| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.01.2013, 13:50
| #1 |
 |  Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm Hallo zusammen, ich habe mal wieder ein Problem mit einem Win XP PC und gehe davon aus, dass ich es mit einem Trojaner zu tun habe. Ich starte den PC, Windows wird hochgefahren, es wird kurz der Desktop mit Symbolen angezeigt, dann nur noch das Desktop Bild und nach einigen Minuten nur noch ein weißer Bildschirm mit einem extrem großen und verzerrten Windowspfeil. Diesen kann ich jedoch bewegen, aber ich hab ja nichts zu klicken, auch wenn ich auf rechts klicke, passiert nichts. Ich habe jetzt von CD booten lassen und die OTLPE eingelegt. Erstmal geht der Bildschirm in Standby-Modus und der PC läuft aber weiter, nach mehrmaligem Drücken der Eingabetasten, habe ich nun wieder ein Bild. Hier erscheint aber nur das Logo "Free pe Reatogo" (und das schon 15 Minuten lang) und über diesem Symbol zeigt der Bildschirm die Meldung "Out of Range" an. Rechts unten laufen die Sekunden. Ich komme nicht weiter. Hoffe auf eure Hilfe, danke! |
|
09.01.2013, 13:57
| #2 |
| /// Malware-holic   | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm Hi, hast du nur die cd eingelegt oder schon einen Scan gestartet? versuch das mit der CD erneut.
__________________ist das die aktuellste Version?
__________________ |
|
09.01.2013, 13:59
| #3 |
| | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm ich komme gar nicht bis zum scan.
__________________ich denke dass es die aktuelle version ist. hatte einen bundespolizeivirus ende september 12 und habe ihn mit der gleichen cd bearbeitet. |
|
09.01.2013, 14:00
| #4 |
| /// Malware-holic | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm Brenne die CD bitte erneut. download: ISO Burner - Download - Filepony isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 14:23
| #5 |
| | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm Habe die CD gebrannt, jedoch gleiches Problem. Bildschirm fährt wieder in Standby, zeigt noch paar mal "No Signal" an und bleibt sogar bei Drücken jeglicher Tasten im Standby, Pc arbeitet weiter oh achtung, bildschirm ging plötzlich wieder an und der reatogo-x-pe desktop erscheint... ich kann fortfahren trotzdem bleibt immer noch dieses "out of range" in der mitte des bildschirmes stehen und das bild ist auch ganz verschwommen. |
|
09.01.2013, 14:38
| #6 |
| /// Malware-holic | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm evtl. musst du am bildschirm selbst die auflösung anpassen.
__________________ --> Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm |
|
09.01.2013, 14:45
| #7 |
| | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm so, hier nun den inhalt der otl.txt datei. welche wird noch benoetigt Code:
ATTFilter OTL logfile created on: 1/9/2013 2:31:50 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
479.00 Mb Total Physical Memory | 286.00 Mb Available Physical Memory | 60.00% Memory free
383.00 Mb Paging File | 293.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76.68 Gb Total Space | 62.47 Gb Free Space | 81.46% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/10/18 06:56:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/28 12:21:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/28 12:21:34 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/28 12:21:33 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/20 20:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/03/04 15:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/05/28 12:21:35 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/28 12:21:35 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 09:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009/11/12 06:48:56 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/08 09:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 17:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/08 07:34:00 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/05/01 04:59:00 | 001,903,646 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctxS51.sys -- (ctxS51)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003/07/18 02:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (sisagp)
DRV - [2002/10/21 05:40:04 | 000,006,016 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)
DRV - [2002/10/17 08:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 10:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2001/08/17 08:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:26008
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/04/28 11:16:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
[2012/04/29 08:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/04/29 08:12:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/20 20:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/04/20 20:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/20 20:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/20 20:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/20 20:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/20 20:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/11/11 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Besitzer_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Besitzer_ON_C..\Run: [|9DFDF892-0B87-1C10-D11B-40083B9F8D8F}] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Exhy\miuzk.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx (Medion Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/28 09:27:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2013/01/09 07:55:05 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/09 08:16:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/09 07:58:22 | 000,460,392 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/01/09 07:58:22 | 000,442,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 07:58:22 | 000,069,650 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 07:58:21 | 000,084,794 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/01/09 07:13:22 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/01/09 07:10:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{033D578F-A6E0-4C9F-8E3A-9EC5584238E0}.job
[2013/01/09 07:05:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/02 06:44:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/06/07 14:28:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2012/04/29 08:12:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/29 08:05:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/04/28 11:12:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/28 11:12:36 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/04/28 11:12:24 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2012/04/28 11:07:52 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2012/04/28 11:07:02 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2012/04/28 10:56:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/28 10:16:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/04/28 10:14:35 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/28 09:30:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/28 09:23:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/11 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/11 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/11 07:00:00 | 000,460,392 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/11/11 07:00:00 | 000,442,808 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/11 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/11 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/11/11 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/11 07:00:00 | 000,084,794 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/11/11 07:00:00 | 000,069,650 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/11 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/11 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/11/11 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/11 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/11 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/11 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/11 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2012/07/17 01:37:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AskToolbar
[2012/04/29 08:05:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Canneverbe Limited
[2012/07/16 11:13:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Exhy
[2012/04/29 07:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org
[2012/07/16 13:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Wuyq
[2012/04/29 08:05:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2013/01/09 07:13:22 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2013/01/09 07:10:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{033D578F-A6E0-4C9F-8E3A-9EC5584238E0}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/11/14 05:48:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/04/29 08:05:06 | 000,000,000 | R--D | M] -- C:\Programme
[2012/04/28 10:22:48 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/04/28 09:31:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/11/14 05:46:56 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004/11/11 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/11/11 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/11/11 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/11/11 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004/11/11 07:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 00:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/14 00:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/11/11 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/11/11 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2004/11/11 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/11/11 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/11/11 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=DB37D307003055ED09711CB3417814C7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004/11/11 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/11/11 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2012/04/28 11:13:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012/04/28 11:13:37 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012/04/28 11:13:37 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/08/28 13:35:48 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/08/28 10:05:47 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 00:52:20 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 00:52:22 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2012/06/08 09:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
|
09.01.2013, 15:38
| #8 |
| /// Malware-holic | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm hi auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O4 - HKU\Besitzer_ON_C..\Run: [|9DFDF892-0B87-1C10-D11B-40083B9F8D8F}] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Exhy\miuzk.exe ()
[2012/07/16 13:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Wuyq
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 16:31
| #9 |
| | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm so, der infinzierte pc ist hochgefahren und bleibt soweit auch stabil. als ich den ordner _otl packen wollte, brachte mir avira die meldung, dass die eine datei namens 'worm/cridex.b135' nicht geöffnet werden kann da sie einen virus oder ähnliches enthält, jedoch hatte ich gar nicht versucht etwas zu öffnen. habe den gezippten ordner wie beschrieben hochgeladen und den hinweis mit dieser datei dazugeschrieben. wie geht es weiter? war das eigentl wirklich ein trojaner/virus und wenn ja welcher? rein interessehalber mal, da ich was zu meckern habe an den letzten pc-nutzer hier. |
|
09.01.2013, 16:59
| #10 |
| /// Malware-holic | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm Hi, sogenannte erpresser software, die dein Geld möchte. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 17:12
| #11 |
| | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm okay, aber hab ja nicht mal ne geldforderung bekommen... hier das logfile: Code:
ATTFilter 17:07:10.0359 2716 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:07:10.0671 2716 ============================================================
17:07:10.0671 2716 Current date / time: 2013/01/09 17:07:10.0671
17:07:10.0671 2716 SystemInfo:
17:07:10.0671 2716
17:07:10.0671 2716 OS Version: 5.1.2600 ServicePack: 3.0
17:07:10.0671 2716 Product type: Workstation
17:07:10.0671 2716 ComputerName: PC
17:07:10.0671 2716 UserName: Besitzer
17:07:10.0671 2716 Windows directory: C:\WINDOWS
17:07:10.0671 2716 System windows directory: C:\WINDOWS
17:07:10.0671 2716 Processor architecture: Intel x86
17:07:10.0671 2716 Number of processors: 1
17:07:10.0671 2716 Page size: 0x1000
17:07:10.0671 2716 Boot type: Normal boot
17:07:10.0671 2716 ============================================================
17:07:11.0828 2716 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:07:11.0843 2716 ============================================================
17:07:11.0843 2716 \Device\Harddisk0\DR0:
17:07:11.0843 2716 MBR partitions:
17:07:11.0843 2716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
17:07:11.0843 2716 ============================================================
17:07:11.0875 2716 C: <-> \Device\Harddisk0\DR0\Partition1
17:07:11.0875 2716 ============================================================
17:07:11.0875 2716 Initialize success
17:07:11.0875 2716 ============================================================
17:07:44.0296 3572 ============================================================
17:07:44.0296 3572 Scan started
17:07:44.0296 3572 Mode: Manual; SigCheck; TDLFS;
17:07:44.0296 3572 ============================================================
17:07:45.0593 3572 ================ Scan system memory ========================
17:07:45.0609 3572 System memory - ok
17:07:45.0640 3572 ================ Scan services =============================
17:07:45.0875 3572 Abiosdsk - ok
17:07:45.0921 3572 abp480n5 - ok
17:07:46.0000 3572 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:07:47.0171 3572 ACPI - ok
17:07:47.0250 3572 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:07:47.0531 3572 ACPIEC - ok
17:07:47.0609 3572 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:07:48.0218 3572 AdobeFlashPlayerUpdateSvc - ok
17:07:48.0265 3572 adpu160m - ok
17:07:48.0328 3572 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:07:48.0734 3572 aec - ok
17:07:48.0812 3572 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:07:48.0875 3572 AFD - ok
17:07:48.0890 3572 Aha154x - ok
17:07:48.0937 3572 aic78u2 - ok
17:07:48.0984 3572 aic78xx - ok
17:07:49.0312 3572 [ F3E15607BA53249C765E36388B332C2F ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:07:49.0718 3572 ALCXWDM - ok
17:07:49.0796 3572 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:07:50.0125 3572 Alerter - ok
17:07:50.0156 3572 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:07:50.0453 3572 ALG - ok
17:07:50.0500 3572 AliIde - ok
17:07:50.0531 3572 amsint - ok
17:07:50.0640 3572 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:07:50.0687 3572 AntiVirSchedulerService - ok
17:07:50.0750 3572 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:07:50.0796 3572 AntiVirService - ok
17:07:50.0875 3572 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:07:50.0937 3572 AntiVirWebService - ok
17:07:50.0953 3572 AppMgmt - ok
17:07:51.0000 3572 asc - ok
17:07:51.0031 3572 asc3350p - ok
17:07:51.0062 3572 asc3550 - ok
17:07:51.0203 3572 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:07:51.0281 3572 aspnet_state - ok
17:07:51.0359 3572 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:07:51.0671 3572 AsyncMac - ok
17:07:51.0703 3572 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:07:51.0984 3572 atapi - ok
17:07:52.0015 3572 Atdisk - ok
17:07:52.0078 3572 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:07:52.0421 3572 Atmarpc - ok
17:07:52.0484 3572 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:07:52.0765 3572 AudioSrv - ok
17:07:52.0812 3572 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:07:53.0125 3572 audstub - ok
17:07:53.0171 3572 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:07:53.0281 3572 avgntflt - ok
17:07:53.0343 3572 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:07:53.0421 3572 avipbb - ok
17:07:53.0484 3572 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:07:53.0562 3572 avkmgr - ok
17:07:53.0625 3572 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:07:53.0968 3572 Beep - ok
17:07:54.0046 3572 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:07:54.0375 3572 BITS - ok
17:07:54.0437 3572 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:07:54.0531 3572 Browser - ok
17:07:54.0609 3572 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:07:54.0906 3572 cbidf2k - ok
17:07:54.0953 3572 cd20xrnt - ok
17:07:55.0046 3572 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:07:55.0390 3572 Cdaudio - ok
17:07:55.0421 3572 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:07:55.0734 3572 Cdfs - ok
17:07:55.0812 3572 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:07:56.0125 3572 Cdrom - ok
17:07:56.0171 3572 Changer - ok
17:07:56.0234 3572 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:07:56.0531 3572 CiSvc - ok
17:07:56.0562 3572 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:07:56.0890 3572 ClipSrv - ok
17:07:56.0953 3572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:07:57.0109 3572 clr_optimization_v4.0.30319_32 - ok
17:07:57.0156 3572 CmdIde - ok
17:07:57.0187 3572 COMSysApp - ok
17:07:57.0281 3572 Cpqarray - ok
17:07:57.0343 3572 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:07:57.0640 3572 CryptSvc - ok
17:07:57.0781 3572 [ ED002F233AB7E89B3AD2D47DBD177014 ] ctxS51 C:\WINDOWS\system32\DRIVERS\ctxS51.sys
17:07:57.0937 3572 ctxS51 ( UnsignedFile.Multi.Generic ) - warning
17:07:57.0937 3572 ctxS51 - detected UnsignedFile.Multi.Generic (1)
17:07:57.0953 3572 dac2w2k - ok
17:07:58.0000 3572 dac960nt - ok
17:07:58.0093 3572 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:07:58.0187 3572 DcomLaunch - ok
17:07:58.0250 3572 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:07:58.0515 3572 Dhcp - ok
17:07:58.0546 3572 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:07:58.0875 3572 Disk - ok
17:07:58.0906 3572 dmadmin - ok
17:07:59.0015 3572 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:07:59.0437 3572 dmboot - ok
17:07:59.0500 3572 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:07:59.0828 3572 dmio - ok
17:07:59.0875 3572 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:08:00.0187 3572 dmload - ok
17:08:00.0234 3572 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:08:00.0625 3572 dmserver - ok
17:08:00.0671 3572 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:08:01.0062 3572 DMusic - ok
17:08:01.0125 3572 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:08:01.0359 3572 Dnscache - ok
17:08:01.0437 3572 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:08:01.0859 3572 Dot3svc - ok
17:08:01.0906 3572 dpti2o - ok
17:08:01.0968 3572 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:08:02.0437 3572 drmkaud - ok
17:08:02.0609 3572 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:08:02.0968 3572 EapHost - ok
17:08:03.0046 3572 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:08:03.0328 3572 ERSvc - ok
17:08:03.0390 3572 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:08:03.0437 3572 Eventlog - ok
17:08:03.0531 3572 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:08:03.0593 3572 EventSystem - ok
17:08:03.0640 3572 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:08:03.0953 3572 Fastfat - ok
17:08:04.0062 3572 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:08:04.0250 3572 FastUserSwitchingCompatibility - ok
17:08:04.0296 3572 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:08:04.0609 3572 Fdc - ok
17:08:04.0640 3572 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:08:04.0953 3572 Fips - ok
17:08:05.0000 3572 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:08:05.0296 3572 Flpydisk - ok
17:08:05.0359 3572 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:08:05.0671 3572 FltMgr - ok
17:08:05.0718 3572 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:08:06.0031 3572 Fs_Rec - ok
17:08:06.0078 3572 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:08:06.0437 3572 Ftdisk - ok
17:08:06.0468 3572 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:08:06.0750 3572 gameenum - ok
17:08:06.0812 3572 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:08:07.0125 3572 Gpc - ok
17:08:07.0203 3572 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:08:07.0468 3572 helpsvc - ok
17:08:07.0500 3572 HidServ - ok
17:08:07.0546 3572 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:08:07.0843 3572 hidusb - ok
17:08:07.0921 3572 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:08:08.0218 3572 hkmsvc - ok
17:08:08.0265 3572 hpn - ok
17:08:08.0343 3572 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:08:08.0406 3572 HTTP - ok
17:08:08.0453 3572 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:08:08.0765 3572 HTTPFilter - ok
17:08:08.0828 3572 i2omgmt - ok
17:08:08.0875 3572 i2omp - ok
17:08:08.0937 3572 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:08:09.0265 3572 i8042prt - ok
17:08:09.0281 3572 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:08:09.0609 3572 Imapi - ok
17:08:09.0656 3572 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:08:09.0921 3572 ImapiService - ok
17:08:09.0968 3572 ini910u - ok
17:08:10.0031 3572 IntelIde - ok
17:08:10.0093 3572 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:08:10.0437 3572 intelppm - ok
17:08:10.0484 3572 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:08:10.0781 3572 Ip6Fw - ok
17:08:10.0828 3572 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:08:11.0125 3572 IpFilterDriver - ok
17:08:11.0171 3572 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:08:11.0500 3572 IpInIp - ok
17:08:11.0546 3572 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:08:11.0843 3572 IpNat - ok
17:08:11.0890 3572 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:08:12.0187 3572 IPSec - ok
17:08:12.0234 3572 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:08:12.0531 3572 IRENUM - ok
17:08:12.0625 3572 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:08:12.0937 3572 isapnp - ok
17:08:13.0015 3572 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
17:08:13.0078 3572 JavaQuickStarterService - ok
17:08:13.0109 3572 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:08:13.0453 3572 Kbdclass - ok
17:08:13.0500 3572 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:08:13.0812 3572 kbdhid - ok
17:08:13.0875 3572 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:08:14.0187 3572 kmixer - ok
17:08:14.0250 3572 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:08:14.0375 3572 KSecDD - ok
17:08:14.0437 3572 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:08:14.0515 3572 lanmanserver - ok
17:08:14.0562 3572 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:08:14.0625 3572 lanmanworkstation - ok
17:08:14.0656 3572 lbrtfdc - ok
17:08:14.0750 3572 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:08:15.0031 3572 LmHosts - ok
17:08:15.0062 3572 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:08:15.0375 3572 Messenger - ok
17:08:15.0421 3572 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:08:15.0703 3572 mnmdd - ok
17:08:15.0781 3572 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:08:16.0078 3572 mnmsrvc - ok
17:08:16.0140 3572 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:08:16.0421 3572 Modem - ok
17:08:16.0484 3572 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:08:16.0781 3572 MODEMCSA - ok
17:08:16.0828 3572 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:08:17.0125 3572 Mouclass - ok
17:08:17.0187 3572 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:08:17.0500 3572 mouhid - ok
17:08:17.0562 3572 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:08:17.0859 3572 MountMgr - ok
17:08:17.0906 3572 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:08:18.0015 3572 MozillaMaintenance - ok
17:08:18.0062 3572 mraid35x - ok
17:08:18.0125 3572 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:08:18.0484 3572 MRxDAV - ok
17:08:18.0546 3572 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:08:18.0640 3572 MRxSmb - ok
17:08:18.0718 3572 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:08:19.0015 3572 MSDTC - ok
17:08:19.0062 3572 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:08:19.0375 3572 Msfs - ok
17:08:19.0390 3572 MSIServer - ok
17:08:19.0453 3572 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:08:19.0734 3572 MSKSSRV - ok
17:08:19.0765 3572 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:08:20.0062 3572 MSPCLOCK - ok
17:08:20.0140 3572 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:08:20.0437 3572 MSPQM - ok
17:08:20.0484 3572 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:08:20.0750 3572 mssmbios - ok
17:08:20.0812 3572 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
17:08:21.0109 3572 ms_mpu401 - ok
17:08:21.0156 3572 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:08:21.0234 3572 Mup - ok
17:08:21.0281 3572 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:08:21.0609 3572 napagent - ok
17:08:21.0656 3572 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:08:22.0015 3572 NDIS - ok
17:08:22.0062 3572 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:08:22.0109 3572 NdisTapi - ok
17:08:22.0171 3572 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:08:22.0468 3572 Ndisuio - ok
17:08:22.0515 3572 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:08:22.0843 3572 NdisWan - ok
17:08:22.0906 3572 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:08:22.0968 3572 NDProxy - ok
17:08:23.0031 3572 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:08:23.0281 3572 NetBIOS - ok
17:08:23.0343 3572 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:08:23.0656 3572 NetBT - ok
17:08:23.0750 3572 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:08:24.0062 3572 NetDDE - ok
17:08:24.0093 3572 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:08:24.0375 3572 NetDDEdsdm - ok
17:08:24.0437 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:08:24.0687 3572 Netlogon - ok
17:08:24.0703 3572 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:08:24.0968 3572 Netman - ok
17:08:25.0046 3572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:25.0125 3572 NetTcpPortSharing - ok
17:08:25.0171 3572 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:08:25.0250 3572 Nla - ok
17:08:25.0328 3572 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:08:25.0593 3572 Npfs - ok
17:08:25.0671 3572 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:08:26.0015 3572 Ntfs - ok
17:08:26.0046 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:08:26.0312 3572 NtLmSsp - ok
17:08:26.0406 3572 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:08:26.0734 3572 NtmsSvc - ok
17:08:26.0781 3572 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:08:27.0078 3572 Null - ok
17:08:27.0125 3572 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:08:27.0468 3572 NwlnkFlt - ok
17:08:27.0500 3572 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:08:27.0843 3572 NwlnkFwd - ok
17:08:27.0906 3572 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:08:28.0187 3572 Parport - ok
17:08:28.0234 3572 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:08:28.0515 3572 PartMgr - ok
17:08:28.0578 3572 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:08:28.0890 3572 ParVdm - ok
17:08:28.0968 3572 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:08:29.0265 3572 PCI - ok
17:08:29.0296 3572 PCIDump - ok
17:08:29.0328 3572 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:08:29.0671 3572 PCIIde - ok
17:08:29.0750 3572 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:08:30.0031 3572 Pcmcia - ok
17:08:30.0046 3572 PDCOMP - ok
17:08:30.0093 3572 PDFRAME - ok
17:08:30.0125 3572 PDRELI - ok
17:08:30.0171 3572 PDRFRAME - ok
17:08:30.0203 3572 perc2 - ok
17:08:30.0234 3572 perc2hib - ok
17:08:30.0375 3572 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:08:30.0421 3572 PlugPlay - ok
17:08:30.0437 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:08:30.0718 3572 PolicyAgent - ok
17:08:30.0765 3572 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:08:31.0062 3572 PptpMiniport - ok
17:08:31.0109 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:08:31.0359 3572 ProtectedStorage - ok
17:08:31.0390 3572 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:08:31.0687 3572 PSched - ok
17:08:31.0734 3572 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:08:32.0062 3572 Ptilink - ok
17:08:32.0078 3572 ql1080 - ok
17:08:32.0109 3572 Ql10wnt - ok
17:08:32.0140 3572 ql12160 - ok
17:08:32.0187 3572 ql1240 - ok
17:08:32.0234 3572 ql1280 - ok
17:08:32.0296 3572 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:08:32.0625 3572 RasAcd - ok
17:08:32.0671 3572 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:08:32.0968 3572 RasAuto - ok
17:08:33.0031 3572 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:08:33.0328 3572 Rasl2tp - ok
17:08:33.0406 3572 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:08:33.0656 3572 RasMan - ok
17:08:33.0734 3572 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:08:34.0031 3572 RasPppoe - ok
17:08:34.0078 3572 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:08:34.0375 3572 Raspti - ok
17:08:34.0453 3572 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:08:34.0765 3572 Rdbss - ok
17:08:34.0828 3572 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:08:35.0156 3572 RDPCDD - ok
17:08:35.0250 3572 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:08:35.0328 3572 RDPWD - ok
17:08:35.0390 3572 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:08:35.0687 3572 RDSessMgr - ok
17:08:35.0734 3572 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:08:36.0031 3572 redbook - ok
17:08:36.0078 3572 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:08:36.0375 3572 RemoteAccess - ok
17:08:36.0406 3572 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:08:36.0703 3572 RpcLocator - ok
17:08:36.0765 3572 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:08:36.0828 3572 RpcSs - ok
17:08:36.0921 3572 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:08:37.0265 3572 RSVP - ok
17:08:37.0312 3572 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:08:37.0562 3572 rtl8139 - ok
17:08:37.0609 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:08:37.0859 3572 SamSs - ok
17:08:37.0921 3572 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:08:38.0218 3572 SCardSvr - ok
17:08:38.0281 3572 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:08:38.0546 3572 Schedule - ok
17:08:38.0609 3572 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:08:38.0875 3572 Secdrv - ok
17:08:38.0921 3572 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:08:39.0171 3572 seclogon - ok
17:08:39.0234 3572 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:08:39.0484 3572 SENS - ok
17:08:39.0546 3572 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:08:39.0812 3572 serenum - ok
17:08:39.0843 3572 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:08:40.0156 3572 Serial - ok
17:08:40.0265 3572 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:08:40.0546 3572 Sfloppy - ok
17:08:40.0625 3572 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:08:40.0921 3572 SharedAccess - ok
17:08:40.0968 3572 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:08:41.0015 3572 ShellHWDetection - ok
17:08:41.0062 3572 Simbad - ok
17:08:41.0140 3572 [ 61CA562DEF09A782D26B3E7EDEC5369A ] sisagp C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
17:08:41.0250 3572 sisagp - ok
17:08:41.0281 3572 [ 065533F24037CCC7EEE3EA8647C9EF20 ] SiSide C:\WINDOWS\system32\DRIVERS\siside.sys
17:08:41.0406 3572 SiSide - ok
17:08:41.0437 3572 [ 6225224B8E846AC230F8D9B343635910 ] sisidex C:\WINDOWS\system32\drivers\sisidex.sys
17:08:41.0515 3572 sisidex ( UnsignedFile.Multi.Generic ) - warning
17:08:41.0515 3572 sisidex - detected UnsignedFile.Multi.Generic (1)
17:08:41.0531 3572 [ 596D4A7052002D2BD344D8937DA6F66D ] sisperf C:\WINDOWS\system32\drivers\sisperf.sys
17:08:41.0578 3572 sisperf ( UnsignedFile.Multi.Generic ) - warning
17:08:41.0578 3572 sisperf - detected UnsignedFile.Multi.Generic (1)
17:08:41.0640 3572 Sparrow - ok
17:08:41.0703 3572 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:08:42.0000 3572 splitter - ok
17:08:42.0062 3572 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:08:42.0140 3572 Spooler - ok
17:08:42.0171 3572 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:08:42.0468 3572 sr - ok
17:08:42.0531 3572 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:08:42.0796 3572 srservice - ok
17:08:42.0875 3572 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:08:42.0968 3572 Srv - ok
17:08:43.0031 3572 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:08:43.0281 3572 SSDPSRV - ok
17:08:43.0343 3572 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:08:43.0406 3572 ssmdrv - ok
17:08:43.0421 3572 StarOpen - ok
17:08:43.0500 3572 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:08:43.0812 3572 stisvc - ok
17:08:43.0890 3572 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:08:44.0171 3572 swenum - ok
17:08:44.0234 3572 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:08:44.0531 3572 swmidi - ok
17:08:44.0546 3572 SwPrv - ok
17:08:44.0593 3572 symc810 - ok
17:08:44.0640 3572 symc8xx - ok
17:08:44.0671 3572 sym_hi - ok
17:08:44.0718 3572 sym_u3 - ok
17:08:44.0781 3572 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:08:45.0062 3572 sysaudio - ok
17:08:45.0125 3572 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:08:45.0406 3572 SysmonLog - ok
17:08:45.0453 3572 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:08:45.0718 3572 TapiSrv - ok
17:08:45.0781 3572 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:08:45.0890 3572 Tcpip - ok
17:08:45.0953 3572 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:08:46.0250 3572 TDPIPE - ok
17:08:46.0281 3572 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:08:46.0562 3572 TDTCP - ok
17:08:46.0609 3572 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:08:46.0921 3572 TermDD - ok
17:08:46.0984 3572 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:08:47.0265 3572 TermService - ok
17:08:47.0296 3572 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:08:47.0359 3572 Themes - ok
17:08:47.0375 3572 TosIde - ok
17:08:47.0421 3572 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:08:47.0718 3572 TrkWks - ok
17:08:47.0812 3572 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:08:48.0093 3572 Udfs - ok
17:08:48.0140 3572 ultra - ok
17:08:48.0234 3572 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:08:48.0562 3572 Update - ok
17:08:48.0625 3572 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:08:48.0921 3572 upnphost - ok
17:08:49.0015 3572 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:08:49.0312 3572 UPS - ok
17:08:49.0375 3572 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:08:49.0656 3572 usbehci - ok
17:08:49.0734 3572 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:08:50.0015 3572 usbhub - ok
17:08:50.0046 3572 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:08:50.0359 3572 usbohci - ok
17:08:50.0406 3572 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:08:50.0703 3572 USBSTOR - ok
17:08:50.0750 3572 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:08:51.0046 3572 usbuhci - ok
17:08:51.0078 3572 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:08:51.0359 3572 VgaSave - ok
17:08:51.0406 3572 ViaIde - ok
17:08:51.0468 3572 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:08:51.0765 3572 VolSnap - ok
17:08:51.0859 3572 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:08:52.0140 3572 VSS - ok
17:08:52.0187 3572 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:08:52.0453 3572 W32Time - ok
17:08:52.0531 3572 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:08:52.0812 3572 Wanarp - ok
17:08:52.0859 3572 WDICA - ok
17:08:52.0906 3572 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:08:53.0187 3572 wdmaud - ok
17:08:53.0250 3572 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:08:53.0515 3572 WebClient - ok
17:08:53.0625 3572 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:08:53.0875 3572 winmgmt - ok
17:08:53.0984 3572 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:08:54.0093 3572 WmdmPmSN - ok
17:08:54.0187 3572 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:08:54.0453 3572 WmiApSrv - ok
17:08:54.0578 3572 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
17:08:54.0765 3572 WMPNetworkSvc - ok
17:08:54.0890 3572 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:08:55.0125 3572 WPFFontCache_v0400 - ok
17:08:55.0171 3572 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:08:55.0500 3572 WS2IFSL - ok
17:08:55.0562 3572 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:08:55.0812 3572 wscsvc - ok
17:08:55.0859 3572 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:08:56.0109 3572 wuauserv - ok
17:08:56.0187 3572 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:08:56.0484 3572 WZCSVC - ok
17:08:56.0562 3572 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:08:56.0843 3572 xmlprov - ok
17:08:56.0875 3572 ================ Scan global ===============================
17:08:56.0906 3572 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:08:56.0984 3572 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:08:57.0031 3572 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:08:57.0062 3572 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:08:57.0062 3572 [Global] - ok
17:08:57.0078 3572 ================ Scan MBR ==================================
17:08:57.0109 3572 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:08:57.0390 3572 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:08:57.0390 3572 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:08:57.0406 3572 ================ Scan VBR ==================================
17:08:57.0421 3572 [ DE9494868D6EB56B80771057551D872F ] \Device\Harddisk0\DR0\Partition1
17:08:57.0421 3572 \Device\Harddisk0\DR0\Partition1 - ok
17:08:57.0437 3572 ============================================================
17:08:57.0437 3572 Scan finished
17:08:57.0437 3572 ============================================================
17:08:57.0625 2248 Detected object count: 4
17:08:57.0625 2248 Actual detected object count: 4
17:09:49.0000 2248 ctxS51 ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:49.0000 2248 ctxS51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:49.0000 2248 sisidex ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:49.0000 2248 sisidex ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:49.0015 2248 sisperf ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:49.0015 2248 sisperf ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:49.0015 2248 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:09:49.0015 2248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
09.01.2013, 17:27
| #12 |
| /// Malware-holic | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm hi stelle den TDSS killer so ein, wie eben. scanne lösche: TDSS File System (delete) dann neustarten, TDSS killer wieder konfigurieren wie oben, scannen, Log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 17:34
| #13 |
| | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm so finished: Code:
ATTFilter 17:07:10.0359 2716 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:07:10.0671 2716 ============================================================
17:07:10.0671 2716 Current date / time: 2013/01/09 17:07:10.0671
17:07:10.0671 2716 SystemInfo:
17:07:10.0671 2716
17:07:10.0671 2716 OS Version: 5.1.2600 ServicePack: 3.0
17:07:10.0671 2716 Product type: Workstation
17:07:10.0671 2716 ComputerName: PC
17:07:10.0671 2716 UserName: Besitzer
17:07:10.0671 2716 Windows directory: C:\WINDOWS
17:07:10.0671 2716 System windows directory: C:\WINDOWS
17:07:10.0671 2716 Processor architecture: Intel x86
17:07:10.0671 2716 Number of processors: 1
17:07:10.0671 2716 Page size: 0x1000
17:07:10.0671 2716 Boot type: Normal boot
17:07:10.0671 2716 ============================================================
17:07:11.0828 2716 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:07:11.0843 2716 ============================================================
17:07:11.0843 2716 \Device\Harddisk0\DR0:
17:07:11.0843 2716 MBR partitions:
17:07:11.0843 2716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
17:07:11.0843 2716 ============================================================
17:07:11.0875 2716 C: <-> \Device\Harddisk0\DR0\Partition1
17:07:11.0875 2716 ============================================================
17:07:11.0875 2716 Initialize success
17:07:11.0875 2716 ============================================================
17:07:44.0296 3572 ============================================================
17:07:44.0296 3572 Scan started
17:07:44.0296 3572 Mode: Manual; SigCheck; TDLFS;
17:07:44.0296 3572 ============================================================
17:07:45.0593 3572 ================ Scan system memory ========================
17:07:45.0609 3572 System memory - ok
17:07:45.0640 3572 ================ Scan services =============================
17:07:45.0875 3572 Abiosdsk - ok
17:07:45.0921 3572 abp480n5 - ok
17:07:46.0000 3572 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:07:47.0171 3572 ACPI - ok
17:07:47.0250 3572 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:07:47.0531 3572 ACPIEC - ok
17:07:47.0609 3572 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:07:48.0218 3572 AdobeFlashPlayerUpdateSvc - ok
17:07:48.0265 3572 adpu160m - ok
17:07:48.0328 3572 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:07:48.0734 3572 aec - ok
17:07:48.0812 3572 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:07:48.0875 3572 AFD - ok
17:07:48.0890 3572 Aha154x - ok
17:07:48.0937 3572 aic78u2 - ok
17:07:48.0984 3572 aic78xx - ok
17:07:49.0312 3572 [ F3E15607BA53249C765E36388B332C2F ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:07:49.0718 3572 ALCXWDM - ok
17:07:49.0796 3572 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:07:50.0125 3572 Alerter - ok
17:07:50.0156 3572 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:07:50.0453 3572 ALG - ok
17:07:50.0500 3572 AliIde - ok
17:07:50.0531 3572 amsint - ok
17:07:50.0640 3572 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:07:50.0687 3572 AntiVirSchedulerService - ok
17:07:50.0750 3572 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:07:50.0796 3572 AntiVirService - ok
17:07:50.0875 3572 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:07:50.0937 3572 AntiVirWebService - ok
17:07:50.0953 3572 AppMgmt - ok
17:07:51.0000 3572 asc - ok
17:07:51.0031 3572 asc3350p - ok
17:07:51.0062 3572 asc3550 - ok
17:07:51.0203 3572 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:07:51.0281 3572 aspnet_state - ok
17:07:51.0359 3572 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:07:51.0671 3572 AsyncMac - ok
17:07:51.0703 3572 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:07:51.0984 3572 atapi - ok
17:07:52.0015 3572 Atdisk - ok
17:07:52.0078 3572 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:07:52.0421 3572 Atmarpc - ok
17:07:52.0484 3572 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:07:52.0765 3572 AudioSrv - ok
17:07:52.0812 3572 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:07:53.0125 3572 audstub - ok
17:07:53.0171 3572 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:07:53.0281 3572 avgntflt - ok
17:07:53.0343 3572 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:07:53.0421 3572 avipbb - ok
17:07:53.0484 3572 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:07:53.0562 3572 avkmgr - ok
17:07:53.0625 3572 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:07:53.0968 3572 Beep - ok
17:07:54.0046 3572 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:07:54.0375 3572 BITS - ok
17:07:54.0437 3572 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:07:54.0531 3572 Browser - ok
17:07:54.0609 3572 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:07:54.0906 3572 cbidf2k - ok
17:07:54.0953 3572 cd20xrnt - ok
17:07:55.0046 3572 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:07:55.0390 3572 Cdaudio - ok
17:07:55.0421 3572 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:07:55.0734 3572 Cdfs - ok
17:07:55.0812 3572 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:07:56.0125 3572 Cdrom - ok
17:07:56.0171 3572 Changer - ok
17:07:56.0234 3572 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:07:56.0531 3572 CiSvc - ok
17:07:56.0562 3572 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:07:56.0890 3572 ClipSrv - ok
17:07:56.0953 3572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:07:57.0109 3572 clr_optimization_v4.0.30319_32 - ok
17:07:57.0156 3572 CmdIde - ok
17:07:57.0187 3572 COMSysApp - ok
17:07:57.0281 3572 Cpqarray - ok
17:07:57.0343 3572 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:07:57.0640 3572 CryptSvc - ok
17:07:57.0781 3572 [ ED002F233AB7E89B3AD2D47DBD177014 ] ctxS51 C:\WINDOWS\system32\DRIVERS\ctxS51.sys
17:07:57.0937 3572 ctxS51 ( UnsignedFile.Multi.Generic ) - warning
17:07:57.0937 3572 ctxS51 - detected UnsignedFile.Multi.Generic (1)
17:07:57.0953 3572 dac2w2k - ok
17:07:58.0000 3572 dac960nt - ok
17:07:58.0093 3572 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:07:58.0187 3572 DcomLaunch - ok
17:07:58.0250 3572 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:07:58.0515 3572 Dhcp - ok
17:07:58.0546 3572 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:07:58.0875 3572 Disk - ok
17:07:58.0906 3572 dmadmin - ok
17:07:59.0015 3572 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:07:59.0437 3572 dmboot - ok
17:07:59.0500 3572 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:07:59.0828 3572 dmio - ok
17:07:59.0875 3572 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:08:00.0187 3572 dmload - ok
17:08:00.0234 3572 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:08:00.0625 3572 dmserver - ok
17:08:00.0671 3572 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:08:01.0062 3572 DMusic - ok
17:08:01.0125 3572 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:08:01.0359 3572 Dnscache - ok
17:08:01.0437 3572 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:08:01.0859 3572 Dot3svc - ok
17:08:01.0906 3572 dpti2o - ok
17:08:01.0968 3572 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:08:02.0437 3572 drmkaud - ok
17:08:02.0609 3572 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:08:02.0968 3572 EapHost - ok
17:08:03.0046 3572 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:08:03.0328 3572 ERSvc - ok
17:08:03.0390 3572 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:08:03.0437 3572 Eventlog - ok
17:08:03.0531 3572 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:08:03.0593 3572 EventSystem - ok
17:08:03.0640 3572 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:08:03.0953 3572 Fastfat - ok
17:08:04.0062 3572 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:08:04.0250 3572 FastUserSwitchingCompatibility - ok
17:08:04.0296 3572 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:08:04.0609 3572 Fdc - ok
17:08:04.0640 3572 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:08:04.0953 3572 Fips - ok
17:08:05.0000 3572 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:08:05.0296 3572 Flpydisk - ok
17:08:05.0359 3572 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:08:05.0671 3572 FltMgr - ok
17:08:05.0718 3572 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:08:06.0031 3572 Fs_Rec - ok
17:08:06.0078 3572 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:08:06.0437 3572 Ftdisk - ok
17:08:06.0468 3572 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:08:06.0750 3572 gameenum - ok
17:08:06.0812 3572 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:08:07.0125 3572 Gpc - ok
17:08:07.0203 3572 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:08:07.0468 3572 helpsvc - ok
17:08:07.0500 3572 HidServ - ok
17:08:07.0546 3572 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:08:07.0843 3572 hidusb - ok
17:08:07.0921 3572 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:08:08.0218 3572 hkmsvc - ok
17:08:08.0265 3572 hpn - ok
17:08:08.0343 3572 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:08:08.0406 3572 HTTP - ok
17:08:08.0453 3572 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:08:08.0765 3572 HTTPFilter - ok
17:08:08.0828 3572 i2omgmt - ok
17:08:08.0875 3572 i2omp - ok
17:08:08.0937 3572 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:08:09.0265 3572 i8042prt - ok
17:08:09.0281 3572 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:08:09.0609 3572 Imapi - ok
17:08:09.0656 3572 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:08:09.0921 3572 ImapiService - ok
17:08:09.0968 3572 ini910u - ok
17:08:10.0031 3572 IntelIde - ok
17:08:10.0093 3572 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:08:10.0437 3572 intelppm - ok
17:08:10.0484 3572 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:08:10.0781 3572 Ip6Fw - ok
17:08:10.0828 3572 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:08:11.0125 3572 IpFilterDriver - ok
17:08:11.0171 3572 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:08:11.0500 3572 IpInIp - ok
17:08:11.0546 3572 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:08:11.0843 3572 IpNat - ok
17:08:11.0890 3572 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:08:12.0187 3572 IPSec - ok
17:08:12.0234 3572 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:08:12.0531 3572 IRENUM - ok
17:08:12.0625 3572 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:08:12.0937 3572 isapnp - ok
17:08:13.0015 3572 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
17:08:13.0078 3572 JavaQuickStarterService - ok
17:08:13.0109 3572 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:08:13.0453 3572 Kbdclass - ok
17:08:13.0500 3572 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:08:13.0812 3572 kbdhid - ok
17:08:13.0875 3572 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:08:14.0187 3572 kmixer - ok
17:08:14.0250 3572 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:08:14.0375 3572 KSecDD - ok
17:08:14.0437 3572 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:08:14.0515 3572 lanmanserver - ok
17:08:14.0562 3572 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:08:14.0625 3572 lanmanworkstation - ok
17:08:14.0656 3572 lbrtfdc - ok
17:08:14.0750 3572 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:08:15.0031 3572 LmHosts - ok
17:08:15.0062 3572 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:08:15.0375 3572 Messenger - ok
17:08:15.0421 3572 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:08:15.0703 3572 mnmdd - ok
17:08:15.0781 3572 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:08:16.0078 3572 mnmsrvc - ok
17:08:16.0140 3572 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:08:16.0421 3572 Modem - ok
17:08:16.0484 3572 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:08:16.0781 3572 MODEMCSA - ok
17:08:16.0828 3572 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:08:17.0125 3572 Mouclass - ok
17:08:17.0187 3572 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:08:17.0500 3572 mouhid - ok
17:08:17.0562 3572 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:08:17.0859 3572 MountMgr - ok
17:08:17.0906 3572 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:08:18.0015 3572 MozillaMaintenance - ok
17:08:18.0062 3572 mraid35x - ok
17:08:18.0125 3572 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:08:18.0484 3572 MRxDAV - ok
17:08:18.0546 3572 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:08:18.0640 3572 MRxSmb - ok
17:08:18.0718 3572 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:08:19.0015 3572 MSDTC - ok
17:08:19.0062 3572 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:08:19.0375 3572 Msfs - ok
17:08:19.0390 3572 MSIServer - ok
17:08:19.0453 3572 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:08:19.0734 3572 MSKSSRV - ok
17:08:19.0765 3572 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:08:20.0062 3572 MSPCLOCK - ok
17:08:20.0140 3572 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:08:20.0437 3572 MSPQM - ok
17:08:20.0484 3572 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:08:20.0750 3572 mssmbios - ok
17:08:20.0812 3572 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
17:08:21.0109 3572 ms_mpu401 - ok
17:08:21.0156 3572 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:08:21.0234 3572 Mup - ok
17:08:21.0281 3572 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:08:21.0609 3572 napagent - ok
17:08:21.0656 3572 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:08:22.0015 3572 NDIS - ok
17:08:22.0062 3572 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:08:22.0109 3572 NdisTapi - ok
17:08:22.0171 3572 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:08:22.0468 3572 Ndisuio - ok
17:08:22.0515 3572 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:08:22.0843 3572 NdisWan - ok
17:08:22.0906 3572 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:08:22.0968 3572 NDProxy - ok
17:08:23.0031 3572 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:08:23.0281 3572 NetBIOS - ok
17:08:23.0343 3572 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:08:23.0656 3572 NetBT - ok
17:08:23.0750 3572 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:08:24.0062 3572 NetDDE - ok
17:08:24.0093 3572 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:08:24.0375 3572 NetDDEdsdm - ok
17:08:24.0437 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:08:24.0687 3572 Netlogon - ok
17:08:24.0703 3572 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:08:24.0968 3572 Netman - ok
17:08:25.0046 3572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:25.0125 3572 NetTcpPortSharing - ok
17:08:25.0171 3572 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:08:25.0250 3572 Nla - ok
17:08:25.0328 3572 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:08:25.0593 3572 Npfs - ok
17:08:25.0671 3572 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:08:26.0015 3572 Ntfs - ok
17:08:26.0046 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:08:26.0312 3572 NtLmSsp - ok
17:08:26.0406 3572 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:08:26.0734 3572 NtmsSvc - ok
17:08:26.0781 3572 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:08:27.0078 3572 Null - ok
17:08:27.0125 3572 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:08:27.0468 3572 NwlnkFlt - ok
17:08:27.0500 3572 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:08:27.0843 3572 NwlnkFwd - ok
17:08:27.0906 3572 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:08:28.0187 3572 Parport - ok
17:08:28.0234 3572 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:08:28.0515 3572 PartMgr - ok
17:08:28.0578 3572 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:08:28.0890 3572 ParVdm - ok
17:08:28.0968 3572 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:08:29.0265 3572 PCI - ok
17:08:29.0296 3572 PCIDump - ok
17:08:29.0328 3572 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:08:29.0671 3572 PCIIde - ok
17:08:29.0750 3572 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:08:30.0031 3572 Pcmcia - ok
17:08:30.0046 3572 PDCOMP - ok
17:08:30.0093 3572 PDFRAME - ok
17:08:30.0125 3572 PDRELI - ok
17:08:30.0171 3572 PDRFRAME - ok
17:08:30.0203 3572 perc2 - ok
17:08:30.0234 3572 perc2hib - ok
17:08:30.0375 3572 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:08:30.0421 3572 PlugPlay - ok
17:08:30.0437 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:08:30.0718 3572 PolicyAgent - ok
17:08:30.0765 3572 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:08:31.0062 3572 PptpMiniport - ok
17:08:31.0109 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:08:31.0359 3572 ProtectedStorage - ok
17:08:31.0390 3572 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:08:31.0687 3572 PSched - ok
17:08:31.0734 3572 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:08:32.0062 3572 Ptilink - ok
17:08:32.0078 3572 ql1080 - ok
17:08:32.0109 3572 Ql10wnt - ok
17:08:32.0140 3572 ql12160 - ok
17:08:32.0187 3572 ql1240 - ok
17:08:32.0234 3572 ql1280 - ok
17:08:32.0296 3572 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:08:32.0625 3572 RasAcd - ok
17:08:32.0671 3572 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:08:32.0968 3572 RasAuto - ok
17:08:33.0031 3572 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:08:33.0328 3572 Rasl2tp - ok
17:08:33.0406 3572 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:08:33.0656 3572 RasMan - ok
17:08:33.0734 3572 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:08:34.0031 3572 RasPppoe - ok
17:08:34.0078 3572 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:08:34.0375 3572 Raspti - ok
17:08:34.0453 3572 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:08:34.0765 3572 Rdbss - ok
17:08:34.0828 3572 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:08:35.0156 3572 RDPCDD - ok
17:08:35.0250 3572 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:08:35.0328 3572 RDPWD - ok
17:08:35.0390 3572 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:08:35.0687 3572 RDSessMgr - ok
17:08:35.0734 3572 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:08:36.0031 3572 redbook - ok
17:08:36.0078 3572 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:08:36.0375 3572 RemoteAccess - ok
17:08:36.0406 3572 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:08:36.0703 3572 RpcLocator - ok
17:08:36.0765 3572 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:08:36.0828 3572 RpcSs - ok
17:08:36.0921 3572 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:08:37.0265 3572 RSVP - ok
17:08:37.0312 3572 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:08:37.0562 3572 rtl8139 - ok
17:08:37.0609 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:08:37.0859 3572 SamSs - ok
17:08:37.0921 3572 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:08:38.0218 3572 SCardSvr - ok
17:08:38.0281 3572 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:08:38.0546 3572 Schedule - ok
17:08:38.0609 3572 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:08:38.0875 3572 Secdrv - ok
17:08:38.0921 3572 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:08:39.0171 3572 seclogon - ok
17:08:39.0234 3572 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:08:39.0484 3572 SENS - ok
17:08:39.0546 3572 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:08:39.0812 3572 serenum - ok
17:08:39.0843 3572 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:08:40.0156 3572 Serial - ok
17:08:40.0265 3572 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:08:40.0546 3572 Sfloppy - ok
17:08:40.0625 3572 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:08:40.0921 3572 SharedAccess - ok
17:08:40.0968 3572 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:08:41.0015 3572 ShellHWDetection - ok
17:08:41.0062 3572 Simbad - ok
17:08:41.0140 3572 [ 61CA562DEF09A782D26B3E7EDEC5369A ] sisagp C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
17:08:41.0250 3572 sisagp - ok
17:08:41.0281 3572 [ 065533F24037CCC7EEE3EA8647C9EF20 ] SiSide C:\WINDOWS\system32\DRIVERS\siside.sys
17:08:41.0406 3572 SiSide - ok
17:08:41.0437 3572 [ 6225224B8E846AC230F8D9B343635910 ] sisidex C:\WINDOWS\system32\drivers\sisidex.sys
17:08:41.0515 3572 sisidex ( UnsignedFile.Multi.Generic ) - warning
17:08:41.0515 3572 sisidex - detected UnsignedFile.Multi.Generic (1)
17:08:41.0531 3572 [ 596D4A7052002D2BD344D8937DA6F66D ] sisperf C:\WINDOWS\system32\drivers\sisperf.sys
17:08:41.0578 3572 sisperf ( UnsignedFile.Multi.Generic ) - warning
17:08:41.0578 3572 sisperf - detected UnsignedFile.Multi.Generic (1)
17:08:41.0640 3572 Sparrow - ok
17:08:41.0703 3572 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:08:42.0000 3572 splitter - ok
17:08:42.0062 3572 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:08:42.0140 3572 Spooler - ok
17:08:42.0171 3572 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:08:42.0468 3572 sr - ok
17:08:42.0531 3572 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:08:42.0796 3572 srservice - ok
17:08:42.0875 3572 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:08:42.0968 3572 Srv - ok
17:08:43.0031 3572 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:08:43.0281 3572 SSDPSRV - ok
17:08:43.0343 3572 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:08:43.0406 3572 ssmdrv - ok
17:08:43.0421 3572 StarOpen - ok
17:08:43.0500 3572 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:08:43.0812 3572 stisvc - ok
17:08:43.0890 3572 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:08:44.0171 3572 swenum - ok
17:08:44.0234 3572 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:08:44.0531 3572 swmidi - ok
17:08:44.0546 3572 SwPrv - ok
17:08:44.0593 3572 symc810 - ok
17:08:44.0640 3572 symc8xx - ok
17:08:44.0671 3572 sym_hi - ok
17:08:44.0718 3572 sym_u3 - ok
17:08:44.0781 3572 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:08:45.0062 3572 sysaudio - ok
17:08:45.0125 3572 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:08:45.0406 3572 SysmonLog - ok
17:08:45.0453 3572 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:08:45.0718 3572 TapiSrv - ok
17:08:45.0781 3572 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:08:45.0890 3572 Tcpip - ok
17:08:45.0953 3572 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:08:46.0250 3572 TDPIPE - ok
17:08:46.0281 3572 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:08:46.0562 3572 TDTCP - ok
17:08:46.0609 3572 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:08:46.0921 3572 TermDD - ok
17:08:46.0984 3572 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:08:47.0265 3572 TermService - ok
17:08:47.0296 3572 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:08:47.0359 3572 Themes - ok
17:08:47.0375 3572 TosIde - ok
17:08:47.0421 3572 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:08:47.0718 3572 TrkWks - ok
17:08:47.0812 3572 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:08:48.0093 3572 Udfs - ok
17:08:48.0140 3572 ultra - ok
17:08:48.0234 3572 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:08:48.0562 3572 Update - ok
17:08:48.0625 3572 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:08:48.0921 3572 upnphost - ok
17:08:49.0015 3572 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:08:49.0312 3572 UPS - ok
17:08:49.0375 3572 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:08:49.0656 3572 usbehci - ok
17:08:49.0734 3572 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:08:50.0015 3572 usbhub - ok
17:08:50.0046 3572 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:08:50.0359 3572 usbohci - ok
17:08:50.0406 3572 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:08:50.0703 3572 USBSTOR - ok
17:08:50.0750 3572 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:08:51.0046 3572 usbuhci - ok
17:08:51.0078 3572 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:08:51.0359 3572 VgaSave - ok
17:08:51.0406 3572 ViaIde - ok
17:08:51.0468 3572 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:08:51.0765 3572 VolSnap - ok
17:08:51.0859 3572 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:08:52.0140 3572 VSS - ok
17:08:52.0187 3572 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:08:52.0453 3572 W32Time - ok
17:08:52.0531 3572 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:08:52.0812 3572 Wanarp - ok
17:08:52.0859 3572 WDICA - ok
17:08:52.0906 3572 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:08:53.0187 3572 wdmaud - ok
17:08:53.0250 3572 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:08:53.0515 3572 WebClient - ok
17:08:53.0625 3572 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:08:53.0875 3572 winmgmt - ok
17:08:53.0984 3572 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:08:54.0093 3572 WmdmPmSN - ok
17:08:54.0187 3572 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:08:54.0453 3572 WmiApSrv - ok
17:08:54.0578 3572 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
17:08:54.0765 3572 WMPNetworkSvc - ok
17:08:54.0890 3572 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:08:55.0125 3572 WPFFontCache_v0400 - ok
17:08:55.0171 3572 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:08:55.0500 3572 WS2IFSL - ok
17:08:55.0562 3572 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:08:55.0812 3572 wscsvc - ok
17:08:55.0859 3572 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:08:56.0109 3572 wuauserv - ok
17:08:56.0187 3572 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:08:56.0484 3572 WZCSVC - ok
17:08:56.0562 3572 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:08:56.0843 3572 xmlprov - ok
17:08:56.0875 3572 ================ Scan global ===============================
17:08:56.0906 3572 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:08:56.0984 3572 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:08:57.0031 3572 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:08:57.0062 3572 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:08:57.0062 3572 [Global] - ok
17:08:57.0078 3572 ================ Scan MBR ==================================
17:08:57.0109 3572 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:08:57.0390 3572 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:08:57.0390 3572 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:08:57.0406 3572 ================ Scan VBR ==================================
17:08:57.0421 3572 [ DE9494868D6EB56B80771057551D872F ] \Device\Harddisk0\DR0\Partition1
17:08:57.0421 3572 \Device\Harddisk0\DR0\Partition1 - ok
17:08:57.0437 3572 ============================================================
17:08:57.0437 3572 Scan finished
17:08:57.0437 3572 ============================================================
17:08:57.0625 2248 Detected object count: 4
17:08:57.0625 2248 Actual detected object count: 4
17:09:49.0000 2248 ctxS51 ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:49.0000 2248 ctxS51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:49.0000 2248 sisidex ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:49.0000 2248 sisidex ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:49.0015 2248 sisperf ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:49.0015 2248 sisperf ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:49.0015 2248 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:09:49.0015 2248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:30:49.0687 3976 ============================================================
17:30:49.0687 3976 Scan started
17:30:49.0687 3976 Mode: Manual; SigCheck; TDLFS;
17:30:49.0687 3976 ============================================================
17:30:49.0968 3976 ================ Scan system memory ========================
17:30:49.0968 3976 System memory - ok
17:30:50.0000 3976 ================ Scan services =============================
17:30:50.0250 3976 Abiosdsk - ok
17:30:50.0296 3976 abp480n5 - ok
17:30:50.0375 3976 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:30:50.0906 3976 ACPI - ok
17:30:50.0968 3976 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:30:51.0281 3976 ACPIEC - ok
17:30:51.0359 3976 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:30:51.0406 3976 AdobeFlashPlayerUpdateSvc - ok
17:30:51.0453 3976 adpu160m - ok
17:30:51.0515 3976 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:30:51.0796 3976 aec - ok
17:30:51.0859 3976 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:30:51.0921 3976 AFD - ok
17:30:51.0937 3976 Aha154x - ok
17:30:51.0984 3976 aic78u2 - ok
17:30:52.0015 3976 aic78xx - ok
17:30:52.0234 3976 [ F3E15607BA53249C765E36388B332C2F ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:30:52.0718 3976 ALCXWDM - ok
17:30:52.0765 3976 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:30:53.0046 3976 Alerter - ok
17:30:53.0078 3976 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:30:53.0375 3976 ALG - ok
17:30:53.0390 3976 AliIde - ok
17:30:53.0437 3976 amsint - ok
17:30:53.0562 3976 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:30:53.0640 3976 AntiVirSchedulerService - ok
17:30:53.0703 3976 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:30:53.0750 3976 AntiVirService - ok
17:30:53.0843 3976 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:30:53.0921 3976 AntiVirWebService - ok
17:30:53.0953 3976 AppMgmt - ok
17:30:54.0000 3976 asc - ok
17:30:54.0046 3976 asc3350p - ok
17:30:54.0093 3976 asc3550 - ok
17:30:54.0265 3976 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:30:54.0312 3976 aspnet_state - ok
17:30:54.0375 3976 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:30:54.0625 3976 AsyncMac - ok
17:30:54.0656 3976 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:30:54.0921 3976 atapi - ok
17:30:54.0984 3976 Atdisk - ok
17:30:55.0046 3976 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:30:55.0312 3976 Atmarpc - ok
17:30:55.0359 3976 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:30:55.0625 3976 AudioSrv - ok
17:30:55.0671 3976 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:30:55.0984 3976 audstub - ok
17:30:56.0031 3976 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:30:56.0093 3976 avgntflt - ok
17:30:56.0187 3976 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:30:56.0234 3976 avipbb - ok
17:30:56.0265 3976 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:30:56.0312 3976 avkmgr - ok
17:30:56.0703 3976 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:30:57.0171 3976 Beep - ok
17:30:57.0281 3976 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:30:57.0578 3976 BITS - ok
17:30:57.0609 3976 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:30:57.0703 3976 Browser - ok
17:30:57.0750 3976 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:30:58.0062 3976 cbidf2k - ok
17:30:58.0078 3976 cd20xrnt - ok
17:30:58.0125 3976 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:30:58.0562 3976 Cdaudio - ok
17:30:58.0593 3976 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:30:58.0859 3976 Cdfs - ok
17:30:58.0906 3976 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:30:59.0203 3976 Cdrom - ok
17:30:59.0218 3976 Changer - ok
17:30:59.0265 3976 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:30:59.0578 3976 CiSvc - ok
17:30:59.0609 3976 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:30:59.0875 3976 ClipSrv - ok
17:30:59.0953 3976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:31:00.0015 3976 clr_optimization_v4.0.30319_32 - ok
17:31:00.0031 3976 CmdIde - ok
17:31:00.0046 3976 COMSysApp - ok
17:31:00.0078 3976 Cpqarray - ok
17:31:00.0109 3976 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:31:00.0359 3976 CryptSvc - ok
17:31:00.0546 3976 [ ED002F233AB7E89B3AD2D47DBD177014 ] ctxS51 C:\WINDOWS\system32\DRIVERS\ctxS51.sys
17:31:00.0718 3976 ctxS51 ( UnsignedFile.Multi.Generic ) - warning
17:31:00.0718 3976 ctxS51 - detected UnsignedFile.Multi.Generic (1)
17:31:00.0765 3976 dac2w2k - ok
17:31:00.0812 3976 dac960nt - ok
17:31:00.0984 3976 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:31:01.0140 3976 DcomLaunch - ok
17:31:01.0218 3976 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:31:01.0484 3976 Dhcp - ok
17:31:01.0515 3976 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:31:01.0781 3976 Disk - ok
17:31:01.0796 3976 dmadmin - ok
17:31:02.0015 3976 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:31:02.0578 3976 dmboot - ok
17:31:02.0687 3976 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:31:02.0984 3976 dmio - ok
17:31:03.0046 3976 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:31:03.0359 3976 dmload - ok
17:31:03.0406 3976 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:31:03.0671 3976 dmserver - ok
17:31:03.0703 3976 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:31:03.0968 3976 DMusic - ok
17:31:04.0015 3976 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:31:04.0093 3976 Dnscache - ok
17:31:04.0156 3976 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:31:04.0406 3976 Dot3svc - ok
17:31:04.0421 3976 dpti2o - ok
17:31:04.0484 3976 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:31:04.0750 3976 drmkaud - ok
17:31:04.0796 3976 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:31:05.0062 3976 EapHost - ok
17:31:05.0125 3976 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:31:05.0359 3976 ERSvc - ok
17:31:05.0421 3976 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:31:05.0468 3976 Eventlog - ok
17:31:05.0531 3976 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:31:05.0593 3976 EventSystem - ok
17:31:05.0640 3976 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:31:05.0890 3976 Fastfat - ok
17:31:05.0937 3976 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:31:06.0015 3976 FastUserSwitchingCompatibility - ok
17:31:06.0062 3976 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:31:06.0312 3976 Fdc - ok
17:31:06.0343 3976 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:31:06.0609 3976 Fips - ok
17:31:06.0640 3976 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:31:06.0906 3976 Flpydisk - ok
17:31:06.0984 3976 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:31:07.0234 3976 FltMgr - ok
17:31:07.0281 3976 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:31:07.0625 3976 Fs_Rec - ok
17:31:07.0656 3976 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:31:07.0968 3976 Ftdisk - ok
17:31:08.0000 3976 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:31:08.0250 3976 gameenum - ok
17:31:08.0312 3976 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:31:08.0562 3976 Gpc - ok
17:31:08.0656 3976 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:31:08.0890 3976 helpsvc - ok
17:31:08.0921 3976 HidServ - ok
17:31:08.0984 3976 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:31:09.0250 3976 hidusb - ok
17:31:09.0281 3976 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:31:09.0531 3976 hkmsvc - ok
17:31:09.0562 3976 hpn - ok
17:31:09.0640 3976 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:31:09.0703 3976 HTTP - ok
17:31:09.0781 3976 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:31:10.0046 3976 HTTPFilter - ok
17:31:10.0093 3976 i2omgmt - ok
17:31:10.0156 3976 i2omp - ok
17:31:10.0234 3976 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:31:10.0500 3976 i8042prt - ok
17:31:10.0546 3976 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:31:10.0796 3976 Imapi - ok
17:31:10.0843 3976 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:31:11.0109 3976 ImapiService - ok
17:31:11.0187 3976 ini910u - ok
17:31:11.0250 3976 IntelIde - ok
17:31:11.0312 3976 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:31:11.0578 3976 intelppm - ok
17:31:11.0609 3976 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:31:11.0875 3976 Ip6Fw - ok
17:31:11.0921 3976 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:31:12.0250 3976 IpFilterDriver - ok
17:31:12.0312 3976 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:31:12.0593 3976 IpInIp - ok
17:31:12.0625 3976 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:31:12.0890 3976 IpNat - ok
17:31:12.0921 3976 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:31:13.0187 3976 IPSec - ok
17:31:13.0234 3976 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:31:13.0484 3976 IRENUM - ok
17:31:13.0546 3976 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:31:13.0796 3976 isapnp - ok
17:31:13.0890 3976 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
17:31:13.0921 3976 JavaQuickStarterService - ok
17:31:13.0968 3976 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:31:14.0250 3976 Kbdclass - ok
17:31:14.0296 3976 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:31:14.0562 3976 kbdhid - ok
17:31:14.0625 3976 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:31:14.0890 3976 kmixer - ok
17:31:14.0937 3976 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:31:15.0015 3976 KSecDD - ok
17:31:15.0062 3976 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:31:15.0140 3976 lanmanserver - ok
17:31:15.0234 3976 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:31:15.0296 3976 lanmanworkstation - ok
17:31:15.0312 3976 lbrtfdc - ok
17:31:15.0406 3976 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:31:15.0656 3976 LmHosts - ok
17:31:15.0687 3976 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:31:15.0953 3976 Messenger - ok
17:31:16.0000 3976 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:31:16.0312 3976 mnmdd - ok
17:31:16.0390 3976 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:31:16.0656 3976 mnmsrvc - ok
17:31:16.0718 3976 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:31:16.0984 3976 Modem - ok
17:31:17.0031 3976 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:31:17.0343 3976 MODEMCSA - ok
17:31:17.0421 3976 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:31:17.0671 3976 Mouclass - ok
17:31:17.0718 3976 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:31:18.0000 3976 mouhid - ok
17:31:18.0046 3976 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:31:18.0296 3976 MountMgr - ok
17:31:18.0343 3976 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:31:18.0390 3976 MozillaMaintenance - ok
17:31:18.0406 3976 mraid35x - ok
17:31:18.0453 3976 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:31:18.0734 3976 MRxDAV - ok
17:31:18.0812 3976 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:31:18.0906 3976 MRxSmb - ok
17:31:18.0953 3976 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:31:19.0218 3976 MSDTC - ok
17:31:19.0281 3976 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:31:19.0515 3976 Msfs - ok
17:31:19.0515 3976 MSIServer - ok
17:31:19.0578 3976 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:31:19.0828 3976 MSKSSRV - ok
17:31:19.0859 3976 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:31:20.0125 3976 MSPCLOCK - ok
17:31:20.0187 3976 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:31:20.0453 3976 MSPQM - ok
17:31:20.0484 3976 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:31:20.0734 3976 mssmbios - ok
17:31:20.0781 3976 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
17:31:21.0109 3976 ms_mpu401 - ok
17:31:21.0187 3976 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:31:21.0281 3976 Mup - ok
17:31:21.0359 3976 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:31:21.0625 3976 napagent - ok
17:31:21.0671 3976 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:31:21.0937 3976 NDIS - ok
17:31:21.0984 3976 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:31:22.0031 3976 NdisTapi - ok
17:31:22.0109 3976 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:31:22.0359 3976 Ndisuio - ok
17:31:22.0421 3976 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:31:22.0671 3976 NdisWan - ok
17:31:22.0718 3976 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:31:22.0796 3976 NDProxy - ok
17:31:22.0843 3976 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:31:23.0093 3976 NetBIOS - ok
17:31:23.0187 3976 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:31:23.0468 3976 NetBT - ok
17:31:23.0515 3976 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:31:23.0812 3976 NetDDE - ok
17:31:23.0843 3976 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:31:24.0109 3976 NetDDEdsdm - ok
17:31:24.0156 3976 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:31:24.0406 3976 Netlogon - ok
17:31:24.0453 3976 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:31:24.0718 3976 Netman - ok
17:31:24.0812 3976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:31:24.0843 3976 NetTcpPortSharing - ok
17:31:24.0906 3976 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:31:24.0968 3976 Nla - ok
17:31:25.0031 3976 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:31:25.0281 3976 Npfs - ok
17:31:25.0359 3976 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:31:25.0687 3976 Ntfs - ok
17:31:25.0718 3976 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:31:25.0968 3976 NtLmSsp - ok
17:31:26.0062 3976 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:31:26.0359 3976 NtmsSvc - ok
17:31:26.0390 3976 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:31:26.0734 3976 Null - ok
17:31:26.0796 3976 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:31:27.0093 3976 NwlnkFlt - ok
17:31:27.0125 3976 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:31:27.0406 3976 NwlnkFwd - ok
17:31:27.0453 3976 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:31:27.0718 3976 Parport - ok
17:31:27.0750 3976 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:31:28.0000 3976 PartMgr - ok
17:31:28.0093 3976 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:31:28.0390 3976 ParVdm - ok
17:31:28.0406 3976 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:31:28.0687 3976 PCI - ok
17:31:28.0718 3976 PCIDump - ok
17:31:28.0750 3976 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:31:29.0062 3976 PCIIde - ok
17:31:29.0125 3976 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:31:29.0375 3976 Pcmcia - ok
17:31:29.0421 3976 PDCOMP - ok
17:31:29.0468 3976 PDFRAME - ok
17:31:29.0500 3976 PDRELI - ok
17:31:29.0546 3976 PDRFRAME - ok
17:31:29.0593 3976 perc2 - ok
17:31:29.0625 3976 perc2hib - ok
17:31:29.0750 3976 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:31:29.0796 3976 PlugPlay - ok
17:31:29.0812 3976 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:31:30.0078 3976 PolicyAgent - ok
17:31:30.0140 3976 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:31:30.0390 3976 PptpMiniport - ok
17:31:30.0406 3976 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:31:30.0687 3976 ProtectedStorage - ok
17:31:30.0718 3976 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:31:30.0968 3976 PSched - ok
17:31:31.0000 3976 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:31:31.0343 3976 Ptilink - ok
17:31:31.0375 3976 ql1080 - ok
17:31:31.0406 3976 Ql10wnt - ok
17:31:31.0453 3976 ql12160 - ok
17:31:31.0484 3976 ql1240 - ok
17:31:31.0531 3976 ql1280 - ok
17:31:31.0609 3976 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:31:31.0875 3976 RasAcd - ok
17:31:31.0937 3976 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:31:32.0203 3976 RasAuto - ok
17:31:32.0250 3976 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:31:32.0500 3976 Rasl2tp - ok
17:31:32.0578 3976 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:31:32.0859 3976 RasMan - ok
17:31:32.0890 3976 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:31:33.0156 3976 RasPppoe - ok
17:31:33.0187 3976 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:31:33.0515 3976 Raspti - ok
17:31:33.0562 3976 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:31:33.0828 3976 Rdbss - ok
17:31:33.0859 3976 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:31:34.0140 3976 RDPCDD - ok
17:31:34.0265 3976 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:31:34.0328 3976 RDPWD - ok
17:31:34.0421 3976 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:31:34.0671 3976 RDSessMgr - ok
17:31:34.0750 3976 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:31:35.0000 3976 redbook - ok
17:31:35.0062 3976 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:31:35.0359 3976 RemoteAccess - ok
17:31:35.0390 3976 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:31:35.0671 3976 RpcLocator - ok
17:31:35.0718 3976 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:31:35.0796 3976 RpcSs - ok
17:31:35.0906 3976 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:31:36.0234 3976 RSVP - ok
17:31:36.0281 3976 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:31:36.0531 3976 rtl8139 - ok
17:31:36.0578 3976 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:31:36.0843 3976 SamSs - ok
17:31:36.0890 3976 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:31:37.0171 3976 SCardSvr - ok
17:31:37.0250 3976 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:31:37.0531 3976 Schedule - ok
17:31:37.0593 3976 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:31:37.0843 3976 Secdrv - ok
17:31:37.0890 3976 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:31:38.0156 3976 seclogon - ok
17:31:38.0203 3976 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:31:38.0484 3976 SENS - ok
17:31:38.0515 3976 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:31:38.0781 3976 serenum - ok
17:31:38.0812 3976 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:31:39.0078 3976 Serial - ok
17:31:39.0187 3976 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:31:39.0453 3976 Sfloppy - ok
17:31:39.0546 3976 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:31:39.0937 3976 SharedAccess - ok
17:31:40.0015 3976 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:31:40.0078 3976 ShellHWDetection - ok
17:31:40.0125 3976 Simbad - ok
17:31:40.0203 3976 [ 61CA562DEF09A782D26B3E7EDEC5369A ] sisagp C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
17:31:40.0312 3976 sisagp - ok
17:31:40.0390 3976 [ 065533F24037CCC7EEE3EA8647C9EF20 ] SiSide C:\WINDOWS\system32\DRIVERS\siside.sys
17:31:40.0500 3976 SiSide - ok
17:31:40.0546 3976 [ 6225224B8E846AC230F8D9B343635910 ] sisidex C:\WINDOWS\system32\drivers\sisidex.sys
17:31:40.0593 3976 sisidex ( UnsignedFile.Multi.Generic ) - warning
17:31:40.0593 3976 sisidex - detected UnsignedFile.Multi.Generic (1)
17:31:40.0609 3976 [ 596D4A7052002D2BD344D8937DA6F66D ] sisperf C:\WINDOWS\system32\drivers\sisperf.sys
17:31:40.0656 3976 sisperf ( UnsignedFile.Multi.Generic ) - warning
17:31:40.0656 3976 sisperf - detected UnsignedFile.Multi.Generic (1)
17:31:40.0703 3976 Sparrow - ok
17:31:40.0750 3976 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:31:41.0000 3976 splitter - ok
17:31:41.0093 3976 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:31:41.0203 3976 Spooler - ok
17:31:41.0250 3976 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:31:41.0500 3976 sr - ok
17:31:41.0609 3976 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:31:41.0843 3976 srservice - ok
17:31:41.0937 3976 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:31:42.0218 3976 Srv - ok
17:31:42.0296 3976 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:31:42.0562 3976 SSDPSRV - ok
17:31:42.0625 3976 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:31:42.0687 3976 ssmdrv - ok
17:31:42.0718 3976 StarOpen - ok
17:31:42.0796 3976 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:31:43.0109 3976 stisvc - ok
17:31:43.0156 3976 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:31:43.0406 3976 swenum - ok
17:31:43.0437 3976 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:31:43.0703 3976 swmidi - ok
17:31:43.0734 3976 SwPrv - ok
17:31:43.0765 3976 symc810 - ok
17:31:43.0812 3976 symc8xx - ok
17:31:43.0859 3976 sym_hi - ok
17:31:43.0890 3976 sym_u3 - ok
17:31:43.0937 3976 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:31:44.0203 3976 sysaudio - ok
17:31:44.0265 3976 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:31:44.0515 3976 SysmonLog - ok
17:31:44.0562 3976 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:31:44.0828 3976 TapiSrv - ok
17:31:44.0890 3976 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:31:44.0984 3976 Tcpip - ok
17:31:45.0031 3976 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:31:45.0296 3976 TDPIPE - ok
17:31:45.0328 3976 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:31:45.0578 3976 TDTCP - ok
17:31:45.0609 3976 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:31:45.0859 3976 TermDD - ok
17:31:45.0921 3976 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:31:46.0203 3976 TermService - ok
17:31:46.0265 3976 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:31:46.0312 3976 Themes - ok
17:31:46.0328 3976 TosIde - ok
17:31:46.0375 3976 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:31:46.0640 3976 TrkWks - ok
17:31:46.0750 3976 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:31:47.0015 3976 Udfs - ok
17:31:47.0031 3976 ultra - ok
17:31:47.0125 3976 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:31:47.0390 3976 Update - ok
17:31:47.0453 3976 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:31:47.0718 3976 upnphost - ok
17:31:47.0765 3976 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:31:48.0000 3976 UPS - ok
17:31:48.0078 3976 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:31:48.0328 3976 usbehci - ok
17:31:48.0375 3976 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:31:48.0625 3976 usbhub - ok
17:31:48.0640 3976 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:31:48.0906 3976 usbohci - ok
17:31:48.0968 3976 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:31:49.0218 3976 USBSTOR - ok
17:31:49.0265 3976 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:31:49.0515 3976 usbuhci - ok
17:31:49.0546 3976 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:31:49.0812 3976 VgaSave - ok
17:31:49.0828 3976 ViaIde - ok
17:31:49.0906 3976 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:31:50.0156 3976 VolSnap - ok
17:31:50.0281 3976 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:31:50.0531 3976 VSS - ok
17:31:50.0593 3976 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:31:50.0843 3976 W32Time - ok
17:31:50.0906 3976 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:31:51.0171 3976 Wanarp - ok
17:31:51.0187 3976 WDICA - ok
17:31:51.0250 3976 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:31:51.0500 3976 wdmaud - ok
17:31:51.0562 3976 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:31:51.0812 3976 WebClient - ok
17:31:51.0921 3976 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:31:52.0187 3976 winmgmt - ok
17:31:52.0312 3976 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:31:52.0375 3976 WmdmPmSN - ok
17:31:52.0468 3976 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:31:52.0718 3976 WmiApSrv - ok
17:31:52.0828 3976 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
17:31:52.0937 3976 WMPNetworkSvc - ok
17:31:53.0093 3976 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:31:53.0234 3976 WPFFontCache_v0400 - ok
17:31:53.0281 3976 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:31:53.0609 3976 WS2IFSL - ok
17:31:53.0703 3976 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:31:53.0937 3976 wscsvc - ok
17:31:53.0968 3976 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:31:54.0234 3976 wuauserv - ok
17:31:54.0328 3976 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:31:54.0640 3976 WZCSVC - ok
17:31:54.0718 3976 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:31:54.0984 3976 xmlprov - ok
17:31:55.0015 3976 ================ Scan global ===============================
17:31:55.0062 3976 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:31:55.0125 3976 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:31:55.0187 3976 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:31:55.0234 3976 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:31:55.0234 3976 [Global] - ok
17:31:55.0265 3976 ================ Scan MBR ==================================
17:31:55.0296 3976 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:31:55.0562 3976 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:31:55.0562 3976 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:31:55.0578 3976 ================ Scan VBR ==================================
17:31:55.0593 3976 [ DE9494868D6EB56B80771057551D872F ] \Device\Harddisk0\DR0\Partition1
17:31:55.0609 3976 \Device\Harddisk0\DR0\Partition1 - ok
17:31:55.0625 3976 ============================================================
17:31:55.0625 3976 Scan finished
17:31:55.0625 3976 ============================================================
17:31:55.0687 4080 Detected object count: 4
17:31:55.0687 4080 Actual detected object count: 4
17:32:30.0015 4080 ctxS51 ( UnsignedFile.Multi.Generic ) - skipped by user
17:32:30.0015 4080 ctxS51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:32:30.0015 4080 sisidex ( UnsignedFile.Multi.Generic ) - skipped by user
17:32:30.0015 4080 sisidex ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:32:30.0015 4080 sisperf ( UnsignedFile.Multi.Generic ) - skipped by user
17:32:30.0015 4080 sisperf ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:32:30.0062 4080 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
17:32:30.0062 4080 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
17:32:30.0078 4080 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
17:32:30.0078 4080 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
17:32:30.0109 4080 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
17:32:30.0125 4080 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
17:32:30.0140 4080 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
17:32:30.0156 4080 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
17:32:30.0171 4080 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:32:30.0171 4080 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:32:30.0187 4080 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:32:30.0203 4080 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:32:30.0203 4080 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
17:32:30.0218 4080 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
17:32:30.0234 4080 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
17:32:30.0234 4080 \Device\Harddisk0\DR0\TDLFS - deleted
17:32:30.0234 4080 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
17:33:08.0187 3380 ============================================================
17:33:08.0187 3380 Scan started
17:33:08.0187 3380 Mode: Manual; SigCheck; TDLFS;
17:33:08.0187 3380 ============================================================
17:33:08.0453 3380 ================ Scan system memory ========================
17:33:08.0453 3380 System memory - ok
17:33:08.0484 3380 ================ Scan services =============================
17:33:08.0734 3380 Abiosdsk - ok
17:33:08.0765 3380 abp480n5 - ok
17:33:08.0875 3380 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:33:09.0171 3380 ACPI - ok
17:33:09.0234 3380 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:33:09.0609 3380 ACPIEC - ok
17:33:09.0687 3380 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:33:09.0718 3380 AdobeFlashPlayerUpdateSvc - ok
17:33:09.0750 3380 adpu160m - ok
17:33:09.0812 3380 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:33:10.0046 3380 aec - ok
17:33:10.0093 3380 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:33:10.0140 3380 AFD - ok
17:33:10.0187 3380 Aha154x - ok
17:33:10.0234 3380 aic78u2 - ok
17:33:10.0281 3380 aic78xx - ok
17:33:10.0531 3380 [ F3E15607BA53249C765E36388B332C2F ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:33:10.0859 3380 ALCXWDM - ok
17:33:10.0921 3380 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:33:11.0171 3380 Alerter - ok
17:33:11.0203 3380 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:33:11.0453 3380 ALG - ok
17:33:11.0484 3380 AliIde - ok
17:33:11.0515 3380 amsint - ok
17:33:11.0640 3380 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:33:11.0687 3380 AntiVirSchedulerService - ok
17:33:11.0750 3380 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:33:11.0781 3380 AntiVirService - ok
17:33:11.0828 3380 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:33:11.0890 3380 AntiVirWebService - ok
17:33:11.0921 3380 AppMgmt - ok
17:33:11.0968 3380 asc - ok
17:33:12.0000 3380 asc3350p - ok
17:33:12.0046 3380 asc3550 - ok
17:33:12.0203 3380 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:33:12.0250 3380 aspnet_state - ok
17:33:12.0281 3380 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:33:12.0531 3380 AsyncMac - ok
17:33:12.0578 3380 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:33:12.0828 3380 atapi - ok
17:33:12.0875 3380 Atdisk - ok
17:33:12.0937 3380 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:33:13.0187 3380 Atmarpc - ok
17:33:13.0234 3380 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:33:13.0484 3380 AudioSrv - ok
17:33:13.0546 3380 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:33:13.0812 3380 audstub - ok
17:33:13.0859 3380 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:33:13.0906 3380 avgntflt - ok
17:33:13.0937 3380 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:33:13.0968 3380 avipbb - ok
17:33:14.0015 3380 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:33:14.0078 3380 avkmgr - ok
17:33:14.0140 3380 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:33:14.0406 3380 Beep - ok
17:33:14.0468 3380 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:33:14.0828 3380 BITS - ok
17:33:14.0890 3380 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:33:14.0953 3380 Browser - ok
17:33:15.0015 3380 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:33:15.0328 3380 cbidf2k - ok
17:33:15.0359 3380 cd20xrnt - ok
17:33:15.0421 3380 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:33:15.0687 3380 Cdaudio - ok
17:33:15.0750 3380 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:33:15.0984 3380 Cdfs - ok
17:33:16.0046 3380 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:33:16.0281 3380 Cdrom - ok
17:33:16.0312 3380 Changer - ok
17:33:16.0375 3380 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:33:16.0609 3380 CiSvc - ok
17:33:16.0671 3380 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:33:16.0921 3380 ClipSrv - ok
17:33:17.0015 3380 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:17.0046 3380 clr_optimization_v4.0.30319_32 - ok
17:33:17.0078 3380 CmdIde - ok
17:33:17.0109 3380 COMSysApp - ok
17:33:17.0171 3380 Cpqarray - ok
17:33:17.0250 3380 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:33:17.0484 3380 CryptSvc - ok
17:33:17.0765 3380 [ ED002F233AB7E89B3AD2D47DBD177014 ] ctxS51 C:\WINDOWS\system32\DRIVERS\ctxS51.sys
17:33:18.0062 3380 ctxS51 ( UnsignedFile.Multi.Generic ) - warning
17:33:18.0062 3380 ctxS51 - detected UnsignedFile.Multi.Generic (1)
17:33:18.0093 3380 dac2w2k - ok
17:33:18.0125 3380 dac960nt - ok
17:33:18.0234 3380 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:33:18.0359 3380 DcomLaunch - ok
17:33:18.0453 3380 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:33:18.0703 3380 Dhcp - ok
17:33:18.0765 3380 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:33:19.0000 3380 Disk - ok
17:33:19.0031 3380 dmadmin - ok
17:33:19.0187 3380 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:33:19.0500 3380 dmboot - ok
17:33:19.0609 3380 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:33:19.0859 3380 dmio - ok
17:33:19.0906 3380 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:33:20.0171 3380 dmload - ok
17:33:20.0203 3380 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:33:20.0453 3380 dmserver - ok
17:33:20.0484 3380 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:33:20.0734 3380 DMusic - ok
17:33:20.0781 3380 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:33:20.0828 3380 Dnscache - ok
17:33:20.0953 3380 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:33:21.0187 3380 Dot3svc - ok
17:33:21.0234 3380 dpti2o - ok
17:33:21.0312 3380 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:33:21.0546 3380 drmkaud - ok
17:33:21.0593 3380 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:33:21.0843 3380 EapHost - ok
17:33:21.0890 3380 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:33:22.0125 3380 ERSvc - ok
17:33:22.0218 3380 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:33:22.0265 3380 Eventlog - ok
17:33:22.0359 3380 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:33:22.0406 3380 EventSystem - ok
17:33:22.0437 3380 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:33:22.0687 3380 Fastfat - ok
17:33:22.0765 3380 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:33:22.0812 3380 FastUserSwitchingCompatibility - ok
17:33:22.0921 3380 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:33:23.0156 3380 Fdc - ok
17:33:23.0203 3380 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:33:23.0453 3380 Fips - ok
17:33:23.0484 3380 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:33:23.0734 3380 Flpydisk - ok
17:33:23.0812 3380 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:33:24.0062 3380 FltMgr - ok
17:33:24.0078 3380 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:33:24.0375 3380 Fs_Rec - ok
17:33:24.0421 3380 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:33:24.0687 3380 Ftdisk - ok
17:33:24.0718 3380 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:33:24.0984 3380 gameenum - ok
17:33:25.0031 3380 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:33:25.0265 3380 Gpc - ok
17:33:25.0375 3380 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:33:25.0593 3380 helpsvc - ok
17:33:25.0625 3380 HidServ - ok
17:33:25.0671 3380 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:33:25.0906 3380 hidusb - ok
17:33:25.0953 3380 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:33:26.0203 3380 hkmsvc - ok
17:33:26.0218 3380 hpn - ok
17:33:26.0296 3380 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:33:26.0343 3380 HTTP - ok
17:33:26.0390 3380 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:33:26.0640 3380 HTTPFilter - ok
17:33:26.0656 3380 i2omgmt - ok
17:33:26.0703 3380 i2omp - ok
17:33:26.0765 3380 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:33:27.0015 3380 i8042prt - ok
17:33:27.0031 3380 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:33:27.0312 3380 Imapi - ok
17:33:27.0359 3380 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:33:27.0625 3380 ImapiService - ok
17:33:27.0671 3380 ini910u - ok
17:33:27.0750 3380 IntelIde - ok
17:33:27.0812 3380 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:33:28.0078 3380 intelppm - ok
17:33:28.0109 3380 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:33:28.0375 3380 Ip6Fw - ok
17:33:28.0421 3380 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:33:28.0734 3380 IpFilterDriver - ok
17:33:28.0765 3380 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:33:29.0062 3380 IpInIp - ok
17:33:29.0125 3380 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:33:29.0468 3380 IpNat - ok
17:33:29.0484 3380 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:33:29.0828 3380 IPSec - ok
17:33:29.0859 3380 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:33:30.0156 3380 IRENUM - ok
17:33:30.0234 3380 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:33:30.0531 3380 isapnp - ok
17:33:30.0640 3380 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
17:33:30.0687 3380 JavaQuickStarterService - ok
17:33:30.0718 3380 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:33:31.0078 3380 Kbdclass - ok
17:33:31.0109 3380 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:33:31.0375 3380 kbdhid - ok
17:33:31.0421 3380 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:33:31.0703 3380 kmixer - ok
17:33:31.0750 3380 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:33:31.0812 3380 KSecDD - ok
17:33:31.0859 3380 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:33:31.0953 3380 lanmanserver - ok
17:33:32.0015 3380 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:33:32.0078 3380 lanmanworkstation - ok
17:33:32.0109 3380 lbrtfdc - ok
17:33:32.0265 3380 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:33:32.0531 3380 LmHosts - ok
17:33:32.0578 3380 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:33:32.0859 3380 Messenger - ok
17:33:32.0921 3380 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:33:33.0296 3380 mnmdd - ok
17:33:33.0343 3380 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:33:33.0671 3380 mnmsrvc - ok
17:33:33.0718 3380 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:33:33.0984 3380 Modem - ok
17:33:34.0046 3380 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:33:34.0312 3380 MODEMCSA - ok
17:33:34.0343 3380 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:33:34.0609 3380 Mouclass - ok
17:33:34.0687 3380 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:33:34.0968 3380 mouhid - ok
17:33:35.0000 3380 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:33:35.0250 3380 MountMgr - ok
17:33:35.0312 3380 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:33:35.0375 3380 MozillaMaintenance - ok
17:33:35.0421 3380 mraid35x - ok
17:33:35.0468 3380 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:33:35.0718 3380 MRxDAV - ok
17:33:35.0796 3380 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:33:35.0843 3380 MRxSmb - ok
17:33:35.0890 3380 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:33:36.0125 3380 MSDTC - ok
17:33:36.0187 3380 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:33:36.0453 3380 Msfs - ok
17:33:36.0468 3380 MSIServer - ok
17:33:36.0531 3380 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:33:36.0781 3380 MSKSSRV - ok
17:33:36.0812 3380 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:33:37.0062 3380 MSPCLOCK - ok
17:33:37.0109 3380 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:33:37.0343 3380 MSPQM - ok
17:33:37.0406 3380 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:33:37.0640 3380 mssmbios - ok
17:33:37.0718 3380 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
17:33:37.0984 3380 ms_mpu401 - ok
17:33:38.0031 3380 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:33:38.0078 3380 Mup - ok
17:33:38.0140 3380 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:33:38.0390 3380 napagent - ok
17:33:38.0437 3380 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:33:38.0687 3380 NDIS - ok
17:33:38.0765 3380 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:33:38.0796 3380 NdisTapi - ok
17:33:38.0875 3380 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:33:39.0109 3380 Ndisuio - ok
17:33:39.0140 3380 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:33:39.0406 3380 NdisWan - ok
17:33:39.0468 3380 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:33:39.0500 3380 NDProxy - ok
17:33:39.0531 3380 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:33:39.0781 3380 NetBIOS - ok
17:33:39.0843 3380 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:33:40.0093 3380 NetBT - ok
17:33:40.0125 3380 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:33:40.0375 3380 NetDDE - ok
17:33:40.0390 3380 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:33:40.0656 3380 NetDDEdsdm - ok
17:33:40.0718 3380 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:33:40.0953 3380 Netlogon - ok
17:33:41.0000 3380 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:33:41.0250 3380 Netman - ok
17:33:41.0312 3380 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:33:41.0343 3380 NetTcpPortSharing - ok
17:33:41.0406 3380 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:33:41.0453 3380 Nla - ok
17:33:41.0546 3380 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:33:41.0781 3380 Npfs - ok
17:33:41.0859 3380 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:33:42.0125 3380 Ntfs - ok
17:33:42.0156 3380 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:33:42.0406 3380 NtLmSsp - ok
17:33:42.0484 3380 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:33:42.0734 3380 NtmsSvc - ok
17:33:42.0781 3380 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:33:43.0046 3380 Null - ok
17:33:43.0093 3380 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:33:43.0359 3380 NwlnkFlt - ok
17:33:43.0406 3380 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:33:43.0640 3380 NwlnkFwd - ok
17:33:43.0687 3380 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:33:43.0937 3380 Parport - ok
17:33:43.0984 3380 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:33:44.0234 3380 PartMgr - ok
17:33:44.0281 3380 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:33:44.0531 3380 ParVdm - ok
17:33:44.0562 3380 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:33:44.0828 3380 PCI - ok
17:33:44.0843 3380 PCIDump - ok
17:33:44.0890 3380 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:33:45.0156 3380 PCIIde - ok
17:33:45.0203 3380 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:33:45.0468 3380 Pcmcia - ok
17:33:45.0500 3380 PDCOMP - ok
17:33:45.0531 3380 PDFRAME - ok
17:33:45.0578 3380 PDRELI - ok
17:33:45.0609 3380 PDRFRAME - ok
17:33:45.0656 3380 perc2 - ok
17:33:45.0703 3380 perc2hib - ok
17:33:45.0812 3380 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:33:45.0859 3380 PlugPlay - ok
17:33:45.0906 3380 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:33:46.0156 3380 PolicyAgent - ok
17:33:46.0218 3380 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:33:46.0468 3380 PptpMiniport - ok
17:33:46.0531 3380 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:33:46.0765 3380 ProtectedStorage - ok
17:33:46.0812 3380 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:33:47.0046 3380 PSched - ok
17:33:47.0078 3380 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:33:47.0359 3380 Ptilink - ok
17:33:47.0390 3380 ql1080 - ok
17:33:47.0437 3380 Ql10wnt - ok
17:33:47.0468 3380 ql12160 - ok
17:33:47.0515 3380 ql1240 - ok
17:33:47.0562 3380 ql1280 - ok
17:33:47.0609 3380 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:33:47.0890 3380 RasAcd - ok
17:33:47.0937 3380 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:33:48.0187 3380 RasAuto - ok
17:33:48.0218 3380 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:33:48.0468 3380 Rasl2tp - ok
17:33:48.0531 3380 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:33:48.0765 3380 RasMan - ok
17:33:48.0812 3380 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:33:49.0062 3380 RasPppoe - ok
17:33:49.0109 3380 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:33:49.0390 3380 Raspti - ok
17:33:49.0406 3380 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:33:49.0656 3380 Rdbss - ok
17:33:49.0703 3380 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:33:49.0968 3380 RDPCDD - ok
17:33:50.0078 3380 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:33:50.0109 3380 RDPWD - ok
17:33:50.0171 3380 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:33:50.0421 3380 RDSessMgr - ok
17:33:50.0484 3380 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:33:50.0718 3380 redbook - ok
17:33:50.0765 3380 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:33:51.0015 3380 RemoteAccess - ok
17:33:51.0031 3380 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:33:51.0296 3380 RpcLocator - ok
17:33:51.0343 3380 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:33:51.0406 3380 RpcSs - ok
17:33:51.0468 3380 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:33:51.0718 3380 RSVP - ok
17:33:51.0781 3380 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:33:51.0984 3380 rtl8139 - ok
17:33:52.0046 3380 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:33:52.0265 3380 SamSs - ok
17:33:52.0312 3380 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:33:52.0531 3380 SCardSvr - ok
17:33:52.0593 3380 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:33:52.0812 3380 Schedule - ok
17:33:52.0859 3380 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:33:53.0078 3380 Secdrv - ok
17:33:53.0109 3380 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:33:53.0328 3380 seclogon - ok
17:33:53.0390 3380 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:33:53.0640 3380 SENS - ok
17:33:53.0703 3380 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:33:53.0937 3380 serenum - ok
17:33:53.0968 3380 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:33:54.0218 3380 Serial - ok
17:33:54.0296 3380 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:33:54.0562 3380 Sfloppy - ok
17:33:54.0625 3380 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:33:54.0875 3380 SharedAccess - ok
17:33:54.0937 3380 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:33:55.0000 3380 ShellHWDetection - ok
17:33:55.0031 3380 Simbad - ok
17:33:55.0093 3380 [ 61CA562DEF09A782D26B3E7EDEC5369A ] sisagp C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
17:33:55.0125 3380 sisagp - ok
17:33:55.0187 3380 [ 065533F24037CCC7EEE3EA8647C9EF20 ] SiSide C:\WINDOWS\system32\DRIVERS\siside.sys
17:33:55.0218 3380 SiSide - ok
17:33:55.0250 3380 [ 6225224B8E846AC230F8D9B343635910 ] sisidex C:\WINDOWS\system32\drivers\sisidex.sys
17:33:55.0281 3380 sisidex ( UnsignedFile.Multi.Generic ) - warning
17:33:55.0281 3380 sisidex - detected UnsignedFile.Multi.Generic (1)
17:33:55.0296 3380 [ 596D4A7052002D2BD344D8937DA6F66D ] sisperf C:\WINDOWS\system32\drivers\sisperf.sys
17:33:55.0328 3380 sisperf ( UnsignedFile.Multi.Generic ) - warning
17:33:55.0328 3380 sisperf - detected UnsignedFile.Multi.Generic (1)
17:33:55.0375 3380 Sparrow - ok
17:33:55.0437 3380 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:33:55.0687 3380 splitter - ok
17:33:55.0750 3380 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:33:55.0812 3380 Spooler - ok
17:33:55.0843 3380 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:33:56.0093 3380 sr - ok
17:33:56.0156 3380 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:33:56.0406 3380 srservice - ok
17:33:56.0468 3380 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:33:56.0515 3380 Srv - ok
17:33:56.0562 3380 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:33:56.0796 3380 SSDPSRV - ok
17:33:56.0859 3380 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:33:56.0890 3380 ssmdrv - ok
17:33:56.0906 3380 StarOpen - ok
17:33:56.0968 3380 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:33:57.0218 3380 stisvc - ok
17:33:57.0281 3380 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:33:57.0531 3380 swenum - ok
17:33:57.0562 3380 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:33:57.0812 3380 swmidi - ok
17:33:57.0859 3380 SwPrv - ok
17:33:57.0921 3380 symc810 - ok
17:33:57.0968 3380 symc8xx - ok
17:33:58.0000 3380 sym_hi - ok
17:33:58.0046 3380 sym_u3 - ok
17:33:58.0093 3380 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:33:58.0343 3380 sysaudio - ok
17:33:58.0421 3380 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:33:58.0656 3380 SysmonLog - ok
17:33:58.0703 3380 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:33:58.0953 3380 TapiSrv - ok
17:33:59.0015 3380 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:33:59.0078 3380 Tcpip - ok
17:33:59.0140 3380 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:33:59.0375 3380 TDPIPE - ok
17:33:59.0406 3380 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:33:59.0656 3380 TDTCP - ok
17:33:59.0703 3380 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:33:59.0953 3380 TermDD - ok
17:34:00.0031 3380 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:34:00.0281 3380 TermService - ok
17:34:00.0328 3380 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:34:00.0375 3380 Themes - ok
17:34:00.0406 3380 TosIde - ok
17:34:00.0468 3380 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:34:00.0718 3380 TrkWks - ok
17:34:00.0796 3380 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:34:01.0031 3380 Udfs - ok
17:34:01.0062 3380 ultra - ok
17:34:01.0125 3380 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:34:01.0375 3380 Update - ok
17:34:01.0453 3380 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:34:01.0703 3380 upnphost - ok
17:34:01.0750 3380 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:34:02.0000 3380 UPS - ok
17:34:02.0078 3380 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:34:02.0312 3380 usbehci - ok
17:34:02.0375 3380 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:34:02.0625 3380 usbhub - ok
17:34:02.0656 3380 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:34:02.0906 3380 usbohci - ok
17:34:02.0953 3380 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:34:03.0187 3380 USBSTOR - ok
17:34:03.0234 3380 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:34:03.0500 3380 usbuhci - ok
17:34:03.0546 3380 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:34:03.0796 3380 VgaSave - ok
17:34:03.0812 3380 ViaIde - ok
17:34:03.0875 3380 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:34:04.0125 3380 VolSnap - ok
17:34:04.0203 3380 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:34:04.0453 3380 VSS - ok
17:34:04.0500 3380 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:34:04.0750 3380 W32Time - ok
17:34:04.0796 3380 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:34:05.0046 3380 Wanarp - ok
17:34:05.0078 3380 WDICA - ok
17:34:05.0140 3380 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:34:05.0390 3380 wdmaud - ok
17:34:05.0437 3380 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:34:05.0687 3380 WebClient - ok
17:34:05.0781 3380 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:34:06.0031 3380 winmgmt - ok
17:34:06.0187 3380 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:34:06.0218 3380 WmdmPmSN - ok
17:34:06.0296 3380 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:34:06.0546 3380 WmiApSrv - ok
17:34:06.0656 3380 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
17:34:06.0750 3380 WMPNetworkSvc - ok
17:34:06.0875 3380 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:34:06.0937 3380 WPFFontCache_v0400 - ok
17:34:07.0000 3380 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:34:07.0265 3380 WS2IFSL - ok
17:34:07.0328 3380 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:34:07.0578 3380 wscsvc - ok
17:34:07.0593 3380 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:34:07.0859 3380 wuauserv - ok
17:34:07.0937 3380 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:34:08.0203 3380 WZCSVC - ok
17:34:08.0281 3380 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:34:08.0515 3380 xmlprov - ok
17:34:08.0562 3380 ================ Scan global ===============================
17:34:08.0609 3380 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:34:08.0750 3380 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:34:08.0890 3380 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:34:08.0906 3380 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:34:08.0921 3380 [Global] - ok
17:34:08.0937 3380 ================ Scan MBR ==================================
17:34:08.0953 3380 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:34:09.0843 3380 \Device\Harddisk0\DR0 - ok
17:34:09.0859 3380 ================ Scan VBR ==================================
17:34:09.0906 3380 [ DE9494868D6EB56B80771057551D872F ] \Device\Harddisk0\DR0\Partition1
17:34:09.0906 3380 \Device\Harddisk0\DR0\Partition1 - ok
17:34:09.0921 3380 ============================================================
17:34:09.0921 3380 Scan finished
17:34:09.0921 3380 ============================================================
17:34:09.0984 0180 Detected object count: 3
17:34:09.0984 0180 Actual detected object count: 3
17:34:17.0078 0180 ctxS51 ( UnsignedFile.Multi.Generic ) - skipped by user
17:34:17.0078 0180 ctxS51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:34:17.0078 0180 sisidex ( UnsignedFile.Multi.Generic ) - skipped by user
17:34:17.0078 0180 sisidex ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:34:17.0078 0180 sisperf ( UnsignedFile.Multi.Generic ) - skipped by user
17:34:17.0078 0180 sisperf ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.01.2013, 17:37
| #14 |
| /// Malware-holic | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm hi nutzt du den PC für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 17:41
| #15 |
| | Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm ich glaube ja (ich bin hier grad nur der virenentferner meiner eltern bzw. die ausführende person dank deiner hilfen) frage wg. secure banking und so? ist der trojaner jetzt schon vollständig entfernt? weil dann würd ich mal anfangen mit andren virenprogrammen draufspielen. Geändert von Gisela (09.01.2013 um 17:51 Uhr) |
|
| Themen zu Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm |
| angezeigt, bild, bildschirm, booten, desktop, eingabe, free, hallo zusammen, klicke, klicken, meldung, minute, minuten, nichts, problem, rechts, symbole, trojaner, weißer, win, win xp, windows, windows xp, zusammen |
Linear-Darstellung
