Eine Art Bundespolizei-Trojaner?

sandero · 19.03.2012, 17:25

Hallo allerseits,
habe offenbar so eine Art Bundespolizei-Trojaner auf dem Rechner. Wobei er sich bis jetzt nur sporadisch gemeldet hat, nach dem Rechner- Neustart hatte ich wieder (für ein paar Minuten!) Ruhe. Verlangt wird hier ein angebliches, natürl. kostenpflichtiges 'Antiviren- Update'. Hab mal nen Malwarebytes- Durchlauf gemacht und die Datei (mit Funden) angehängt.
Wie muss ich weiter verfahren?
Vielen Dank schon mal
sandero

cosinus · 20.03.2012, 17:09

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

sandero · 25.03.2012, 23:26

Hallo,
Malwarebytes hat nichts gefunden. (Das vorletzte abgespeicherte Log ist das bereits gepostete.) Aber bei ESET gab's einige Ergebnisse:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=69aaf80d8ff61548b9aec7ed9677eaa6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-01 11:15:35
# local_time=2011-09-01 01:15:35 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775129 100 93 304855 51407811 297623 0
# compatibility_mode=8192 67108863 100 0 808 808 0 0
# scanned=94956
# found=5
# cleaned=0
# scan_time=4747
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16\40a44ad0-51068740	Java/Agent.DJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\Install_\Nero-7.10.1.0_deu_update.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
D:\Install_\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
D:\Nutzerdateien\LUDKuer\nerv.zip	probably a variant of Win32/Agent.FHUJTXH trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=69aaf80d8ff61548b9aec7ed9677eaa6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 09:42:25
# local_time=2012-03-25 11:42:25 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 119834 69242345 213851 0
# compatibility_mode=8192 67108863 100 0 17835342 17835342 0 0
# scanned=221760
# found=8
# cleaned=0
# scan_time=6224
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42\48b4186a-138b7f3c	a variant of Java/TrojanDownloader.Agent.NDR trojan (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5\654bf205-2110ffa5	a variant of Java/Exploit.Blacole.AN trojan (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\jar_cache5742365651121357786.tmp	Java/TrojanDownloader.Agent.NDR trojan (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\HQ95S85D\traffcount[1].htm	JS/Kryptik.KP.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\System Volume Information\_restore{948B4474-1004-4138-8F3F-1AA1E2621247}\RP43\A0005722.exe	a variant of Win32/Kryptik.ACVF trojan (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\Install_\Nero-7.10.1.0_deu_update.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
D:\Nutzerdateien\***\nerv.zip	probably a variant of Win32/Agent.FHUJTXH trojan (unable to clean)	00000000000000000000000000000000	I

Gruß,
sandero

cosinus · 26.03.2012, 15:01

Zitat:

D:\Nutzerdateien\LUDKuer\nerv.zip

Was soll das denn sein?

sandero · 27.03.2012, 23:19

Irgendein Mist, der mal über einen Bekannten als Anhang einer 'Scherzmail' ankam. Hab ich letztlich nie aufgemacht- und inzwischen dann auch gelöscht. Wusste gar nicht, dass ich das noch hatte.

sandero

cosinus · 28.03.2012, 10:57

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

sandero · 29.03.2012, 22:56

Hallo,
hier nun meine OTL-Logdatei:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.03.2012 18:15:58 - Run 10
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,00 Gb Total Space | 121,51 Gb Free Space | 83,80% Space Free | Partition Type: NTFS
Drive D: | 87,89 Gb Total Space | 78,14 Gb Free Space | 88,91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 3,91 Gb Total Space | 3,77 Gb Free Space | 96,32% Space Free | Partition Type: FAT32
Drive I: | 1,92 Gb Total Space | 1,57 Gb Free Space | 81,69% Space Free | Partition Type: FAT
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.28 23:15:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.04.30 14:06:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2011.04.11 12:51:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.21 01:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 01:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.06.01 14:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2004.06.09 17:08:50 | 000,385,024 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\S.A.D\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe
PRC - [2003.02.11 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Programme\WinZip\WZQKPICK.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.11 12:51:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.08.28 23:15:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.30 14:06:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.12.31 13:25:57 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.28 23:15:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.08.28 23:15:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.31 05:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.03.25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.01.25 14:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.10.09 17:13:58 | 000,015,571 | ---- | M] (ProDyne) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PDDSLADP.SYS -- (PDDSLADP)
DRV - [2005.10.09 17:13:58 | 000,015,187 | ---- | M] (ProDyne) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PDDSLHND.SYS -- (PDDSLHND)
DRV - [2000.05.12 15:48:04 | 000,008,768 | ---- | M] (VOB Computersysteme GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alice-dsl.de/
IE - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.04 15:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.14 18:27:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.08.23 16:20:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.12.29 15:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.12.29 15:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.29 02:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\fbwy9sr7.default\extensions
[2011.10.24 10:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.04 14:26:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.10.24 10:30:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.10.04 14:26:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.06.27 01:29:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.31 00:28:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Programme\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004..\Run: [pdfSaver3] C:\Programme\S.A.D\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004..\Run: [SkypePM]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Programme\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - 
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {84E92906-0E3C-B657-6DAE-511B6497244B} - NetShow
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 18:13:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.03.25 21:48:51 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 17:55:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.28 15:55:43 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.03.28 15:55:41 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.27 23:48:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.25 21:49:10 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2012.03.25 17:47:12 | 000,492,308 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.25 17:47:12 | 000,472,866 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 17:47:12 | 000,090,952 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.25 17:47:12 | 000,075,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.15 16:26:33 | 000,537,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.15 02:38:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.09 00:39:49 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.15 02:33:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.20 19:27:10 | 000,003,663 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2011.01.27 00:46:37 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.31 22:40:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.12.31 17:37:24 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2010.12.31 14:34:36 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.12.31 14:34:36 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.12.31 14:34:36 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.12.31 14:34:36 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.12.31 14:34:36 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.12.31 14:34:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.12.31 14:34:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.12.31 14:34:35 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.12.31 14:34:35 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.12.31 14:34:35 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.12.31 14:34:35 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.12.31 14:34:35 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.12.31 14:34:35 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.12.31 14:34:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.12.31 14:34:35 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.12.31 14:34:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.12.31 14:34:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.12.31 14:34:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.12.31 14:34:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.12.31 14:30:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2010.12.31 14:26:20 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.12.29 02:00:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.12.29 00:40:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll
[2010.12.29 00:32:38 | 000,042,982 | ---- | C] () -- C:\WINDOWS\System32\PDDSLADP.DLL
[2010.12.28 23:47:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010.12.28 23:45:42 | 000,005,760 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.12.28 23:45:40 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.12.28 15:13:48 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.12.28 15:05:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.12.28 15:03:54 | 000,537,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.02 16:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.02 16:46:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008.05.02 16:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.02 16:46:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008.05.02 16:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.02 16:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.05.02 16:46:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008.05.02 16:46:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008.05.02 16:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.02.28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 14:00:00 | 000,492,308 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.02.28 14:00:00 | 000,472,866 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.02.28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 14:00:00 | 000,090,952 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.02.28 14:00:00 | 000,075,960 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.02.28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2010.12.31 14:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011.06.25 06:36:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vladovsoft
[2011.05.21 05:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Comms
[2011.10.31 17:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DirectoryListPrintPro
[2011.01.18 17:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON
[2011.01.15 19:28:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2010.12.31 16:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera
[2011.04.27 23:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Philipp Winterberg
[2012.01.28 00:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Rename Expert
[2011.03.13 15:03:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Steinberg
[2011.04.30 14:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SumatraPDF
[2010.12.29 15:35:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird
[2011.05.21 11:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Txttree
[2011.04.11 12:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.28 03:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
[2011.02.27 23:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ahead
[2010.12.29 15:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
[2011.05.21 05:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Comms
[2011.10.31 17:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DirectoryListPrintPro
[2011.01.18 17:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON
[2012.02.15 16:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help
[2010.12.28 15:30:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities
[2010.12.28 23:56:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield
[2010.12.31 15:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia
[2010.12.29 15:41:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2012.03.11 14:21:11 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
[2010.12.29 02:00:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2011.01.15 19:28:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2010.12.31 16:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera
[2011.04.27 23:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Philipp Winterberg
[2012.01.28 00:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Rename Expert
[2011.03.13 15:03:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Steinberg
[2011.04.30 14:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SumatraPDF
[2010.12.31 17:14:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
[2010.12.29 15:35:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird
[2011.05.21 11:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Txttree
[2011.04.11 12:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
[2010.12.31 22:27:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2011.09.07 12:45:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2008.01.25 14:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\WINDOWS\system32\drivers\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.12.28 16:03:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.12.28 16:03:05 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.12.28 16:03:05 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

[/CODE]

Gruß,
sandero

cosinus · 30.03.2012, 10:29

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004..\Run: [SkypePM]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sandero · 30.03.2012, 15:36

Hallo,
dies hier ist beim OTL- Fix rausgekommen:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-764733703-2147035321-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
User: ***
->Temp folder emptied: 795731607 bytes
->Temporary Internet Files folder emptied: 231864969 bytes
->Java cache emptied: 684786 bytes
->FireFox cache emptied: 996688434 bytes
->Opera cache emptied: 10268658 bytes
->Flash cache emptied: 6228 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 385847 bytes
RecycleBin emptied: 5235657 bytes
 
Total Files Cleaned = 1.946,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: ***
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.22.3 log created on 03302012_160214

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...

Gruß,
sandero

cosinus · 30.03.2012, 15:45

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

sandero · 31.03.2012, 12:46

Hallo,
das hat TDSS rausgefunden:

Code:

ATTFilter

13:38:02.0156 3780	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:38:02.0343 3780	============================================================
13:38:02.0343 3780	Current date / time: 2012/03/31 13:38:02.0343
13:38:02.0343 3780	SystemInfo:
13:38:02.0343 3780	
13:38:02.0343 3780	OS Version: 5.1.2600 ServicePack: 3.0
13:38:02.0343 3780	Product type: Workstation
13:38:02.0343 3780	ComputerName: ***
13:38:02.0343 3780	UserName: ***
13:38:02.0343 3780	Windows directory: C:\WINDOWS
13:38:02.0343 3780	System windows directory: C:\WINDOWS
13:38:02.0343 3780	Processor architecture: Intel x86
13:38:02.0343 3780	Number of processors: 2
13:38:02.0343 3780	Page size: 0x1000
13:38:02.0343 3780	Boot type: Normal boot
13:38:02.0343 3780	============================================================
13:38:03.0406 3780	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:38:03.0406 3780	Drive \Device\Harddisk1\DR3 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:38:03.0406 3780	Drive \Device\Harddisk2\DR4 - Size: 0xFB000000 (3.92 Gb), SectorSize: 0x200, Cylinders: 0x1FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:38:03.0406 3780	\Device\Harddisk0\DR0:
13:38:03.0406 3780	MBR used
13:38:03.0406 3780	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFC6752
13:38:03.0406 3780	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAFC6800, BlocksNum 0x121FEDD5
13:38:03.0406 3780	\Device\Harddisk1\DR3:
13:38:03.0421 3780	MBR used
13:38:03.0421 3780	\Device\Harddisk1\DR3\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D77E0
13:38:03.0421 3780	\Device\Harddisk2\DR4:
13:38:03.0421 3780	MBR used
13:38:03.0515 3780	Initialize success
13:38:03.0515 3780	============================================================
13:40:55.0500 2124	============================================================
13:40:55.0500 2124	Scan started
13:40:55.0500 2124	Mode: Manual; SigCheck; TDLFS; 
13:40:55.0500 2124	============================================================
13:40:55.0640 2124	Abiosdsk - ok
13:40:55.0656 2124	abp480n5 - ok
13:40:55.0718 2124	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:40:56.0750 2124	ACPI - ok
13:40:56.0828 2124	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:40:56.0937 2124	ACPIEC - ok
13:40:57.0015 2124	Adobe LM Service (6ef096317e127aecf4cb61081d88ad0b) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
13:40:57.0031 2124	Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:40:57.0031 2124	Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:40:57.0171 2124	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:40:57.0187 2124	AdobeFlashPlayerUpdateSvc - ok
13:40:57.0203 2124	adpu160m - ok
13:40:57.0265 2124	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:40:57.0375 2124	aec - ok
13:40:57.0437 2124	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:40:57.0484 2124	AFD - ok
13:40:57.0562 2124	Aha154x - ok
13:40:57.0578 2124	aic78u2 - ok
13:40:57.0578 2124	aic78xx - ok
13:40:57.0625 2124	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:40:57.0718 2124	Alerter - ok
13:40:57.0765 2124	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:40:57.0875 2124	ALG - ok
13:40:57.0875 2124	AliIde - ok
13:40:58.0015 2124	AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:40:58.0062 2124	AmdK8 - ok
13:40:58.0062 2124	amsint - ok
13:40:58.0187 2124	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
13:40:58.0203 2124	AntiVirSchedulerService - ok
13:40:58.0218 2124	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:40:58.0218 2124	AntiVirService - ok
13:40:58.0296 2124	AppMgmt - ok
13:40:58.0343 2124	Asapi           (1e0eeb62964513f4f1e18fee3c69c43d) C:\WINDOWS\system32\drivers\Asapi.sys
13:40:58.0359 2124	Asapi ( UnsignedFile.Multi.Generic ) - warning
13:40:58.0359 2124	Asapi - detected UnsignedFile.Multi.Generic (1)
13:40:58.0375 2124	asc - ok
13:40:58.0375 2124	asc3350p - ok
13:40:58.0390 2124	asc3550 - ok
13:40:58.0468 2124	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:40:58.0484 2124	aspnet_state - ok
13:40:58.0578 2124	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:40:58.0687 2124	AsyncMac - ok
13:40:58.0718 2124	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:40:58.0828 2124	atapi - ok
13:40:58.0859 2124	Atdisk - ok
13:40:58.0890 2124	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:40:58.0984 2124	Atmarpc - ok
13:40:59.0078 2124	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:40:59.0187 2124	AudioSrv - ok
13:40:59.0250 2124	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:40:59.0375 2124	audstub - ok
13:40:59.0500 2124	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:40:59.0515 2124	avgio - ok
13:40:59.0578 2124	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:40:59.0593 2124	avgntflt - ok
13:40:59.0625 2124	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:40:59.0640 2124	avipbb - ok
13:40:59.0703 2124	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:40:59.0843 2124	Beep - ok
13:40:59.0875 2124	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
13:40:59.0984 2124	BITS - ok
13:41:00.0078 2124	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:41:00.0187 2124	Browser - ok
13:41:00.0359 2124	catchme - ok
13:41:00.0437 2124	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:41:00.0562 2124	cbidf2k - ok
13:41:00.0562 2124	cd20xrnt - ok
13:41:00.0625 2124	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:41:00.0718 2124	Cdaudio - ok
13:41:00.0765 2124	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:41:00.0859 2124	Cdfs - ok
13:41:00.0921 2124	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:41:01.0015 2124	Cdrom - ok
13:41:01.0046 2124	Changer - ok
13:41:01.0093 2124	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
13:41:01.0187 2124	CiSvc - ok
13:41:01.0187 2124	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:41:01.0281 2124	ClipSrv - ok
13:41:01.0375 2124	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:41:01.0390 2124	clr_optimization_v2.0.50727_32 - ok
13:41:01.0453 2124	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:41:01.0468 2124	clr_optimization_v4.0.30319_32 - ok
13:41:01.0515 2124	CmdIde - ok
13:41:01.0531 2124	COMSysApp - ok
13:41:01.0531 2124	Cpqarray - ok
13:41:01.0593 2124	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:41:01.0687 2124	CryptSvc - ok
13:41:01.0687 2124	dac2w2k - ok
13:41:01.0703 2124	dac960nt - ok
13:41:01.0750 2124	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:41:01.0828 2124	DcomLaunch - ok
13:41:01.0953 2124	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:41:02.0046 2124	Dhcp - ok
13:41:02.0125 2124	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:41:02.0218 2124	Disk - ok
13:41:02.0218 2124	dmadmin - ok
13:41:02.0296 2124	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:41:02.0421 2124	dmboot - ok
13:41:02.0531 2124	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:41:02.0640 2124	dmio - ok
13:41:02.0671 2124	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:41:02.0781 2124	dmload - ok
13:41:02.0812 2124	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:41:02.0906 2124	dmserver - ok
13:41:02.0984 2124	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:41:03.0093 2124	DMusic - ok
13:41:03.0140 2124	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:41:03.0234 2124	Dnscache - ok
13:41:03.0312 2124	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:41:03.0406 2124	Dot3svc - ok
13:41:03.0453 2124	dpti2o - ok
13:41:03.0500 2124	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:41:03.0609 2124	drmkaud - ok
13:41:03.0656 2124	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:41:03.0734 2124	EapHost - ok
13:41:03.0796 2124	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:41:03.0890 2124	ERSvc - ok
13:41:03.0968 2124	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:41:04.0015 2124	Eventlog - ok
13:41:04.0109 2124	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
13:41:04.0156 2124	EventSystem - ok
13:41:04.0265 2124	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:41:04.0375 2124	Fastfat - ok
13:41:04.0421 2124	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:41:04.0468 2124	FastUserSwitchingCompatibility - ok
13:41:04.0578 2124	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:41:04.0656 2124	Fdc - ok
13:41:04.0687 2124	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:41:04.0796 2124	Fips - ok
13:41:04.0796 2124	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:41:04.0890 2124	Flpydisk - ok
13:41:04.0937 2124	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:41:05.0015 2124	FltMgr - ok
13:41:05.0093 2124	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:41:05.0093 2124	FontCache3.0.0.0 - ok
13:41:05.0203 2124	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:41:05.0328 2124	Fs_Rec - ok
13:41:05.0359 2124	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:41:05.0453 2124	Ftdisk - ok
13:41:05.0500 2124	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:41:05.0578 2124	Gpc - ok
13:41:05.0703 2124	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
13:41:05.0718 2124	gupdate - ok
13:41:05.0718 2124	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
13:41:05.0734 2124	gupdatem - ok
13:41:05.0859 2124	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:41:05.0968 2124	HDAudBus - ok
13:41:06.0031 2124	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:41:06.0140 2124	helpsvc - ok
13:41:06.0140 2124	HidServ - ok
13:41:06.0218 2124	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:41:06.0296 2124	hkmsvc - ok
13:41:06.0328 2124	hpn - ok
13:41:06.0375 2124	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:41:06.0406 2124	HTTP - ok
13:41:06.0484 2124	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:41:06.0578 2124	HTTPFilter - ok
13:41:06.0609 2124	i2omgmt - ok
13:41:06.0609 2124	i2omp - ok
13:41:06.0656 2124	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:41:06.0765 2124	i8042prt - ok
13:41:06.0890 2124	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:41:06.0937 2124	idsvc - ok
13:41:07.0031 2124	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:41:07.0140 2124	Imapi - ok
13:41:07.0187 2124	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
13:41:07.0281 2124	ImapiService - ok
13:41:07.0296 2124	ini910u - ok
13:41:07.0468 2124	IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:41:07.0640 2124	IntcAzAudAddService - ok
13:41:07.0718 2124	IntelIde - ok
13:41:07.0750 2124	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:41:07.0843 2124	Ip6Fw - ok
13:41:07.0890 2124	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:41:08.0000 2124	IpFilterDriver - ok
13:41:08.0015 2124	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:41:08.0109 2124	IpInIp - ok
13:41:08.0218 2124	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:41:08.0328 2124	IpNat - ok
13:41:08.0359 2124	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:41:08.0453 2124	IPSec - ok
13:41:08.0468 2124	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:41:08.0578 2124	IRENUM - ok
13:41:08.0671 2124	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:41:08.0781 2124	isapnp - ok
13:41:08.0906 2124	JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
13:41:08.0906 2124	JavaQuickStarterService - ok
13:41:09.0015 2124	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:41:09.0125 2124	Kbdclass - ok
13:41:09.0156 2124	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:41:09.0265 2124	kmixer - ok
13:41:09.0296 2124	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:41:09.0359 2124	KSecDD - ok
13:41:09.0468 2124	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:41:09.0500 2124	lanmanserver - ok
13:41:09.0546 2124	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:41:09.0609 2124	lanmanworkstation - ok
13:41:09.0625 2124	lbrtfdc - ok
13:41:09.0671 2124	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:41:09.0781 2124	LmHosts - ok
13:41:09.0796 2124	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:41:09.0890 2124	Messenger - ok
13:41:09.0937 2124	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:41:10.0046 2124	mnmdd - ok
13:41:10.0093 2124	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
13:41:10.0187 2124	mnmsrvc - ok
13:41:10.0281 2124	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:41:10.0375 2124	Modem - ok
13:41:10.0406 2124	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:41:10.0500 2124	Mouclass - ok
13:41:10.0531 2124	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:41:10.0625 2124	MountMgr - ok
13:41:10.0687 2124	mraid35x - ok
13:41:10.0718 2124	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:41:10.0812 2124	MRxDAV - ok
13:41:10.0875 2124	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:41:10.0937 2124	MRxSmb - ok
13:41:11.0031 2124	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
13:41:11.0109 2124	MSDTC - ok
13:41:11.0171 2124	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:41:11.0250 2124	Msfs - ok
13:41:11.0250 2124	MSIServer - ok
13:41:11.0281 2124	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:41:11.0375 2124	MSKSSRV - ok
13:41:11.0390 2124	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:41:11.0484 2124	MSPCLOCK - ok
13:41:11.0484 2124	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:41:11.0578 2124	MSPQM - ok
13:41:11.0687 2124	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:41:11.0765 2124	mssmbios - ok
13:41:11.0812 2124	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:41:11.0843 2124	Mup - ok
13:41:11.0906 2124	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:41:12.0015 2124	napagent - ok
13:41:12.0125 2124	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:41:12.0218 2124	NDIS - ok
13:41:12.0265 2124	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:41:12.0296 2124	NdisTapi - ok
13:41:12.0328 2124	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:41:12.0421 2124	Ndisuio - ok
13:41:12.0515 2124	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:41:12.0609 2124	NdisWan - ok
13:41:12.0640 2124	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:41:12.0703 2124	NDProxy - ok
13:41:12.0718 2124	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:41:12.0812 2124	NetBIOS - ok
13:41:12.0921 2124	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:41:13.0015 2124	NetBT - ok
13:41:13.0046 2124	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:41:13.0156 2124	NetDDE - ok
13:41:13.0156 2124	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:41:13.0234 2124	NetDDEdsdm - ok
13:41:13.0281 2124	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:13.0359 2124	Netlogon - ok
13:41:13.0437 2124	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:41:13.0531 2124	Netman - ok
13:41:13.0609 2124	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:41:13.0625 2124	NetTcpPortSharing - ok
13:41:13.0687 2124	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:41:13.0734 2124	Nla - ok
13:41:13.0828 2124	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:41:13.0906 2124	Npfs - ok
13:41:13.0921 2124	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:41:14.0046 2124	Ntfs - ok
13:41:14.0093 2124	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:14.0171 2124	NtLmSsp - ok
13:41:14.0250 2124	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:41:14.0343 2124	NtmsSvc - ok
13:41:14.0468 2124	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:41:14.0593 2124	Null - ok
13:41:14.0796 2124	nv              (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:41:15.0109 2124	nv - ok
13:41:15.0218 2124	NVENETFD        (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:41:15.0250 2124	NVENETFD - ok
13:41:15.0281 2124	nvgts           (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:41:15.0312 2124	nvgts - ok
13:41:15.0375 2124	nvnetbus        (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:41:15.0421 2124	nvnetbus - ok
13:41:15.0531 2124	NVSvc           (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe
13:41:15.0546 2124	NVSvc - ok
13:41:15.0640 2124	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:41:15.0734 2124	NwlnkFlt - ok
13:41:15.0781 2124	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:41:15.0890 2124	NwlnkFwd - ok
13:41:15.0937 2124	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:41:16.0046 2124	Parport - ok
13:41:16.0093 2124	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:41:16.0187 2124	PartMgr - ok
13:41:16.0234 2124	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:41:16.0359 2124	ParVdm - ok
13:41:16.0406 2124	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:41:16.0500 2124	PCI - ok
13:41:16.0515 2124	PCIDump - ok
13:41:16.0531 2124	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:41:16.0640 2124	PCIIde - ok
13:41:16.0718 2124	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:41:16.0812 2124	Pcmcia - ok
13:41:16.0859 2124	PDCOMP - ok
13:41:16.0921 2124	PDDSLADP        (ab6f9ee08b82a46f2b4f0ab909f1fad9) C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS
13:41:16.0937 2124	PDDSLADP ( UnsignedFile.Multi.Generic ) - warning
13:41:16.0937 2124	PDDSLADP - detected UnsignedFile.Multi.Generic (1)
13:41:16.0968 2124	PDDSLHND        (49e3fa74798f192d4a6b299ee0b8e5f3) C:\WINDOWS\system32\drivers\PDDSLHND.sys
13:41:17.0000 2124	PDDSLHND ( UnsignedFile.Multi.Generic ) - warning
13:41:17.0000 2124	PDDSLHND - detected UnsignedFile.Multi.Generic (1)
13:41:17.0000 2124	PDFRAME - ok
13:41:17.0015 2124	PDRELI - ok
13:41:17.0015 2124	PDRFRAME - ok
13:41:17.0031 2124	perc2 - ok
13:41:17.0031 2124	perc2hib - ok
13:41:17.0093 2124	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:41:17.0125 2124	PlugPlay - ok
13:41:17.0187 2124	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:17.0265 2124	PolicyAgent - ok
13:41:17.0343 2124	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:41:17.0437 2124	PptpMiniport - ok
13:41:17.0468 2124	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:41:17.0578 2124	Processor - ok
13:41:17.0609 2124	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:17.0687 2124	ProtectedStorage - ok
13:41:17.0703 2124	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:41:17.0796 2124	PSched - ok
13:41:17.0921 2124	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
13:41:17.0921 2124	PSI - ok
13:41:17.0937 2124	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:41:18.0062 2124	Ptilink - ok
13:41:18.0109 2124	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:41:18.0109 2124	PxHelp20 - ok
13:41:18.0125 2124	ql1080 - ok
13:41:18.0125 2124	Ql10wnt - ok
13:41:18.0140 2124	ql12160 - ok
13:41:18.0140 2124	ql1240 - ok
13:41:18.0156 2124	ql1280 - ok
13:41:18.0187 2124	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:41:18.0296 2124	RasAcd - ok
13:41:18.0343 2124	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:41:18.0437 2124	RasAuto - ok
13:41:18.0500 2124	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:41:18.0593 2124	Rasl2tp - ok
13:41:18.0671 2124	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:41:18.0765 2124	RasMan - ok
13:41:18.0781 2124	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:41:18.0875 2124	RasPppoe - ok
13:41:18.0921 2124	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:41:19.0031 2124	Raspti - ok
13:41:19.0062 2124	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:41:19.0140 2124	Rdbss - ok
13:41:19.0156 2124	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:41:19.0296 2124	RDPCDD - ok
13:41:19.0328 2124	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:41:19.0359 2124	RDPWD - ok
13:41:19.0468 2124	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:41:19.0562 2124	RDSessMgr - ok
13:41:19.0609 2124	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:41:19.0703 2124	redbook - ok
13:41:19.0750 2124	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:41:19.0843 2124	RemoteAccess - ok
13:41:19.0953 2124	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
13:41:20.0046 2124	RpcLocator - ok
13:41:20.0078 2124	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
13:41:20.0156 2124	RpcSs - ok
13:41:20.0171 2124	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
13:41:20.0281 2124	RSVP - ok
13:41:20.0375 2124	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:20.0453 2124	SamSs - ok
13:41:20.0500 2124	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:41:20.0593 2124	SCardSvr - ok
13:41:20.0640 2124	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:41:20.0734 2124	Schedule - ok
13:41:20.0828 2124	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:41:20.0906 2124	Secdrv - ok
13:41:20.0937 2124	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:41:21.0015 2124	seclogon - ok
13:41:21.0078 2124	Secunia PSI Agent - ok
13:41:21.0093 2124	Secunia Update Agent - ok
13:41:21.0140 2124	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:41:21.0234 2124	SENS - ok
13:41:21.0328 2124	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:41:21.0437 2124	serenum - ok
13:41:21.0437 2124	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:41:21.0515 2124	Serial - ok
13:41:21.0609 2124	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:41:21.0703 2124	Sfloppy - ok
13:41:21.0812 2124	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
13:41:21.0906 2124	SharedAccess - ok
13:41:21.0953 2124	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:41:22.0000 2124	ShellHWDetection - ok
13:41:22.0015 2124	Simbad - ok
13:41:22.0093 2124	Sparrow - ok
13:41:22.0140 2124	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:41:22.0234 2124	splitter - ok
13:41:22.0281 2124	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:41:22.0343 2124	Spooler - ok
13:41:22.0453 2124	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:41:22.0546 2124	sr - ok
13:41:22.0593 2124	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
13:41:22.0687 2124	srservice - ok
13:41:22.0734 2124	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:41:22.0796 2124	Srv - ok
13:41:22.0906 2124	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:41:22.0984 2124	SSDPSRV - ok
13:41:23.0062 2124	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:41:23.0078 2124	ssmdrv - ok
13:41:23.0093 2124	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:41:23.0218 2124	stisvc - ok
13:41:23.0312 2124	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:41:23.0421 2124	swenum - ok
13:41:23.0437 2124	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:41:23.0546 2124	swmidi - ok
13:41:23.0546 2124	SwPrv - ok
13:41:23.0562 2124	symc810 - ok
13:41:23.0578 2124	symc8xx - ok
13:41:23.0578 2124	sym_hi - ok
13:41:23.0593 2124	sym_u3 - ok
13:41:23.0625 2124	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:41:23.0718 2124	sysaudio - ok
13:41:23.0781 2124	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:41:23.0875 2124	SysmonLog - ok
13:41:23.0953 2124	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:41:24.0046 2124	TapiSrv - ok
13:41:24.0093 2124	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:41:24.0171 2124	Tcpip - ok
13:41:24.0203 2124	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:41:24.0281 2124	TDPIPE - ok
13:41:24.0359 2124	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:41:24.0453 2124	TDTCP - ok
13:41:24.0484 2124	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:41:24.0578 2124	TermDD - ok
13:41:24.0609 2124	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:41:24.0703 2124	TermService - ok
13:41:24.0828 2124	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:41:24.0828 2124	Themes - ok
13:41:24.0859 2124	TosIde - ok
13:41:24.0906 2124	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:41:25.0015 2124	TrkWks - ok
13:41:25.0046 2124	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:41:25.0140 2124	Udfs - ok
13:41:25.0203 2124	ultra - ok
13:41:25.0234 2124	UMWdf           (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
13:41:25.0281 2124	UMWdf - ok
13:41:25.0328 2124	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:41:25.0437 2124	Update - ok
13:41:25.0546 2124	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:41:25.0671 2124	upnphost - ok
13:41:25.0703 2124	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:41:25.0796 2124	UPS - ok
13:41:25.0859 2124	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:41:25.0937 2124	usbccgp - ok
13:41:26.0046 2124	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:41:26.0140 2124	usbehci - ok
13:41:26.0171 2124	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:41:26.0265 2124	usbhub - ok
13:41:26.0312 2124	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:41:26.0390 2124	usbohci - ok
13:41:26.0421 2124	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:41:26.0500 2124	usbprint - ok
13:41:26.0562 2124	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:41:26.0640 2124	usbscan - ok
13:41:26.0671 2124	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:41:26.0765 2124	USBSTOR - ok
13:41:26.0812 2124	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:41:26.0906 2124	VgaSave - ok
13:41:26.0906 2124	ViaIde - ok
13:41:26.0937 2124	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:41:27.0031 2124	VolSnap - ok
13:41:27.0140 2124	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:41:27.0218 2124	VSS - ok
13:41:27.0250 2124	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
13:41:27.0343 2124	W32Time - ok
13:41:27.0421 2124	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:41:27.0515 2124	Wanarp - ok
13:41:27.0515 2124	WDICA - ok
13:41:27.0562 2124	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:41:27.0687 2124	wdmaud - ok
13:41:27.0718 2124	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:41:27.0812 2124	WebClient - ok
13:41:27.0937 2124	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:41:28.0031 2124	winmgmt - ok
13:41:28.0078 2124	WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll
13:41:28.0125 2124	WmdmPmSN - ok
13:41:28.0156 2124	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:41:28.0250 2124	WmiApSrv - ok
13:41:28.0484 2124	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:41:28.0500 2124	WPFFontCache_v0400 - ok
13:41:28.0593 2124	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
13:41:28.0687 2124	wscsvc - ok
13:41:28.0734 2124	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:41:28.0843 2124	wuauserv - ok
13:41:28.0890 2124	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:41:29.0015 2124	WZCSVC - ok
13:41:29.0093 2124	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:41:29.0187 2124	xmlprov - ok
13:41:29.0218 2124	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:41:29.0250 2124	\Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
13:41:29.0250 2124	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
13:41:29.0281 2124	MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3
13:41:40.0500 2124	\Device\Harddisk1\DR3 - ok
13:41:40.0515 2124	MBR (0x1B8)     (5f0c182b562b3e23431a346295e19b32) \Device\Harddisk2\DR4
13:41:41.0015 2124	\Device\Harddisk2\DR4 - ok
13:41:41.0031 2124	Boot (0x1200)   (83c2ad04c403d21c5fb18c3a9a6534b9) \Device\Harddisk0\DR0\Partition0
13:41:41.0031 2124	\Device\Harddisk0\DR0\Partition0 - ok
13:41:41.0046 2124	Boot (0x1200)   (63107a0dfc5a95a0a18d33084b699e2c) \Device\Harddisk0\DR0\Partition1
13:41:41.0046 2124	\Device\Harddisk0\DR0\Partition1 - ok
13:41:41.0046 2124	Boot (0x1200)   (575159508634dc095068102423bb2eae) \Device\Harddisk1\DR3\Partition0
13:41:41.0046 2124	\Device\Harddisk1\DR3\Partition0 - ok
13:41:41.0046 2124	============================================================
13:41:41.0046 2124	Scan finished
13:41:41.0046 2124	============================================================
13:41:41.0156 3608	Detected object count: 5
13:41:41.0156 3608	Actual detected object count: 5

Gruß,
sandero

cosinus · 02.04.2012, 10:11

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sandero · 08.04.2012, 22:36

Hallo,
der TDSS- Killer hat, obwohl ich's anders vorhatte, die Nr.5 der Funde beim nächsten Neustart automatisch gekillt. Die anderen vier Funde wurden aber (>'Skip') übersprungen. Muss ich die nicht erst löschen lassen?
Gruß,
sandero

cosinus · 08.04.2012, 22:41

Ja äh

Das seh ich jetzt erst, dass du das Log vom TDSS-Killer nicht vollständig gepostet hast
Die untere Zusammenfassung fehlt!

sandero · 09.04.2012, 01:41

Huch, wie ist das denn passiert

? Hier dann jedenfalls die hoffentlich komplette Datei:

Code:

ATTFilter

13:38:02.0156 3780	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:38:02.0343 3780	============================================================
13:38:02.0343 3780	Current date / time: 2012/03/31 13:38:02.0343
13:38:02.0343 3780	SystemInfo:
13:38:02.0343 3780	
13:38:02.0343 3780	OS Version: 5.1.2600 ServicePack: 3.0
13:38:02.0343 3780	Product type: Workstation
13:38:02.0343 3780	ComputerName: ***
13:38:02.0343 3780	UserName: ***
13:38:02.0343 3780	Windows directory: C:\WINDOWS
13:38:02.0343 3780	System windows directory: C:\WINDOWS
13:38:02.0343 3780	Processor architecture: Intel x86
13:38:02.0343 3780	Number of processors: 2
13:38:02.0343 3780	Page size: 0x1000
13:38:02.0343 3780	Boot type: Normal boot
13:38:02.0343 3780	============================================================
13:38:03.0406 3780	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:38:03.0406 3780	Drive \Device\Harddisk1\DR3 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:38:03.0406 3780	Drive \Device\Harddisk2\DR4 - Size: 0xFB000000 (3.92 Gb), SectorSize: 0x200, Cylinders: 0x1FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:38:03.0406 3780	\Device\Harddisk0\DR0:
13:38:03.0406 3780	MBR used
13:38:03.0406 3780	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFC6752
13:38:03.0406 3780	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAFC6800, BlocksNum 0x121FEDD5
13:38:03.0406 3780	\Device\Harddisk1\DR3:
13:38:03.0421 3780	MBR used
13:38:03.0421 3780	\Device\Harddisk1\DR3\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D77E0
13:38:03.0421 3780	\Device\Harddisk2\DR4:
13:38:03.0421 3780	MBR used
13:38:03.0515 3780	Initialize success
13:38:03.0515 3780	============================================================
13:40:55.0500 2124	============================================================
13:40:55.0500 2124	Scan started
13:40:55.0500 2124	Mode: Manual; SigCheck; TDLFS; 
13:40:55.0500 2124	============================================================
13:40:55.0640 2124	Abiosdsk - ok
13:40:55.0656 2124	abp480n5 - ok
13:40:55.0718 2124	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:40:56.0750 2124	ACPI - ok
13:40:56.0828 2124	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:40:56.0937 2124	ACPIEC - ok
13:40:57.0015 2124	Adobe LM Service (6ef096317e127aecf4cb61081d88ad0b) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
13:40:57.0031 2124	Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:40:57.0031 2124	Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:40:57.0171 2124	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:40:57.0187 2124	AdobeFlashPlayerUpdateSvc - ok
13:40:57.0203 2124	adpu160m - ok
13:40:57.0265 2124	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:40:57.0375 2124	aec - ok
13:40:57.0437 2124	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:40:57.0484 2124	AFD - ok
13:40:57.0562 2124	Aha154x - ok
13:40:57.0578 2124	aic78u2 - ok
13:40:57.0578 2124	aic78xx - ok
13:40:57.0625 2124	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:40:57.0718 2124	Alerter - ok
13:40:57.0765 2124	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:40:57.0875 2124	ALG - ok
13:40:57.0875 2124	AliIde - ok
13:40:58.0015 2124	AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:40:58.0062 2124	AmdK8 - ok
13:40:58.0062 2124	amsint - ok
13:40:58.0187 2124	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
13:40:58.0203 2124	AntiVirSchedulerService - ok
13:40:58.0218 2124	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:40:58.0218 2124	AntiVirService - ok
13:40:58.0296 2124	AppMgmt - ok
13:40:58.0343 2124	Asapi           (1e0eeb62964513f4f1e18fee3c69c43d) C:\WINDOWS\system32\drivers\Asapi.sys
13:40:58.0359 2124	Asapi ( UnsignedFile.Multi.Generic ) - warning
13:40:58.0359 2124	Asapi - detected UnsignedFile.Multi.Generic (1)
13:40:58.0375 2124	asc - ok
13:40:58.0375 2124	asc3350p - ok
13:40:58.0390 2124	asc3550 - ok
13:40:58.0468 2124	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:40:58.0484 2124	aspnet_state - ok
13:40:58.0578 2124	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:40:58.0687 2124	AsyncMac - ok
13:40:58.0718 2124	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:40:58.0828 2124	atapi - ok
13:40:58.0859 2124	Atdisk - ok
13:40:58.0890 2124	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:40:58.0984 2124	Atmarpc - ok
13:40:59.0078 2124	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:40:59.0187 2124	AudioSrv - ok
13:40:59.0250 2124	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:40:59.0375 2124	audstub - ok
13:40:59.0500 2124	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:40:59.0515 2124	avgio - ok
13:40:59.0578 2124	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:40:59.0593 2124	avgntflt - ok
13:40:59.0625 2124	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:40:59.0640 2124	avipbb - ok
13:40:59.0703 2124	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:40:59.0843 2124	Beep - ok
13:40:59.0875 2124	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
13:40:59.0984 2124	BITS - ok
13:41:00.0078 2124	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:41:00.0187 2124	Browser - ok
13:41:00.0359 2124	catchme - ok
13:41:00.0437 2124	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:41:00.0562 2124	cbidf2k - ok
13:41:00.0562 2124	cd20xrnt - ok
13:41:00.0625 2124	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:41:00.0718 2124	Cdaudio - ok
13:41:00.0765 2124	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:41:00.0859 2124	Cdfs - ok
13:41:00.0921 2124	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:41:01.0015 2124	Cdrom - ok
13:41:01.0046 2124	Changer - ok
13:41:01.0093 2124	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
13:41:01.0187 2124	CiSvc - ok
13:41:01.0187 2124	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:41:01.0281 2124	ClipSrv - ok
13:41:01.0375 2124	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:41:01.0390 2124	clr_optimization_v2.0.50727_32 - ok
13:41:01.0453 2124	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:41:01.0468 2124	clr_optimization_v4.0.30319_32 - ok
13:41:01.0515 2124	CmdIde - ok
13:41:01.0531 2124	COMSysApp - ok
13:41:01.0531 2124	Cpqarray - ok
13:41:01.0593 2124	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:41:01.0687 2124	CryptSvc - ok
13:41:01.0687 2124	dac2w2k - ok
13:41:01.0703 2124	dac960nt - ok
13:41:01.0750 2124	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:41:01.0828 2124	DcomLaunch - ok
13:41:01.0953 2124	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:41:02.0046 2124	Dhcp - ok
13:41:02.0125 2124	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:41:02.0218 2124	Disk - ok
13:41:02.0218 2124	dmadmin - ok
13:41:02.0296 2124	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:41:02.0421 2124	dmboot - ok
13:41:02.0531 2124	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:41:02.0640 2124	dmio - ok
13:41:02.0671 2124	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:41:02.0781 2124	dmload - ok
13:41:02.0812 2124	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:41:02.0906 2124	dmserver - ok
13:41:02.0984 2124	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:41:03.0093 2124	DMusic - ok
13:41:03.0140 2124	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:41:03.0234 2124	Dnscache - ok
13:41:03.0312 2124	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:41:03.0406 2124	Dot3svc - ok
13:41:03.0453 2124	dpti2o - ok
13:41:03.0500 2124	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:41:03.0609 2124	drmkaud - ok
13:41:03.0656 2124	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:41:03.0734 2124	EapHost - ok
13:41:03.0796 2124	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:41:03.0890 2124	ERSvc - ok
13:41:03.0968 2124	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:41:04.0015 2124	Eventlog - ok
13:41:04.0109 2124	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
13:41:04.0156 2124	EventSystem - ok
13:41:04.0265 2124	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:41:04.0375 2124	Fastfat - ok
13:41:04.0421 2124	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:41:04.0468 2124	FastUserSwitchingCompatibility - ok
13:41:04.0578 2124	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:41:04.0656 2124	Fdc - ok
13:41:04.0687 2124	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:41:04.0796 2124	Fips - ok
13:41:04.0796 2124	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:41:04.0890 2124	Flpydisk - ok
13:41:04.0937 2124	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:41:05.0015 2124	FltMgr - ok
13:41:05.0093 2124	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:41:05.0093 2124	FontCache3.0.0.0 - ok
13:41:05.0203 2124	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:41:05.0328 2124	Fs_Rec - ok
13:41:05.0359 2124	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:41:05.0453 2124	Ftdisk - ok
13:41:05.0500 2124	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:41:05.0578 2124	Gpc - ok
13:41:05.0703 2124	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
13:41:05.0718 2124	gupdate - ok
13:41:05.0718 2124	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
13:41:05.0734 2124	gupdatem - ok
13:41:05.0859 2124	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:41:05.0968 2124	HDAudBus - ok
13:41:06.0031 2124	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:41:06.0140 2124	helpsvc - ok
13:41:06.0140 2124	HidServ - ok
13:41:06.0218 2124	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:41:06.0296 2124	hkmsvc - ok
13:41:06.0328 2124	hpn - ok
13:41:06.0375 2124	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:41:06.0406 2124	HTTP - ok
13:41:06.0484 2124	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:41:06.0578 2124	HTTPFilter - ok
13:41:06.0609 2124	i2omgmt - ok
13:41:06.0609 2124	i2omp - ok
13:41:06.0656 2124	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:41:06.0765 2124	i8042prt - ok
13:41:06.0890 2124	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:41:06.0937 2124	idsvc - ok
13:41:07.0031 2124	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:41:07.0140 2124	Imapi - ok
13:41:07.0187 2124	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
13:41:07.0281 2124	ImapiService - ok
13:41:07.0296 2124	ini910u - ok
13:41:07.0468 2124	IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:41:07.0640 2124	IntcAzAudAddService - ok
13:41:07.0718 2124	IntelIde - ok
13:41:07.0750 2124	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:41:07.0843 2124	Ip6Fw - ok
13:41:07.0890 2124	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:41:08.0000 2124	IpFilterDriver - ok
13:41:08.0015 2124	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:41:08.0109 2124	IpInIp - ok
13:41:08.0218 2124	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:41:08.0328 2124	IpNat - ok
13:41:08.0359 2124	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:41:08.0453 2124	IPSec - ok
13:41:08.0468 2124	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:41:08.0578 2124	IRENUM - ok
13:41:08.0671 2124	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:41:08.0781 2124	isapnp - ok
13:41:08.0906 2124	JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
13:41:08.0906 2124	JavaQuickStarterService - ok
13:41:09.0015 2124	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:41:09.0125 2124	Kbdclass - ok
13:41:09.0156 2124	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:41:09.0265 2124	kmixer - ok
13:41:09.0296 2124	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:41:09.0359 2124	KSecDD - ok
13:41:09.0468 2124	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:41:09.0500 2124	lanmanserver - ok
13:41:09.0546 2124	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:41:09.0609 2124	lanmanworkstation - ok
13:41:09.0625 2124	lbrtfdc - ok
13:41:09.0671 2124	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:41:09.0781 2124	LmHosts - ok
13:41:09.0796 2124	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:41:09.0890 2124	Messenger - ok
13:41:09.0937 2124	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:41:10.0046 2124	mnmdd - ok
13:41:10.0093 2124	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
13:41:10.0187 2124	mnmsrvc - ok
13:41:10.0281 2124	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:41:10.0375 2124	Modem - ok
13:41:10.0406 2124	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:41:10.0500 2124	Mouclass - ok
13:41:10.0531 2124	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:41:10.0625 2124	MountMgr - ok
13:41:10.0687 2124	mraid35x - ok
13:41:10.0718 2124	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:41:10.0812 2124	MRxDAV - ok
13:41:10.0875 2124	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:41:10.0937 2124	MRxSmb - ok
13:41:11.0031 2124	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
13:41:11.0109 2124	MSDTC - ok
13:41:11.0171 2124	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:41:11.0250 2124	Msfs - ok
13:41:11.0250 2124	MSIServer - ok
13:41:11.0281 2124	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:41:11.0375 2124	MSKSSRV - ok
13:41:11.0390 2124	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:41:11.0484 2124	MSPCLOCK - ok
13:41:11.0484 2124	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:41:11.0578 2124	MSPQM - ok
13:41:11.0687 2124	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:41:11.0765 2124	mssmbios - ok
13:41:11.0812 2124	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:41:11.0843 2124	Mup - ok
13:41:11.0906 2124	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:41:12.0015 2124	napagent - ok
13:41:12.0125 2124	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:41:12.0218 2124	NDIS - ok
13:41:12.0265 2124	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:41:12.0296 2124	NdisTapi - ok
13:41:12.0328 2124	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:41:12.0421 2124	Ndisuio - ok
13:41:12.0515 2124	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:41:12.0609 2124	NdisWan - ok
13:41:12.0640 2124	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:41:12.0703 2124	NDProxy - ok
13:41:12.0718 2124	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:41:12.0812 2124	NetBIOS - ok
13:41:12.0921 2124	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:41:13.0015 2124	NetBT - ok
13:41:13.0046 2124	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:41:13.0156 2124	NetDDE - ok
13:41:13.0156 2124	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:41:13.0234 2124	NetDDEdsdm - ok
13:41:13.0281 2124	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:13.0359 2124	Netlogon - ok
13:41:13.0437 2124	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:41:13.0531 2124	Netman - ok
13:41:13.0609 2124	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:41:13.0625 2124	NetTcpPortSharing - ok
13:41:13.0687 2124	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:41:13.0734 2124	Nla - ok
13:41:13.0828 2124	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:41:13.0906 2124	Npfs - ok
13:41:13.0921 2124	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:41:14.0046 2124	Ntfs - ok
13:41:14.0093 2124	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:14.0171 2124	NtLmSsp - ok
13:41:14.0250 2124	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:41:14.0343 2124	NtmsSvc - ok
13:41:14.0468 2124	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:41:14.0593 2124	Null - ok
13:41:14.0796 2124	nv              (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:41:15.0109 2124	nv - ok
13:41:15.0218 2124	NVENETFD        (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:41:15.0250 2124	NVENETFD - ok
13:41:15.0281 2124	nvgts           (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:41:15.0312 2124	nvgts - ok
13:41:15.0375 2124	nvnetbus        (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:41:15.0421 2124	nvnetbus - ok
13:41:15.0531 2124	NVSvc           (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe
13:41:15.0546 2124	NVSvc - ok
13:41:15.0640 2124	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:41:15.0734 2124	NwlnkFlt - ok
13:41:15.0781 2124	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:41:15.0890 2124	NwlnkFwd - ok
13:41:15.0937 2124	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:41:16.0046 2124	Parport - ok
13:41:16.0093 2124	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:41:16.0187 2124	PartMgr - ok
13:41:16.0234 2124	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:41:16.0359 2124	ParVdm - ok
13:41:16.0406 2124	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:41:16.0500 2124	PCI - ok
13:41:16.0515 2124	PCIDump - ok
13:41:16.0531 2124	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:41:16.0640 2124	PCIIde - ok
13:41:16.0718 2124	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:41:16.0812 2124	Pcmcia - ok
13:41:16.0859 2124	PDCOMP - ok
13:41:16.0921 2124	PDDSLADP        (ab6f9ee08b82a46f2b4f0ab909f1fad9) C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS
13:41:16.0937 2124	PDDSLADP ( UnsignedFile.Multi.Generic ) - warning
13:41:16.0937 2124	PDDSLADP - detected UnsignedFile.Multi.Generic (1)
13:41:16.0968 2124	PDDSLHND        (49e3fa74798f192d4a6b299ee0b8e5f3) C:\WINDOWS\system32\drivers\PDDSLHND.sys
13:41:17.0000 2124	PDDSLHND ( UnsignedFile.Multi.Generic ) - warning
13:41:17.0000 2124	PDDSLHND - detected UnsignedFile.Multi.Generic (1)
13:41:17.0000 2124	PDFRAME - ok
13:41:17.0015 2124	PDRELI - ok
13:41:17.0015 2124	PDRFRAME - ok
13:41:17.0031 2124	perc2 - ok
13:41:17.0031 2124	perc2hib - ok
13:41:17.0093 2124	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:41:17.0125 2124	PlugPlay - ok
13:41:17.0187 2124	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:17.0265 2124	PolicyAgent - ok
13:41:17.0343 2124	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:41:17.0437 2124	PptpMiniport - ok
13:41:17.0468 2124	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:41:17.0578 2124	Processor - ok
13:41:17.0609 2124	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:17.0687 2124	ProtectedStorage - ok
13:41:17.0703 2124	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:41:17.0796 2124	PSched - ok
13:41:17.0921 2124	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
13:41:17.0921 2124	PSI - ok
13:41:17.0937 2124	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:41:18.0062 2124	Ptilink - ok
13:41:18.0109 2124	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:41:18.0109 2124	PxHelp20 - ok
13:41:18.0125 2124	ql1080 - ok
13:41:18.0125 2124	Ql10wnt - ok
13:41:18.0140 2124	ql12160 - ok
13:41:18.0140 2124	ql1240 - ok
13:41:18.0156 2124	ql1280 - ok
13:41:18.0187 2124	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:41:18.0296 2124	RasAcd - ok
13:41:18.0343 2124	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:41:18.0437 2124	RasAuto - ok
13:41:18.0500 2124	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:41:18.0593 2124	Rasl2tp - ok
13:41:18.0671 2124	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:41:18.0765 2124	RasMan - ok
13:41:18.0781 2124	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:41:18.0875 2124	RasPppoe - ok
13:41:18.0921 2124	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:41:19.0031 2124	Raspti - ok
13:41:19.0062 2124	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:41:19.0140 2124	Rdbss - ok
13:41:19.0156 2124	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:41:19.0296 2124	RDPCDD - ok
13:41:19.0328 2124	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:41:19.0359 2124	RDPWD - ok
13:41:19.0468 2124	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:41:19.0562 2124	RDSessMgr - ok
13:41:19.0609 2124	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:41:19.0703 2124	redbook - ok
13:41:19.0750 2124	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:41:19.0843 2124	RemoteAccess - ok
13:41:19.0953 2124	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
13:41:20.0046 2124	RpcLocator - ok
13:41:20.0078 2124	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
13:41:20.0156 2124	RpcSs - ok
13:41:20.0171 2124	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
13:41:20.0281 2124	RSVP - ok
13:41:20.0375 2124	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:41:20.0453 2124	SamSs - ok
13:41:20.0500 2124	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:41:20.0593 2124	SCardSvr - ok
13:41:20.0640 2124	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:41:20.0734 2124	Schedule - ok
13:41:20.0828 2124	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:41:20.0906 2124	Secdrv - ok
13:41:20.0937 2124	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:41:21.0015 2124	seclogon - ok
13:41:21.0078 2124	Secunia PSI Agent - ok
13:41:21.0093 2124	Secunia Update Agent - ok
13:41:21.0140 2124	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:41:21.0234 2124	SENS - ok
13:41:21.0328 2124	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:41:21.0437 2124	serenum - ok
13:41:21.0437 2124	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:41:21.0515 2124	Serial - ok
13:41:21.0609 2124	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:41:21.0703 2124	Sfloppy - ok
13:41:21.0812 2124	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
13:41:21.0906 2124	SharedAccess - ok
13:41:21.0953 2124	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:41:22.0000 2124	ShellHWDetection - ok
13:41:22.0015 2124	Simbad - ok
13:41:22.0093 2124	Sparrow - ok
13:41:22.0140 2124	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:41:22.0234 2124	splitter - ok
13:41:22.0281 2124	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:41:22.0343 2124	Spooler - ok
13:41:22.0453 2124	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:41:22.0546 2124	sr - ok
13:41:22.0593 2124	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
13:41:22.0687 2124	srservice - ok
13:41:22.0734 2124	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:41:22.0796 2124	Srv - ok
13:41:22.0906 2124	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:41:22.0984 2124	SSDPSRV - ok
13:41:23.0062 2124	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:41:23.0078 2124	ssmdrv - ok
13:41:23.0093 2124	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:41:23.0218 2124	stisvc - ok
13:41:23.0312 2124	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:41:23.0421 2124	swenum - ok
13:41:23.0437 2124	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:41:23.0546 2124	swmidi - ok
13:41:23.0546 2124	SwPrv - ok
13:41:23.0562 2124	symc810 - ok
13:41:23.0578 2124	symc8xx - ok
13:41:23.0578 2124	sym_hi - ok
13:41:23.0593 2124	sym_u3 - ok
13:41:23.0625 2124	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:41:23.0718 2124	sysaudio - ok
13:41:23.0781 2124	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:41:23.0875 2124	SysmonLog - ok
13:41:23.0953 2124	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:41:24.0046 2124	TapiSrv - ok
13:41:24.0093 2124	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:41:24.0171 2124	Tcpip - ok
13:41:24.0203 2124	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:41:24.0281 2124	TDPIPE - ok
13:41:24.0359 2124	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:41:24.0453 2124	TDTCP - ok
13:41:24.0484 2124	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:41:24.0578 2124	TermDD - ok
13:41:24.0609 2124	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:41:24.0703 2124	TermService - ok
13:41:24.0828 2124	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:41:24.0828 2124	Themes - ok
13:41:24.0859 2124	TosIde - ok
13:41:24.0906 2124	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:41:25.0015 2124	TrkWks - ok
13:41:25.0046 2124	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:41:25.0140 2124	Udfs - ok
13:41:25.0203 2124	ultra - ok
13:41:25.0234 2124	UMWdf           (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
13:41:25.0281 2124	UMWdf - ok
13:41:25.0328 2124	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:41:25.0437 2124	Update - ok
13:41:25.0546 2124	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:41:25.0671 2124	upnphost - ok
13:41:25.0703 2124	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:41:25.0796 2124	UPS - ok
13:41:25.0859 2124	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:41:25.0937 2124	usbccgp - ok
13:41:26.0046 2124	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:41:26.0140 2124	usbehci - ok
13:41:26.0171 2124	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:41:26.0265 2124	usbhub - ok
13:41:26.0312 2124	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:41:26.0390 2124	usbohci - ok
13:41:26.0421 2124	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:41:26.0500 2124	usbprint - ok
13:41:26.0562 2124	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:41:26.0640 2124	usbscan - ok
13:41:26.0671 2124	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:41:26.0765 2124	USBSTOR - ok
13:41:26.0812 2124	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:41:26.0906 2124	VgaSave - ok
13:41:26.0906 2124	ViaIde - ok
13:41:26.0937 2124	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:41:27.0031 2124	VolSnap - ok
13:41:27.0140 2124	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:41:27.0218 2124	VSS - ok
13:41:27.0250 2124	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
13:41:27.0343 2124	W32Time - ok
13:41:27.0421 2124	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:41:27.0515 2124	Wanarp - ok
13:41:27.0515 2124	WDICA - ok
13:41:27.0562 2124	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:41:27.0687 2124	wdmaud - ok
13:41:27.0718 2124	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:41:27.0812 2124	WebClient - ok
13:41:27.0937 2124	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:41:28.0031 2124	winmgmt - ok
13:41:28.0078 2124	WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll
13:41:28.0125 2124	WmdmPmSN - ok
13:41:28.0156 2124	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:41:28.0250 2124	WmiApSrv - ok
13:41:28.0484 2124	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:41:28.0500 2124	WPFFontCache_v0400 - ok
13:41:28.0593 2124	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
13:41:28.0687 2124	wscsvc - ok
13:41:28.0734 2124	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:41:28.0843 2124	wuauserv - ok
13:41:28.0890 2124	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:41:29.0015 2124	WZCSVC - ok
13:41:29.0093 2124	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:41:29.0187 2124	xmlprov - ok
13:41:29.0218 2124	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:41:29.0250 2124	\Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
13:41:29.0250 2124	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
13:41:29.0281 2124	MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3
13:41:40.0500 2124	\Device\Harddisk1\DR3 - ok
13:41:40.0515 2124	MBR (0x1B8)     (5f0c182b562b3e23431a346295e19b32) \Device\Harddisk2\DR4
13:41:41.0015 2124	\Device\Harddisk2\DR4 - ok
13:41:41.0031 2124	Boot (0x1200)   (83c2ad04c403d21c5fb18c3a9a6534b9) \Device\Harddisk0\DR0\Partition0
13:41:41.0031 2124	\Device\Harddisk0\DR0\Partition0 - ok
13:41:41.0046 2124	Boot (0x1200)   (63107a0dfc5a95a0a18d33084b699e2c) \Device\Harddisk0\DR0\Partition1
13:41:41.0046 2124	\Device\Harddisk0\DR0\Partition1 - ok
13:41:41.0046 2124	Boot (0x1200)   (575159508634dc095068102423bb2eae) \Device\Harddisk1\DR3\Partition0
13:41:41.0046 2124	\Device\Harddisk1\DR3\Partition0 - ok
13:41:41.0046 2124	============================================================
13:41:41.0046 2124	Scan finished
13:41:41.0046 2124	============================================================
13:41:41.0156 3608	Detected object count: 5
13:41:41.0156 3608	Actual detected object count: 5
19:38:09.0828 3608	Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:09.0828 3608	Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:09.0828 3608	Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:09.0828 3608	Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:09.0828 3608	PDDSLADP ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:09.0828 3608	PDDSLADP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:09.0828 3608	PDDSLHND ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:09.0828 3608	PDDSLHND ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:38:10.0187 3608	\Device\Harddisk0\DR0\# - copied to quarantine
19:38:10.0187 3608	\Device\Harddisk0\DR0 - copied to quarantine
19:38:10.0218 3608	\Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
19:38:10.0234 3608	\Device\Harddisk0\DR0 - ok
19:38:10.0234 3608	\Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure 
19:38:42.0625 3784	Deinitialize success

08.04.2012, 22:41	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Eine Art Bundespolizei-Trojaner? Ja äh Das seh ich jetzt erst, dass du das Log vom TDSS-Killer nicht vollständig gepostet hast Die untere Zusammenfassung fehlt! __________________ Logfiles bitte immer in CODE-Tags posten

Eine Art Bundespolizei-Trojaner?

Plagegeister aller Art und deren Bekämpfung: Eine Art Bundespolizei-Trojaner?