Trojaner-Board - Gema Trojaner & Windows Security Center Trojaner

Code:

 20:52:42.0546 1520        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

20:52:43.0968 1520        ============================================================

20:52:43.0968 1520        Current date / time: 2012/03/27 20:52:43.0968

20:52:43.0968 1520        SystemInfo:

20:52:43.0968 1520        

20:52:43.0968 1520        OS Version: 5.1.2600 ServicePack: 3.0

20:52:43.0968 1520        Product type: Workstation

20:52:43.0968 1520        ComputerName: PUPPSIE

20:52:43.0968 1520        UserName: Mone

20:52:43.0968 1520        Windows directory: C:\WINDOWS

20:52:43.0968 1520        System windows directory: C:\WINDOWS

20:52:43.0968 1520        Processor architecture: Intel x86

20:52:43.0968 1520        Number of processors: 2

20:52:43.0968 1520        Page size: 0x1000

20:52:43.0968 1520        Boot type: Normal boot

20:52:43.0968 1520        ============================================================

20:53:05.0562 1520        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:53:05.0734 1520        Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:53:05.0750 1520        Drive \Device\Harddisk2\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:53:05.0765 1520        \Device\Harddisk0\DR0:

20:53:05.0781 1520        MBR used

20:53:05.0781 1520        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

20:53:05.0781 1520        \Device\Harddisk1\DR2:

20:53:05.0781 1520        MBR used

20:53:05.0781 1520        \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41

20:53:05.0781 1520        \Device\Harddisk2\DR3:

20:53:05.0796 1520        MBR used

20:53:05.0796 1520        \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800

20:53:08.0343 1520        Initialize success

20:53:08.0343 1520        ============================================================

20:53:19.0125 0552        ============================================================

20:53:19.0125 0552        Scan started

20:53:19.0125 0552        Mode: Manual; SigCheck; TDLFS; 

20:53:19.0125 0552        ============================================================

20:53:21.0421 0552        Abiosdsk - ok

20:53:21.0828 0552        abp480n5 - ok

20:53:22.0546 0552        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:53:34.0734 0552        ACPI - ok

20:53:36.0515 0552        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:53:36.0703 0552        ACPIEC - ok

20:53:37.0281 0552        adpu160m - ok

20:53:38.0531 0552        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:53:38.0796 0552        aec - ok

20:53:41.0406 0552        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:53:42.0234 0552        AFD - ok

20:53:45.0953 0552        Aha154x - ok

20:53:47.0984 0552        aic78u2 - ok

20:53:49.0500 0552        aic78xx - ok

20:53:50.0703 0552        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

20:53:50.0921 0552        Alerter - ok

20:53:55.0671 0552        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

20:53:55.0875 0552        ALG - ok

20:53:57.0203 0552        AliIde - ok

20:54:04.0578 0552        Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

20:54:09.0171 0552        Ambfilt - ok

20:54:10.0015 0552        amsint - ok

20:54:10.0515 0552        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe

20:54:10.0546 0552        AntiVirSchedulerService - ok

20:54:10.0828 0552        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe

20:54:10.0859 0552        AntiVirService - ok

20:54:11.0140 0552        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:54:11.0156 0552        Apple Mobile Device - ok

20:54:11.0875 0552        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

20:54:12.0531 0552        AppMgmt - ok

20:54:13.0062 0552        asc - ok

20:54:14.0093 0552        asc3350p - ok

20:54:14.0921 0552        asc3550 - ok

20:54:15.0484 0552        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:54:16.0453 0552        aspnet_state - ok

20:54:17.0437 0552        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:54:17.0578 0552        AsyncMac - ok

20:54:18.0156 0552        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:54:18.0296 0552        atapi - ok

20:54:18.0937 0552        Atdisk - ok

20:54:19.0406 0552        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:54:19.0593 0552        Atmarpc - ok

20:54:20.0109 0552        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

20:54:20.0359 0552        AudioSrv - ok

20:54:21.0171 0552        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:54:21.0359 0552        audstub - ok

20:54:21.0921 0552        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

20:54:21.0937 0552        avgntflt - ok

20:54:22.0390 0552        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

20:54:22.0421 0552        avipbb - ok

20:54:22.0937 0552        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

20:54:22.0953 0552        avkmgr - ok

20:54:23.0484 0552        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:54:23.0703 0552        Beep - ok

20:54:24.0953 0552        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

20:54:26.0203 0552        BITS - ok

20:54:26.0687 0552        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe

20:54:26.0937 0552        Bonjour Service - ok

20:54:27.0718 0552        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

20:54:28.0046 0552        Browser - ok

20:54:28.0718 0552        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:54:29.0375 0552        cbidf2k - ok

20:54:29.0812 0552        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:54:29.0953 0552        CCDECODE - ok

20:54:30.0312 0552        cd20xrnt - ok

20:54:30.0734 0552        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:54:30.0875 0552        Cdaudio - ok

20:54:31.0421 0552        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:54:31.0640 0552        Cdfs - ok

20:54:32.0203 0552        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:54:32.0359 0552        Cdrom - ok

20:54:32.0734 0552        Changer - ok

20:54:33.0109 0552        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

20:54:33.0250 0552        CiSvc - ok

20:54:33.0625 0552        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

20:54:33.0765 0552        ClipSrv - ok

20:54:34.0156 0552        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:54:34.0578 0552        clr_optimization_v2.0.50727_32 - ok

20:54:35.0125 0552        CmdIde - ok

20:54:35.0453 0552        COMSysApp - ok

20:54:35.0859 0552        Cpqarray - ok

20:54:36.0468 0552        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

20:54:36.0593 0552        CryptSvc - ok

20:54:37.0000 0552        dac2w2k - ok

20:54:37.0593 0552        dac960nt - ok

20:54:38.0281 0552        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

20:54:38.0562 0552        DcomLaunch - ok

20:54:39.0156 0552        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

20:54:39.0328 0552        Dhcp - ok

20:54:39.0968 0552        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:54:40.0109 0552        Disk - ok

20:54:40.0578 0552        dmadmin - ok

20:54:44.0437 0552        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

20:54:45.0593 0552        dmboot - ok

20:54:46.0218 0552        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

20:54:46.0390 0552        dmio - ok

20:54:46.0796 0552        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:54:46.0906 0552        dmload - ok

20:54:47.0578 0552        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

20:54:47.0718 0552        dmserver - ok

20:54:48.0218 0552        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:54:48.0421 0552        DMusic - ok

20:54:48.0859 0552        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

20:54:48.0984 0552        Dnscache - ok

20:54:49.0484 0552        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

20:54:49.0750 0552        Dot3svc - ok

20:54:50.0156 0552        dpti2o - ok

20:54:50.0687 0552        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:54:50.0875 0552        drmkaud - ok

20:54:51.0296 0552        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

20:54:51.0500 0552        EapHost - ok

20:54:51.0859 0552        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

20:54:52.0000 0552        ERSvc - ok

20:54:52.0812 0552        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

20:54:52.0859 0552        Eventlog - ok

20:54:53.0328 0552        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

20:54:53.0421 0552        EventSystem - ok

20:54:53.0984 0552        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:54:54.0312 0552        Fastfat - ok

20:54:54.0953 0552        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

20:54:55.0078 0552        FastUserSwitchingCompatibility - ok

20:54:55.0515 0552        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:54:55.0687 0552        Fdc - ok

20:54:57.0265 0552        FilterService   (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

20:54:57.0265 0552        FilterService - ok

20:54:58.0593 0552        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

20:54:59.0359 0552        Fips - ok

20:54:59.0984 0552        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:55:00.0140 0552        Flpydisk - ok

20:55:00.0578 0552        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:55:00.0734 0552        FltMgr - ok

20:55:01.0000 0552        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:55:01.0109 0552        FontCache3.0.0.0 - ok

20:55:01.0531 0552        fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

20:55:01.0531 0552        fssfltr - ok

20:55:02.0062 0552        fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe

20:55:03.0375 0552        fsssvc - ok

20:55:04.0250 0552        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:55:04.0421 0552        Fs_Rec - ok

20:55:05.0671 0552        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:55:05.0906 0552        Ftdisk - ok

20:55:06.0765 0552        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:55:06.0781 0552        GEARAspiWDM - ok

20:55:07.0187 0552        ggflt           (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys

20:55:07.0203 0552        ggflt - ok

20:55:07.0718 0552        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

20:55:07.0750 0552        ggsemc - ok

20:55:08.0187 0552        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:55:08.0375 0552        Gpc - ok

20:55:08.0515 0552        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

20:55:08.0515 0552        gupdate - ok

20:55:08.0593 0552        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

20:55:08.0609 0552        gupdatem - ok

20:55:08.0734 0552        gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

20:55:08.0812 0552        gusvc - ok

20:55:09.0578 0552        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:55:10.0406 0552        HDAudBus - ok

20:55:10.0625 0552        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:55:10.0734 0552        helpsvc - ok

20:55:11.0125 0552        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

20:55:11.0250 0552        HidServ - ok

20:55:11.0671 0552        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:55:11.0796 0552        hidusb - ok

20:55:12.0203 0552        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

20:55:12.0359 0552        hkmsvc - ok

20:55:12.0765 0552        hpn - ok

20:55:12.0984 0552        hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

20:55:13.0015 0552        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

20:55:13.0015 0552        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

20:55:13.0187 0552        hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

20:55:13.0203 0552        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

20:55:13.0203 0552        hpqddsvc - detected UnsignedFile.Multi.Generic (1)

20:55:13.0609 0552        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

20:55:13.0843 0552        HPZid412 - ok

20:55:14.0218 0552        HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

20:55:14.0265 0552        HPZipr12 - ok

20:55:14.0718 0552        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

20:55:14.0781 0552        HPZius12 - ok

20:55:15.0609 0552        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:55:15.0687 0552        HTTP - ok

20:55:16.0531 0552        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

20:55:17.0046 0552        HTTPFilter - ok

20:55:18.0187 0552        i2omgmt - ok

20:55:18.0640 0552        i2omp - ok

20:55:19.0578 0552        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:55:19.0984 0552        i8042prt - ok

20:55:24.0703 0552        ialm            (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

20:55:34.0546 0552        ialm - ok

20:55:37.0484 0552        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:55:40.0265 0552        idsvc - ok

20:55:41.0250 0552        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:55:41.0484 0552        Imapi - ok

20:55:42.0406 0552        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

20:55:42.0531 0552        ImapiService - ok

20:55:42.0968 0552        ini910u - ok

20:55:48.0500 0552        IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:55:51.0359 0552        IntcAzAudAddService - ok

20:55:52.0062 0552        IntelIde - ok

20:55:53.0031 0552        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:55:53.0156 0552        intelppm - ok

20:55:54.0078 0552        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:55:54.0234 0552        Ip6Fw - ok

20:55:54.0656 0552        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:55:54.0765 0552        IpFilterDriver - ok

20:55:55.0187 0552        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:55:55.0343 0552        IpInIp - ok

20:55:55.0828 0552        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:55:55.0968 0552        IpNat - ok

20:55:56.0468 0552        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe

20:55:56.0703 0552        iPod Service - ok

20:55:57.0140 0552        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:55:57.0375 0552        IPSec - ok

20:55:57.0796 0552        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:55:57.0921 0552        IRENUM - ok

20:55:58.0453 0552        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:55:58.0625 0552        isapnp - ok

20:55:58.0796 0552        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

20:55:58.0812 0552        JavaQuickStarterService - ok

20:55:59.0437 0552        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:55:59.0687 0552        Kbdclass - ok

20:56:00.0093 0552        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:56:00.0265 0552        kbdhid - ok

20:56:01.0031 0552        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:56:01.0187 0552        kmixer - ok

20:56:01.0640 0552        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:56:01.0781 0552        KSecDD - ok

20:56:02.0187 0552        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

20:56:02.0250 0552        lanmanserver - ok

20:56:02.0671 0552        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

20:56:02.0750 0552        lanmanworkstation - ok

20:56:03.0125 0552        lbrtfdc - ok

20:56:03.0500 0552        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

20:56:03.0640 0552        LmHosts - ok

20:56:04.0093 0552        lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

20:56:04.0187 0552        lvpopflt - ok

20:56:04.0593 0552        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys

20:56:04.0609 0552        LVPr2Mon - ok

20:56:04.0843 0552        LVPrcSrv        (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe

20:56:04.0859 0552        LVPrcSrv - ok

20:56:05.0546 0552        LVRS            (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys

20:56:05.0578 0552        LVRS - ok

20:56:11.0234 0552        LVUVC           (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

20:56:18.0968 0552        LVUVC - ok

20:56:20.0265 0552        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

20:56:20.0453 0552        MBAMProtector - ok

20:56:21.0625 0552        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

20:56:22.0078 0552        MBAMService - ok

20:56:22.0671 0552        MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

20:56:22.0703 0552        MDM - ok

20:56:23.0125 0552        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

20:56:23.0375 0552        Messenger - ok

20:56:23.0968 0552        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:56:24.0093 0552        mnmdd - ok

20:56:24.0625 0552        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

20:56:24.0781 0552        mnmsrvc - ok

20:56:25.0250 0552        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

20:56:25.0484 0552        Modem - ok

20:56:26.0515 0552        Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

20:56:27.0843 0552        Monfilt - ok

20:56:28.0406 0552        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:56:28.0562 0552        Mouclass - ok

20:56:28.0968 0552        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:56:29.0109 0552        mouhid - ok

20:56:29.0625 0552        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:56:29.0812 0552        MountMgr - ok

20:56:30.0156 0552        MpKsl1f947b4b - ok

20:56:30.0640 0552        mraid35x - ok

20:56:31.0093 0552        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:56:31.0359 0552        MRxDAV - ok

20:56:31.0953 0552        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:56:32.0421 0552        MRxSmb - ok

20:56:32.0796 0552        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

20:56:32.0937 0552        MSDTC - ok

20:56:33.0390 0552        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:56:33.0546 0552        Msfs - ok

20:56:33.0859 0552        MSIServer - ok

20:56:34.0265 0552        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:56:34.0437 0552        MSKSSRV - ok

20:56:34.0843 0552        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:56:34.0984 0552        MSPCLOCK - ok

20:56:35.0500 0552        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:56:35.0671 0552        MSPQM - ok

20:56:36.0093 0552        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:56:36.0234 0552        mssmbios - ok

20:56:36.0687 0552        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:56:36.0859 0552        MSTEE - ok

20:56:37.0359 0552        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:56:37.0468 0552        Mup - ok

20:56:37.0906 0552        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:56:38.0093 0552        NABTSFEC - ok

20:56:38.0609 0552        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

20:56:38.0921 0552        napagent - ok

20:56:39.0437 0552        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:56:39.0671 0552        NDIS - ok

20:56:40.0078 0552        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:56:40.0265 0552        NdisIP - ok

20:56:40.0703 0552        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:56:40.0781 0552        NdisTapi - ok

20:56:41.0203 0552        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:56:41.0406 0552        Ndisuio - ok

20:56:41.0843 0552        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:56:42.0031 0552        NdisWan - ok

20:56:42.0453 0552        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:56:42.0546 0552        NDProxy - ok

20:56:42.0937 0552        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

20:56:42.0953 0552        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

20:56:42.0953 0552        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

20:56:43.0359 0552        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:56:43.0531 0552        NetBIOS - ok

20:56:44.0000 0552        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:56:44.0250 0552        NetBT - ok

20:56:44.0671 0552        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

20:56:44.0890 0552        NetDDE - ok

20:56:44.0953 0552        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

20:56:45.0078 0552        NetDDEdsdm - ok

20:56:45.0453 0552        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:56:45.0593 0552        Netlogon - ok

20:56:46.0031 0552        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

20:56:46.0187 0552        Netman - ok

20:56:46.0468 0552        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:56:46.0578 0552        NetTcpPortSharing - ok

20:56:47.0031 0552        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

20:56:47.0078 0552        Nla - ok

20:56:47.0515 0552        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:56:47.0687 0552        Npfs - ok

20:56:48.0328 0552        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:56:48.0906 0552        Ntfs - ok

20:56:49.0281 0552        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:56:49.0421 0552        NtLmSsp - ok

20:56:49.0937 0552        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

20:56:50.0453 0552        NtmsSvc - ok

20:56:50.0859 0552        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:56:50.0984 0552        Null - ok

20:56:51.0484 0552        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:56:51.0656 0552        NwlnkFlt - ok

20:56:52.0062 0552        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:56:52.0265 0552        NwlnkFwd - ok

20:56:52.0703 0552        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

20:56:52.0906 0552        Parport - ok

20:56:53.0390 0552        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:56:53.0609 0552        PartMgr - ok

20:56:54.0015 0552        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

20:56:54.0171 0552        ParVdm - ok

20:56:54.0609 0552        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

20:56:54.0796 0552        PCI - ok

20:56:55.0187 0552        PCIDump - ok

20:56:55.0609 0552        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:56:55.0765 0552        PCIIde - ok

20:56:56.0250 0552        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:56:56.0468 0552        Pcmcia - ok

20:56:56.0859 0552        PDCOMP - ok

20:56:57.0234 0552        PDFRAME - ok

20:56:57.0656 0552        PDRELI - ok

20:56:58.0015 0552        PDRFRAME - ok

20:56:58.0421 0552        perc2 - ok

20:56:58.0796 0552        perc2hib - ok

20:56:59.0203 0552        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

20:56:59.0234 0552        PlugPlay - ok

20:56:59.0625 0552        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

20:56:59.0640 0552        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

20:56:59.0640 0552        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

20:57:00.0015 0552        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:57:00.0125 0552        PolicyAgent - ok

20:57:00.0593 0552        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:57:00.0796 0552        PptpMiniport - ok

20:57:01.0156 0552        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:57:01.0281 0552        ProtectedStorage - ok

20:57:01.0750 0552        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:57:01.0968 0552        PSched - ok

20:57:02.0390 0552        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:57:02.0531 0552        Ptilink - ok

20:57:02.0937 0552        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:57:02.0984 0552        PxHelp20 - ok

20:57:03.0359 0552        ql1080 - ok

20:57:03.0750 0552        Ql10wnt - ok

20:57:04.0125 0552        ql12160 - ok

20:57:04.0515 0552        ql1240 - ok

20:57:04.0875 0552        ql1280 - ok

20:57:05.0281 0552        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:57:05.0453 0552        RasAcd - ok

20:57:05.0843 0552        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

20:57:06.0062 0552        RasAuto - ok

20:57:06.0578 0552        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:57:06.0765 0552        Rasl2tp - ok

20:57:07.0187 0552        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

20:57:07.0390 0552        RasMan - ok

20:57:07.0828 0552        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:57:08.0000 0552        RasPppoe - ok

20:57:08.0406 0552        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:57:08.0578 0552        Raspti - ok

20:57:09.0062 0552        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:57:09.0343 0552        Rdbss - ok

20:57:09.0750 0552        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:57:09.0890 0552        RDPCDD - ok

20:57:10.0421 0552        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:57:10.0687 0552        rdpdr - ok

20:57:11.0156 0552        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

20:57:11.0296 0552        RDPWD - ok

20:57:11.0718 0552        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

20:57:11.0953 0552        RDSessMgr - ok

20:57:12.0375 0552        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:57:12.0562 0552        redbook - ok

20:57:12.0953 0552        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

20:57:13.0140 0552        RemoteAccess - ok

20:57:13.0609 0552        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

20:57:13.0750 0552        RemoteRegistry - ok

20:57:14.0156 0552        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

20:57:14.0343 0552        RpcLocator - ok

20:57:14.0890 0552        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

20:57:15.0062 0552        RpcSs - ok

20:57:15.0500 0552        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

20:57:15.0750 0552        RSVP - ok

20:57:16.0218 0552        RTLE8023xp      (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

20:57:16.0453 0552        RTLE8023xp - ok

20:57:16.0953 0552        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys

20:57:17.0093 0552        s1018bus - ok

20:57:17.0500 0552        s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys

20:57:17.0515 0552        s1018mdfl - ok

20:57:17.0984 0552        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys

20:57:18.0046 0552        s1018mdm - ok

20:57:18.0500 0552        s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys

20:57:18.0703 0552        s1018mgmt - ok

20:57:19.0109 0552        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys

20:57:19.0140 0552        s1018nd5 - ok

20:57:19.0593 0552        s1018obex       (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys

20:57:19.0671 0552        s1018obex - ok

20:57:20.0125 0552        s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys

20:57:20.0203 0552        s1018unic - ok

20:57:20.0671 0552        s115bus         (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys

20:57:20.0734 0552        s115bus - ok

20:57:21.0156 0552        s115mdfl        (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys

20:57:21.0187 0552        s115mdfl - ok

20:57:21.0640 0552        s115mdm         (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys

20:57:21.0703 0552        s115mdm - ok

20:57:22.0218 0552        s115mgmt        (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys

20:57:22.0375 0552        s115mgmt - ok

20:57:23.0875 0552        s115obex        (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys

20:57:24.0062 0552        s115obex - ok

20:57:26.0000 0552        s125bus         (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys

20:57:26.0078 0552        s125bus - ok

20:57:27.0656 0552        s125mdfl        (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys

20:57:28.0093 0552        s125mdfl - ok

20:57:29.0875 0552        s125mdm         (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys

20:57:30.0031 0552        s125mdm - ok

20:57:31.0828 0552        s125mgmt        (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys

20:57:31.0890 0552        s125mgmt - ok

20:57:33.0000 0552        s125obex        (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys

20:57:33.0062 0552        s125obex - ok

20:57:33.0796 0552        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

20:57:33.0921 0552        SamSs - ok

20:57:34.0687 0552        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

20:57:34.0921 0552        SCardSvr - ok

20:57:35.0562 0552        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

20:57:35.0781 0552        Schedule - ok

20:57:36.0218 0552        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:57:36.0390 0552        Secdrv - ok

20:57:36.0750 0552        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

20:57:36.0921 0552        seclogon - ok

20:57:37.0500 0552        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

20:57:37.0671 0552        SENS - ok

20:57:38.0093 0552        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:57:38.0281 0552        serenum - ok

20:57:38.0718 0552        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

20:57:38.0921 0552        Serial - ok

20:57:39.0359 0552        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:57:39.0515 0552        Sfloppy - ok

20:57:40.0046 0552        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

20:57:40.0390 0552        SharedAccess - ok

20:57:40.0812 0552        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

20:57:40.0859 0552        ShellHWDetection - ok

20:57:41.0234 0552        Simbad - ok

20:57:41.0687 0552        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:57:41.0859 0552        SLIP - ok

20:57:42.0343 0552        Sparrow - ok

20:57:42.0750 0552        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:57:42.0921 0552        splitter - ok

20:57:43.0296 0552        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

20:57:43.0359 0552        Spooler - ok

20:57:44.0046 0552        sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

20:57:44.0046 0552        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

20:57:44.0046 0552        sptd ( LockedFile.Multi.Generic ) - warning

20:57:44.0046 0552        sptd - detected LockedFile.Multi.Generic (1)

20:57:44.0593 0552        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

20:57:44.0796 0552        sr - ok

20:57:45.0328 0552        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

20:57:45.0453 0552        srservice - ok

20:57:46.0015 0552        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:57:46.0421 0552        Srv - ok

20:57:46.0812 0552        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

20:57:46.0953 0552        SSDPSRV - ok

20:57:47.0500 0552        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

20:57:47.0515 0552        ssmdrv - ok

20:57:48.0046 0552        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

20:57:48.0468 0552        stisvc - ok

20:57:48.0906 0552        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:57:49.0093 0552        streamip - ok

20:57:49.0562 0552        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:57:49.0734 0552        swenum - ok

20:57:50.0156 0552        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:57:50.0421 0552        swmidi - ok

20:57:50.0781 0552        SwPrv - ok

20:57:51.0500 0552        symc810 - ok

20:57:51.0875 0552        symc8xx - ok

20:57:52.0312 0552        sym_hi - ok

20:57:52.0687 0552        sym_u3 - ok

20:57:53.0125 0552        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:57:53.0343 0552        sysaudio - ok

20:57:53.0750 0552        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

20:57:53.0953 0552        SysmonLog - ok

20:57:54.0546 0552        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

20:57:54.0734 0552        TapiSrv - ok

20:57:55.0406 0552        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS

20:57:55.0750 0552        Tcpip - ok

20:57:56.0187 0552        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:57:56.0375 0552        TDPIPE - ok

20:57:56.0796 0552        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:57:56.0984 0552        TDTCP - ok

20:57:57.0484 0552        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:57:57.0687 0552        TermDD - ok

20:57:58.0187 0552        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

20:57:58.0468 0552        TermService - ok

20:57:58.0875 0552        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

20:57:58.0906 0552        Themes - ok

20:57:59.0281 0552        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

20:57:59.0468 0552        TlntSvr - ok

20:57:59.0859 0552        TosIde - ok

20:58:00.0234 0552        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

20:58:00.0390 0552        TrkWks - ok

20:58:00.0812 0552        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:58:01.0015 0552        Udfs - ok

20:58:01.0437 0552        ultra - ok

20:58:02.0000 0552        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:58:02.0609 0552        Update - ok

20:58:03.0046 0552        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

20:58:03.0328 0552        upnphost - ok

20:58:03.0765 0552        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

20:58:03.0937 0552        UPS - ok

20:58:04.0375 0552        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

20:58:04.0562 0552        usbaudio - ok

20:58:04.0968 0552        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:58:05.0156 0552        usbccgp - ok

20:58:05.0609 0552        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:58:05.0781 0552        usbehci - ok

20:58:06.0218 0552        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:58:06.0421 0552        usbhub - ok

20:58:06.0843 0552        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:58:07.0031 0552        usbprint - ok

20:58:07.0468 0552        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:58:07.0640 0552        usbscan - ok

20:58:08.0062 0552        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

20:58:08.0234 0552        usbser - ok

20:58:08.0687 0552        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:58:08.0875 0552        USBSTOR - ok

20:58:09.0296 0552        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:58:09.0468 0552        usbuhci - ok

20:58:09.0906 0552        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

20:58:10.0125 0552        usbvideo - ok

20:58:10.0546 0552        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:58:10.0718 0552        VgaSave - ok

20:58:11.0109 0552        ViaIde - ok

20:58:11.0531 0552        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

20:58:11.0718 0552        VolSnap - ok

20:58:12.0203 0552        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

20:58:12.0515 0552        VSS - ok

20:58:12.0984 0552        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

20:58:13.0156 0552        W32Time - ok

20:58:13.0578 0552        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:58:13.0765 0552        Wanarp - ok

20:58:14.0390 0552        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

20:58:14.0781 0552        Wdf01000 - ok

20:58:15.0187 0552        WDICA - ok

20:58:15.0640 0552        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:58:15.0828 0552        wdmaud - ok

20:58:16.0234 0552        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

20:58:16.0406 0552        WebClient - ok

20:58:16.0843 0552        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

20:58:17.0000 0552        winmgmt - ok

20:58:17.0406 0552        WmdmPmSN        (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

20:58:17.0593 0552        WmdmPmSN - ok

20:58:18.0218 0552        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

20:58:18.0500 0552        Wmi - ok

20:58:18.0921 0552        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:58:19.0125 0552        WmiApSrv - ok

20:58:19.0734 0552        WMPNetworkSvc   (d3dbd6e76f4be9bee67eb631488b5f29) C:\Programme\Windows Media Player\WMPNetwk.exe

20:58:20.0703 0552        WMPNetworkSvc - ok

20:58:21.0187 0552        WpdUsb          (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

20:58:21.0265 0552        WpdUsb - ok

20:58:21.0656 0552        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

20:58:21.0828 0552        wscsvc - ok

20:58:22.0171 0552        WSearch - ok

20:58:22.0593 0552        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:58:22.0781 0552        WSTCODEC - ok

20:58:23.0140 0552        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

20:58:23.0359 0552        wuauserv - ok

20:58:23.0796 0552        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:58:23.0906 0552        WudfPf - ok

20:58:24.0375 0552        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:58:24.0453 0552        WudfRd - ok

20:58:24.0843 0552        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

20:58:24.0890 0552        WudfSvc - ok

20:58:25.0453 0552        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

20:58:25.0859 0552        WZCSVC - ok

20:58:26.0265 0552        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

20:58:26.0500 0552        xmlprov - ok

20:58:26.0890 0552        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

20:58:27.0421 0552        \Device\Harddisk0\DR0 - ok

20:58:27.0421 0552        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2

20:58:27.0593 0552        \Device\Harddisk1\DR2 - ok

20:58:27.0609 0552        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR3

20:58:27.0750 0552        \Device\Harddisk2\DR3 - ok

20:58:27.0859 0552        Boot (0x1200)   (c26e33a19b326a21b3bdfabf27f1031c) \Device\Harddisk0\DR0\Partition0

20:58:27.0859 0552        \Device\Harddisk0\DR0\Partition0 - ok

20:58:27.0859 0552        Boot (0x1200)   (afa5273584d158ddd2c8bc72c1aee70f) \Device\Harddisk1\DR2\Partition0

20:58:27.0859 0552        \Device\Harddisk1\DR2\Partition0 - ok

20:58:27.0875 0552        Boot (0x1200)   (cacc095ab2ebfa29e6482702ec7448d7) \Device\Harddisk2\DR3\Partition0

20:58:27.0875 0552        \Device\Harddisk2\DR3\Partition0 - ok

20:58:27.0875 0552        ============================================================

20:58:27.0875 0552        Scan finished

20:58:27.0875 0552        ============================================================

20:58:27.0984 2360        Detected object count: 5

20:58:27.0984 2360        Actual detected object count: 5

21:16:30.0265 2360        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:16:30.0265 2360        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:16:30.0265 2360        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:16:30.0265 2360        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:16:30.0265 2360        sptd ( LockedFile.Multi.Generic ) - skipped by user

21:16:30.0265 2360        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

21:16:32.0859 2312        Deinitialize success

Grüße Simone

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:56:12 on 01.04.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 11.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"a844jgqb" (a844jgqb) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a844jgqb.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Mone\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"MpKsl1f947b4b" (MpKsl1f947b4b) - ? - C:\WINDOWS\system32\MpEngineStore\MpKsl1f947b4b.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll

{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Mone\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe

"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"

"LWS" - "Logitech Inc." - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe -hide

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll

"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/code]

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-01 21:56:55

-----------------------------

21:56:55.328    OS Version: Windows 5.1.2600 Service Pack 3

21:56:55.328    Number of processors: 2 586 0x170A

21:56:55.328    ComputerName: PUPPSIE  UserName: Mone

21:56:57.125    Initialize success

21:59:07.734    AVAST engine defs: 12040101

21:59:35.078    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

21:59:35.078    Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3

21:59:35.078    Disk 0 MBR read successfully

21:59:35.078    Disk 0 MBR scan

21:59:35.171    Disk 0 Windows XP default MBR code

21:59:35.265    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63

21:59:35.656    Disk 0 scanning sectors +156280320

21:59:35.890    Disk 0 scanning C:\WINDOWS\system32\drivers

22:00:14.453    Service scanning

22:01:22.250    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

22:01:34.578    Modules scanning

22:02:45.203    Disk 0 trace - called modules:

22:02:45.203    ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spou.sys >>UNKNOWN [0x8a934938]<<

22:02:45.203    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8e8ab8]

22:02:45.203    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a8a2f18]

22:02:45.218    5 ACPI.sys[f74a2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a8ec940]

22:02:48.906    AVAST engine scan C:\WINDOWS

22:03:37.359    AVAST engine scan C:\WINDOWS\system32

22:13:19.484    AVAST engine scan C:\WINDOWS\system32\drivers

22:14:03.171    AVAST engine scan C:\Dokumente und Einstellungen\Mone

22:33:34.859    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Mone\Desktop\MBR.dat"

22:33:34.906    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Mone\Desktop\aswMBR.txt"

Grüße simone