Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.02.2013, 18:09   #1
XPnutzerin
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Guten Abend.

Bei der Aktualisierung meines Virenprogrammes habe ich mir den BKA Trojaner eingefangen. Ich kann den Rechner aber auch im abgesicherten Modus nicht ohne Sperrbildschirm hochfahren. Was nun???

Alt 02.02.2013, 19:10   #2
XPnutzerin
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Mittlerweile habe ich mir diese OTLPE-Datei von einem anderen Rechner gebrannt, den Text in die Box kopiert und den Scan laufen lassen. OTL Datei im Anhang. Und nun?
Angehängte Dateien
Dateityp: txt otl txt.txt (27,4 KB, 131x aufgerufen)
__________________


Alt 03.02.2013, 11:28   #3
XPnutzerin
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Kann mir denn niemand helfen?
__________________

Alt 07.02.2013, 12:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus





Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Janine\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
[2013/02/02 13:43:45 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.pad
[2013/02/02 12:53:20 | 000,003,206 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.js
[2013/02/02 12:53:20 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/02 12:21:30 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Janine\Startmenü\Programme\Autostart\runctf.lnk
:Files
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.02.2013, 16:02   #5
XPnutzerin
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Hallo Cosinus!
Danke für Deine Hilfe!!!
Über CD bebootet, den Text kopiert und Fix laufen lassen. Das ging sehr schnell und er wollte tatsächlich neu starten. Rechner fährt wieder hoch! Es hat sich aber keine logfile geöffnet und ich habe nichts mit diesem Namen gesehen. Wenn ich sie dir noch zur Verfügung stellen soll, kein Problem, wenn Du mir sagst wo ich sie finde
Ich hatte vor ein paar Tagen versucht Malwarebytes auf dem infizierten Rechner zu installieren. Das ging aber nicht weil ich wohl das Service Pack 2 nicht installiert hatte. In der Zwischenzeit habe ich mir das Service Pack 2 auf einem anderen Rechner runtergeladen und installiert. Ich hoffe ich habe deine Arbeit damit nicht irgendwie untergraben sondern unterstützt.
Momentan habe ich gar keinen Virenscan auf dem Desktop. Wenn er clean ist und ich wieder online gehen kann lade ich Avira runter.
Ich hoffe ich habe richtig gezippet?! Habe auf jeden Fall was nach Deiner Anleitung hochgeladen
LG, Janine


Alt 08.02.2013, 09:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus

Alt 08.02.2013, 13:52   #7
XPnutzerin
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Hallo Cosinus.
Danke für den Einlauf!
Ich konnte keine Benutzer irgendwo auswählen. Anbei die beiden Dateien.
LG, Janine

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.02.2013 14:29:54 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = G:\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,00 Mb Total Physical Memory | 287,00 Mb Available Physical Memory | 56,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): G:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Programme
Drive C: | 3,77 Gb Total Space | 3,75 Gb Free Space | 99,66% Space Free | Partition Type: FAT32
Drive D: | 14,88 Gb Total Space | 13,12 Gb Free Space | 88,16% Space Free | Partition Type: FAT32
Drive G: | 23,45 Gb Total Space | 17,98 Gb Free Space | 76,69% Space Free | Partition Type: NTFS
 
Computer Name: NINE | User Name: Janine
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (Kodak AiO Network Discovery Service) -- G:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (TGCM_ImportWiFiSvc) -- G:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (DCService.exe) -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
SRV - (Microsoft Office Groove Audit Service) -- D:\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- G:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- G:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (Scutum50) --  File not found
DRV - (RT73) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (hwusbdev) --  File not found
DRV - (Changer) --  File not found
DRV - (tidnet) -- G:\WINDOWS\system32\drivers\tidnet.sys (Telefónica I+D)
DRV - (huawei_enumerator) -- G:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- G:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- G:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- G:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (videX32) -- G:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- G:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (Vsp) -- G:\WINDOWS\system32\drivers\vsp.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-746137067-796845957-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freemail.de/
IE - HKU\S-1-5-21-746137067-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VLC Media Player\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: G:\Programme\Firefox\components [2012.10.20 11:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: G:\Programme\Firefox\plugins
 
[2012.10.20 11:40:41 | 000,000,000 | ---D | M] (No name found) -- G:\Dokumente und Einstellungen\Janine\Anwendungsdaten\Mozilla\Extensions
File not found (No name found) -- 
 
O1 HOSTS File: ([2013.02.07 22:25:09 | 000,000,098 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] G:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Conime] G:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKAIO2StatusMonitor] G:\WINDOWS\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [GrooveMonitor] D:\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - Startup: G:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AudioDeck.lnk = G:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - G:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: G:\Dokumente und Einstellungen\Janine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Dokumente und Einstellungen\Janine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{33a56c05-1803-11e0-bbce-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{33a56c05-1803-11e0-bbce-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33a56c05-1803-11e0-bbce-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6f3252ce-6d57-11e2-bc28-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{6f3252ce-6d57-11e2-bc28-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f3252ce-6d57-11e2-bc28-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8237859c-17df-11e0-bbcb-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{8237859c-17df-11e0-bbcb-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8237859c-17df-11e0-bbcb-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ac726b18-17e1-11e0-bbcd-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{ac726b18-17e1-11e0-bbcd-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac726b18-17e1-11e0-bbcd-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ac726b1c-17e1-11e0-bbcd-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{ac726b1c-17e1-11e0-bbcd-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac726b1c-17e1-11e0-bbcd-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e093a88c-5a7a-11df-bb68-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{e093a88c-5a7a-11df-bb68-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e093a88c-5a7a-11df-bb68-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e3c5463a-0a86-11df-bb12-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c5463a-0a86-11df-bb12-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3c5463a-0a86-11df-bb12-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e3c5463e-0a86-11df-bb12-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c5463e-0a86-11df-bb12-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3c5463e-0a86-11df-bb12-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.07 22:25:07 | 002,237,440 | R--- | C] (OldTimer Tools) -- G:\OTLPE.exe
[2013.02.07 22:25:06 | 000,000,000 | ---D | C] -- G:\_OTL
[2013.02.07 17:07:30 | 000,000,000 | RH-D | C] -- G:\Dokumente und Einstellungen\Janine\Recent
[2013.02.07 16:58:57 | 000,000,000 | ---D | C] -- G:\WINDOWS\Prefetch
[2013.02.07 16:49:57 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1btxx.sys
[2013.02.07 16:49:57 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1raxx.sys
[2013.02.07 16:49:57 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1pdxx.sys
[2013.02.07 16:49:57 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1mdxx.sys
[2013.02.07 16:49:57 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv01nt5.dll
[2013.02.07 16:49:57 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv02nt5.dll
[2013.02.07 16:49:57 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv11nt5.dll
[2013.02.07 16:49:57 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv09nt5.dll
[2013.02.07 16:49:57 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv07nt5.dll
[2013.02.07 16:49:57 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv05nt5.dll
[2013.02.07 16:49:57 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv08nt5.dll
[2013.02.07 16:49:56 | 000,701,952 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati2mtag.sys
[2013.02.07 16:49:56 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati2mtaa.sys
[2013.02.07 16:49:56 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinrvxx.sys
[2013.02.07 16:49:56 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atintuxx.sys
[2013.02.07 16:49:56 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1rvxx.sys
[2013.02.07 16:49:56 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinxsxx.sys
[2013.02.07 16:49:56 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinbtxx.sys
[2013.02.07 16:49:56 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinraxx.sys
[2013.02.07 16:49:56 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1tuxx.sys
[2013.02.07 16:49:56 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1xsxx.sys
[2013.02.07 16:49:56 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinxbxx.sys
[2013.02.07 16:49:56 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1xbxx.sys
[2013.02.07 16:49:56 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinsnxx.sys
[2013.02.07 16:49:56 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1snxx.sys
[2013.02.07 16:49:56 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv04nt5.dll
[2013.02.07 16:49:56 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1ttxx.sys
[2013.02.07 16:49:56 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv01nt5.dll
[2013.02.07 16:49:56 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv10nt5.dll
[2013.02.07 16:49:56 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinpdxx.sys
[2013.02.07 16:49:56 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv06nt5.dll
[2013.02.07 16:49:56 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinttxx.sys
[2013.02.07 16:49:56 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinmdxx.sys
[2013.02.07 16:49:56 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv02nt5.dll
[2013.02.07 16:49:55 | 000,035,456 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\bthprint.sys
[2013.02.07 16:49:55 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013.02.07 16:49:54 | 001,309,184 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\mtlstrm.sys
[2013.02.07 16:49:54 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- G:\WINDOWS\System32\drivers\mtxparhm.sys
[2013.02.07 16:49:54 | 000,180,360 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\ntmtlfax.sys
[2013.02.07 16:49:54 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- G:\WINDOWS\System32\drivers\s3gnbm.sys
[2013.02.07 16:49:54 | 000,129,535 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\slnt7554.sys
[2013.02.07 16:49:54 | 000,126,686 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\mtlmnt5.sys
[2013.02.07 16:49:54 | 000,030,080 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\rndismpx.sys
[2013.02.07 16:49:54 | 000,013,776 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\recagent.sys
[2013.02.07 16:49:54 | 000,012,672 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\mutohpen.sys
[2013.02.07 16:49:54 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\siint5.dll
[2013.02.07 16:49:53 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- G:\WINDOWS\System32\ati3d1ag.dll
[2013.02.07 16:49:53 | 000,404,990 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\slntamr.sys
[2013.02.07 16:49:53 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ati2dvaa.dll
[2013.02.07 16:49:53 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ati2cqag.dll
[2013.02.07 16:49:53 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ati2dvag.dll
[2013.02.07 16:49:53 | 000,095,424 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\slnthal.sys
[2013.02.07 16:49:53 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\watv10nt.sys
[2013.02.07 16:49:53 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\watv06nt.sys
[2013.02.07 16:49:53 | 000,013,240 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\slwdmsup.sys
[2013.02.07 16:49:53 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\wadv11nt.sys
[2013.02.07 16:49:53 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\wadv09nt.sys
[2013.02.07 16:49:53 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\wadv07nt.sys
[2013.02.07 16:49:53 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\vchnt5.dll
[2013.02.07 16:49:53 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\wadv08nt.sys
[2013.02.07 16:49:53 | 000,006,016 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\smbali.sys
[2013.02.07 16:49:52 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- G:\WINDOWS\System32\ati3duag.dll
[2013.02.07 16:49:52 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- G:\WINDOWS\System32\mtxparhd.dll
[2013.02.07 16:49:52 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- G:\WINDOWS\System32\ativvaxx.dll
[2013.02.07 16:49:52 | 000,086,016 | ---- | C] (Conexant) -- G:\WINDOWS\System32\mdmxsdk.dll
[2013.02.07 16:49:52 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ativtmxx.dll
[2013.02.07 16:49:52 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- G:\WINDOWS\System32\hsfcisp2.dll
[2013.02.07 16:49:52 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ativmvxx.ax
[2013.02.07 16:49:52 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ativdaxx.ax
[2013.02.07 16:49:51 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- G:\WINDOWS\System32\s3gnb.dll
[2013.02.07 16:49:51 | 000,286,792 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slextspk.dll
[2013.02.07 16:49:51 | 000,188,508 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slgen.dll
[2013.02.07 16:49:51 | 000,073,832 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slcoinst.dll
[2013.02.07 16:49:51 | 000,073,796 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slserv.exe
[2013.02.07 16:49:51 | 000,032,866 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slrundll.exe
[2013.02.07 16:49:51 | 000,032,866 | ---- | C] (Smart Link) -- G:\WINDOWS\slrundll.exe
[2013.02.07 16:49:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\vidcap.ax
[2013.02.07 16:46:49 | 000,000,000 | ---D | C] -- G:\WINDOWS\ServicePackFiles
[2013.02.07 16:44:50 | 000,000,000 | ---D | C] -- G:\WINDOWS\EHome
[2013.02.07 16:40:34 | 000,000,000 | ---D | C] -- G:\Programme\Service Pack 2
[2013.02.02 17:43:18 | 000,000,000 | ---D | C] -- G:\Dokumente und Einstellungen\Janine\Anwendungsdaten\Telefónica
[2013.02.02 17:42:29 | 001,112,288 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\wdfcoinstaller01007.dll
[2013.02.02 17:42:29 | 001,112,288 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll
[2013.02.02 17:42:13 | 000,000,000 | ---D | C] -- G:\Programme\HUAWEI Modem Driver
[2013.02.02 17:41:46 | 000,000,000 | ---D | C] -- G:\Dokumente und Einstellungen\All Users\Startmenü\Programme\o2
[2013.02.02 17:41:39 | 000,000,000 | ---D | C] -- G:\Programme\o2
[1 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]
[1 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.08 14:17:18 | 095,023,320 | ---- | M] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.pad
[2013.02.08 14:16:51 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2013.02.08 14:16:50 | 536,399,872 | -HS- | M] () -- G:\hiberfil.sys
[2013.02.07 16:58:38 | 000,264,616 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.07 16:55:52 | 000,000,210 | RHS- | M] () -- G:\boot.ini
[2013.02.07 16:29:48 | 000,003,206 | ---- | M] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.js
[2013.02.07 16:29:48 | 000,000,804 | ---- | M] () -- G:\Dokumente und Einstellungen\Janine\Startmenü\Programme\Autostart\runctf.lnk
[2013.02.07 16:29:07 | 000,013,646 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2013.02.02 17:43:14 | 000,001,717 | ---- | M] () -- G:\Dokumente und Einstellungen\All Users\Desktop\Mobile Connection Manager.lnk
[2013.02.02 17:42:48 | 000,000,000 | -H-- | M] () -- G:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.02.02 17:41:46 | 000,000,000 | ---D | M] -- G:\Dokumente und Einstellungen\All Users\Startmenü\Programme\o2
[1 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]
[1 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.07 17:00:11 | 000,000,718 | ---- | C] () -- G:\Dokumente und Einstellungen\Janine\Startmenü\Programme\Outlook Express.lnk
[2013.02.07 16:49:56 | 000,064,352 | ---- | C] () -- G:\WINDOWS\System32\drivers\ativmc20.cod
[2013.02.07 16:49:55 | 000,129,045 | ---- | C] () -- G:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013.02.07 16:49:54 | 000,067,866 | ---- | C] () -- G:\WINDOWS\System32\drivers\netwlan5.img
[2013.02.07 16:49:52 | 000,081,920 | ---- | C] () -- G:\WINDOWS\System32\ieencode.dll
[2013.02.07 16:29:48 | 000,003,206 | ---- | C] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.js
[2013.02.07 16:29:48 | 000,000,804 | ---- | C] () -- G:\Dokumente und Einstellungen\Janine\Startmenü\Programme\Autostart\runctf.lnk
[2013.02.07 16:29:30 | 095,023,320 | ---- | C] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.pad
[2013.02.02 19:43:28 | 536,399,872 | -HS- | C] () -- G:\hiberfil.sys
[2013.02.02 17:43:14 | 000,001,717 | ---- | C] () -- G:\Dokumente und Einstellungen\All Users\Desktop\Mobile Connection Manager.lnk
[2013.02.02 17:42:48 | 000,000,000 | -H-- | C] () -- G:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011.07.27 09:28:01 | 000,000,125 | -HS- | C] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.03.08 15:02:44 | 000,032,768 | ---- | C] () -- G:\WINDOWS\System32\UnAudioNT.dll
[2010.03.08 15:02:44 | 000,003,351 | ---- | C] () -- G:\WINDOWS\System32\drivers\vsp.sys
[2010.02.28 17:10:17 | 000,001,272 | ---- | C] () -- G:\WINDOWS\System32\drivers\alcxinit.dat
[2010.01.26 16:37:23 | 000,000,000 | ---- | C] () -- G:\WINDOWS\nsreg.dat
[2010.01.25 17:24:21 | 000,058,880 | ---- | C] () -- G:\Dokumente und Einstellungen\Janine\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.25 17:11:39 | 000,002,048 | --S- | C] () -- G:\WINDOWS\bootstat.dat
[2010.01.25 17:06:03 | 000,021,740 | ---- | C] () -- G:\WINDOWS\System32\emptyregdb.dat
[2010.01.25 16:52:46 | 000,004,161 | ---- | C] () -- G:\WINDOWS\ODBCINST.INI
[2010.01.25 16:51:34 | 000,264,616 | ---- | C] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2008.02.01 08:18:14 | 000,009,216 | ---- | C] () -- G:\WINDOWS\System32\drivers\FlashSys.sys
[2006.10.27 16:26:56 | 000,069,632 | ---- | C] () -- G:\WINDOWS\System32\vuins32.dll
[2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- G:\WINDOWS\System32\oembios.bin
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- G:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,478,738 | ---- | C] () -- G:\WINDOWS\System32\perfh007.dat
[2004.08.04 13:00:00 | 000,457,840 | ---- | C] () -- G:\WINDOWS\System32\perfh009.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- G:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- G:\WINDOWS\System32\perfi007.dat
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- G:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,092,552 | ---- | C] () -- G:\WINDOWS\System32\perfc007.dat
[2004.08.04 13:00:00 | 000,075,858 | ---- | C] () -- G:\WINDOWS\System32\perfc009.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- G:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- G:\WINDOWS\System32\perfd007.dat
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- G:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,027,440 | ---- | C] () -- G:\WINDOWS\System32\drivers\secdrv.sys
[2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- G:\WINDOWS\System32\secupd.dat
[2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- G:\WINDOWS\System32\oembios.dat
[2004.08.04 13:00:00 | 000,001,788 | ---- | C] () -- G:\WINDOWS\System32\Dcache.bin
[2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- G:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2011.07.27 16:30:56 | 000,000,000 | ---D | M] -- G:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Temp
[2010.06.05 13:56:59 | 000,000,000 | ---D | M] -- G:\Dokumente und Einstellungen\Janine\Anwendungsdaten\Sony
[2013.02.02 17:43:18 | 000,000,000 | ---D | M] -- G:\Dokumente und Einstellungen\Janine\Anwendungsdaten\Telefónica
[2011.07.26 15:50:55 | 000,000,000 | ---D | M] -- G:\Dokumente und Einstellungen\Janine\Anwendungsdaten\Temp
[2011.01.04 10:10:58 | 000,000,000 | ---D | M] -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2011.07.27 09:28:08 | 000,000,000 | ---D | M] -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
 
========== Purity Check ==========
 
< End of report >
         
--- --- ---







OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.02.2013 14:29:54 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = G:\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,00 Mb Total Physical Memory | 287,00 Mb Available Physical Memory | 56,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): G:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Programme
Drive C: | 3,77 Gb Total Space | 3,75 Gb Free Space | 99,66% Space Free | Partition Type: FAT32
Drive D: | 14,88 Gb Total Space | 13,12 Gb Free Space | 88,16% Space Free | Partition Type: FAT32
Drive G: | 23,45 Gb Total Space | 17,98 Gb Free Space | 76,69% Space Free | Partition Type: NTFS
 
Computer Name: NINE | User Name: Janine
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Office12\OUTLOOK.EXE" = D:\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Office12\groove.exe" = D:\Office12\groove.exe:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Office12\ONENOTE.EXE" = D:\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"G:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe" = G:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"G:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe" = G:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"G:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = G:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"G:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = G:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe" = G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"o2DE" = Mobile Connection Manager
"ULTIMATER" = Microsoft Office Ultimate 2007
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VLC media player 2.0.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
< End of report >
         
--- --- ---

[/CODE]

Alt 08.02.2013, 13:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Anleitung nicht gelesen? Du hast schon wieder ein Log mit OTLPE gemacht du solltest aber OTL normal benutzen in deinem installierten Windows!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.02.2013, 20:06   #9
XPnutzerin
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Hallo Cosinus.
Da war ich wohl von Deinem "Installiere / Deinstalliere keine Software ohne Aufforderung!" noch zu beeindruckt.
Das ist jetzt wirklich nicht böse gemeint und ich bin auch mega dankbar für eure hilfe und bedanke mich auch höflich für jeden Einlauf. Aber ich bin ein Mensch ohne Computer-Gen. Und jetzt halt Dich fest, es kann da schon man passieren das ich einen Fehler mache! Also ich wußte nicht das es noch eine "andere" OTL-Anwendung gibt. Ich habe sie mir jetzt aber aus dem Internet geladen ohne explizit noch mal auf Deine Erlaubnis zu warten
Du hast auch nicht geschrieben ob ich irgendwas rückgängig machen soll oder so also habe ich die Schritte unter "Erstmal eine Kontrolle mit OTL bitte" ausgeführt. Muss ich den Fix nicht noch bei OTL machen hatte ihne ja bei OTLPE gemacht?!? Ich habe es noch 2 Mal gelesen ("Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box") aber finde es einfach nicht eindeutig :/

CODE-Tags wie folgt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.02.2013 20:43:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 299,76 Mb Available Physical Memory | 58,61% Memory free
1,22 Gb Paging File | 1,03 Gb Available in Paging File | 84,69% Paging File free
Paging file location(s): G:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Programme
Drive C: | 3,77 Gb Total Space | 3,75 Gb Free Space | 99,68% Space Free | Partition Type: FAT32
Drive D: | 14,88 Gb Total Space | 13,12 Gb Free Space | 88,16% Space Free | Partition Type: FAT32
Drive G: | 23,45 Gb Total Space | 17,99 Gb Free Space | 76,72% Space Free | Partition Type: NTFS
 
Computer Name: NINE | User Name: Janine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\OTL.exe (OldTimer Tools)
PRC - G:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - G:\WINDOWS\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
PRC - G:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
PRC - D:\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - G:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - G:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\7ca43b94b3935c4595ee05a002400ea5\System.Configuration.ni.dll ()
MOD - G:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\55a193230135f94ab845aec689849a8e\System.Xml.ni.dll ()
MOD - G:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\013358215400de44ac58fb2d72fbc723\System.Windows.Forms.ni.dll ()
MOD - G:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\b3ec66273eed154d92615c40eb599355\System.Drawing.ni.dll ()
MOD - G:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f67e41a3753e664b8b8077bac2a7c92d\System.ni.dll ()
MOD - G:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\a10a0e4a537c8249a7f806157eeb1b9e\mscorlib.ni.dll ()
MOD - G:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
MOD - G:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Kodak AiO Network Discovery Service) -- G:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (TGCM_ImportWiFiSvc) -- G:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (DCService.exe) -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
SRV - (Microsoft Office Groove Audit Service) -- D:\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- G:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- G:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (Scutum50) -- System32\Drivers\Scutum50.sys File not found
DRV - (RT73) -- system32\DRIVERS\rt73.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (Changer) --  File not found
DRV - (tidnet) -- G:\WINDOWS\system32\drivers\tidnet.sys (Telefónica I+D)
DRV - (huawei_enumerator) -- G:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- G:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- G:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- G:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (videX32) -- G:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (VIAudio) -- G:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (Vsp) -- G:\WINDOWS\system32\drivers\vsp.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-746137067-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freemail.de/
IE - HKU\S-1-5-21-746137067-796845957-725345543-1004\..\SearchScopes,DefaultScope = {5AAB7274-9975-4631-AA45-FE77ED94E63A}
IE - HKU\S-1-5-21-746137067-796845957-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-746137067-796845957-725345543-1004\..\SearchScopes\{5AAB7274-9975-4631-AA45-FE77ED94E63A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-746137067-796845957-725345543-1004\..\SearchScopes\{AB1C411B-8B44-4977-8766-349558B79345}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-746137067-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: G:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VLC Media Player\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: G:\Programme\Firefox\components [2012.10.20 11:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: G:\Programme\Firefox\plugins
 
[2012.10.20 11:40:41 | 000,000,000 | ---D | M] (No name found) -- G:\Dokumente und Einstellungen\Janine\Anwendungsdaten\Mozilla\Extensions
 
O1 HOSTS File: ([2013.02.07 22:25:09 | 000,000,098 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] G:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Conime] G:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKAIO2StatusMonitor] G:\WINDOWS\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [GrooveMonitor] D:\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - Startup: G:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AudioDeck.lnk = G:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-746137067-796845957-725345543-1004\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-796845957-725345543-1004\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-796845957-725345543-1004\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43CAE0E6-7EB3-4CCC-BEF1-C42CAACFE07F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - G:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\WINDOWS\system32\userinit.exe) - G:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: G:\Dokumente und Einstellungen\Janine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Dokumente und Einstellungen\Janine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{33a56c05-1803-11e0-bbce-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{33a56c05-1803-11e0-bbce-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33a56c05-1803-11e0-bbce-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6f3252ce-6d57-11e2-bc28-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{6f3252ce-6d57-11e2-bc28-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f3252ce-6d57-11e2-bc28-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8237859c-17df-11e0-bbcb-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{8237859c-17df-11e0-bbcb-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8237859c-17df-11e0-bbcb-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8cc78f6c-71fa-11e2-bc2f-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{8cc78f6c-71fa-11e2-bc2f-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8cc78f6c-71fa-11e2-bc2f-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ac726b18-17e1-11e0-bbcd-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{ac726b18-17e1-11e0-bbcd-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac726b18-17e1-11e0-bbcd-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ac726b1c-17e1-11e0-bbcd-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{ac726b1c-17e1-11e0-bbcd-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac726b1c-17e1-11e0-bbcd-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e093a88c-5a7a-11df-bb68-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{e093a88c-5a7a-11df-bb68-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e093a88c-5a7a-11df-bb68-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e3c5463a-0a86-11df-bb12-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c5463a-0a86-11df-bb12-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3c5463a-0a86-11df-bb12-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e3c5463e-0a86-11df-bb12-001109cfa233}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c5463e-0a86-11df-bb12-001109cfa233}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3c5463e-0a86-11df-bb12-001109cfa233}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.10 20:20:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- G:\OTL.exe
[2013.02.07 22:25:07 | 002,237,440 | R--- | C] (OldTimer Tools) -- G:\OTLPE.exe
[2013.02.07 22:25:06 | 000,000,000 | ---D | C] -- G:\_OTL
[2013.02.07 17:07:30 | 000,000,000 | RH-D | C] -- G:\Dokumente und Einstellungen\Janine\Recent
[2013.02.07 16:58:57 | 000,000,000 | ---D | C] -- G:\WINDOWS\Prefetch
[2013.02.07 16:49:57 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1btxx.sys
[2013.02.07 16:49:57 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1raxx.sys
[2013.02.07 16:49:57 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1pdxx.sys
[2013.02.07 16:49:57 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1mdxx.sys
[2013.02.07 16:49:57 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv01nt5.dll
[2013.02.07 16:49:57 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv02nt5.dll
[2013.02.07 16:49:57 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv11nt5.dll
[2013.02.07 16:49:57 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv09nt5.dll
[2013.02.07 16:49:57 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv07nt5.dll
[2013.02.07 16:49:57 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv05nt5.dll
[2013.02.07 16:49:57 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\adv08nt5.dll
[2013.02.07 16:49:56 | 000,701,952 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati2mtag.sys
[2013.02.07 16:49:56 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati2mtaa.sys
[2013.02.07 16:49:56 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinrvxx.sys
[2013.02.07 16:49:56 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atintuxx.sys
[2013.02.07 16:49:56 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1rvxx.sys
[2013.02.07 16:49:56 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinxsxx.sys
[2013.02.07 16:49:56 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinbtxx.sys
[2013.02.07 16:49:56 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinraxx.sys
[2013.02.07 16:49:56 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1tuxx.sys
[2013.02.07 16:49:56 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1xsxx.sys
[2013.02.07 16:49:56 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinxbxx.sys
[2013.02.07 16:49:56 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1xbxx.sys
[2013.02.07 16:49:56 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinsnxx.sys
[2013.02.07 16:49:56 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1snxx.sys
[2013.02.07 16:49:56 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv04nt5.dll
[2013.02.07 16:49:56 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\ati1ttxx.sys
[2013.02.07 16:49:56 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv01nt5.dll
[2013.02.07 16:49:56 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv10nt5.dll
[2013.02.07 16:49:56 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinpdxx.sys
[2013.02.07 16:49:56 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv06nt5.dll
[2013.02.07 16:49:56 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinttxx.sys
[2013.02.07 16:49:56 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\drivers\atinmdxx.sys
[2013.02.07 16:49:56 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\atv02nt5.dll
[2013.02.07 16:49:55 | 000,035,456 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\bthprint.sys
[2013.02.07 16:49:55 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013.02.07 16:49:54 | 001,309,184 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\mtlstrm.sys
[2013.02.07 16:49:54 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- G:\WINDOWS\System32\drivers\mtxparhm.sys
[2013.02.07 16:49:54 | 000,180,360 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\ntmtlfax.sys
[2013.02.07 16:49:54 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- G:\WINDOWS\System32\drivers\s3gnbm.sys
[2013.02.07 16:49:54 | 000,129,535 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\slnt7554.sys
[2013.02.07 16:49:54 | 000,126,686 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\mtlmnt5.sys
[2013.02.07 16:49:54 | 000,030,080 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\rndismpx.sys
[2013.02.07 16:49:54 | 000,013,776 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\recagent.sys
[2013.02.07 16:49:54 | 000,012,672 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\mutohpen.sys
[2013.02.07 16:49:54 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\siint5.dll
[2013.02.07 16:49:53 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- G:\WINDOWS\System32\ati3d1ag.dll
[2013.02.07 16:49:53 | 000,404,990 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\slntamr.sys
[2013.02.07 16:49:53 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ati2dvaa.dll
[2013.02.07 16:49:53 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ati2cqag.dll
[2013.02.07 16:49:53 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ati2dvag.dll
[2013.02.07 16:49:53 | 000,095,424 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\slnthal.sys
[2013.02.07 16:49:53 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\watv10nt.sys
[2013.02.07 16:49:53 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\watv06nt.sys
[2013.02.07 16:49:53 | 000,013,240 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\drivers\slwdmsup.sys
[2013.02.07 16:49:53 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\wadv11nt.sys
[2013.02.07 16:49:53 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\wadv09nt.sys
[2013.02.07 16:49:53 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\wadv07nt.sys
[2013.02.07 16:49:53 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\vchnt5.dll
[2013.02.07 16:49:53 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- G:\WINDOWS\System32\drivers\wadv08nt.sys
[2013.02.07 16:49:53 | 000,006,016 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\smbali.sys
[2013.02.07 16:49:52 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- G:\WINDOWS\System32\ati3duag.dll
[2013.02.07 16:49:52 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- G:\WINDOWS\System32\mtxparhd.dll
[2013.02.07 16:49:52 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- G:\WINDOWS\System32\ativvaxx.dll
[2013.02.07 16:49:52 | 000,086,016 | ---- | C] (Conexant) -- G:\WINDOWS\System32\mdmxsdk.dll
[2013.02.07 16:49:52 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ativtmxx.dll
[2013.02.07 16:49:52 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- G:\WINDOWS\System32\hsfcisp2.dll
[2013.02.07 16:49:52 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ativmvxx.ax
[2013.02.07 16:49:52 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- G:\WINDOWS\System32\ativdaxx.ax
[2013.02.07 16:49:51 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- G:\WINDOWS\System32\s3gnb.dll
[2013.02.07 16:49:51 | 000,286,792 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slextspk.dll
[2013.02.07 16:49:51 | 000,188,508 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slgen.dll
[2013.02.07 16:49:51 | 000,073,832 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slcoinst.dll
[2013.02.07 16:49:51 | 000,073,796 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slserv.exe
[2013.02.07 16:49:51 | 000,032,866 | ---- | C] (Smart Link) -- G:\WINDOWS\System32\slrundll.exe
[2013.02.07 16:49:51 | 000,032,866 | ---- | C] (Smart Link) -- G:\WINDOWS\slrundll.exe
[2013.02.07 16:49:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\vidcap.ax
[2013.02.07 16:46:49 | 000,000,000 | ---D | C] -- G:\WINDOWS\ServicePackFiles
[2013.02.07 16:44:50 | 000,000,000 | ---D | C] -- G:\WINDOWS\EHome
[2013.02.07 16:40:34 | 000,000,000 | ---D | C] -- G:\Programme\Service Pack 2
[2013.02.02 17:43:18 | 000,000,000 | ---D | C] -- G:\Dokumente und Einstellungen\Janine\Anwendungsdaten\Telefónica
[2013.02.02 17:42:29 | 001,112,288 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\wdfcoinstaller01007.dll
[2013.02.02 17:42:29 | 001,112,288 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll
[2013.02.02 17:42:13 | 000,000,000 | ---D | C] -- G:\Programme\HUAWEI Modem Driver
[2013.02.02 17:41:46 | 000,000,000 | ---D | C] -- G:\Dokumente und Einstellungen\All Users\Startmenü\Programme\o2
[2013.02.02 17:41:39 | 000,000,000 | ---D | C] -- G:\Programme\o2
[1 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]
[1 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.10 20:26:10 | 095,023,320 | ---- | M] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.pad
[2013.02.10 20:26:02 | 000,013,646 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2013.02.10 20:26:01 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2013.02.10 20:25:59 | 536,399,872 | -HS- | M] () -- G:\hiberfil.sys
[2013.02.10 20:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
[2013.02.07 16:58:38 | 000,264,616 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.07 16:55:52 | 000,000,210 | RHS- | M] () -- G:\boot.ini
[2013.02.07 16:29:48 | 000,003,206 | ---- | M] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.js
[2013.02.07 16:29:48 | 000,000,804 | ---- | M] () -- G:\Dokumente und Einstellungen\Janine\Startmenü\Programme\Autostart\runctf.lnk
[2013.02.02 17:43:14 | 000,001,717 | ---- | M] () -- G:\Dokumente und Einstellungen\All Users\Desktop\Mobile Connection Manager.lnk
[2013.02.02 17:42:48 | 000,000,000 | -H-- | M] () -- G:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[1 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]
[1 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.07 17:00:11 | 000,000,718 | ---- | C] () -- G:\Dokumente und Einstellungen\Janine\Startmenü\Programme\Outlook Express.lnk
[2013.02.07 16:49:56 | 000,064,352 | ---- | C] () -- G:\WINDOWS\System32\drivers\ativmc20.cod
[2013.02.07 16:49:55 | 000,129,045 | ---- | C] () -- G:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013.02.07 16:49:54 | 000,067,866 | ---- | C] () -- G:\WINDOWS\System32\drivers\netwlan5.img
[2013.02.07 16:49:52 | 000,081,920 | ---- | C] () -- G:\WINDOWS\System32\ieencode.dll
[2013.02.07 16:29:48 | 000,003,206 | ---- | C] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.js
[2013.02.07 16:29:48 | 000,000,804 | ---- | C] () -- G:\Dokumente und Einstellungen\Janine\Startmenü\Programme\Autostart\runctf.lnk
[2013.02.07 16:29:30 | 095,023,320 | ---- | C] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\netdislw.pad
[2013.02.02 19:43:28 | 536,399,872 | -HS- | C] () -- G:\hiberfil.sys
[2013.02.02 17:43:14 | 000,001,717 | ---- | C] () -- G:\Dokumente und Einstellungen\All Users\Desktop\Mobile Connection Manager.lnk
[2013.02.02 17:42:48 | 000,000,000 | -H-- | C] () -- G:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011.07.27 09:28:01 | 000,000,125 | -HS- | C] () -- G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.01.25 17:24:21 | 000,058,880 | ---- | C] () -- G:\Dokumente und Einstellungen\Janine\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011.07.26 15:47:23 | 000,000,227 | RHS- | M] () -- G:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.01.07 18:20:26 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = G:\WINDOWS\system32\wbem\fastprox.dll -- [2004.08.04 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = G:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.02.2013 20:43:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 299,76 Mb Available Physical Memory | 58,61% Memory free
1,22 Gb Paging File | 1,03 Gb Available in Paging File | 84,69% Paging File free
Paging file location(s): G:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Programme
Drive C: | 3,77 Gb Total Space | 3,75 Gb Free Space | 99,68% Space Free | Partition Type: FAT32
Drive D: | 14,88 Gb Total Space | 13,12 Gb Free Space | 88,16% Space Free | Partition Type: FAT32
Drive G: | 23,45 Gb Total Space | 17,99 Gb Free Space | 76,72% Space Free | Partition Type: NTFS
 
Computer Name: NINE | User Name: Janine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Office12\OUTLOOK.EXE" = D:\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Office12\groove.exe" = D:\Office12\groove.exe:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Office12\ONENOTE.EXE" = D:\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"G:\Programme\Internet Explorer\iexplore.exe" = G:\Programme\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"G:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe" = G:\Programme\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"G:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe" = G:\Programme\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"G:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = G:\Programme\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"G:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = G:\Programme\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe" = G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"o2DE" = Mobile Connection Manager
"ULTIMATER" = Microsoft Office Ultimate 2007
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VLC media player 2.0.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2010 08:48:00 | Computer Name = NINE | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 29.08.2010 08:48:15 | Computer Name = NINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 04.09.2010 05:01:36 | Computer Name = NINE | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 04.09.2010 05:01:36 | Computer Name = NINE | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 04.09.2010 05:01:51 | Computer Name = NINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 19.09.2010 07:25:52 | Computer Name = NINE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.4518.1014, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.09.2010 07:25:52 | Computer Name = NINE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.4518.1014, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.09.2010 12:26:48 | Computer Name = NINE | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 19.09.2010 12:26:48 | Computer Name = NINE | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 19.09.2010 12:27:03 | Computer Name = NINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
[ System Events ]
Error - 07.02.2013 11:55:29 | Computer Name = NINE | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 07.02.2013 11:59:20 | Computer Name = NINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Scutum50 NDIS Protocol Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 08.02.2013 09:16:58 | Computer Name = NINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Scutum50 NDIS Protocol Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 08.02.2013 10:24:23 | Computer Name = NINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Scutum50 NDIS Protocol Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 08.02.2013 10:25:20 | Computer Name = NINE | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom2 gefunden.
 
Error - 08.02.2013 10:25:21 | Computer Name = NINE | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom2 gefunden.
 
Error - 08.02.2013 10:26:27 | Computer Name = NINE | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom2 gefunden.
 
Error - 08.02.2013 10:26:55 | Computer Name = NINE | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom2 gefunden.
 
Error - 08.02.2013 10:28:24 | Computer Name = NINE | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
 
Error - 10.02.2013 15:26:05 | Computer Name = NINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Scutum50 NDIS Protocol Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
 
< End of report >
         
--- --- ---

[/CODE]
[/CODE]

Alt 11.02.2013, 08:35   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.02.2013, 17:49   #11
XPnutzerin
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



[CODE]
GMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-11 16:57:05
Windows 5.1.2600 Service Pack 2 \Device\Harddisk1\DR3 -> \Device\Ide\IdePort0 ________ rev.1100 0,00MB
Running: gmer_2.0.18454.exe; Driver: G:\DOKUME~1\Janine\LOKALE~1\Temp\pxtdqpow.sys

---- User code sections - GMER 2.0 ----

.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[356] USER32.dll!CreateWindowExW                                      77D21AD5 5 Bytes  JMP 01234832 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[356] USER32.dll!DialogBoxParamW                                      77D26702 5 Bytes  JMP 01159315 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[356] USER32.dll!DialogBoxParamA                                      77D288E1 5 Bytes  JMP 0134DFBE G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[356] USER32.dll!DialogBoxIndirectParamW                              77D32598 5 Bytes  JMP 0134E021 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[356] USER32.dll!MessageBoxIndirectA                                  77D3AEF1 5 Bytes  JMP 0134DF51 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[356] USER32.dll!MessageBoxExW                                        77D50559 5 Bytes  JMP 0134DE22 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[356] USER32.dll!MessageBoxExA                                        77D5057D 5 Bytes  JMP 0134DE84 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[356] USER32.dll!DialogBoxIndirectParamA                              77D56CED 5 Bytes  JMP 0134E084 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[356] USER32.dll!MessageBoxIndirectW                                  77D660B7 5 Bytes  JMP 0134DEE6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!CallNextHookEx                                      77D1ED6E 5 Bytes  JMP 0122DD81 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!CreateWindowExW                                     77D21AD5 5 Bytes  JMP 01234832 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!DialogBoxParamW                                     77D26702 5 Bytes  JMP 01159315 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!DialogBoxParamA                                     77D288E1 5 Bytes  JMP 0134DFBE G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!DialogBoxIndirectParamW                             77D32598 5 Bytes  JMP 0134E021 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!MessageBoxIndirectA                                 77D3AEF1 5 Bytes  JMP 0134DF51 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!SetWindowsHookExW                                   77D3E621 5 Bytes  JMP 0122DBCB G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!UnhookWindowsHookEx                                 77D3F29F 5 Bytes  JMP 01191CA2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!MessageBoxExW                                       77D50559 5 Bytes  JMP 0134DE22 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!MessageBoxExA                                       77D5057D 5 Bytes  JMP 0134DE84 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!DialogBoxIndirectParamA                             77D56CED 5 Bytes  JMP 0134E084 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] USER32.dll!MessageBoxIndirectW                                 77D660B7 5 Bytes  JMP 0134DEE6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] ole32.dll!CoCreateInstance                                     774F6009 5 Bytes  JMP 0123488E G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 2.0 ----

IAT    G:\Programme\Internet Explorer\IEXPLORE.EXE[1348] @ G:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]  [00C718FD] G:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Disk sectors - GMER 2.0 ----

Disk   \Device\Harddisk1\DR3                                                                                            sector 00: rootkit-like behavior

---- EOF - GMER 2.0 ----
         
--- --- ---


Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-11 17:23:39
-----------------------------
17:23:39.687    OS Version: Windows 5.1.2600 Service Pack 2
17:23:39.687    Number of processors: 1 586 0x602
17:23:39.687    ComputerName: NINE  UserName: 
17:23:40.156    Initialize success
18:26:52.318    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:26:52.318    Disk 0 Vendor: IC35L040AVVN07-0 VA2OAF0C Size: 39266MB BusType: 3
18:26:52.318    Disk 1 MBR read successfully
18:26:52.318    Disk 1 MBR scan
18:26:52.318    Disk 1 Windows XP default MBR code
18:26:52.318    Disk 1 MBR hidden
18:26:52.334    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        24011 MB offset 63
18:26:52.334    Disk 1 Partition - 00     0F Extended LBA             15249 MB offset 49174965
18:26:52.349    Disk 1 Partition 2 00     0B        FAT32 MSWIN4.1    15249 MB offset 49175028
18:26:52.412    Disk 1 scanning G:\WINDOWS\system32\drivers
18:27:00.553    Service scanning
18:27:15.224    Modules scanning
18:28:08.099    Disk 1 trace - called modules:
18:28:08.099    ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll 
18:28:08.631    1 nt!IofCallDriver -> \Device\Harddisk1\DR5[0x81f05030]
18:28:08.631    Scan finished successfully
18:33:55.287    Disk 1 MBR has been saved successfully to "G:\Dokumente und Einstellungen\Janine\Desktop\MBR.dat"
18:33:55.287    The log file has been saved successfully to "G:\Dokumente und Einstellungen\Janine\Desktop\aswMBR.txt"
         

Alt 11.02.2013, 22:35   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Hm, bitte mal den TDSS-Killer starten:

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.02.2013, 20:13   #13
XPnutzerin
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



no threats found!

Alt 13.02.2013, 09:58   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Log von meinen angewiesenen Tools bitte immer komplett und in CODE-Tags posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.02.2013, 10:20   #15
XPnutzerin
 
BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Standard

BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus



Code:
ATTFilter
21:09:11.0718 2360  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:09:11.0750 2360  ============================================================
21:09:11.0750 2360  Current date / time: 2013/02/12 21:09:11.0750
21:09:11.0750 2360  SystemInfo:
21:09:11.0750 2360  
21:09:11.0750 2360  OS Version: 5.1.2600 ServicePack: 2.0
21:09:11.0750 2360  Product type: Workstation
21:09:11.0750 2360  ComputerName: NINE
21:09:11.0750 2360  UserName: Janine
21:09:11.0750 2360  Windows directory: G:\WINDOWS
21:09:11.0750 2360  System windows directory: G:\WINDOWS
21:09:11.0750 2360  Processor architecture: Intel x86
21:09:11.0750 2360  Number of processors: 1
21:09:11.0750 2360  Page size: 0x1000
21:09:11.0750 2360  Boot type: Normal boot
21:09:11.0750 2360  ============================================================
21:09:13.0265 2360  Drive \Device\Harddisk0\DR0 - Size: 0x9962B8000 (38.35 Gb), SectorSize: 0x200, Cylinders: 0x138D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:09:13.0265 2360  Drive \Device\Harddisk1\DR3 - Size: 0xF1800000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:09:13.0281 2360  ============================================================
21:09:13.0281 2360  \Device\Harddisk0\DR0:
21:09:13.0281 2360  MBR partitions:
21:09:13.0281 2360  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2EE5976
21:09:13.0296 2360  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x2EE59F4, BlocksNum 0x1DC8959
21:09:13.0296 2360  \Device\Harddisk1\DR3:
21:09:13.0296 2360  MBR partitions:
21:09:13.0296 2360  \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x78BFC1
21:09:13.0296 2360  ============================================================
21:09:13.0296 2360  D: <-> \Device\Harddisk0\DR0\Partition2
21:09:13.0359 2360  G: <-> \Device\Harddisk0\DR0\Partition1
21:09:13.0359 2360  ============================================================
21:09:13.0359 2360  Initialize success
21:09:13.0359 2360  ============================================================
21:09:19.0781 2384  ============================================================
21:09:19.0781 2384  Scan started
21:09:19.0781 2384  Mode: Manual; 
21:09:19.0781 2384  ============================================================
21:09:20.0078 2384  ================ Scan system memory ========================
21:09:21.0921 2384  System memory - ok
21:09:21.0937 2384  ================ Scan services =============================
21:09:22.0140 2384  Abiosdsk - ok
21:09:22.0156 2384  abp480n5 - ok
21:09:22.0234 2384  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            G:\WINDOWS\system32\DRIVERS\ACPI.sys
21:09:22.0234 2384  ACPI - ok
21:09:22.0296 2384  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          G:\WINDOWS\system32\drivers\ACPIEC.sys
21:09:22.0296 2384  ACPIEC - ok
21:09:22.0343 2384  adpu160m - ok
21:09:22.0406 2384  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             G:\WINDOWS\system32\drivers\aec.sys
21:09:22.0406 2384  aec - ok
21:09:22.0484 2384  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD             G:\WINDOWS\System32\drivers\afd.sys
21:09:22.0484 2384  AFD - ok
21:09:22.0515 2384  Aha154x - ok
21:09:22.0546 2384  aic78u2 - ok
21:09:22.0578 2384  aic78xx - ok
21:09:22.0640 2384  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         G:\WINDOWS\system32\alrsvc.dll
21:09:22.0640 2384  Alerter - ok
21:09:22.0687 2384  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             G:\WINDOWS\System32\alg.exe
21:09:22.0687 2384  ALG - ok
21:09:22.0734 2384  AliIde - ok
21:09:22.0765 2384  [ FBF9FFB0B638DF1448821BD0ACEEB780 ] AmdK7           G:\WINDOWS\system32\DRIVERS\amdk7.sys
21:09:22.0765 2384  AmdK7 - ok
21:09:22.0828 2384  amsint - ok
21:09:22.0859 2384  AppMgmt - ok
21:09:22.0890 2384  asc - ok
21:09:22.0921 2384  asc3350p - ok
21:09:22.0953 2384  asc3550 - ok
21:09:23.0078 2384  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:09:23.0109 2384  aspnet_state - ok
21:09:23.0171 2384  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        G:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:09:23.0171 2384  AsyncMac - ok
21:09:23.0250 2384  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           G:\WINDOWS\system32\DRIVERS\atapi.sys
21:09:23.0250 2384  atapi - ok
21:09:23.0281 2384  Atdisk - ok
21:09:23.0343 2384  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         G:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:09:23.0343 2384  Atmarpc - ok
21:09:23.0406 2384  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        G:\WINDOWS\System32\audiosrv.dll
21:09:23.0406 2384  AudioSrv - ok
21:09:23.0468 2384  [ D9F724AA26C010A217C97606B160ED68 ] audstub         G:\WINDOWS\system32\DRIVERS\audstub.sys
21:09:23.0468 2384  audstub - ok
21:09:23.0546 2384  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            G:\WINDOWS\system32\drivers\Beep.sys
21:09:23.0546 2384  Beep - ok
21:09:23.0625 2384  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            G:\WINDOWS\system32\qmgr.dll
21:09:23.0640 2384  BITS - ok
21:09:23.0687 2384  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         G:\WINDOWS\System32\browser.dll
21:09:23.0687 2384  Browser - ok
21:09:23.0750 2384  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         G:\WINDOWS\system32\drivers\cbidf2k.sys
21:09:23.0750 2384  cbidf2k - ok
21:09:23.0781 2384  cd20xrnt - ok
21:09:23.0859 2384  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         G:\WINDOWS\system32\drivers\Cdaudio.sys
21:09:23.0859 2384  Cdaudio - ok
21:09:23.0921 2384  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            G:\WINDOWS\system32\drivers\Cdfs.sys
21:09:23.0937 2384  Cdfs - ok
21:09:23.0984 2384  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           G:\WINDOWS\system32\DRIVERS\cdrom.sys
21:09:23.0984 2384  Cdrom - ok
21:09:24.0015 2384  Changer - ok
21:09:24.0078 2384  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           G:\WINDOWS\system32\cisvc.exe
21:09:24.0078 2384  CiSvc - ok
21:09:24.0109 2384  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         G:\WINDOWS\system32\clipsrv.exe
21:09:24.0109 2384  ClipSrv - ok
21:09:24.0187 2384  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:24.0234 2384  clr_optimization_v2.0.50727_32 - ok
21:09:24.0312 2384  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:24.0375 2384  clr_optimization_v4.0.30319_32 - ok
21:09:24.0406 2384  CmdIde - ok
21:09:24.0437 2384  COMSysApp - ok
21:09:24.0500 2384  Cpqarray - ok
21:09:24.0562 2384  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        G:\WINDOWS\System32\cryptsvc.dll
21:09:24.0562 2384  CryptSvc - ok
21:09:24.0609 2384  dac2w2k - ok
21:09:24.0640 2384  dac960nt - ok
21:09:24.0718 2384  [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch      G:\WINDOWS\system32\rpcss.dll
21:09:24.0734 2384  DcomLaunch - ok
21:09:24.0859 2384  [ CC8B5C964B777F4EC3E89F13B4B5FF0F ] DCService.exe   G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
21:09:24.0875 2384  DCService.exe - ok
21:09:24.0937 2384  [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp            G:\WINDOWS\System32\dhcpcsvc.dll
21:09:24.0937 2384  Dhcp - ok
21:09:24.0984 2384  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            G:\WINDOWS\system32\DRIVERS\disk.sys
21:09:24.0984 2384  Disk - ok
21:09:25.0015 2384  dmadmin - ok
21:09:25.0093 2384  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          G:\WINDOWS\system32\drivers\dmboot.sys
21:09:25.0125 2384  dmboot - ok
21:09:25.0171 2384  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            G:\WINDOWS\system32\drivers\dmio.sys
21:09:25.0187 2384  dmio - ok
21:09:25.0234 2384  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          G:\WINDOWS\system32\drivers\dmload.sys
21:09:25.0234 2384  dmload - ok
21:09:25.0281 2384  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        G:\WINDOWS\System32\dmserver.dll
21:09:25.0281 2384  dmserver - ok
21:09:25.0343 2384  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          G:\WINDOWS\system32\drivers\DMusic.sys
21:09:25.0343 2384  DMusic - ok
21:09:25.0421 2384  [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache        G:\WINDOWS\System32\dnsrslvr.dll
21:09:25.0421 2384  Dnscache - ok
21:09:25.0453 2384  dpti2o - ok
21:09:25.0484 2384  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         G:\WINDOWS\system32\drivers\drmkaud.sys
21:09:25.0484 2384  drmkaud - ok
21:09:25.0531 2384  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           G:\WINDOWS\System32\ersvc.dll
21:09:25.0546 2384  ERSvc - ok
21:09:25.0578 2384  [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog        G:\WINDOWS\system32\services.exe
21:09:25.0593 2384  Eventlog - ok
21:09:25.0640 2384  [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem     G:\WINDOWS\system32\es.dll
21:09:25.0656 2384  EventSystem - ok
21:09:25.0718 2384  [ A52794C010C6DF5B4BC70C4AB5E04088 ] ewusbnet        G:\WINDOWS\system32\DRIVERS\ewusbnet.sys
21:09:25.0718 2384  ewusbnet - ok
21:09:25.0765 2384  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     G:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
21:09:25.0765 2384  ew_hwusbdev - ok
21:09:25.0843 2384  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         G:\WINDOWS\system32\drivers\Fastfat.sys
21:09:25.0859 2384  Fastfat - ok
21:09:25.0921 2384  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility G:\WINDOWS\System32\shsvcs.dll
21:09:25.0953 2384  FastUserSwitchingCompatibility - ok
21:09:26.0000 2384  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             G:\WINDOWS\system32\DRIVERS\fdc.sys
21:09:26.0000 2384  Fdc - ok
21:09:26.0062 2384  [ 8787449F8EF116DB0E8E06C3555746A7 ] FET5X86V        G:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
21:09:26.0062 2384  FET5X86V - ok
21:09:26.0125 2384  [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS         G:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:09:26.0125 2384  FETNDIS - ok
21:09:26.0203 2384  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            G:\WINDOWS\system32\drivers\Fips.sys
21:09:26.0203 2384  Fips - ok
21:09:26.0265 2384  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        G:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:09:26.0265 2384  Flpydisk - ok
21:09:26.0343 2384  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          G:\WINDOWS\system32\drivers\fltmgr.sys
21:09:26.0343 2384  FltMgr - ok
21:09:26.0375 2384  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          G:\WINDOWS\system32\drivers\Fs_Rec.sys
21:09:26.0375 2384  Fs_Rec - ok
21:09:26.0421 2384  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          G:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:09:26.0437 2384  Ftdisk - ok
21:09:26.0468 2384  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             G:\WINDOWS\system32\DRIVERS\msgpc.sys
21:09:26.0468 2384  Gpc - ok
21:09:26.0531 2384  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         G:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:09:26.0531 2384  helpsvc - ok
21:09:26.0593 2384  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ         G:\WINDOWS\System32\hidserv.dll
21:09:26.0593 2384  HidServ - ok
21:09:26.0640 2384  [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb          G:\WINDOWS\system32\DRIVERS\hidusb.sys
21:09:26.0640 2384  hidusb - ok
21:09:26.0687 2384  hpn - ok
21:09:26.0765 2384  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            G:\WINDOWS\system32\Drivers\HTTP.sys
21:09:26.0765 2384  HTTP - ok
21:09:26.0812 2384  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      G:\WINDOWS\System32\w3ssl.dll
21:09:26.0828 2384  HTTPFilter - ok
21:09:26.0875 2384  [ BED3A9F86A637CC6C2C5296CD82423D8 ] huawei_enumerator G:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
21:09:26.0875 2384  huawei_enumerator - ok
21:09:26.0921 2384  [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] hwdatacard      G:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:09:26.0921 2384  hwdatacard - ok
21:09:26.0968 2384  hwusbdev - ok
21:09:27.0000 2384  i2omgmt - ok
21:09:27.0031 2384  i2omp - ok
21:09:27.0078 2384  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        G:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:09:27.0078 2384  i8042prt - ok
21:09:27.0140 2384  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           G:\WINDOWS\system32\DRIVERS\imapi.sys
21:09:27.0140 2384  Imapi - ok
21:09:27.0203 2384  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    G:\WINDOWS\system32\imapi.exe
21:09:27.0203 2384  ImapiService - ok
21:09:27.0250 2384  ini910u - ok
21:09:27.0296 2384  IntelIde - ok
21:09:27.0359 2384  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           G:\WINDOWS\system32\drivers\ip6fw.sys
21:09:27.0359 2384  Ip6Fw - ok
21:09:27.0406 2384  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  G:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:09:27.0421 2384  IpFilterDriver - ok
21:09:27.0421 2384  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          G:\WINDOWS\system32\DRIVERS\ipinip.sys
21:09:27.0437 2384  IpInIp - ok
21:09:27.0484 2384  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           G:\WINDOWS\system32\DRIVERS\ipnat.sys
21:09:27.0500 2384  IpNat - ok
21:09:27.0562 2384  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           G:\WINDOWS\system32\DRIVERS\ipsec.sys
21:09:27.0562 2384  IPSec - ok
21:09:27.0625 2384  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          G:\WINDOWS\system32\DRIVERS\irenum.sys
21:09:27.0625 2384  IRENUM - ok
21:09:27.0703 2384  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          G:\WINDOWS\system32\DRIVERS\isapnp.sys
21:09:27.0703 2384  isapnp - ok
21:09:27.0765 2384  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        G:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:09:27.0765 2384  Kbdclass - ok
21:09:27.0843 2384  [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid          G:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:09:27.0843 2384  kbdhid - ok
21:09:27.0890 2384  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          G:\WINDOWS\system32\drivers\kmixer.sys
21:09:27.0906 2384  kmixer - ok
21:09:28.0093 2384  [ 613CC08496F1FA91FB43303FB65D37C6 ] Kodak AiO Network Discovery Service G:\Programme\Kodak\AiO\Center\EKAiOHostService.exe
21:09:28.0109 2384  Kodak AiO Network Discovery Service - ok
21:09:28.0156 2384  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          G:\WINDOWS\system32\drivers\KSecDD.sys
21:09:28.0171 2384  KSecDD - ok
21:09:28.0218 2384  [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver    G:\WINDOWS\System32\srvsvc.dll
21:09:28.0234 2384  lanmanserver - ok
21:09:28.0281 2384  [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation G:\WINDOWS\System32\wkssvc.dll
21:09:28.0296 2384  lanmanworkstation - ok
21:09:28.0328 2384  lbrtfdc - ok
21:09:28.0390 2384  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         G:\WINDOWS\System32\lmhsvc.dll
21:09:28.0390 2384  LmHosts - ok
21:09:28.0453 2384  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       G:\WINDOWS\System32\msgsvc.dll
21:09:28.0453 2384  Messenger - ok
21:09:28.0546 2384  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service D:\Office12\GrooveAuditService.exe
21:09:28.0546 2384  Microsoft Office Groove Audit Service - ok
21:09:28.0609 2384  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           G:\WINDOWS\system32\drivers\mnmdd.sys
21:09:28.0609 2384  mnmdd - ok
21:09:28.0671 2384  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         G:\WINDOWS\system32\mnmsrvc.exe
21:09:28.0671 2384  mnmsrvc - ok
21:09:28.0703 2384  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           G:\WINDOWS\system32\drivers\Modem.sys
21:09:28.0703 2384  Modem - ok
21:09:28.0734 2384  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        G:\WINDOWS\system32\DRIVERS\mouclass.sys
21:09:28.0750 2384  Mouclass - ok
21:09:28.0796 2384  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          G:\WINDOWS\system32\DRIVERS\mouhid.sys
21:09:28.0796 2384  mouhid - ok
21:09:28.0828 2384  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        G:\WINDOWS\system32\drivers\MountMgr.sys
21:09:28.0828 2384  MountMgr - ok
21:09:28.0859 2384  mraid35x - ok
21:09:28.0890 2384  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          G:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:09:28.0906 2384  MRxDAV - ok
21:09:28.0953 2384  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          G:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:09:28.0968 2384  MRxSmb - ok
21:09:29.0046 2384  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           G:\WINDOWS\system32\msdtc.exe
21:09:29.0046 2384  MSDTC - ok
21:09:29.0125 2384  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            G:\WINDOWS\system32\drivers\Msfs.sys
21:09:29.0125 2384  Msfs - ok
21:09:29.0140 2384  MSIServer - ok
21:09:29.0187 2384  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         G:\WINDOWS\system32\drivers\MSKSSRV.sys
21:09:29.0187 2384  MSKSSRV - ok
21:09:29.0234 2384  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        G:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:09:29.0234 2384  MSPCLOCK - ok
21:09:29.0265 2384  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           G:\WINDOWS\system32\drivers\MSPQM.sys
21:09:29.0265 2384  MSPQM - ok
21:09:29.0328 2384  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        G:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:09:29.0328 2384  mssmbios - ok
21:09:29.0375 2384  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             G:\WINDOWS\system32\drivers\Mup.sys
21:09:29.0375 2384  Mup - ok
21:09:29.0421 2384  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            G:\WINDOWS\system32\drivers\NDIS.sys
21:09:29.0421 2384  NDIS - ok
21:09:29.0453 2384  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        G:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:09:29.0453 2384  NdisTapi - ok
21:09:29.0531 2384  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         G:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:09:29.0531 2384  Ndisuio - ok
21:09:29.0562 2384  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         G:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:09:29.0562 2384  NdisWan - ok
21:09:29.0593 2384  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         G:\WINDOWS\system32\drivers\NDProxy.sys
21:09:29.0593 2384  NDProxy - ok
21:09:29.0625 2384  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         G:\WINDOWS\system32\DRIVERS\netbios.sys
21:09:29.0625 2384  NetBIOS - ok
21:09:29.0656 2384  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           G:\WINDOWS\system32\DRIVERS\netbt.sys
21:09:29.0671 2384  NetBT - ok
21:09:29.0718 2384  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          G:\WINDOWS\system32\netdde.exe
21:09:29.0718 2384  NetDDE - ok
21:09:29.0750 2384  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      G:\WINDOWS\system32\netdde.exe
21:09:29.0765 2384  NetDDEdsdm - ok
21:09:29.0796 2384  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        G:\WINDOWS\system32\lsass.exe
21:09:29.0812 2384  Netlogon - ok
21:09:29.0859 2384  [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman          G:\WINDOWS\System32\netman.dll
21:09:29.0859 2384  Netman - ok
21:09:29.0906 2384  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:09:29.0906 2384  NetTcpPortSharing - ok
21:09:29.0968 2384  [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla             G:\WINDOWS\System32\mswsock.dll
21:09:29.0968 2384  Nla - ok
21:09:30.0015 2384  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            G:\WINDOWS\system32\drivers\Npfs.sys
21:09:30.0015 2384  Npfs - ok
21:09:30.0093 2384  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            G:\WINDOWS\system32\drivers\Ntfs.sys
21:09:30.0109 2384  Ntfs - ok
21:09:30.0140 2384  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         G:\WINDOWS\system32\lsass.exe
21:09:30.0140 2384  NtLmSsp - ok
21:09:30.0234 2384  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         G:\WINDOWS\system32\ntmssvc.dll
21:09:30.0250 2384  NtmsSvc - ok
21:09:30.0296 2384  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            G:\WINDOWS\system32\drivers\Null.sys
21:09:30.0296 2384  Null - ok
21:09:30.0421 2384  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              G:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:09:30.0500 2384  nv - ok
21:09:30.0562 2384  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        G:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:09:30.0562 2384  NwlnkFlt - ok
21:09:30.0593 2384  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        G:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:09:30.0593 2384  NwlnkFwd - ok
21:09:30.0687 2384  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          G:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
21:09:30.0703 2384  odserv - ok
21:09:30.0781 2384  [ 5A432A042DAE460ABE7199B758E8606C ] ose             G:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:09:30.0781 2384  ose - ok
21:09:30.0875 2384  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         G:\WINDOWS\system32\DRIVERS\parport.sys
21:09:30.0890 2384  Parport - ok
21:09:30.0921 2384  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         G:\WINDOWS\system32\drivers\PartMgr.sys
21:09:30.0921 2384  PartMgr - ok
21:09:30.0984 2384  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          G:\WINDOWS\system32\drivers\ParVdm.sys
21:09:30.0984 2384  ParVdm - ok
21:09:31.0031 2384  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             G:\WINDOWS\system32\DRIVERS\pci.sys
21:09:31.0031 2384  PCI - ok
21:09:31.0062 2384  PCIDump - ok
21:09:31.0109 2384  PCIIde - ok
21:09:31.0171 2384  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          G:\WINDOWS\system32\drivers\Pcmcia.sys
21:09:31.0171 2384  Pcmcia - ok
21:09:31.0187 2384  PDCOMP - ok
21:09:31.0218 2384  PDFRAME - ok
21:09:31.0250 2384  PDRELI - ok
21:09:31.0281 2384  PDRFRAME - ok
21:09:31.0312 2384  perc2 - ok
21:09:31.0343 2384  perc2hib - ok
21:09:31.0437 2384  [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay        G:\WINDOWS\system32\services.exe
21:09:31.0453 2384  PlugPlay - ok
21:09:31.0484 2384  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     G:\WINDOWS\system32\lsass.exe
21:09:31.0484 2384  PolicyAgent - ok
21:09:31.0515 2384  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    G:\WINDOWS\system32\DRIVERS\raspptp.sys
21:09:31.0515 2384  PptpMiniport - ok
21:09:31.0546 2384  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage G:\WINDOWS\system32\lsass.exe
21:09:31.0546 2384  ProtectedStorage - ok
21:09:31.0578 2384  [ 48671F327553DCF1D27F6197F622A668 ] PSched          G:\WINDOWS\system32\DRIVERS\psched.sys
21:09:31.0578 2384  PSched - ok
21:09:31.0609 2384  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         G:\WINDOWS\system32\DRIVERS\ptilink.sys
21:09:31.0625 2384  Ptilink - ok
21:09:31.0640 2384  ql1080 - ok
21:09:31.0656 2384  Ql10wnt - ok
21:09:31.0687 2384  ql12160 - ok
21:09:31.0718 2384  ql1240 - ok
21:09:31.0750 2384  ql1280 - ok
21:09:31.0812 2384  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          G:\WINDOWS\system32\DRIVERS\rasacd.sys
21:09:31.0812 2384  RasAcd - ok
21:09:31.0906 2384  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         G:\WINDOWS\System32\rasauto.dll
21:09:31.0906 2384  RasAuto - ok
21:09:31.0968 2384  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         G:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:09:31.0968 2384  Rasl2tp - ok
21:09:32.0015 2384  [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan          G:\WINDOWS\System32\rasmans.dll
21:09:32.0015 2384  RasMan - ok
21:09:32.0046 2384  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        G:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:09:32.0046 2384  RasPppoe - ok
21:09:32.0093 2384  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          G:\WINDOWS\system32\DRIVERS\raspti.sys
21:09:32.0093 2384  Raspti - ok
21:09:32.0140 2384  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           G:\WINDOWS\system32\DRIVERS\rdbss.sys
21:09:32.0156 2384  Rdbss - ok
21:09:32.0187 2384  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          G:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:09:32.0187 2384  RDPCDD - ok
21:09:32.0296 2384  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           G:\WINDOWS\system32\drivers\RDPWD.sys
21:09:32.0312 2384  RDPWD - ok
21:09:32.0359 2384  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       G:\WINDOWS\system32\sessmgr.exe
21:09:32.0359 2384  RDSessMgr - ok
21:09:32.0421 2384  [ AA56702E230860565CB8D43680F57F33 ] redbook         G:\WINDOWS\system32\DRIVERS\redbook.sys
21:09:32.0421 2384  redbook - ok
21:09:32.0500 2384  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    G:\WINDOWS\System32\mprdim.dll
21:09:32.0500 2384  RemoteAccess - ok
21:09:32.0562 2384  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      G:\WINDOWS\system32\locator.exe
21:09:32.0562 2384  RpcLocator - ok
21:09:32.0609 2384  [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs           G:\WINDOWS\system32\rpcss.dll
21:09:32.0625 2384  RpcSs - ok
21:09:32.0687 2384  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            G:\WINDOWS\system32\rsvp.exe
21:09:32.0687 2384  RSVP - ok
21:09:32.0734 2384  RT73 - ok
21:09:32.0781 2384  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           G:\WINDOWS\system32\lsass.exe
21:09:32.0781 2384  SamSs - ok
21:09:32.0843 2384  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        G:\WINDOWS\System32\SCardSvr.exe
21:09:32.0859 2384  SCardSvr - ok
21:09:32.0921 2384  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        G:\WINDOWS\system32\schedsvc.dll
21:09:32.0937 2384  Schedule - ok
21:09:32.0984 2384  Scutum50 - ok
21:09:33.0031 2384  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          G:\WINDOWS\system32\DRIVERS\secdrv.sys
21:09:33.0046 2384  Secdrv - ok
21:09:33.0093 2384  [ FED544B43903FB801B106F062110358A ] seclogon        G:\WINDOWS\System32\seclogon.dll
21:09:33.0093 2384  seclogon - ok
21:09:33.0109 2384  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            G:\WINDOWS\system32\sens.dll
21:09:33.0109 2384  SENS - ok
21:09:33.0156 2384  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         G:\WINDOWS\system32\DRIVERS\serenum.sys
21:09:33.0156 2384  serenum - ok
21:09:33.0187 2384  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          G:\WINDOWS\system32\DRIVERS\serial.sys
21:09:33.0203 2384  Serial - ok
21:09:33.0265 2384  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         G:\WINDOWS\system32\drivers\Sfloppy.sys
21:09:33.0265 2384  Sfloppy - ok
21:09:33.0312 2384  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    G:\WINDOWS\System32\ipnathlp.dll
21:09:33.0328 2384  SharedAccess - ok
21:09:33.0375 2384  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection G:\WINDOWS\System32\shsvcs.dll
21:09:33.0375 2384  ShellHWDetection - ok
21:09:33.0406 2384  Simbad - ok
21:09:33.0453 2384  Sparrow - ok
21:09:33.0515 2384  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        G:\WINDOWS\system32\drivers\splitter.sys
21:09:33.0515 2384  splitter - ok
21:09:33.0562 2384  [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler         G:\WINDOWS\system32\spoolsv.exe
21:09:33.0562 2384  Spooler - ok
21:09:33.0625 2384  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              G:\WINDOWS\system32\DRIVERS\sr.sys
21:09:33.0640 2384  sr - ok
21:09:33.0703 2384  [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice       G:\WINDOWS\system32\srsvc.dll
21:09:33.0703 2384  srservice - ok
21:09:33.0765 2384  [ 20B7E396720353E4117D64D9DCB926CA ] Srv             G:\WINDOWS\system32\DRIVERS\srv.sys
21:09:33.0765 2384  Srv - ok
21:09:33.0828 2384  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         G:\WINDOWS\System32\ssdpsrv.dll
21:09:33.0843 2384  SSDPSRV - ok
21:09:33.0906 2384  [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc          G:\WINDOWS\system32\wiaservc.dll
21:09:33.0921 2384  stisvc - ok
21:09:33.0953 2384  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          G:\WINDOWS\system32\DRIVERS\swenum.sys
21:09:33.0953 2384  swenum - ok
21:09:34.0015 2384  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          G:\WINDOWS\system32\drivers\swmidi.sys
21:09:34.0015 2384  swmidi - ok
21:09:34.0031 2384  SwPrv - ok
21:09:34.0078 2384  symc810 - ok
21:09:34.0109 2384  symc8xx - ok
21:09:34.0140 2384  sym_hi - ok
21:09:34.0171 2384  sym_u3 - ok
21:09:34.0203 2384  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        G:\WINDOWS\system32\drivers\sysaudio.sys
21:09:34.0218 2384  sysaudio - ok
21:09:34.0265 2384  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       G:\WINDOWS\system32\smlogsvc.exe
21:09:34.0265 2384  SysmonLog - ok
21:09:34.0328 2384  [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv         G:\WINDOWS\System32\tapisrv.dll
21:09:34.0328 2384  TapiSrv - ok
21:09:34.0390 2384  [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip           G:\WINDOWS\system32\DRIVERS\tcpip.sys
21:09:34.0406 2384  Tcpip - ok
21:09:34.0468 2384  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          G:\WINDOWS\system32\drivers\TDPIPE.sys
21:09:34.0468 2384  TDPIPE - ok
21:09:34.0515 2384  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           G:\WINDOWS\system32\drivers\TDTCP.sys
21:09:34.0515 2384  TDTCP - ok
21:09:34.0578 2384  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          G:\WINDOWS\system32\DRIVERS\termdd.sys
21:09:34.0578 2384  TermDD - ok
21:09:34.0640 2384  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     G:\WINDOWS\System32\termsrv.dll
21:09:34.0656 2384  TermService - ok
21:09:34.0734 2384  [ 46B389E1A1C8E66D877402FC0821A371 ] TGCM_ImportWiFiSvc G:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
21:09:34.0750 2384  TGCM_ImportWiFiSvc - ok
21:09:34.0796 2384  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes          G:\WINDOWS\System32\shsvcs.dll
21:09:34.0796 2384  Themes - ok
21:09:34.0875 2384  [ E27982D1C30AE1DD7EB8EB5CAF8D20C6 ] tidnet          G:\WINDOWS\system32\DRIVERS\tidnet.sys
21:09:34.0875 2384  tidnet - ok
21:09:34.0906 2384  TosIde - ok
21:09:34.0953 2384  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          G:\WINDOWS\system32\trkwks.dll
21:09:34.0968 2384  TrkWks - ok
21:09:35.0046 2384  [ 49C805D42D75EDDC9B6A7130999C9054 ] uagp35          G:\WINDOWS\system32\DRIVERS\uagp35.sys
21:09:35.0046 2384  uagp35 - ok
21:09:35.0093 2384  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            G:\WINDOWS\system32\drivers\Udfs.sys
21:09:35.0093 2384  Udfs - ok
21:09:35.0125 2384  ultra - ok
21:09:35.0218 2384  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          G:\WINDOWS\system32\DRIVERS\update.sys
21:09:35.0218 2384  Update - ok
21:09:35.0265 2384  [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost        G:\WINDOWS\System32\upnphost.dll
21:09:35.0281 2384  upnphost - ok
21:09:35.0312 2384  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             G:\WINDOWS\System32\ups.exe
21:09:35.0312 2384  UPS - ok
21:09:35.0375 2384  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         G:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:09:35.0375 2384  usbccgp - ok
21:09:35.0453 2384  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         G:\WINDOWS\system32\DRIVERS\usbehci.sys
21:09:35.0468 2384  usbehci - ok
21:09:35.0531 2384  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          G:\WINDOWS\system32\DRIVERS\usbhub.sys
21:09:35.0531 2384  usbhub - ok
21:09:35.0593 2384  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        G:\WINDOWS\system32\DRIVERS\usbprint.sys
21:09:35.0593 2384  usbprint - ok
21:09:35.0640 2384  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         G:\WINDOWS\system32\DRIVERS\usbscan.sys
21:09:35.0640 2384  usbscan - ok
21:09:35.0703 2384  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor         G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:09:35.0703 2384  usbstor - ok
21:09:35.0750 2384  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         G:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:09:35.0750 2384  usbuhci - ok
21:09:35.0781 2384  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         G:\WINDOWS\System32\drivers\vga.sys
21:09:35.0781 2384  VgaSave - ok
21:09:35.0843 2384  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          G:\WINDOWS\system32\DRIVERS\viaide.sys
21:09:35.0843 2384  ViaIde - ok
21:09:35.0937 2384  [ EC14FEDCFC97F0AF98215CE385AFEC23 ] VIAudio         G:\WINDOWS\system32\drivers\viaudios.sys
21:09:35.0937 2384  VIAudio - ok
21:09:36.0015 2384  [ F95C0FCFBCBDA6D8F202D2DF4052F88D ] videX32         G:\WINDOWS\system32\DRIVERS\videX32.sys
21:09:36.0015 2384  videX32 - ok
21:09:36.0062 2384  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         G:\WINDOWS\system32\drivers\VolSnap.sys
21:09:36.0062 2384  VolSnap - ok
21:09:36.0125 2384  [ AAF94BC88ECDF0AE0586805DAD1E59C4 ] Vsp             G:\WINDOWS\system32\drivers\Vsp.sys
21:09:36.0125 2384  Vsp - ok
21:09:36.0171 2384  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             G:\WINDOWS\System32\vssvc.exe
21:09:36.0187 2384  VSS - ok
21:09:36.0265 2384  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         G:\WINDOWS\system32\w32time.dll
21:09:36.0265 2384  W32Time - ok
21:09:36.0328 2384  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          G:\WINDOWS\system32\DRIVERS\wanarp.sys
21:09:36.0328 2384  Wanarp - ok
21:09:36.0406 2384  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        G:\WINDOWS\system32\Drivers\wdf01000.sys
21:09:36.0406 2384  Wdf01000 - ok
21:09:36.0453 2384  WDICA - ok
21:09:36.0515 2384  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          G:\WINDOWS\system32\drivers\wdmaud.sys
21:09:36.0515 2384  wdmaud - ok
21:09:36.0546 2384  [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient       G:\WINDOWS\System32\webclnt.dll
21:09:36.0546 2384  WebClient - ok
21:09:36.0640 2384  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt         G:\WINDOWS\system32\wbem\WMIsvc.dll
21:09:36.0656 2384  winmgmt - ok
21:09:36.0750 2384  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        G:\WINDOWS\system32\mspmsnsv.dll
21:09:36.0765 2384  WmdmPmSN - ok
21:09:36.0843 2384  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        G:\WINDOWS\system32\wbem\wmiapsrv.exe
21:09:36.0843 2384  WmiApSrv - ok
21:09:36.0968 2384  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   G:\Programme\Windows Media Player\WMPNetwk.exe
21:09:36.0984 2384  WMPNetworkSvc - ok
21:09:37.0046 2384  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          G:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:09:37.0046 2384  WpdUsb - ok
21:09:37.0125 2384  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:09:37.0156 2384  WPFFontCache_v0400 - ok
21:09:37.0250 2384  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          G:\WINDOWS\system32\wscsvc.dll
21:09:37.0250 2384  wscsvc - ok
21:09:37.0328 2384  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        G:\WINDOWS\system32\wuauserv.dll
21:09:37.0328 2384  wuauserv - ok
21:09:37.0406 2384  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          G:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:09:37.0406 2384  WudfPf - ok
21:09:37.0437 2384  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          G:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:09:37.0437 2384  WudfRd - ok
21:09:37.0484 2384  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         G:\WINDOWS\System32\WUDFSvc.dll
21:09:37.0484 2384  WudfSvc - ok
21:09:37.0593 2384  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          G:\WINDOWS\System32\wzcsvc.dll
21:09:37.0609 2384  WZCSVC - ok
21:09:37.0671 2384  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         G:\WINDOWS\System32\xmlprov.dll
21:09:37.0687 2384  xmlprov - ok
21:09:37.0734 2384  ================ Scan global ===============================
21:09:37.0781 2384  [ 1B91BAC6996731EE8925F58205DCB016 ] G:\WINDOWS\system32\basesrv.dll
21:09:37.0812 2384  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] G:\WINDOWS\system32\winsrv.dll
21:09:37.0843 2384  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] G:\WINDOWS\system32\winsrv.dll
21:09:37.0875 2384  [ EDB6B81761BD60F32F740BBC40AFB676 ] G:\WINDOWS\system32\services.exe
21:09:37.0890 2384  [Global] - ok
21:09:37.0906 2384  ================ Scan MBR ==================================
21:09:37.0937 2384  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:09:38.0109 2384  \Device\Harddisk0\DR0 - ok
21:09:38.0140 2384  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
21:09:41.0625 2384  \Device\Harddisk1\DR3 - ok
21:09:41.0640 2384  ================ Scan VBR ==================================
21:09:41.0656 2384  [ 7767DD76ED07D454C8DB40C296EE48F1 ] \Device\Harddisk0\DR0\Partition1
21:09:41.0656 2384  \Device\Harddisk0\DR0\Partition1 - ok
21:09:41.0687 2384  [ 3E57A3E1ACC2759C5D5471AE388F0FE2 ] \Device\Harddisk0\DR0\Partition2
21:09:41.0687 2384  \Device\Harddisk0\DR0\Partition2 - ok
21:09:41.0734 2384  [ F0A7C68AAB2DAB44E1D8973DD1AE2B87 ] \Device\Harddisk1\DR3\Partition1
21:09:41.0734 2384  \Device\Harddisk1\DR3\Partition1 - ok
21:09:41.0750 2384  ============================================================
21:09:41.0750 2384  Scan finished
21:09:41.0750 2384  ============================================================
21:09:41.0796 2376  Detected object count: 0
21:09:41.0796 2376  Actual detected object count: 0
21:10:27.0640 2400  ============================================================
21:10:27.0640 2400  Scan started
21:10:27.0640 2400  Mode: Manual; 
21:10:27.0640 2400  ============================================================
21:10:27.0796 2400  ================ Scan system memory ========================
21:10:28.0125 2400  System memory - ok
21:10:28.0156 2400  ================ Scan services =============================
21:10:28.0328 2400  Abiosdsk - ok
21:10:28.0359 2400  abp480n5 - ok
21:10:28.0453 2400  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            G:\WINDOWS\system32\DRIVERS\ACPI.sys
21:10:28.0453 2400  ACPI - ok
21:10:28.0500 2400  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          G:\WINDOWS\system32\drivers\ACPIEC.sys
21:10:28.0500 2400  ACPIEC - ok
21:10:28.0546 2400  adpu160m - ok
21:10:28.0593 2400  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             G:\WINDOWS\system32\drivers\aec.sys
21:10:28.0609 2400  aec - ok
21:10:28.0656 2400  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD             G:\WINDOWS\System32\drivers\afd.sys
21:10:28.0656 2400  AFD - ok
21:10:28.0687 2400  Aha154x - ok
21:10:28.0718 2400  aic78u2 - ok
21:10:28.0750 2400  aic78xx - ok
21:10:28.0828 2400  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         G:\WINDOWS\system32\alrsvc.dll
21:10:28.0828 2400  Alerter - ok
21:10:28.0875 2400  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             G:\WINDOWS\System32\alg.exe
21:10:28.0875 2400  ALG - ok
21:10:28.0890 2400  AliIde - ok
21:10:28.0937 2400  [ FBF9FFB0B638DF1448821BD0ACEEB780 ] AmdK7           G:\WINDOWS\system32\DRIVERS\amdk7.sys
21:10:28.0937 2400  AmdK7 - ok
21:10:28.0968 2400  amsint - ok
21:10:29.0000 2400  AppMgmt - ok
21:10:29.0031 2400  asc - ok
21:10:29.0046 2400  asc3350p - ok
21:10:29.0078 2400  asc3550 - ok
21:10:29.0234 2400  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:10:29.0234 2400  aspnet_state - ok
21:10:29.0296 2400  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        G:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:10:29.0296 2400  AsyncMac - ok
21:10:29.0359 2400  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           G:\WINDOWS\system32\DRIVERS\atapi.sys
21:10:29.0359 2400  atapi - ok
21:10:29.0390 2400  Atdisk - ok
21:10:29.0468 2400  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         G:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:10:29.0468 2400  Atmarpc - ok
21:10:29.0500 2400  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        G:\WINDOWS\System32\audiosrv.dll
21:10:29.0500 2400  AudioSrv - ok
21:10:29.0562 2400  [ D9F724AA26C010A217C97606B160ED68 ] audstub         G:\WINDOWS\system32\DRIVERS\audstub.sys
21:10:29.0578 2400  audstub - ok
21:10:29.0640 2400  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            G:\WINDOWS\system32\drivers\Beep.sys
21:10:29.0640 2400  Beep - ok
21:10:29.0718 2400  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            G:\WINDOWS\system32\qmgr.dll
21:10:29.0734 2400  BITS - ok
21:10:29.0781 2400  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         G:\WINDOWS\System32\browser.dll
21:10:29.0781 2400  Browser - ok
21:10:29.0843 2400  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         G:\WINDOWS\system32\drivers\cbidf2k.sys
21:10:29.0843 2400  cbidf2k - ok
21:10:29.0859 2400  cd20xrnt - ok
21:10:29.0921 2400  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         G:\WINDOWS\system32\drivers\Cdaudio.sys
21:10:29.0921 2400  Cdaudio - ok
21:10:29.0968 2400  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            G:\WINDOWS\system32\drivers\Cdfs.sys
21:10:29.0968 2400  Cdfs - ok
21:10:30.0031 2400  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           G:\WINDOWS\system32\DRIVERS\cdrom.sys
21:10:30.0031 2400  Cdrom - ok
21:10:30.0062 2400  Changer - ok
21:10:30.0125 2400  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           G:\WINDOWS\system32\cisvc.exe
21:10:30.0125 2400  CiSvc - ok
21:10:30.0171 2400  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         G:\WINDOWS\system32\clipsrv.exe
21:10:30.0171 2400  ClipSrv - ok
21:10:30.0234 2400  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:30.0234 2400  clr_optimization_v2.0.50727_32 - ok
21:10:30.0296 2400  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:30.0296 2400  clr_optimization_v4.0.30319_32 - ok
21:10:30.0328 2400  CmdIde - ok
21:10:30.0359 2400  COMSysApp - ok
21:10:30.0437 2400  Cpqarray - ok
21:10:30.0500 2400  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        G:\WINDOWS\System32\cryptsvc.dll
21:10:30.0500 2400  CryptSvc - ok
21:10:30.0531 2400  dac2w2k - ok
21:10:30.0578 2400  dac960nt - ok
21:10:30.0625 2400  [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch      G:\WINDOWS\system32\rpcss.dll
21:10:30.0640 2400  DcomLaunch - ok
21:10:30.0765 2400  [ CC8B5C964B777F4EC3E89F13B4B5FF0F ] DCService.exe   G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
21:10:30.0765 2400  DCService.exe - ok
21:10:30.0843 2400  [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp            G:\WINDOWS\System32\dhcpcsvc.dll
21:10:30.0843 2400  Dhcp - ok
21:10:30.0875 2400  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            G:\WINDOWS\system32\DRIVERS\disk.sys
21:10:30.0875 2400  Disk - ok
21:10:30.0906 2400  dmadmin - ok
21:10:31.0000 2400  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          G:\WINDOWS\system32\drivers\dmboot.sys
21:10:31.0015 2400  dmboot - ok
21:10:31.0078 2400  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            G:\WINDOWS\system32\drivers\dmio.sys
21:10:31.0078 2400  dmio - ok
21:10:31.0125 2400  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          G:\WINDOWS\system32\drivers\dmload.sys
21:10:31.0125 2400  dmload - ok
21:10:31.0171 2400  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        G:\WINDOWS\System32\dmserver.dll
21:10:31.0171 2400  dmserver - ok
21:10:31.0234 2400  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          G:\WINDOWS\system32\drivers\DMusic.sys
21:10:31.0234 2400  DMusic - ok
21:10:31.0296 2400  [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache        G:\WINDOWS\System32\dnsrslvr.dll
21:10:31.0296 2400  Dnscache - ok
21:10:31.0328 2400  dpti2o - ok
21:10:31.0359 2400  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         G:\WINDOWS\system32\drivers\drmkaud.sys
21:10:31.0359 2400  drmkaud - ok
21:10:31.0421 2400  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           G:\WINDOWS\System32\ersvc.dll
21:10:31.0421 2400  ERSvc - ok
21:10:31.0468 2400  [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog        G:\WINDOWS\system32\services.exe
21:10:31.0468 2400  Eventlog - ok
21:10:31.0500 2400  [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem     G:\WINDOWS\system32\es.dll
21:10:31.0515 2400  EventSystem - ok
21:10:31.0578 2400  [ A52794C010C6DF5B4BC70C4AB5E04088 ] ewusbnet        G:\WINDOWS\system32\DRIVERS\ewusbnet.sys
21:10:31.0578 2400  ewusbnet - ok
21:10:31.0640 2400  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     G:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
21:10:31.0656 2400  ew_hwusbdev - ok
21:10:31.0718 2400  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         G:\WINDOWS\system32\drivers\Fastfat.sys
21:10:31.0718 2400  Fastfat - ok
21:10:31.0781 2400  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility G:\WINDOWS\System32\shsvcs.dll
21:10:31.0781 2400  FastUserSwitchingCompatibility - ok
21:10:31.0843 2400  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             G:\WINDOWS\system32\DRIVERS\fdc.sys
21:10:31.0843 2400  Fdc - ok
21:10:31.0906 2400  [ 8787449F8EF116DB0E8E06C3555746A7 ] FET5X86V        G:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
21:10:31.0906 2400  FET5X86V - ok
21:10:31.0968 2400  [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS         G:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:10:31.0968 2400  FETNDIS - ok
21:10:32.0031 2400  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            G:\WINDOWS\system32\drivers\Fips.sys
21:10:32.0046 2400  Fips - ok
21:10:32.0109 2400  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        G:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:10:32.0109 2400  Flpydisk - ok
21:10:32.0156 2400  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          G:\WINDOWS\system32\drivers\fltmgr.sys
21:10:32.0156 2400  FltMgr - ok
21:10:32.0187 2400  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          G:\WINDOWS\system32\drivers\Fs_Rec.sys
21:10:32.0187 2400  Fs_Rec - ok
21:10:32.0234 2400  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          G:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:10:32.0234 2400  Ftdisk - ok
21:10:32.0265 2400  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             G:\WINDOWS\system32\DRIVERS\msgpc.sys
21:10:32.0265 2400  Gpc - ok
21:10:32.0343 2400  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         G:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:10:32.0343 2400  helpsvc - ok
21:10:32.0406 2400  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ         G:\WINDOWS\System32\hidserv.dll
21:10:32.0406 2400  HidServ - ok
21:10:32.0437 2400  [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb          G:\WINDOWS\system32\DRIVERS\hidusb.sys
21:10:32.0453 2400  hidusb - ok
21:10:32.0500 2400  hpn - ok
21:10:32.0562 2400  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            G:\WINDOWS\system32\Drivers\HTTP.sys
21:10:32.0578 2400  HTTP - ok
21:10:32.0625 2400  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      G:\WINDOWS\System32\w3ssl.dll
21:10:32.0625 2400  HTTPFilter - ok
21:10:32.0687 2400  [ BED3A9F86A637CC6C2C5296CD82423D8 ] huawei_enumerator G:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
21:10:32.0687 2400  huawei_enumerator - ok
21:10:32.0750 2400  [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] hwdatacard      G:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:10:32.0750 2400  hwdatacard - ok
21:10:32.0796 2400  hwusbdev - ok
21:10:32.0843 2400  i2omgmt - ok
21:10:32.0875 2400  i2omp - ok
21:10:32.0906 2400  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        G:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:10:32.0921 2400  i8042prt - ok
21:10:32.0968 2400  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           G:\WINDOWS\system32\DRIVERS\imapi.sys
21:10:32.0968 2400  Imapi - ok
21:10:33.0031 2400  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    G:\WINDOWS\system32\imapi.exe
21:10:33.0031 2400  ImapiService - ok
21:10:33.0078 2400  ini910u - ok
21:10:33.0125 2400  IntelIde - ok
21:10:33.0187 2400  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           G:\WINDOWS\system32\drivers\ip6fw.sys
21:10:33.0187 2400  Ip6Fw - ok
21:10:33.0234 2400  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  G:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:10:33.0234 2400  IpFilterDriver - ok
21:10:33.0296 2400  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          G:\WINDOWS\system32\DRIVERS\ipinip.sys
21:10:33.0296 2400  IpInIp - ok
21:10:33.0343 2400  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           G:\WINDOWS\system32\DRIVERS\ipnat.sys
21:10:33.0343 2400  IpNat - ok
21:10:33.0406 2400  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           G:\WINDOWS\system32\DRIVERS\ipsec.sys
21:10:33.0406 2400  IPSec - ok
21:10:33.0468 2400  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          G:\WINDOWS\system32\DRIVERS\irenum.sys
21:10:33.0468 2400  IRENUM - ok
21:10:33.0546 2400  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          G:\WINDOWS\system32\DRIVERS\isapnp.sys
21:10:33.0546 2400  isapnp - ok
21:10:33.0609 2400  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        G:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:10:33.0609 2400  Kbdclass - ok
21:10:33.0671 2400  [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid          G:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:10:33.0671 2400  kbdhid - ok
21:10:33.0718 2400  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          G:\WINDOWS\system32\drivers\kmixer.sys
21:10:33.0718 2400  kmixer - ok
21:10:33.0906 2400  [ 613CC08496F1FA91FB43303FB65D37C6 ] Kodak AiO Network Discovery Service G:\Programme\Kodak\AiO\Center\EKAiOHostService.exe
21:10:33.0921 2400  Kodak AiO Network Discovery Service - ok
21:10:33.0968 2400  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          G:\WINDOWS\system32\drivers\KSecDD.sys
21:10:33.0968 2400  KSecDD - ok
21:10:34.0031 2400  [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver    G:\WINDOWS\System32\srvsvc.dll
21:10:34.0046 2400  lanmanserver - ok
21:10:34.0078 2400  [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation G:\WINDOWS\System32\wkssvc.dll
21:10:34.0078 2400  lanmanworkstation - ok
21:10:34.0109 2400  lbrtfdc - ok
21:10:34.0171 2400  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         G:\WINDOWS\System32\lmhsvc.dll
21:10:34.0171 2400  LmHosts - ok
21:10:34.0203 2400  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       G:\WINDOWS\System32\msgsvc.dll
21:10:34.0218 2400  Messenger - ok
21:10:34.0296 2400  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service D:\Office12\GrooveAuditService.exe
21:10:34.0296 2400  Microsoft Office Groove Audit Service - ok
21:10:34.0359 2400  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           G:\WINDOWS\system32\drivers\mnmdd.sys
21:10:34.0359 2400  mnmdd - ok
21:10:34.0421 2400  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         G:\WINDOWS\system32\mnmsrvc.exe
21:10:34.0421 2400  mnmsrvc - ok
21:10:34.0468 2400  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           G:\WINDOWS\system32\drivers\Modem.sys
21:10:34.0468 2400  Modem - ok
21:10:34.0500 2400  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        G:\WINDOWS\system32\DRIVERS\mouclass.sys
21:10:34.0500 2400  Mouclass - ok
21:10:34.0578 2400  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          G:\WINDOWS\system32\DRIVERS\mouhid.sys
21:10:34.0578 2400  mouhid - ok
21:10:34.0609 2400  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        G:\WINDOWS\system32\drivers\MountMgr.sys
21:10:34.0609 2400  MountMgr - ok
21:10:34.0640 2400  mraid35x - ok
21:10:34.0687 2400  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          G:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:10:34.0687 2400  MRxDAV - ok
21:10:34.0734 2400  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          G:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:10:34.0750 2400  MRxSmb - ok
21:10:34.0812 2400  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           G:\WINDOWS\system32\msdtc.exe
21:10:34.0828 2400  MSDTC - ok
21:10:34.0890 2400  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            G:\WINDOWS\system32\drivers\Msfs.sys
21:10:34.0890 2400  Msfs - ok
21:10:34.0921 2400  MSIServer - ok
21:10:34.0968 2400  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         G:\WINDOWS\system32\drivers\MSKSSRV.sys
21:10:34.0968 2400  MSKSSRV - ok
21:10:35.0015 2400  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        G:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:10:35.0015 2400  MSPCLOCK - ok
21:10:35.0062 2400  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           G:\WINDOWS\system32\drivers\MSPQM.sys
21:10:35.0062 2400  MSPQM - ok
21:10:35.0109 2400  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        G:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:10:35.0109 2400  mssmbios - ok
21:10:35.0156 2400  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             G:\WINDOWS\system32\drivers\Mup.sys
21:10:35.0156 2400  Mup - ok
21:10:35.0203 2400  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            G:\WINDOWS\system32\drivers\NDIS.sys
21:10:35.0203 2400  NDIS - ok
21:10:35.0250 2400  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        G:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:10:35.0250 2400  NdisTapi - ok
21:10:35.0312 2400  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         G:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:10:35.0312 2400  Ndisuio - ok
21:10:35.0343 2400  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         G:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:10:35.0343 2400  NdisWan - ok
21:10:35.0390 2400  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         G:\WINDOWS\system32\drivers\NDProxy.sys
21:10:35.0390 2400  NDProxy - ok
21:10:35.0437 2400  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         G:\WINDOWS\system32\DRIVERS\netbios.sys
21:10:35.0437 2400  NetBIOS - ok
21:10:35.0468 2400  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           G:\WINDOWS\system32\DRIVERS\netbt.sys
21:10:35.0468 2400  NetBT - ok
21:10:35.0546 2400  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          G:\WINDOWS\system32\netdde.exe
21:10:35.0578 2400  NetDDE - ok
21:10:35.0609 2400  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      G:\WINDOWS\system32\netdde.exe
21:10:35.0609 2400  NetDDEdsdm - ok
21:10:35.0640 2400  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        G:\WINDOWS\system32\lsass.exe
21:10:35.0656 2400  Netlogon - ok
21:10:35.0703 2400  [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman          G:\WINDOWS\System32\netman.dll
21:10:35.0703 2400  Netman - ok
21:10:35.0750 2400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:10:35.0750 2400  NetTcpPortSharing - ok
21:10:35.0812 2400  [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla             G:\WINDOWS\System32\mswsock.dll
21:10:35.0812 2400  Nla - ok
21:10:35.0859 2400  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            G:\WINDOWS\system32\drivers\Npfs.sys
21:10:35.0859 2400  Npfs - ok
21:10:35.0937 2400  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            G:\WINDOWS\system32\drivers\Ntfs.sys
21:10:35.0937 2400  Ntfs - ok
21:10:35.0984 2400  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         G:\WINDOWS\system32\lsass.exe
21:10:35.0984 2400  NtLmSsp - ok
21:10:36.0046 2400  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         G:\WINDOWS\system32\ntmssvc.dll
21:10:36.0062 2400  NtmsSvc - ok
21:10:36.0109 2400  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            G:\WINDOWS\system32\drivers\Null.sys
21:10:36.0109 2400  Null - ok
21:10:36.0234 2400  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              G:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:10:36.0265 2400  nv - ok
21:10:36.0312 2400  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        G:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:10:36.0312 2400  NwlnkFlt - ok
21:10:36.0328 2400  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        G:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:10:36.0328 2400  NwlnkFwd - ok
21:10:36.0453 2400  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          G:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
21:10:36.0468 2400  odserv - ok
21:10:36.0531 2400  [ 5A432A042DAE460ABE7199B758E8606C ] ose             G:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:10:36.0531 2400  ose - ok
21:10:36.0578 2400  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         G:\WINDOWS\system32\DRIVERS\parport.sys
21:10:36.0578 2400  Parport - ok
21:10:36.0640 2400  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         G:\WINDOWS\system32\drivers\PartMgr.sys
21:10:36.0640 2400  PartMgr - ok
21:10:36.0687 2400  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          G:\WINDOWS\system32\drivers\ParVdm.sys
21:10:36.0687 2400  ParVdm - ok
21:10:36.0718 2400  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             G:\WINDOWS\system32\DRIVERS\pci.sys
21:10:36.0718 2400  PCI - ok
21:10:36.0750 2400  PCIDump - ok
21:10:36.0781 2400  PCIIde - ok
21:10:36.0843 2400  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          G:\WINDOWS\system32\drivers\Pcmcia.sys
21:10:36.0859 2400  Pcmcia - ok
21:10:36.0890 2400  PDCOMP - ok
21:10:36.0921 2400  PDFRAME - ok
21:10:36.0953 2400  PDRELI - ok
21:10:36.0984 2400  PDRFRAME - ok
21:10:37.0015 2400  perc2 - ok
21:10:37.0046 2400  perc2hib - ok
21:10:37.0140 2400  [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay        G:\WINDOWS\system32\services.exe
21:10:37.0156 2400  PlugPlay - ok
21:10:37.0171 2400  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     G:\WINDOWS\system32\lsass.exe
21:10:37.0171 2400  PolicyAgent - ok
21:10:37.0218 2400  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    G:\WINDOWS\system32\DRIVERS\raspptp.sys
21:10:37.0218 2400  PptpMiniport - ok
21:10:37.0234 2400  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage G:\WINDOWS\system32\lsass.exe
21:10:37.0234 2400  ProtectedStorage - ok
21:10:37.0265 2400  [ 48671F327553DCF1D27F6197F622A668 ] PSched          G:\WINDOWS\system32\DRIVERS\psched.sys
21:10:37.0281 2400  PSched - ok
21:10:37.0312 2400  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         G:\WINDOWS\system32\DRIVERS\ptilink.sys
21:10:37.0312 2400  Ptilink - ok
21:10:37.0343 2400  ql1080 - ok
21:10:37.0375 2400  Ql10wnt - ok
21:10:37.0390 2400  ql12160 - ok
21:10:37.0421 2400  ql1240 - ok
21:10:37.0453 2400  ql1280 - ok
21:10:37.0484 2400  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          G:\WINDOWS\system32\DRIVERS\rasacd.sys
21:10:37.0484 2400  RasAcd - ok
21:10:37.0546 2400  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         G:\WINDOWS\System32\rasauto.dll
21:10:37.0546 2400  RasAuto - ok
21:10:37.0578 2400  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         G:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:10:37.0578 2400  Rasl2tp - ok
21:10:37.0625 2400  [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan          G:\WINDOWS\System32\rasmans.dll
21:10:37.0625 2400  RasMan - ok
21:10:37.0656 2400  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        G:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:10:37.0656 2400  RasPppoe - ok
21:10:37.0703 2400  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          G:\WINDOWS\system32\DRIVERS\raspti.sys
21:10:37.0703 2400  Raspti - ok
21:10:37.0734 2400  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           G:\WINDOWS\system32\DRIVERS\rdbss.sys
21:10:37.0750 2400  Rdbss - ok
21:10:37.0765 2400  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          G:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:10:37.0765 2400  RDPCDD - ok
21:10:37.0875 2400  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           G:\WINDOWS\system32\drivers\RDPWD.sys
21:10:37.0875 2400  RDPWD - ok
21:10:37.0921 2400  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       G:\WINDOWS\system32\sessmgr.exe
21:10:37.0921 2400  RDSessMgr - ok
21:10:37.0953 2400  [ AA56702E230860565CB8D43680F57F33 ] redbook         G:\WINDOWS\system32\DRIVERS\redbook.sys
21:10:37.0953 2400  redbook - ok
21:10:38.0015 2400  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    G:\WINDOWS\System32\mprdim.dll
21:10:38.0015 2400  RemoteAccess - ok
21:10:38.0046 2400  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      G:\WINDOWS\system32\locator.exe
21:10:38.0046 2400  RpcLocator - ok
21:10:38.0109 2400  [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs           G:\WINDOWS\system32\rpcss.dll
21:10:38.0109 2400  RpcSs - ok
21:10:38.0187 2400  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            G:\WINDOWS\system32\rsvp.exe
21:10:38.0187 2400  RSVP - ok
21:10:38.0218 2400  RT73 - ok
21:10:38.0250 2400  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           G:\WINDOWS\system32\lsass.exe
21:10:38.0250 2400  SamSs - ok
21:10:38.0312 2400  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        G:\WINDOWS\System32\SCardSvr.exe
21:10:38.0312 2400  SCardSvr - ok
21:10:38.0375 2400  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        G:\WINDOWS\system32\schedsvc.dll
21:10:38.0375 2400  Schedule - ok
21:10:38.0421 2400  Scutum50 - ok
21:10:38.0484 2400  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          G:\WINDOWS\system32\DRIVERS\secdrv.sys
21:10:38.0484 2400  Secdrv - ok
21:10:38.0531 2400  [ FED544B43903FB801B106F062110358A ] seclogon        G:\WINDOWS\System32\seclogon.dll
21:10:38.0546 2400  seclogon - ok
21:10:38.0578 2400  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            G:\WINDOWS\system32\sens.dll
21:10:38.0578 2400  SENS - ok
21:10:38.0609 2400  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         G:\WINDOWS\system32\DRIVERS\serenum.sys
21:10:38.0609 2400  serenum - ok
21:10:38.0640 2400  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          G:\WINDOWS\system32\DRIVERS\serial.sys
21:10:38.0656 2400  Serial - ok
21:10:38.0750 2400  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         G:\WINDOWS\system32\drivers\Sfloppy.sys
21:10:38.0750 2400  Sfloppy - ok
21:10:38.0812 2400  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    G:\WINDOWS\System32\ipnathlp.dll
21:10:38.0812 2400  SharedAccess - ok
21:10:38.0859 2400  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection G:\WINDOWS\System32\shsvcs.dll
21:10:38.0875 2400  ShellHWDetection - ok
21:10:38.0906 2400  Simbad - ok
21:10:38.0953 2400  Sparrow - ok
21:10:39.0015 2400  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        G:\WINDOWS\system32\drivers\splitter.sys
21:10:39.0015 2400  splitter - ok
21:10:39.0046 2400  [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler         G:\WINDOWS\system32\spoolsv.exe
21:10:39.0062 2400  Spooler - ok
21:10:39.0125 2400  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              G:\WINDOWS\system32\DRIVERS\sr.sys
21:10:39.0125 2400  sr - ok
21:10:39.0171 2400  [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice       G:\WINDOWS\system32\srsvc.dll
21:10:39.0171 2400  srservice - ok
21:10:39.0218 2400  [ 20B7E396720353E4117D64D9DCB926CA ] Srv             G:\WINDOWS\system32\DRIVERS\srv.sys
21:10:39.0234 2400  Srv - ok
21:10:39.0296 2400  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         G:\WINDOWS\System32\ssdpsrv.dll
21:10:39.0296 2400  SSDPSRV - ok
21:10:39.0375 2400  [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc          G:\WINDOWS\system32\wiaservc.dll
21:10:39.0375 2400  stisvc - ok
21:10:39.0421 2400  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          G:\WINDOWS\system32\DRIVERS\swenum.sys
21:10:39.0421 2400  swenum - ok
21:10:39.0500 2400  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          G:\WINDOWS\system32\drivers\swmidi.sys
21:10:39.0500 2400  swmidi - ok
21:10:39.0531 2400  SwPrv - ok
21:10:39.0578 2400  symc810 - ok
21:10:39.0609 2400  symc8xx - ok
21:10:39.0640 2400  sym_hi - ok
21:10:39.0671 2400  sym_u3 - ok
21:10:39.0734 2400  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        G:\WINDOWS\system32\drivers\sysaudio.sys
21:10:39.0734 2400  sysaudio - ok
21:10:39.0781 2400  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       G:\WINDOWS\system32\smlogsvc.exe
21:10:39.0781 2400  SysmonLog - ok
21:10:39.0828 2400  [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv         G:\WINDOWS\System32\tapisrv.dll
21:10:39.0843 2400  TapiSrv - ok
21:10:39.0890 2400  [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip           G:\WINDOWS\system32\DRIVERS\tcpip.sys
21:10:39.0906 2400  Tcpip - ok
21:10:39.0953 2400  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          G:\WINDOWS\system32\drivers\TDPIPE.sys
21:10:39.0953 2400  TDPIPE - ok
21:10:39.0984 2400  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           G:\WINDOWS\system32\drivers\TDTCP.sys
21:10:39.0984 2400  TDTCP - ok
21:10:40.0046 2400  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          G:\WINDOWS\system32\DRIVERS\termdd.sys
21:10:40.0046 2400  TermDD - ok
21:10:40.0125 2400  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     G:\WINDOWS\System32\termsrv.dll
21:10:40.0125 2400  TermService - ok
21:10:40.0203 2400  [ 46B389E1A1C8E66D877402FC0821A371 ] TGCM_ImportWiFiSvc G:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
21:10:40.0203 2400  TGCM_ImportWiFiSvc - ok
21:10:40.0265 2400  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes          G:\WINDOWS\System32\shsvcs.dll
21:10:40.0265 2400  Themes - ok
21:10:40.0343 2400  [ E27982D1C30AE1DD7EB8EB5CAF8D20C6 ] tidnet          G:\WINDOWS\system32\DRIVERS\tidnet.sys
21:10:40.0343 2400  tidnet - ok
21:10:40.0375 2400  TosIde - ok
21:10:40.0406 2400  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          G:\WINDOWS\system32\trkwks.dll
21:10:40.0421 2400  TrkWks - ok
21:10:40.0500 2400  [ 49C805D42D75EDDC9B6A7130999C9054 ] uagp35          G:\WINDOWS\system32\DRIVERS\uagp35.sys
21:10:40.0500 2400  uagp35 - ok
21:10:40.0562 2400  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            G:\WINDOWS\system32\drivers\Udfs.sys
21:10:40.0562 2400  Udfs - ok
21:10:40.0593 2400  ultra - ok
21:10:40.0671 2400  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          G:\WINDOWS\system32\DRIVERS\update.sys
21:10:40.0671 2400  Update - ok
21:10:40.0718 2400  [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost        G:\WINDOWS\System32\upnphost.dll
21:10:40.0734 2400  upnphost - ok
21:10:40.0765 2400  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             G:\WINDOWS\System32\ups.exe
21:10:40.0765 2400  UPS - ok
21:10:40.0828 2400  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         G:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:10:40.0828 2400  usbccgp - ok
21:10:40.0906 2400  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         G:\WINDOWS\system32\DRIVERS\usbehci.sys
21:10:40.0906 2400  usbehci - ok
21:10:40.0953 2400  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          G:\WINDOWS\system32\DRIVERS\usbhub.sys
21:10:40.0953 2400  usbhub - ok
21:10:41.0015 2400  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        G:\WINDOWS\system32\DRIVERS\usbprint.sys
21:10:41.0015 2400  usbprint - ok
21:10:41.0062 2400  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         G:\WINDOWS\system32\DRIVERS\usbscan.sys
21:10:41.0062 2400  usbscan - ok
21:10:41.0093 2400  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor         G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:10:41.0109 2400  usbstor - ok
21:10:41.0140 2400  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         G:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:10:41.0140 2400  usbuhci - ok
21:10:41.0171 2400  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         G:\WINDOWS\System32\drivers\vga.sys
21:10:41.0171 2400  VgaSave - ok
21:10:41.0218 2400  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          G:\WINDOWS\system32\DRIVERS\viaide.sys
21:10:41.0218 2400  ViaIde - ok
21:10:41.0312 2400  [ EC14FEDCFC97F0AF98215CE385AFEC23 ] VIAudio         G:\WINDOWS\system32\drivers\viaudios.sys
21:10:41.0312 2400  VIAudio - ok
21:10:41.0375 2400  [ F95C0FCFBCBDA6D8F202D2DF4052F88D ] videX32         G:\WINDOWS\system32\DRIVERS\videX32.sys
21:10:41.0375 2400  videX32 - ok
21:10:41.0437 2400  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         G:\WINDOWS\system32\drivers\VolSnap.sys
21:10:41.0437 2400  VolSnap - ok
21:10:41.0484 2400  [ AAF94BC88ECDF0AE0586805DAD1E59C4 ] Vsp             G:\WINDOWS\system32\drivers\Vsp.sys
21:10:41.0484 2400  Vsp - ok
21:10:41.0562 2400  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             G:\WINDOWS\System32\vssvc.exe
21:10:41.0562 2400  VSS - ok
21:10:41.0640 2400  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         G:\WINDOWS\system32\w32time.dll
21:10:41.0640 2400  W32Time - ok
21:10:41.0703 2400  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          G:\WINDOWS\system32\DRIVERS\wanarp.sys
21:10:41.0703 2400  Wanarp - ok
21:10:41.0781 2400  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        G:\WINDOWS\system32\Drivers\wdf01000.sys
21:10:41.0796 2400  Wdf01000 - ok
21:10:41.0828 2400  WDICA - ok
21:10:41.0875 2400  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          G:\WINDOWS\system32\drivers\wdmaud.sys
21:10:41.0875 2400  wdmaud - ok
21:10:41.0953 2400  [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient       G:\WINDOWS\System32\webclnt.dll
21:10:41.0953 2400  WebClient - ok
21:10:42.0062 2400  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt         G:\WINDOWS\system32\wbem\WMIsvc.dll
21:10:42.0062 2400  winmgmt - ok
21:10:42.0171 2400  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        G:\WINDOWS\system32\mspmsnsv.dll
21:10:42.0171 2400  WmdmPmSN - ok
21:10:42.0281 2400  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        G:\WINDOWS\system32\wbem\wmiapsrv.exe
21:10:42.0281 2400  WmiApSrv - ok
21:10:42.0375 2400  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   G:\Programme\Windows Media Player\WMPNetwk.exe
21:10:42.0390 2400  WMPNetworkSvc - ok
21:10:42.0453 2400  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          G:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:10:42.0453 2400  WpdUsb - ok
21:10:42.0546 2400  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:10:42.0546 2400  WPFFontCache_v0400 - ok
21:10:42.0625 2400  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          G:\WINDOWS\system32\wscsvc.dll
21:10:42.0625 2400  wscsvc - ok
21:10:42.0687 2400  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        G:\WINDOWS\system32\wuauserv.dll
21:10:42.0687 2400  wuauserv - ok
21:10:42.0750 2400  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          G:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:10:42.0750 2400  WudfPf - ok
21:10:42.0796 2400  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          G:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:10:42.0796 2400  WudfRd - ok
21:10:42.0843 2400  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         G:\WINDOWS\System32\WUDFSvc.dll
21:10:42.0859 2400  WudfSvc - ok
21:10:42.0937 2400  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          G:\WINDOWS\System32\wzcsvc.dll
21:10:42.0937 2400  WZCSVC - ok
21:10:42.0984 2400  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         G:\WINDOWS\System32\xmlprov.dll
21:10:43.0000 2400  xmlprov - ok
21:10:43.0078 2400  ================ Scan global ===============================
21:10:43.0140 2400  [ 1B91BAC6996731EE8925F58205DCB016 ] G:\WINDOWS\system32\basesrv.dll
21:10:43.0171 2400  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] G:\WINDOWS\system32\winsrv.dll
21:10:43.0203 2400  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] G:\WINDOWS\system32\winsrv.dll
21:10:43.0234 2400  [ EDB6B81761BD60F32F740BBC40AFB676 ] G:\WINDOWS\system32\services.exe
21:10:43.0234 2400  [Global] - ok
21:10:43.0234 2400  ================ Scan MBR ==================================
21:10:43.0265 2400  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:10:43.0437 2400  \Device\Harddisk0\DR0 - ok
21:10:43.0468 2400  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
21:10:46.0968 2400  \Device\Harddisk1\DR3 - ok
21:10:46.0984 2400  ================ Scan VBR ==================================
21:10:47.0015 2400  [ 7767DD76ED07D454C8DB40C296EE48F1 ] \Device\Harddisk0\DR0\Partition1
21:10:47.0015 2400  \Device\Harddisk0\DR0\Partition1 - ok
21:10:47.0046 2400  [ 3E57A3E1ACC2759C5D5471AE388F0FE2 ] \Device\Harddisk0\DR0\Partition2
21:10:47.0046 2400  \Device\Harddisk0\DR0\Partition2 - ok
21:10:47.0078 2400  [ F0A7C68AAB2DAB44E1D8973DD1AE2B87 ] \Device\Harddisk1\DR3\Partition1
21:10:47.0093 2400  \Device\Harddisk1\DR3\Partition1 - ok
21:10:47.0093 2400  ============================================================
21:10:47.0093 2400  Scan finished
21:10:47.0093 2400  ============================================================
21:10:47.0156 2392  Detected object count: 0
21:10:47.0156 2392  Actual detected object count: 0
21:10:57.0203 2356  Deinitialize success
         

Antwort

Themen zu BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus
abgesicherte, abgesicherten, abgesicherten modus, aktualisierung, bka trojaner, bka trojaner xp, desktop, guten, modus, programmes, rechner, sperrbildschirm, sperrung, troja, trojaner, virenprogrammes



Ähnliche Themen: BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus


  1. GVU Trojaner hat PC auch im abgesicherten Modus gesperrt
    Log-Analyse und Auswertung - 24.10.2015 (11)
  2. Win7 - Trojaner, welcher auch abgesicherten Modus verhindert
    Log-Analyse und Auswertung - 11.11.2014 (17)
  3. GVU Trojaner, Windows Vista geht auch nicht im abgesicherten Modus
    Log-Analyse und Auswertung - 05.01.2014 (5)
  4. BKA-Sperrung - weißer Bildschirm auch im abgesicherten Modus (XP)
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (15)
  5. GVU Trojaner auf Windows XP SP3 auch im abgesicherten Modus
    Log-Analyse und Auswertung - 30.05.2013 (15)
  6. GVU Trojaner, auch im abgesicherten Modus. OTLPE File hier
    Log-Analyse und Auswertung - 30.04.2013 (8)
  7. GVU Trojaner sperrt auch im abgesicherten Modus
    Log-Analyse und Auswertung - 28.04.2013 (2)
  8. GVU-Trojaner auch im abgesicherten Modus / WinXP
    Log-Analyse und Auswertung - 05.03.2013 (31)
  9. GVU Trojaner - Computer gesperrt - auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (17)
  10. GVU Trojaner mit Sperrung im abgesicherten Modus, runctf im Autostart
    Log-Analyse und Auswertung - 08.02.2013 (11)
  11. GVU Trojaner auf Windows Vista, auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 07.02.2013 (11)
  12. GVU-Trojaner auch im abgesicherten Modus
    Log-Analyse und Auswertung - 31.01.2013 (34)
  13. GVU Trojaner in Windows 7 - auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (18)
  14. GVU Trojaner auch im abgesicherten Modus, kein cd laufwerk...
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (1)
  15. GVU-Trojaner auch im abgesicherten Modus - Windows XP
    Plagegeister aller Art und deren Bekämpfung - 04.01.2013 (8)
  16. Gema-Trojaner, PC auch im Abgesicherten Modus gesperrt
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (8)
  17. Desktop bleibt Weiß - auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 25.02.2012 (3)

Zum Thema BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus - Guten Abend. Bei der Aktualisierung meines Virenprogrammes habe ich mir den BKA Trojaner eingefangen. Ich kann den Rechner aber auch im abgesicherten Modus nicht ohne Sperrbildschirm hochfahren. Was nun??? - BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus...
Archiv
Du betrachtest: BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.