0234 3648  dac2w2k - ok
22:03:14.0250 3648  dac960nt - ok
22:03:14.0281 3648  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:03:14.0359 3648  DcomLaunch - ok
22:03:14.0390 3648  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:03:14.0531 3648  Dhcp - ok
22:03:14.0562 3648  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:03:14.0703 3648  Disk - ok
22:03:14.0703 3648  dmadmin - ok
22:03:14.0796 3648  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:03:15.0093 3648  dmboot - ok
22:03:15.0093 3648  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:03:15.0234 3648  dmio - ok
22:03:15.0265 3648  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:03:15.0406 3648  dmload - ok
22:03:15.0437 3648  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:03:15.0578 3648  dmserver - ok
22:03:15.0609 3648  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:03:15.0718 3648  DMusic - ok
22:03:15.0765 3648  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:03:15.0890 3648  Dnscache - ok
22:03:15.0921 3648  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:03:16.0046 3648  Dot3svc - ok
22:03:16.0062 3648  dpti2o - ok
22:03:16.0093 3648  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:03:16.0218 3648  drmkaud - ok
22:03:16.0218 3648  EagleXNt - ok
22:03:16.0250 3648  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
22:03:16.0406 3648  EapHost - ok
22:03:16.0437 3648  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:03:16.0578 3648  ERSvc - ok
22:03:16.0625 3648  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
22:03:16.0671 3648  Eventlog - ok
22:03:16.0734 3648  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\System32\es.dll
22:03:16.0796 3648  EventSystem - ok
22:03:16.0843 3648  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:03:16.0984 3648  Fastfat - ok
22:03:17.0015 3648  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:03:17.0109 3648  FastUserSwitchingCompatibility - ok
22:03:17.0125 3648  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
22:03:17.0250 3648  Fdc - ok
22:03:17.0281 3648  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:03:17.0406 3648  Fips - ok
22:03:17.0453 3648  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:03:17.0578 3648  Flpydisk - ok
22:03:17.0625 3648  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:03:17.0750 3648  FltMgr - ok
22:03:17.0796 3648  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:03:17.0812 3648  FontCache3.0.0.0 - ok
22:03:17.0828 3648  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:03:17.0953 3648  Fs_Rec - ok
22:03:17.0968 3648  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:03:18.0093 3648  Ftdisk - ok
22:03:18.0140 3648  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:03:18.0250 3648  gameenum - ok
22:03:18.0281 3648  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:03:18.0421 3648  Gpc - ok
22:03:18.0468 3648  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
22:03:18.0484 3648  gusvc - ok
22:03:18.0531 3648  [ FC7DCDEF8F17D3C5DECC880673EA5BD5 ] hcwPVRP2        C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys
22:03:18.0640 3648  hcwPVRP2 - ok
22:03:18.0734 3648  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:03:18.0859 3648  helpsvc - ok
22:03:18.0906 3648  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
22:03:19.0031 3648  HidServ - ok
22:03:19.0062 3648  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:03:19.0187 3648  hidusb - ok
22:03:19.0250 3648  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
22:03:19.0375 3648  hkmsvc - ok
22:03:19.0375 3648  hpn - ok
22:03:19.0421 3648  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:03:19.0453 3648  HTTP - ok
22:03:19.0484 3648  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:03:19.0640 3648  HTTPFilter - ok
22:03:19.0640 3648  i2omgmt - ok
22:03:19.0656 3648  i2omp - ok
22:03:19.0671 3648  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:03:19.0796 3648  i8042prt - ok
22:03:19.0859 3648  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:03:19.0906 3648  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:03:19.0906 3648  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:03:19.0984 3648  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:03:20.0031 3648  idsvc - ok
22:03:20.0062 3648  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:03:20.0187 3648  Imapi - ok
22:03:20.0218 3648  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
22:03:20.0359 3648  ImapiService - ok
22:03:20.0375 3648  ini910u - ok
22:03:20.0390 3648  IntelIde - ok
22:03:20.0421 3648  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:03:20.0562 3648  intelppm - ok
22:03:20.0593 3648  [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort          C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
22:03:20.0609 3648  IOPort ( UnsignedFile.Multi.Generic ) - warning
22:03:20.0609 3648  IOPort - detected UnsignedFile.Multi.Generic (1)
22:03:20.0625 3648  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
22:03:20.0765 3648  ip6fw - ok
22:03:20.0796 3648  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:03:20.0921 3648  IpFilterDriver - ok
22:03:20.0937 3648  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:03:21.0062 3648  IpInIp - ok
22:03:21.0078 3648  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:03:21.0218 3648  IpNat - ok
22:03:21.0234 3648  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:03:21.0359 3648  IPSec - ok
22:03:21.0390 3648  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:03:21.0500 3648  IRENUM - ok
22:03:21.0531 3648  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:03:21.0656 3648  isapnp - ok
22:03:21.0671 3648  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:03:21.0796 3648  Kbdclass - ok
22:03:21.0796 3648  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:03:21.0937 3648  kbdhid - ok
22:03:21.0953 3648  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:03:22.0093 3648  kmixer - ok
22:03:22.0125 3648  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:03:22.0187 3648  KSecDD - ok
22:03:22.0234 3648  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:03:22.0296 3648  lanmanserver - ok
22:03:22.0343 3648  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:03:22.0421 3648  lanmanworkstation - ok
22:03:22.0453 3648  [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd             C:\WINDOWS\system32\DRIVERS\Lbd.sys
22:03:22.0468 3648  Lbd - ok
22:03:22.0468 3648  lbrtfdc - ok
22:03:22.0515 3648  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:03:22.0656 3648  LmHosts - ok
22:03:22.0687 3648  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
22:03:22.0703 3648  MBAMProtector - ok
22:03:22.0781 3648  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:03:22.0796 3648  MBAMScheduler - ok
22:03:22.0843 3648  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
22:03:22.0875 3648  MBAMService - ok
22:03:22.0890 3648  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:03:23.0015 3648  Messenger - ok
22:03:23.0062 3648  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:03:23.0187 3648  mnmdd - ok
22:03:23.0218 3648  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
22:03:23.0359 3648  mnmsrvc - ok
22:03:23.0406 3648  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:03:23.0546 3648  Modem - ok
22:03:23.0578 3648  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:03:23.0703 3648  Mouclass - ok
22:03:23.0750 3648  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:03:23.0875 3648  mouhid - ok
22:03:23.0890 3648  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:03:24.0000 3648  MountMgr - ok
22:03:24.0031 3648  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
22:03:24.0046 3648  MozillaMaintenance - ok
22:03:24.0062 3648  mraid35x - ok
22:03:24.0078 3648  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:03:24.0203 3648  MRxDAV - ok
22:03:24.0250 3648  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:03:24.0328 3648  MRxSmb - ok
22:03:24.0359 3648  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:03:24.0500 3648  MSDTC - ok
22:03:24.0531 3648  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:03:24.0656 3648  Msfs - ok
22:03:24.0656 3648  MSIServer - ok
22:03:24.0687 3648  [ 85736F804191CB420A31ACA2A7F0674F ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:03:24.0718 3648  MSKSSRV - ok
22:03:24.0750 3648  [ E943ADB93D83C5CBC0CA3F53F53B48CC ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:03:24.0796 3648  MSPCLOCK - ok
22:03:24.0828 3648  [ F6A726B8832DB1F88326B8BE98B11981 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:03:24.0890 3648  MSPQM - ok
22:03:24.0921 3648  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:03:25.0031 3648  mssmbios - ok
22:03:25.0046 3648  [ D5059366B361F0E1124753447AF08AA2 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:03:25.0093 3648  MSTEE - ok
22:03:25.0109 3648  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:03:25.0140 3648  Mup - ok
22:03:25.0156 3648  [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:03:25.0187 3648  NABTSFEC - ok
22:03:25.0218 3648  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
22:03:25.0375 3648  napagent - ok
22:03:25.0390 3648  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:03:25.0515 3648  NDIS - ok
22:03:25.0546 3648  [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:03:25.0578 3648  NdisIP - ok
22:03:25.0625 3648  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:03:25.0703 3648  NdisTapi - ok
22:03:25.0734 3648  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:03:25.0859 3648  Ndisuio - ok
22:03:25.0875 3648  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:03:25.0984 3648  NdisWan - ok
22:03:26.0015 3648  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:03:26.0046 3648  NDProxy - ok
22:03:26.0078 3648  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:03:26.0203 3648  NetBIOS - ok
22:03:26.0234 3648  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:03:26.0359 3648  NetBT - ok
22:03:26.0406 3648  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:03:26.0531 3648  NetDDE - ok
22:03:26.0546 3648  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:03:26.0671 3648  NetDDEdsdm - ok
22:03:26.0703 3648  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:03:26.0843 3648  Netlogon - ok
22:03:26.0890 3648  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
22:03:27.0031 3648  Netman - ok
22:03:27.0078 3648  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:03:27.0140 3648  NetTcpPortSharing - ok
22:03:27.0171 3648  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:03:27.0234 3648  Nla - ok
22:03:27.0281 3648  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Programme\CDBurnerXP\NMSAccessU.exe
22:03:27.0281 3648  NMSAccess - ok
22:03:27.0328 3648  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\WINDOWS\system32\drivers\npf.sys
22:03:27.0359 3648  NPF - ok
22:03:27.0375 3648  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:03:27.0484 3648  Npfs - ok
22:03:27.0531 3648  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:03:27.0703 3648  Ntfs - ok
22:03:27.0703 3648  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
22:03:27.0828 3648  NtLmSsp - ok
22:03:27.0875 3648  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:03:28.0046 3648  NtmsSvc - ok
22:03:28.0078 3648  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:03:28.0203 3648  Null - ok
22:03:28.0218 3648  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:03:28.0375 3648  NwlnkFlt - ok
22:03:28.0406 3648  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:03:28.0515 3648  NwlnkFwd - ok
22:03:28.0546 3648  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
22:03:28.0671 3648  Parport - ok
22:03:28.0687 3648  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:03:28.0812 3648  PartMgr - ok
22:03:28.0843 3648  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:03:28.0984 3648  ParVdm - ok
22:03:29.0000 3648  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:03:29.0125 3648  PCI - ok
22:03:29.0140 3648  PCIDump - ok
22:03:29.0156 3648  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:03:29.0281 3648  PCIIde - ok
22:03:29.0312 3648  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
22:03:29.0437 3648  Pcmcia - ok
22:03:29.0453 3648  PDCOMP - ok
22:03:29.0453 3648  PDFRAME - ok
22:03:29.0468 3648  PDRELI - ok
22:03:29.0484 3648  PDRFRAME - ok
22:03:29.0484 3648  perc2 - ok
22:03:29.0500 3648  perc2hib - ok
22:03:29.0531 3648  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
22:03:29.0562 3648  PlugPlay - ok
22:03:29.0578 3648  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
22:03:29.0703 3648  PolicyAgent - ok
22:03:29.0718 3648  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:03:29.0843 3648  PptpMiniport - ok
22:03:29.0859 3648  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
22:03:29.0968 3648  Processor - ok
22:03:29.0984 3648  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:03:30.0093 3648  ProtectedStorage - ok
22:03:30.0109 3648  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:03:30.0234 3648  PSched - ok
22:03:30.0250 3648  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:03:30.0390 3648  Ptilink - ok
22:03:30.0437 3648  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:03:30.0453 3648  PxHelp20 - ok
22:03:30.0453 3648  ql1080 - ok
22:03:30.0468 3648  Ql10wnt - ok
22:03:30.0484 3648  ql12160 - ok
22:03:30.0484 3648  ql1240 - ok
22:03:30.0500 3648  ql1280 - ok
22:03:30.0515 3648  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:03:30.0640 3648  RasAcd - ok
22:03:30.0687 3648  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:03:30.0812 3648  RasAuto - ok
22:03:30.0812 3648  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:03:30.0937 3648  Rasl2tp - ok
22:03:30.0984 3648  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:03:31.0125 3648  RasMan - ok
22:03:31.0125 3648  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:03:31.0250 3648  RasPppoe - ok
22:03:31.0281 3648  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:03:31.0421 3648  Raspti - ok
22:03:31.0437 3648  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:03:31.0546 3648  Rdbss - ok
22:03:31.0562 3648  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:03:31.0687 3648  RDPCDD - ok
22:03:31.0718 3648  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:03:31.0843 3648  rdpdr - ok
22:03:31.0890 3648  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:03:31.0968 3648  RDPWD - ok
22:03:32.0015 3648  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:03:32.0156 3648  RDSessMgr - ok
22:03:32.0171 3648  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:03:32.0281 3648  redbook - ok
22:03:32.0312 3648  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:03:32.0453 3648  RemoteAccess - ok
22:03:32.0484 3648  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:03:32.0625 3648  RemoteRegistry - ok
22:03:32.0671 3648  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Programme\WinPcap\rpcapd.exe
22:03:32.0687 3648  rpcapd - ok
22:03:32.0703 3648  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\System32\locator.exe
22:03:32.0843 3648  RpcLocator - ok
22:03:32.0859 3648  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
22:03:32.0906 3648  RpcSs - ok
22:03:32.0937 3648  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\System32\rsvp.exe
22:03:33.0078 3648  RSVP - ok
22:03:33.0093 3648  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:03:33.0218 3648  SamSs - ok
22:03:33.0250 3648  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:03:33.0390 3648  SCardSvr - ok
22:03:33.0437 3648  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:03:33.0562 3648  Schedule - ok
22:03:33.0593 3648  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:03:33.0703 3648  Secdrv - ok
22:03:33.0750 3648  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:03:33.0875 3648  seclogon - ok
22:03:33.0890 3648  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
22:03:34.0015 3648  SENS - ok
22:03:34.0046 3648  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
22:03:34.0171 3648  serenum - ok
22:03:34.0203 3648  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
22:03:34.0328 3648  Serial - ok
22:03:34.0375 3648  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:03:34.0500 3648  Sfloppy - ok
22:03:34.0546 3648  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:03:34.0687 3648  SharedAccess - ok
22:03:34.0718 3648  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:03:34.0750 3648  ShellHWDetection - ok
22:03:34.0796 3648  [ 4AABD176758CDBCFB834A72BD01CD02F ] silabenm        C:\WINDOWS\system32\DRIVERS\silabenm.sys
22:03:34.0812 3648  silabenm ( UnsignedFile.Multi.Generic ) - warning
22:03:34.0812 3648  silabenm - detected UnsignedFile.Multi.Generic (1)
22:03:34.0859 3648  [ F5460535EDE7ADEB0721BC56587554EA ] silabser        C:\WINDOWS\system32\DRIVERS\silabser.sys
22:03:34.0875 3648  silabser ( UnsignedFile.Multi.Generic ) - warning
22:03:34.0875 3648  silabser - detected UnsignedFile.Multi.Generic (1)
22:03:34.0890 3648  Simbad - ok
22:03:34.0906 3648  [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:03:34.0921 3648  SLIP - ok
22:03:34.0953 3648  Sparrow - ok
22:03:34.0984 3648  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:03:35.0109 3648  splitter - ok
22:03:35.0140 3648  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
22:03:35.0171 3648  Spooler - ok
22:03:35.0218 3648  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:03:35.0328 3648  sr - ok
22:03:35.0375 3648  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
22:03:35.0515 3648  srservice - ok
22:03:35.0546 3648  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:03:35.0593 3648  Srv - ok
22:03:35.0640 3648  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\WINDOWS\system32\DRIVERS\ssadbus.sys
22:03:35.0703 3648  ssadbus - ok
22:03:35.0718 3648  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
22:03:35.0734 3648  ssadmdfl - ok
22:03:35.0750 3648  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
22:03:35.0781 3648  ssadmdm - ok
22:03:35.0812 3648  [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd        C:\WINDOWS\system32\DRIVERS\ssadserd.sys
22:03:35.0843 3648  ssadserd - ok
22:03:35.0890 3648  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:03:36.0031 3648  SSDPSRV - ok
22:03:36.0062 3648  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
22:03:36.0078 3648  StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:03:36.0078 3648  StarOpen - detected UnsignedFile.Multi.Generic (1)
22:03:36.0125 3648  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:03:36.0281 3648  stisvc - ok
22:03:36.0328 3648  [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:03:36.0343 3648  streamip - ok
22:03:36.0390 3648  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:03:36.0515 3648  swenum - ok
22:03:36.0531 3648  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:03:36.0640 3648  swmidi - ok
22:03:36.0656 3648  SwPrv - ok
22:03:36.0671 3648  symc810 - ok
22:03:36.0671 3648  symc8xx - ok
22:03:36.0687 3648  sym_hi - ok
22:03:36.0687 3648  sym_u3 - ok
22:03:36.0718 3648  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:03:36.0843 3648  sysaudio - ok
22:03:36.0890 3648  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:03:37.0031 3648  SysmonLog - ok
22:03:37.0062 3648  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:03:37.0203 3648  TapiSrv - ok
22:03:37.0250 3648  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:03:37.0296 3648  Tcpip - ok
22:03:37.0328 3648  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:03:37.0437 3648  TDPIPE - ok
22:03:37.0468 3648  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:03:37.0578 3648  TDTCP - ok
22:03:37.0625 3648  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:03:37.0750 3648  TermDD - ok
22:03:37.0765 3648  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:03:37.0906 3648  TermService - ok
22:03:37.0921 3648  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:03:37.0953 3648  Themes - ok
22:03:38.0000 3648  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
22:03:38.0125 3648  TlntSvr - ok
22:03:38.0140 3648  TosIde - ok
22:03:38.0156 3648  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:03:38.0281 3648  TrkWks - ok
22:03:38.0312 3648  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:03:38.0437 3648  Udfs - ok
22:03:38.0453 3648  ultra - ok
22:03:38.0484 3648  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:03:38.0625 3648  Update - ok
22:03:38.0656 3648  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:03:38.0796 3648  upnphost - ok
22:03:38.0812 3648  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
22:03:38.0937 3648  UPS - ok
22:03:38.0968 3648  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
22:03:39.0093 3648  usbaudio - ok
22:03:39.0140 3648  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:03:39.0265 3648  usbccgp - ok
22:03:39.0296 3648  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:03:39.0406 3648  usbehci - ok
22:03:39.0421 3648  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:03:39.0546 3648  usbhub - ok
22:03:39.0593 3648  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:03:39.0718 3648  usbprint - ok
22:03:39.0765 3648  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:03:39.0890 3648  usbscan - ok
22:03:39.0906 3648  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:03:40.0046 3648  USBSTOR - ok
22:03:40.0078 3648  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:03:40.0203 3648  usbuhci - ok
22:03:40.0265 3648  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
22:03:40.0375 3648  usbvideo - ok
22:03:40.0421 3648  [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI          C:\WINDOWS\system32\UTSCSI.EXE
22:03:40.0437 3648  UTSCSI ( UnsignedFile.Multi.Generic ) - warning
22:03:40.0437 3648  UTSCSI - detected UnsignedFile.Multi.Generic (1)
22:03:40.0468 3648  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:03:40.0593 3648  VgaSave - ok
22:03:40.0609 3648  ViaIde - ok
22:03:40.0656 3648  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:03:40.0781 3648  VolSnap - ok
22:03:40.0796 3648  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
22:03:40.0937 3648  VSS - ok
22:03:40.0968 3648  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
22:03:41.0109 3648  W32Time - ok
22:03:41.0218 3648  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:03:41.0375 3648  Wanarp - ok
22:03:41.0421 3648  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
22:03:41.0468 3648  Wdf01000 - ok
22:03:41.0468 3648  WDICA - ok
22:03:41.0500 3648  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:03:41.0625 3648  wdmaud - ok
22:03:41.0640 3648  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:03:41.0765 3648  WebClient - ok
22:03:41.0843 3648  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:03:41.0968 3648  winmgmt - ok
22:03:42.0031 3648  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:03:42.0078 3648  WmdmPmSN - ok
22:03:42.0109 3648  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
22:03:42.0187 3648  Wmi - ok
22:03:42.0218 3648  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:03:42.0375 3648  WmiApSrv - ok
22:03:42.0390 3648  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:03:42.0406 3648  WpdUsb - ok
22:03:42.0484 3648  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:03:42.0531 3648  WPFFontCache_v0400 - ok
22:03:42.0562 3648  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:03:42.0687 3648  WS2IFSL - ok
22:03:42.0734 3648  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:03:42.0875 3648  wscsvc - ok
22:03:42.0890 3648  [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:03:42.0906 3648  WSTCODEC - ok
22:03:42.0953 3648  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:03:43.0093 3648  wuauserv - ok
22:03:43.0125 3648  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:03:43.0156 3648  WudfPf - ok
22:03:43.0171 3648  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:03:43.0187 3648  WudfRd - ok
22:03:43.0218 3648  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
22:03:43.0265 3648  WudfSvc - ok
22:03:43.0312 3648  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:03:43.0500 3648  WZCSVC - ok
22:03:43.0531 3648  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:03:43.0687 3648  xmlprov - ok
22:03:43.0703 3648  ================ Scan global ===============================
22:03:43.0734 3648  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:03:43.0765 3648  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:03:43.0796 3648  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:03:43.0828 3648  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:03:43.0828 3648  [Global] - ok
22:03:43.0843 3648  ================ Scan MBR ==================================
22:03:43.0859 3648  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
22:03:44.0093 3648  \Device\Harddisk0\DR0 - ok
22:03:44.0093 3648  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
22:03:44.0265 3648  \Device\Harddisk1\DR2 - ok
22:03:44.0265 3648  ================ Scan VBR ==================================
22:03:44.0265 3648  [ D964B52BD354518261E5B697C98E79D1 ] \Device\Harddisk0\DR0\Partition1
22:03:44.0265 3648  \Device\Harddisk0\DR0\Partition1 - ok
22:03:44.0281 3648  [ F17264F44C7DBECAC0FD14C51ED6F082 ] \Device\Harddisk1\DR2\Partition1
22:03:44.0281 3648  \Device\Harddisk1\DR2\Partition1 - ok
22:03:44.0281 3648  ============================================================
22:03:44.0281 3648  Scan finished
22:03:44.0281 3648  ============================================================
22:03:44.0390 3640  Detected object count: 7
22:03:44.0390 3640  Actual detected object count: 7
22:04:00.0015 3640  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0015 3640  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:04:00.0015 3640  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0015 3640  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:04:00.0031 3640  IOPort ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640  IOPort ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:04:00.0031 3640  silabenm ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640  silabenm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:04:00.0031 3640  silabser ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640  silabser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:04:00.0031 3640  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:04:00.0031 3640  UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:00.0031 3640  UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Hallo,

anbei noch das Ergebnis eines nächtlichen ESET Online Scan:

C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi Anwendung Gesäubert durch Löschen - in Quarantäne kopiert

C:\System Volume Information\_restore{BE8EECC4-C1BB-45D6-8C2A-F88C1C98C680}\RP7\A0001239.exe Win32/Toolbar.Widgi Anwendung Gesäubert durch Löschen - in Quarantäne kopiert

C:\TDSSKiller_Quarantine\13.11.2012_21.53.22\tdlfs0000\tsk0003.dta Variante von Win32/Olmarik.ADZ Trojaner Gesäubert durch Löschen - in Quarantäne kopiert

C:\TDSSKiller_Quarantine\13.11.2012_21.53.22\tdlfs0000\tsk0004.dta möglicherweise Variante von Win32/Agent.FJFPNNI Trojaner Gesäubert durch Löschen - in Quarantäne kopiert


Thomas

... und Malewarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.14.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: AIRBORNE1 [administrator]

14.11.2012 06:00:19
mbam-log-2012-11-14 (06-00-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 242923
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Antwort

Themen zu Trojan.Generic.6760809 im Receycler und System Volume Information
7-zip, ad-aware, adobe, antivirus, application/pdf:, avast, bho, einstellungen, error, explorer, firefox, firewall, flash player, ftp, google, helper, icreinstall, index, intranet, logfile, mozilla, panda usb vaccine, pdfforge toolbar, plug-in, prozess, registry, rundll, security, software, system, temp, tracker, trojan.generic., udp, virus, virus total, win32/installcore.d, windows internet




Ähnliche Themen: Trojan.Generic.6760809 im Receycler und System Volume Information


  1. Trojan.Generic.6760809 im Receycler und System Volume Information
    Mülltonne - 10.11.2012 (1)
  2. Trojan.Agent/Gen-Kazy[Ico] in C:\SYSTEM VOLUME INFORMATION\_RESTORE{6037B4AE-60D5-4ABD-B660-DFA1EAAD6D52}\RP441\A0130476.EXE gefunden
    Log-Analyse und Auswertung - 14.10.2012 (28)
  3. Trojan.Generic.KD.150772 (Engine-A) in D:\System Volume Information...
    Plagegeister aller Art und deren Bekämpfung - 10.03.2011 (3)
  4. system volume information
    Plagegeister aller Art und deren Bekämpfung - 13.06.2009 (6)
  5. BackDoor.Generic6.FUB//Generic.HAA in System Volume Information
    Plagegeister aller Art und deren Bekämpfung - 11.03.2009 (1)
  6. "Trojan.CDur" im System Volume Information
    Plagegeister aller Art und deren Bekämpfung - 03.03.2009 (4)
  7. Trojan.Win32.Gerneric in System Volume Information?
    Log-Analyse und Auswertung - 25.12.2008 (2)
  8. System Volume Information / Win32:Trojan-gen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2008 (3)
  9. Hilfe!WORM/generic in D://System Volume Information (Mit HJT LOG-FILE!)
    Log-Analyse und Auswertung - 16.08.2008 (8)
  10. Win32:Trojan gen (other) System Volume Information
    Mülltonne - 21.02.2008 (0)
  11. System Volume Information
    Alles rund um Windows - 14.02.2008 (32)
  12. System Volume Information
    Log-Analyse und Auswertung - 25.07.2007 (1)
  13. System Volume Information
    Alles rund um Windows - 14.07.2007 (1)
  14. System Volume Information
    Alles rund um Windows - 03.06.2006 (1)
  15. System Volume Information
    Alles rund um Windows - 09.01.2006 (11)
  16. System volume information
    Alles rund um Windows - 13.02.2005 (1)
  17. System Volume Information
    Plagegeister aller Art und deren Bekämpfung - 02.01.2005 (4)

Zum Thema Trojan.Generic.6760809 im Receycler und System Volume Information - Guten Tag, - auf meinem Rechner wurde von G Data Trojan.Generic.6760809 im Receycler und System Volume Information gefunden - nach Löschung Papierkorb und System Volume Information keine Funde mehr mit - Trojan.Generic.6760809 im Receycler und System Volume Information...
Archiv
Du betrachtest: Trojan.Generic.6760809 im Receycler und System Volume Information auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.