Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe zur Entfernung des "Live Security Platinum" Trojaners (https://www.trojaner-board.de/121008-hilfe-entfernung-live-security-platinum-trojaners.html)

cosinus 13.08.2012 18:20
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

MikeP 13.08.2012 22:32
OK, habe den TDSSKiller ausgeführt wie beschrieben, hier das Log.

Code:
23:24:22.0531 1408        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:24:23.0078 1408        ============================================================
23:24:23.0093 1408        Current date / time: 2012/08/13 23:24:23.0078
23:24:23.0093 1408        SystemInfo:
23:24:23.0093 1408       
23:24:23.0093 1408        OS Version: 5.1.2600 ServicePack: 3.0
23:24:23.0093 1408        Product type: Workstation
23:24:23.0093 1408        ComputerName: DEEPBLUE
23:24:23.0093 1408        UserName: Michael
23:24:23.0093 1408        Windows directory: C:\WINDOWS
23:24:23.0093 1408        System windows directory: C:\WINDOWS
23:24:23.0093 1408        Processor architecture: Intel x86
23:24:23.0093 1408        Number of processors: 2
23:24:23.0093 1408        Page size: 0x1000
23:24:23.0093 1408        Boot type: Normal boot
23:24:23.0093 1408        ============================================================
23:24:23.0968 1408        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:24:23.0984 1408        Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:24:24.0015 1408        ============================================================
23:24:24.0015 1408        \Device\Harddisk0\DR0:
23:24:24.0015 1408        MBR partitions:
23:24:24.0015 1408        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x963084C
23:24:24.0031 1408        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96308CA, BlocksNum 0x186A62DB
23:24:24.0062 1408        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x21CD6BE4, BlocksNum 0x186AA19C
23:24:24.0062 1408        \Device\Harddisk1\DR1:
23:24:24.0062 1408        MBR partitions:
23:24:24.0062 1408        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:24:24.0062 1408        ============================================================
23:24:24.0093 1408        C: <-> \Device\Harddisk0\DR0\Partition0
23:24:24.0140 1408        D: <-> \Device\Harddisk0\DR0\Partition1
23:24:24.0187 1408        E: <-> \Device\Harddisk0\DR0\Partition2
23:24:24.0218 1408        H: <-> \Device\Harddisk1\DR1\Partition0
23:24:24.0218 1408        ============================================================
23:24:24.0218 1408        Initialize success
23:24:24.0218 1408        ============================================================
23:25:34.0328 3516        ============================================================
23:25:34.0328 3516        Scan started
23:25:34.0328 3516        Mode: Manual; SigCheck; TDLFS;
23:25:34.0328 3516        ============================================================
23:25:34.0468 3516        Abiosdsk - ok
23:25:34.0468 3516        abp480n5 - ok
23:25:34.0500 3516        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:25:35.0421 3516        ACPI - ok
23:25:35.0453 3516        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:25:35.0546 3516        ACPIEC - ok
23:25:35.0609 3516        AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
23:25:35.0625 3516        AdobeActiveFileMonitor7.0 - ok
23:25:35.0671 3516        AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:25:35.0687 3516        AdobeFlashPlayerUpdateSvc - ok
23:25:35.0687 3516        adpu160m - ok
23:25:35.0703 3516        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:25:35.0765 3516        aec - ok
23:25:35.0796 3516        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:25:35.0843 3516        AFD - ok
23:25:35.0843 3516        Aha154x - ok
23:25:35.0843 3516        aic78u2 - ok
23:25:35.0859 3516        aic78xx - ok
23:25:35.0890 3516        aksfridge      (730e9d3bb324fb1899005aea63c6782d) C:\WINDOWS\system32\drivers\aksfridge.sys
23:25:35.0921 3516        aksfridge - ok
23:25:35.0953 3516        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
23:25:36.0015 3516        Alerter - ok
23:25:36.0031 3516        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
23:25:36.0093 3516        ALG - ok
23:25:36.0093 3516        AliIde - ok
23:25:36.0093 3516        amsint - ok
23:25:36.0140 3516        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
23:25:36.0140 3516        AntiVirSchedulerService - ok
23:25:36.0171 3516        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
23:25:36.0187 3516        AntiVirService - ok
23:25:36.0187 3516        AppMgmt - ok
23:25:36.0187 3516        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:25:36.0265 3516        Arp1394 - ok
23:25:36.0265 3516        asc - ok
23:25:36.0265 3516        asc3350p - ok
23:25:36.0265 3516        asc3550 - ok
23:25:36.0296 3516        Aspi32          (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
23:25:36.0312 3516        Aspi32 ( UnsignedFile.Multi.Generic ) - warning
23:25:36.0312 3516        Aspi32 - detected UnsignedFile.Multi.Generic (1)
23:25:36.0359 3516        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:25:36.0421 3516        aspnet_state - ok
23:25:36.0437 3516        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:25:36.0500 3516        AsyncMac - ok
23:25:36.0515 3516        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:25:36.0578 3516        atapi - ok
23:25:36.0578 3516        Atdisk - ok
23:25:36.0609 3516        atksgt          (5b80e84af6b02ecab72dae9afee06309) C:\WINDOWS\system32\DRIVERS\atksgt.sys
23:25:36.0609 3516        atksgt ( UnsignedFile.Multi.Generic ) - warning
23:25:36.0609 3516        atksgt - detected UnsignedFile.Multi.Generic (1)
23:25:36.0640 3516        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:25:36.0687 3516        Atmarpc - ok
23:25:36.0718 3516        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
23:25:36.0781 3516        AudioSrv - ok
23:25:36.0796 3516        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:25:36.0859 3516        audstub - ok
23:25:36.0875 3516        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:25:36.0937 3516        avgntflt - ok
23:25:36.0968 3516        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:25:36.0968 3516        avipbb - ok
23:25:36.0968 3516        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:25:36.0984 3516        avkmgr - ok
23:25:37.0046 3516        AVM WLAN Connection Service (55bdaf9d7ede7eebd99b068546ed9c1a) C:\Programme\avmwlanstick\WlanNetService.exe
23:25:37.0062 3516        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
23:25:37.0062 3516        AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
23:25:37.0078 3516        avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
23:25:37.0078 3516        avmeject ( UnsignedFile.Multi.Generic ) - warning
23:25:37.0078 3516        avmeject - detected UnsignedFile.Multi.Generic (1)
23:25:37.0093 3516        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:25:37.0156 3516        Beep - ok
23:25:37.0171 3516        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
23:25:37.0250 3516        Browser - ok
23:25:37.0265 3516        C-DillaCdaC11BA (3de014dfc14e8530f3a85572e2763446) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
23:25:37.0265 3516        C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - warning
23:25:37.0265 3516        C-DillaCdaC11BA - detected UnsignedFile.Multi.Generic (1)
23:25:37.0281 3516        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:25:37.0359 3516        cbidf2k - ok
23:25:37.0390 3516        CBN            (946595da193c5b49062fdf23bde5c764) C:\WINDOWS\System32\Drivers\CBN.SYS
23:25:37.0390 3516        CBN ( UnsignedFile.Multi.Generic ) - warning
23:25:37.0390 3516        CBN - detected UnsignedFile.Multi.Generic (1)
23:25:37.0390 3516        cd20xrnt - ok
23:25:37.0406 3516        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:25:37.0468 3516        Cdaudio - ok
23:25:37.0484 3516        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:25:37.0546 3516        Cdfs - ok
23:25:37.0578 3516        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:25:37.0640 3516        Cdrom - ok
23:25:37.0640 3516        Changer - ok
23:25:37.0656 3516        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
23:25:37.0718 3516        CiSvc - ok
23:25:37.0734 3516        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
23:25:37.0796 3516        ClipSrv - ok
23:25:37.0843 3516        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:25:37.0906 3516        clr_optimization_v2.0.50727_32 - ok
23:25:37.0953 3516        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:25:37.0968 3516        clr_optimization_v4.0.30319_32 - ok
23:25:37.0968 3516        CmdIde - ok
23:25:37.0968 3516        COMSysApp - ok
23:25:37.0968 3516        Cpqarray - ok
23:25:37.0984 3516        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
23:25:38.0046 3516        CryptSvc - ok
23:25:38.0062 3516        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
23:25:38.0078 3516        CVirtA - ok
23:25:38.0078 3516        dac2w2k - ok
23:25:38.0078 3516        dac960nt - ok
23:25:38.0125 3516        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:25:38.0156 3516        DcomLaunch - ok
23:25:38.0171 3516        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
23:25:38.0250 3516        Dhcp - ok
23:25:38.0281 3516        DigiCellDriver  (ca2c652f167da4271ba6b34c6255f159) C:\Programme\MSI\DualCoreCenter\NTGLM7X.sys
23:25:38.0296 3516        DigiCellDriver ( UnsignedFile.Multi.Generic ) - warning
23:25:38.0296 3516        DigiCellDriver - detected UnsignedFile.Multi.Generic (1)
23:25:38.0343 3516        DirMngr        (4f26bb00747d41e7c0fe8ebb2900f862) C:\Programme\GNU\GnuPG\dirmngr.exe
23:25:38.0359 3516        DirMngr ( UnsignedFile.Multi.Generic ) - warning
23:25:38.0359 3516        DirMngr - detected UnsignedFile.Multi.Generic (1)
23:25:38.0375 3516        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:25:38.0421 3516        Disk - ok
23:25:38.0437 3516        dmadmin - ok
23:25:38.0468 3516        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:25:38.0546 3516        dmboot - ok
23:25:38.0562 3516        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:25:38.0640 3516        dmio - ok
23:25:38.0656 3516        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:25:38.0718 3516        dmload - ok
23:25:38.0734 3516        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
23:25:38.0812 3516        dmserver - ok
23:25:38.0812 3516        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:25:38.0875 3516        DMusic - ok
23:25:38.0906 3516        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
23:25:38.0968 3516        Dnscache - ok
23:25:38.0984 3516        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
23:25:39.0062 3516        Dot3svc - ok
23:25:39.0093 3516        dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
23:25:39.0156 3516        dot4 - ok
23:25:39.0171 3516        Dot4Print      (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
23:25:39.0234 3516        Dot4Print - ok
23:25:39.0234 3516        dot4usb        (29e86af2f3457d0441348020fe3cfbd0) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
23:25:39.0296 3516        dot4usb - ok
23:25:39.0296 3516        dpti2o - ok
23:25:39.0312 3516        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:25:39.0375 3516        drmkaud - ok
23:25:39.0406 3516        DT T-Sinus 130data(R) (2136cd5ed0f09bdf2abb45b5ae8b6ed7) C:\WINDOWS\system32\DRIVERS\dtusbxp.sys
23:25:39.0406 3516        DT T-Sinus 130data(R) ( UnsignedFile.Multi.Generic ) - warning
23:25:39.0406 3516        DT T-Sinus 130data(R) - detected UnsignedFile.Multi.Generic (1)
23:25:39.0421 3516        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
23:25:39.0484 3516        EapHost - ok
23:25:39.0500 3516        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
23:25:39.0562 3516        ERSvc - ok
23:25:39.0593 3516        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:25:39.0609 3516        Eventlog - ok
23:25:39.0640 3516        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
23:25:39.0687 3516        EventSystem - ok
23:25:39.0718 3516        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:25:39.0781 3516        Fastfat - ok
23:25:39.0812 3516        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:25:39.0843 3516        FastUserSwitchingCompatibility - ok
23:25:39.0859 3516        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:25:39.0906 3516        Fdc - ok
23:25:39.0921 3516        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:25:39.0984 3516        Fips - ok
23:25:40.0046 3516        FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:25:40.0062 3516        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:25:40.0062 3516        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:25:40.0062 3516        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:25:40.0125 3516        Flpydisk - ok
23:25:40.0140 3516        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:25:40.0203 3516        FltMgr - ok
23:25:40.0250 3516        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:25:40.0265 3516        FontCache3.0.0.0 - ok
23:25:40.0265 3516        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:25:40.0328 3516        Fs_Rec - ok
23:25:40.0359 3516        FTDIBUS        (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
23:25:40.0359 3516        FTDIBUS - ok
23:25:40.0359 3516        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:25:40.0437 3516        Ftdisk - ok
23:25:40.0453 3516        FTSER2K        (a14a1f4bb391df9c233cb5dbd05feb70) C:\WINDOWS\system32\drivers\ftser2k.sys
23:25:40.0453 3516        FTSER2K - ok
23:25:40.0484 3516        FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
23:25:40.0515 3516        FWLANUSB - ok
23:25:40.0515 3516        GMSIPCI - ok
23:25:40.0531 3516        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:25:40.0593 3516        Gpc - ok
23:25:40.0640 3516        hardlock        (a9d587e31dbee3e9bd97fefece0ba874) C:\WINDOWS\system32\drivers\hardlock.sys
23:25:40.0656 3516        hardlock - ok
23:25:40.0656 3516        hasplms - ok
23:25:40.0687 3516        hcmon          (eebe6b4d6c95aede577af9a8060963c8) C:\WINDOWS\system32\Drivers\hcmon.sys
23:25:40.0687 3516        hcmon ( UnsignedFile.Multi.Generic ) - warning
23:25:40.0687 3516        hcmon - detected UnsignedFile.Multi.Generic (1)
23:25:40.0703 3516        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:25:40.0765 3516        HDAudBus - ok
23:25:40.0796 3516        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:25:40.0859 3516        helpsvc - ok
23:25:40.0859 3516        HidServ - ok
23:25:40.0875 3516        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:25:40.0937 3516        HidUsb - ok
23:25:40.0968 3516        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
23:25:41.0031 3516        hkmsvc - ok
23:25:41.0031 3516        hpn - ok
23:25:41.0062 3516        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:25:41.0109 3516        HTTP - ok
23:25:41.0125 3516        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
23:25:41.0203 3516        HTTPFilter - ok
23:25:41.0203 3516        i2omgmt - ok
23:25:41.0203 3516        i2omp - ok
23:25:41.0218 3516        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:25:41.0265 3516        i8042prt - ok
23:25:41.0359 3516        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:25:41.0390 3516        idsvc - ok
23:25:41.0437 3516        IGDCTRL        (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
23:25:41.0437 3516        IGDCTRL - ok
23:25:41.0453 3516        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:25:41.0515 3516        Imapi - ok
23:25:41.0531 3516        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
23:25:41.0609 3516        ImapiService - ok
23:25:41.0609 3516        ini910u - ok
23:25:41.0796 3516        IntcAzAudAddService (001aaca6ed0e6b00fc5b8faf74977e81) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:25:41.0921 3516        IntcAzAudAddService - ok
23:25:42.0046 3516        IntelIde - ok
23:25:42.0046 3516        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:25:42.0109 3516        intelppm - ok
23:25:42.0140 3516        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:25:42.0203 3516        Ip6Fw - ok
23:25:42.0234 3516        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:25:42.0296 3516        IpFilterDriver - ok
23:25:42.0312 3516        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:25:42.0390 3516        IpInIp - ok
23:25:42.0406 3516        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:25:42.0468 3516        IpNat - ok
23:25:42.0484 3516        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:25:42.0531 3516        IPSec - ok
23:25:42.0546 3516        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:25:42.0609 3516        IRENUM - ok
23:25:42.0625 3516        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:25:42.0687 3516        isapnp - ok
23:25:42.0750 3516        JavaQuickStarterService (890369aed0dde1a98f09f7dc239ca2bd) C:\Programme\Java\jre6\bin\jqs.exe
23:25:42.0765 3516        JavaQuickStarterService - ok
23:25:42.0765 3516        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:25:42.0828 3516        Kbdclass - ok
23:25:42.0828 3516        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:25:42.0890 3516        kbdhid - ok
23:25:42.0890 3516        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:25:42.0953 3516        kmixer - ok
23:25:42.0968 3516        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:25:43.0000 3516        KSecDD - ok
23:25:43.0031 3516        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
23:25:43.0078 3516        lanmanserver - ok
23:25:43.0093 3516        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
23:25:43.0109 3516        lanmanworkstation - ok
23:25:43.0125 3516        lbrtfdc - ok
23:25:43.0140 3516        LightScribeService (e75adcfafdef3f4c3af3332928d59926) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
23:25:43.0156 3516        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:25:43.0156 3516        LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:25:43.0171 3516        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
23:25:43.0187 3516        lirsgt ( UnsignedFile.Multi.Generic ) - warning
23:25:43.0187 3516        lirsgt - detected UnsignedFile.Multi.Generic (1)
23:25:43.0203 3516        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
23:25:43.0265 3516        LmHosts - ok
23:25:43.0281 3516        MBAMProtector  (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
23:25:43.0296 3516        MBAMProtector - ok
23:25:43.0343 3516        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
23:25:43.0359 3516        MBAMService - ok
23:25:43.0375 3516        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
23:25:43.0421 3516        Messenger - ok
23:25:43.0437 3516        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:25:43.0500 3516        mnmdd - ok
23:25:43.0531 3516        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
23:25:43.0593 3516        mnmsrvc - ok
23:25:43.0609 3516        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
23:25:43.0687 3516        Modem - ok
23:25:43.0703 3516        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:25:43.0765 3516        Mouclass - ok
23:25:43.0765 3516        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:25:43.0828 3516        MountMgr - ok
23:25:43.0875 3516        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:25:43.0890 3516        MozillaMaintenance - ok
23:25:43.0890 3516        mraid35x - ok
23:25:43.0906 3516        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:25:43.0968 3516        MRxDAV - ok
23:25:44.0000 3516        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:25:44.0031 3516        MRxSmb - ok
23:25:44.0062 3516        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
23:25:44.0109 3516        MSDTC - ok
23:25:44.0125 3516        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:25:44.0203 3516        Msfs - ok
23:25:44.0203 3516        MSICPL - ok
23:25:44.0203 3516        MSIServer - ok
23:25:44.0218 3516        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:25:44.0265 3516        MSKSSRV - ok
23:25:44.0281 3516        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:25:44.0328 3516        MSPCLOCK - ok
23:25:44.0359 3516        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:25:44.0437 3516        MSPQM - ok
23:25:44.0453 3516        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:25:44.0500 3516        mssmbios - ok
23:25:44.0515 3516        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:25:44.0546 3516        Mup - ok
23:25:44.0593 3516        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
23:25:44.0656 3516        napagent - ok
23:25:44.0671 3516        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:25:44.0734 3516        NDIS - ok
23:25:44.0765 3516        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:25:44.0781 3516        NdisTapi - ok
23:25:44.0812 3516        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:25:44.0875 3516        Ndisuio - ok
23:25:44.0890 3516        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:25:44.0953 3516        NdisWan - ok
23:25:44.0968 3516        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:25:45.0000 3516        NDProxy - ok
23:25:45.0015 3516        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:25:45.0078 3516        NetBIOS - ok
23:25:45.0093 3516        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:25:45.0156 3516        NetBT - ok
23:25:45.0171 3516        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:25:45.0234 3516        NetDDE - ok
23:25:45.0250 3516        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:25:45.0296 3516        NetDDEdsdm - ok
23:25:45.0312 3516        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:25:45.0390 3516        Netlogon - ok
23:25:45.0406 3516        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
23:25:45.0468 3516        Netman - ok
23:25:45.0562 3516        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:25:45.0578 3516        NetTcpPortSharing - ok
23:25:45.0609 3516        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:25:45.0671 3516        NIC1394 - ok
23:25:45.0703 3516        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
23:25:45.0734 3516        Nla - ok
23:25:45.0796 3516        NMIndexingService (d36107465e716cf2335a25c54b6d11c2) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
23:25:45.0812 3516        NMIndexingService - ok
23:25:45.0828 3516        nmwcd          (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
23:25:45.0890 3516        nmwcd - ok
23:25:45.0906 3516        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:25:45.0968 3516        Npfs - ok
23:25:45.0968 3516        NTACCESS - ok
23:25:46.0000 3516        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:25:46.0078 3516        Ntfs - ok
23:25:46.0093 3516        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:25:46.0156 3516        NtLmSsp - ok
23:25:46.0203 3516        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
23:25:46.0265 3516        NtmsSvc - ok
23:25:46.0296 3516        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:25:46.0359 3516        Null - ok
23:25:46.0593 3516        nv              (da63d1aa47da369c211452086992dfb4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:25:46.0781 3516        nv ( UnsignedFile.Multi.Generic ) - warning
23:25:46.0781 3516        nv - detected UnsignedFile.Multi.Generic (1)
23:25:46.0859 3516        NVSvc          (d537549216a2e6d12d02f498fcd974aa) C:\WINDOWS\system32\nvsvc32.exe
23:25:46.0859 3516        NVSvc ( UnsignedFile.Multi.Generic ) - warning
23:25:46.0859 3516        NVSvc - detected UnsignedFile.Multi.Generic (1)
23:25:46.0906 3516        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:25:46.0953 3516        NwlnkFlt - ok
23:25:46.0968 3516        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:25:47.0031 3516        NwlnkFwd - ok
23:25:47.0062 3516        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:25:47.0125 3516        ohci1394 - ok
23:25:47.0140 3516        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
23:25:47.0203 3516        Parport - ok
23:25:47.0203 3516        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:25:47.0265 3516        PartMgr - ok
23:25:47.0296 3516        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:25:47.0359 3516        ParVdm - ok
23:25:47.0375 3516        PCANDIS5        (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
23:25:47.0375 3516        PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
23:25:47.0375 3516        PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
23:25:47.0390 3516        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
23:25:47.0437 3516        PCI - ok
23:25:47.0437 3516        PCIDump - ok
23:25:47.0468 3516        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:25:47.0531 3516        PCIIde - ok
23:25:47.0546 3516        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:25:47.0625 3516        Pcmcia - ok
23:25:47.0625 3516        PDCOMP - ok
23:25:47.0625 3516        PDFRAME - ok
23:25:47.0625 3516        PDRELI - ok
23:25:47.0640 3516        PDRFRAME - ok
23:25:47.0640 3516        perc2 - ok
23:25:47.0640 3516        perc2hib - ok
23:25:47.0671 3516        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:25:47.0671 3516        PlugPlay - ok
23:25:47.0703 3516        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:25:47.0750 3516        PolicyAgent - ok
23:25:47.0765 3516        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:25:47.0828 3516        PptpMiniport - ok
23:25:47.0828 3516        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:25:47.0875 3516        ProtectedStorage - ok
23:25:47.0890 3516        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:25:47.0937 3516        PSched - ok
23:25:47.0953 3516        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:25:48.0015 3516        Ptilink - ok
23:25:48.0031 3516        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:25:48.0031 3516        PxHelp20 - ok
23:25:48.0046 3516        ql1080 - ok
23:25:48.0046 3516        Ql10wnt - ok
23:25:48.0046 3516        ql12160 - ok
23:25:48.0046 3516        ql1240 - ok
23:25:48.0046 3516        ql1280 - ok
23:25:48.0062 3516        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:25:48.0109 3516        RasAcd - ok
23:25:48.0125 3516        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
23:25:48.0187 3516        RasAuto - ok
23:25:48.0203 3516        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:25:48.0250 3516        Rasl2tp - ok
23:25:48.0281 3516        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
23:25:48.0343 3516        RasMan - ok
23:25:48.0343 3516        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:25:48.0406 3516        RasPppoe - ok
23:25:48.0406 3516        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:25:48.0468 3516        Raspti - ok
23:25:48.0484 3516        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:25:48.0546 3516        Rdbss - ok
23:25:48.0546 3516        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:25:48.0609 3516        RDPCDD - ok
23:25:48.0640 3516        RDPWD          (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:25:48.0671 3516        RDPWD - ok
23:25:48.0687 3516        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
23:25:48.0734 3516        RDSessMgr - ok
23:25:48.0765 3516        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:25:48.0812 3516        redbook - ok
23:25:48.0828 3516        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
23:25:48.0890 3516        RemoteAccess - ok
23:25:48.0906 3516        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
23:25:48.0968 3516        RpcLocator - ok
23:25:49.0000 3516        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:25:49.0015 3516        RpcSs - ok
23:25:49.0046 3516        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
23:25:49.0109 3516        RSVP - ok
23:25:49.0109 3516        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:25:49.0171 3516        SamSs - ok
23:25:49.0187 3516        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
23:25:49.0250 3516        SCardSvr - ok
23:25:49.0265 3516        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
23:25:49.0312 3516        Schedule - ok
23:25:49.0343 3516        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:25:49.0406 3516        Secdrv - ok
23:25:49.0406 3516        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
23:25:49.0468 3516        seclogon - ok
23:25:49.0484 3516        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
23:25:49.0546 3516        SENS - ok
23:25:49.0562 3516        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:25:49.0625 3516        serenum - ok
23:25:49.0625 3516        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
23:25:49.0687 3516        Serial - ok
23:25:49.0687 3516        SetupNTGLM7X - ok
23:25:49.0718 3516        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:25:49.0781 3516        Sfloppy - ok
23:25:49.0812 3516        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:25:49.0828 3516        ShellHWDetection - ok
23:25:49.0828 3516        Simbad - ok
23:25:49.0828 3516        Sparrow - ok
23:25:49.0843 3516        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:25:49.0906 3516        splitter - ok
23:25:49.0921 3516        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:25:49.0937 3516        Spooler - ok
23:25:49.0968 3516        Spyder3        (1c63fe706ab797bc3c24813ff969b4de) C:\WINDOWS\system32\DRIVERS\Spyder3.sys
23:25:49.0984 3516        Spyder3 - ok
23:25:50.0000 3516        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
23:25:50.0046 3516        sr - ok
23:25:50.0078 3516        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
23:25:50.0125 3516        srservice - ok
23:25:50.0140 3516        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:25:50.0171 3516        Srv - ok
23:25:50.0203 3516        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
23:25:50.0265 3516        SSDPSRV - ok
23:25:50.0296 3516        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:25:50.0296 3516        ssmdrv - ok
23:25:50.0312 3516        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
23:25:50.0390 3516        stisvc - ok
23:25:50.0406 3516        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:25:50.0453 3516        swenum - ok
23:25:50.0468 3516        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:25:50.0531 3516        swmidi - ok
23:25:50.0531 3516        SwPrv - ok
23:25:50.0531 3516        symc810 - ok
23:25:50.0531 3516        symc8xx - ok
23:25:50.0546 3516        sym_hi - ok
23:25:50.0546 3516        sym_u3 - ok
23:25:50.0562 3516        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:25:50.0609 3516        sysaudio - ok
23:25:50.0625 3516        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
23:25:50.0703 3516        SysmonLog - ok
23:25:50.0718 3516        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
23:25:50.0765 3516        TapiSrv - ok
23:25:50.0812 3516        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:25:50.0859 3516        Tcpip - ok
23:25:50.0859 3516        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:25:50.0921 3516        TDPIPE - ok
23:25:50.0937 3516        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:25:50.0984 3516        TDTCP - ok
23:25:51.0000 3516        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:25:51.0062 3516        TermDD - ok
23:25:51.0078 3516        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
23:25:51.0140 3516        TermService - ok
23:25:51.0171 3516        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:25:51.0187 3516        Themes - ok
23:25:51.0187 3516        TosIde - ok
23:25:51.0203 3516        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
23:25:51.0250 3516        TrkWks - ok
23:25:51.0265 3516        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:25:51.0328 3516        Udfs - ok
23:25:51.0343 3516        ultra - ok
23:25:51.0375 3516        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:25:51.0437 3516        Update - ok
23:25:51.0453 3516        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
23:25:51.0531 3516        upnphost - ok
23:25:51.0546 3516        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
23:25:51.0593 3516        UPS - ok
23:25:51.0625 3516        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:25:51.0671 3516        usbehci - ok
23:25:51.0687 3516        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:25:51.0750 3516        usbhub - ok
23:25:51.0750 3516        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:25:51.0796 3516        usbohci - ok
23:25:51.0812 3516        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:25:51.0875 3516        usbscan - ok
23:25:51.0890 3516        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:25:51.0953 3516        usbstor - ok
23:25:51.0953 3516        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:25:52.0000 3516        VgaSave - ok
23:25:52.0015 3516        ViaIde - ok
23:25:52.0062 3516        VMAuthdService  (aeabee8dd80271b884da0d444f125569) C:\Programme\VMware\VMware Server\vmware-authd.exe
23:25:52.0078 3516        VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
23:25:52.0078 3516        VMAuthdService - detected UnsignedFile.Multi.Generic (1)
23:25:52.0078 3516        VMnetAdapter    (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
23:25:52.0109 3516        VMnetAdapter - ok
23:25:52.0109 3516        VMnetBridge    (ba74018271bf7b8df01f8e2c616a0772) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
23:25:52.0125 3516        VMnetBridge ( UnsignedFile.Multi.Generic ) - warning
23:25:52.0125 3516        VMnetBridge - detected UnsignedFile.Multi.Generic (1)
23:25:52.0140 3516        VMnetDHCP      (ac695073450dff55352d94bb5be52098) C:\WINDOWS\system32\vmnetdhcp.exe
23:25:52.0156 3516        VMnetDHCP ( UnsignedFile.Multi.Generic ) - warning
23:25:52.0156 3516        VMnetDHCP - detected UnsignedFile.Multi.Generic (1)
23:25:52.0156 3516        VMnetuserif    (1bc57b77fdccd3260e20d9a3cbd46f37) C:\WINDOWS\system32\drivers\vmnetuserif.sys
23:25:52.0171 3516        VMnetuserif ( UnsignedFile.Multi.Generic ) - warning
23:25:52.0171 3516        VMnetuserif - detected UnsignedFile.Multi.Generic (1)
23:25:52.0203 3516        vmount2        (0015a806c7f3c7916f16fa6b31373023) C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
23:25:52.0203 3516        vmount2 - ok
23:25:52.0218 3516        VMparport      (36fcd1af797b942e7d4749d2a101b283) C:\WINDOWS\system32\Drivers\VMparport.sys
23:25:52.0234 3516        VMparport ( UnsignedFile.Multi.Generic ) - warning
23:25:52.0234 3516        VMparport - detected UnsignedFile.Multi.Generic (1)
23:25:52.0312 3516        vmserverdWin32  (2035b7400a0079eaa9dc2cffa9a3de90) C:\Programme\VMware\VMware Server\vmserverdWin32.exe
23:25:52.0343 3516        vmserverdWin32 ( UnsignedFile.Multi.Generic ) - warning
23:25:52.0343 3516        vmserverdWin32 - detected UnsignedFile.Multi.Generic (1)
23:25:52.0406 3516        VMware NAT Service (9dc205ba82436a760b9b19225da2b458) C:\WINDOWS\system32\vmnat.exe
23:25:52.0406 3516        VMware NAT Service ( UnsignedFile.Multi.Generic ) - warning
23:25:52.0406 3516        VMware NAT Service - detected UnsignedFile.Multi.Generic (1)
23:25:52.0437 3516        vmx86          (225a6763f4f70f7f924bee50fb226f26) C:\WINDOWS\system32\Drivers\vmx86.sys
23:25:52.0437 3516        vmx86 ( UnsignedFile.Multi.Generic ) - warning
23:25:52.0437 3516        vmx86 - detected UnsignedFile.Multi.Generic (1)
23:25:52.0468 3516        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
23:25:52.0531 3516        VolSnap - ok
23:25:52.0562 3516        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
23:25:52.0625 3516        VSS - ok
23:25:52.0656 3516        vstor2          (449bf234cae814ba938252364bb4c39d) C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys
23:25:52.0656 3516        vstor2 - ok
23:25:52.0671 3516        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
23:25:52.0734 3516        W32Time - ok
23:25:52.0750 3516        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:25:52.0812 3516        Wanarp - ok
23:25:52.0859 3516        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:25:52.0875 3516        Wdf01000 - ok
23:25:52.0875 3516        WDICA - ok
23:25:52.0890 3516        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:25:52.0953 3516        wdmaud - ok
23:25:52.0968 3516        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
23:25:53.0031 3516        WebClient - ok
23:25:53.0078 3516        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:25:53.0140 3516        winmgmt - ok
23:25:53.0156 3516        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:25:53.0187 3516        WmdmPmSN - ok
23:25:53.0203 3516        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:25:53.0265 3516        WmiApSrv - ok
23:25:53.0328 3516        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
23:25:53.0359 3516        WMPNetworkSvc - ok
23:25:53.0390 3516        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:25:53.0390 3516        WpdUsb - ok
23:25:53.0500 3516        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:25:53.0515 3516        WPFFontCache_v0400 - ok
23:25:53.0531 3516        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:25:53.0578 3516        WudfPf - ok
23:25:53.0593 3516        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:25:53.0609 3516        WudfRd - ok
23:25:53.0625 3516        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:25:53.0656 3516        WudfSvc - ok
23:25:53.0687 3516        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
23:25:53.0750 3516        WZCSVC - ok
23:25:53.0781 3516        X-Rite          (9043050ba8c2da8d9da94908ef8a0fe7) C:\WINDOWS\system32\DRIVERS\XrUsb.sys
23:25:53.0781 3516        X-Rite ( UnsignedFile.Multi.Generic ) - warning
23:25:53.0781 3516        X-Rite - detected UnsignedFile.Multi.Generic (1)
23:25:53.0812 3516        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
23:25:53.0875 3516        xmlprov - ok
23:25:53.0890 3516        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
23:25:54.0281 3516        \Device\Harddisk0\DR0 - ok
23:25:54.0296 3516        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:25:54.0343 3516        \Device\Harddisk1\DR1 - ok
23:25:54.0359 3516        Boot (0x1200)  (191776b81b55a6381f68d6a8abc1d5bf) \Device\Harddisk0\DR0\Partition0
23:25:54.0359 3516        \Device\Harddisk0\DR0\Partition0 - ok
23:25:54.0359 3516        Boot (0x1200)  (4b8ec8a1bee37e01555ba13e3b361982) \Device\Harddisk0\DR0\Partition1
23:25:54.0359 3516        \Device\Harddisk0\DR0\Partition1 - ok
23:25:54.0375 3516        Boot (0x1200)  (5b961cd131b785aaf706aa112451e1b5) \Device\Harddisk0\DR0\Partition2
23:25:54.0375 3516        \Device\Harddisk0\DR0\Partition2 - ok
23:25:54.0375 3516        Boot (0x1200)  (2d5e6fb67f672d8828d5cf030d14c5d4) \Device\Harddisk1\DR1\Partition0
23:25:54.0375 3516        \Device\Harddisk1\DR1\Partition0 - ok
23:25:54.0375 3516        ============================================================
23:25:54.0375 3516        Scan finished
23:25:54.0375 3516        ============================================================
23:25:54.0484 0688        Detected object count: 25
23:25:54.0484 0688        Actual detected object count: 25
23:26:22.0218 0688        Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0218 0688        Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0218 0688        atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0218 0688        atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0218 0688        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0218 0688        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0218 0688        avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0218 0688        avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0218 0688        C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0218 0688        C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0218 0688        CBN ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0218 0688        CBN ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0218 0688        DigiCellDriver ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0218 0688        DigiCellDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        DirMngr ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        DirMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        DT T-Sinus 130data(R) ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        DT T-Sinus 130data(R) ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        hcmon ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        hcmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        nv ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        VMnetBridge ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        VMnetBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        VMnetDHCP ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        VMnetDHCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        VMnetuserif ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        VMnetuserif ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        VMparport ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        VMparport ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        vmserverdWin32 ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        vmserverdWin32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        VMware NAT Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        VMware NAT Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        vmx86 ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        vmx86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:22.0234 0688        X-Rite ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:22.0234 0688        X-Rite ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:51.0562 3256        ============================================================
23:26:51.0562 3256        Scan started
23:26:51.0562 3256        Mode: Manual; SigCheck; TDLFS;
23:26:51.0562 3256        ============================================================
23:26:51.0687 3256        Abiosdsk - ok
23:26:51.0687 3256        abp480n5 - ok
23:26:51.0718 3256        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:26:51.0781 3256        ACPI - ok
23:26:51.0812 3256        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:26:51.0875 3256        ACPIEC - ok
23:26:51.0937 3256        AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
23:26:51.0937 3256        AdobeActiveFileMonitor7.0 - ok
23:26:52.0000 3256        AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:26:52.0000 3256        AdobeFlashPlayerUpdateSvc - ok
23:26:52.0000 3256        adpu160m - ok
23:26:52.0015 3256        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:26:52.0078 3256        aec - ok
23:26:52.0109 3256        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:26:52.0125 3256        AFD - ok
23:26:52.0125 3256        Aha154x - ok
23:26:52.0125 3256        aic78u2 - ok
23:26:52.0125 3256        aic78xx - ok
23:26:52.0156 3256        aksfridge      (730e9d3bb324fb1899005aea63c6782d) C:\WINDOWS\system32\drivers\aksfridge.sys
23:26:52.0171 3256        aksfridge - ok
23:26:52.0187 3256        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
23:26:52.0250 3256        Alerter - ok
23:26:52.0265 3256        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
23:26:52.0328 3256        ALG - ok
23:26:52.0328 3256        AliIde - ok
23:26:52.0328 3256        amsint - ok
23:26:52.0359 3256        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
23:26:52.0375 3256        AntiVirSchedulerService - ok
23:26:52.0390 3256        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
23:26:52.0390 3256        AntiVirService - ok
23:26:52.0390 3256        AppMgmt - ok
23:26:52.0406 3256        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:26:52.0468 3256        Arp1394 - ok
23:26:52.0468 3256        asc - ok
23:26:52.0468 3256        asc3350p - ok
23:26:52.0484 3256        asc3550 - ok
23:26:52.0500 3256        Aspi32          (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
23:26:52.0515 3256        Aspi32 ( UnsignedFile.Multi.Generic ) - warning
23:26:52.0515 3256        Aspi32 - detected UnsignedFile.Multi.Generic (1)
23:26:52.0562 3256        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:26:52.0562 3256        aspnet_state - ok
23:26:52.0578 3256        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:26:52.0640 3256        AsyncMac - ok
23:26:52.0640 3256        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:26:52.0703 3256        atapi - ok
23:26:52.0703 3256        Atdisk - ok
23:26:52.0750 3256        atksgt          (5b80e84af6b02ecab72dae9afee06309) C:\WINDOWS\system32\DRIVERS\atksgt.sys
23:26:52.0750 3256        atksgt ( UnsignedFile.Multi.Generic ) - warning
23:26:52.0750 3256        atksgt - detected UnsignedFile.Multi.Generic (1)
23:26:52.0765 3256        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:26:52.0812 3256        Atmarpc - ok
23:26:52.0843 3256        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
23:26:52.0906 3256        AudioSrv - ok
23:26:52.0921 3256        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:26:52.0984 3256        audstub - ok
23:26:53.0000 3256        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:26:53.0015 3256        avgntflt - ok
23:26:53.0031 3256        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:26:53.0046 3256        avipbb - ok
23:26:53.0046 3256        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:26:53.0046 3256        avkmgr - ok
23:26:53.0109 3256        AVM WLAN Connection Service (55bdaf9d7ede7eebd99b068546ed9c1a) C:\Programme\avmwlanstick\WlanNetService.exe
23:26:53.0125 3256        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
23:26:53.0125 3256        AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
23:26:53.0140 3256        avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
23:26:53.0140 3256        avmeject ( UnsignedFile.Multi.Generic ) - warning
23:26:53.0140 3256        avmeject - detected UnsignedFile.Multi.Generic (1)
23:26:53.0156 3256        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:26:53.0218 3256        Beep - ok
23:26:53.0234 3256        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
23:26:53.0296 3256        Browser - ok
23:26:53.0312 3256        C-DillaCdaC11BA (3de014dfc14e8530f3a85572e2763446) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
23:26:53.0312 3256        C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - warning
23:26:53.0312 3256        C-DillaCdaC11BA - detected UnsignedFile.Multi.Generic (1)
23:26:53.0328 3256        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:26:53.0390 3256        cbidf2k - ok
23:26:53.0421 3256        CBN            (946595da193c5b49062fdf23bde5c764) C:\WINDOWS\System32\Drivers\CBN.SYS
23:26:53.0421 3256        CBN ( UnsignedFile.Multi.Generic ) - warning
23:26:53.0421 3256        CBN - detected UnsignedFile.Multi.Generic (1)
23:26:53.0421 3256        cd20xrnt - ok
23:26:53.0421 3256        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:26:53.0484 3256        Cdaudio - ok
23:26:53.0500 3256        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:26:53.0546 3256        Cdfs - ok
23:26:53.0578 3256        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:26:53.0625 3256        Cdrom - ok
23:26:53.0640 3256        Changer - ok
23:26:53.0640 3256        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
23:26:53.0703 3256        CiSvc - ok
23:26:53.0718 3256        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
23:26:53.0781 3256        ClipSrv - ok
23:26:53.0828 3256        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:26:53.0843 3256        clr_optimization_v2.0.50727_32 - ok
23:26:53.0890 3256        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:26:53.0890 3256        clr_optimization_v4.0.30319_32 - ok
23:26:53.0890 3256        CmdIde - ok
23:26:53.0890 3256        COMSysApp - ok
23:26:53.0906 3256        Cpqarray - ok
23:26:53.0921 3256        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
23:26:53.0968 3256        CryptSvc - ok
23:26:53.0984 3256        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
23:26:54.0000 3256        CVirtA - ok
23:26:54.0000 3256        dac2w2k - ok
23:26:54.0000 3256        dac960nt - ok
23:26:54.0046 3256        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:26:54.0062 3256        DcomLaunch - ok
23:26:54.0078 3256        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
23:26:54.0156 3256        Dhcp - ok
23:26:54.0187 3256        DigiCellDriver  (ca2c652f167da4271ba6b34c6255f159) C:\Programme\MSI\DualCoreCenter\NTGLM7X.sys
23:26:54.0203 3256        DigiCellDriver ( UnsignedFile.Multi.Generic ) - warning
23:26:54.0203 3256        DigiCellDriver - detected UnsignedFile.Multi.Generic (1)
23:26:54.0250 3256        DirMngr        (4f26bb00747d41e7c0fe8ebb2900f862) C:\Programme\GNU\GnuPG\dirmngr.exe
23:26:54.0265 3256        DirMngr ( UnsignedFile.Multi.Generic ) - warning
23:26:54.0265 3256        DirMngr - detected UnsignedFile.Multi.Generic (1)
23:26:54.0281 3256        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:26:54.0328 3256        Disk - ok
23:26:54.0328 3256        dmadmin - ok
23:26:54.0375 3256        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:26:54.0453 3256        dmboot - ok
23:26:54.0468 3256        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:26:54.0546 3256        dmio - ok
23:26:54.0562 3256        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:26:54.0625 3256        dmload - ok
23:26:54.0656 3256        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
23:26:54.0718 3256        dmserver - ok
23:26:54.0734 3256        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:26:54.0796 3256        DMusic - ok
23:26:54.0812 3256        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
23:26:54.0843 3256        Dnscache - ok
23:26:54.0859 3256        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
23:26:54.0921 3256        Dot3svc - ok
23:26:54.0937 3256        dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
23:26:55.0000 3256        dot4 - ok
23:26:55.0031 3256        Dot4Print      (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
23:26:55.0078 3256        Dot4Print - ok
23:26:55.0078 3256        dot4usb        (29e86af2f3457d0441348020fe3cfbd0) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
23:26:55.0140 3256        dot4usb - ok
23:26:55.0140 3256        dpti2o - ok
23:26:55.0156 3256        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:26:55.0218 3256        drmkaud - ok
23:26:55.0234 3256        DT T-Sinus 130data(R) (2136cd5ed0f09bdf2abb45b5ae8b6ed7) C:\WINDOWS\system32\DRIVERS\dtusbxp.sys
23:26:55.0234 3256        DT T-Sinus 130data(R) ( UnsignedFile.Multi.Generic ) - warning
23:26:55.0234 3256        DT T-Sinus 130data(R) - detected UnsignedFile.Multi.Generic (1)
23:26:55.0250 3256        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
23:26:55.0296 3256        EapHost - ok
23:26:55.0312 3256        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
23:26:55.0375 3256        ERSvc - ok
23:26:55.0406 3256        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:26:55.0406 3256        Eventlog - ok
23:26:55.0453 3256        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
23:26:55.0468 3256        EventSystem - ok
23:26:55.0484 3256        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:26:55.0546 3256        Fastfat - ok
23:26:55.0578 3256        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:26:55.0578 3256        FastUserSwitchingCompatibility - ok
23:26:55.0593 3256        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:26:55.0640 3256        Fdc - ok
23:26:55.0656 3256        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:26:55.0718 3256        Fips - ok
23:26:55.0781 3256        FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:26:55.0812 3256        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:26:55.0812 3256        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:26:55.0812 3256        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:26:55.0875 3256        Flpydisk - ok
23:26:55.0890 3256        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:26:55.0953 3256        FltMgr - ok
23:26:56.0000 3256        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:26:56.0015 3256        FontCache3.0.0.0 - ok
23:26:56.0031 3256        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:26:56.0093 3256        Fs_Rec - ok
23:26:56.0109 3256        FTDIBUS        (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
23:26:56.0109 3256        FTDIBUS - ok
23:26:56.0125 3256        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:26:56.0171 3256        Ftdisk - ok
23:26:56.0203 3256        FTSER2K        (a14a1f4bb391df9c233cb5dbd05feb70) C:\WINDOWS\system32\drivers\ftser2k.sys
23:26:56.0203 3256        FTSER2K - ok
23:26:56.0234 3256        FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
23:26:56.0250 3256        FWLANUSB - ok
23:26:56.0250 3256        GMSIPCI - ok
23:26:56.0281 3256        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:26:56.0328 3256        Gpc - ok
23:26:56.0375 3256        hardlock        (a9d587e31dbee3e9bd97fefece0ba874) C:\WINDOWS\system32\drivers\hardlock.sys
23:26:56.0390 3256        hardlock - ok
23:26:56.0390 3256        hasplms - ok
23:26:56.0421 3256        hcmon          (eebe6b4d6c95aede577af9a8060963c8) C:\WINDOWS\system32\Drivers\hcmon.sys
23:26:56.0437 3256        hcmon ( UnsignedFile.Multi.Generic ) - warning
23:26:56.0437 3256        hcmon - detected UnsignedFile.Multi.Generic (1)
23:26:56.0453 3256        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:26:56.0500 3256        HDAudBus - ok
23:26:56.0546 3256        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:26:56.0609 3256        helpsvc - ok
23:26:56.0609 3256        HidServ - ok
23:26:56.0625 3256        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:26:56.0687 3256        HidUsb - ok
23:26:56.0718 3256        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
23:26:56.0765 3256        hkmsvc - ok
23:26:56.0765 3256        hpn - ok
23:26:56.0812 3256        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:26:56.0828 3256        HTTP - ok
23:26:56.0843 3256        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
23:26:56.0906 3256        HTTPFilter - ok
23:26:56.0906 3256        i2omgmt - ok
23:26:56.0906 3256        i2omp - ok
23:26:56.0921 3256        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:26:56.0968 3256        i8042prt - ok
23:26:57.0078 3256        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:26:57.0093 3256        idsvc - ok
23:26:57.0140 3256        IGDCTRL        (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
23:26:57.0156 3256        IGDCTRL - ok
23:26:57.0171 3256        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:26:57.0218 3256        Imapi - ok
23:26:57.0250 3256        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
23:26:57.0312 3256        ImapiService - ok
23:26:57.0312 3256        ini910u - ok
23:26:57.0500 3256        IntcAzAudAddService (001aaca6ed0e6b00fc5b8faf74977e81) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:26:57.0609 3256        IntcAzAudAddService - ok
23:26:57.0656 3256        IntelIde - ok
23:26:57.0671 3256        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:26:57.0734 3256        intelppm - ok
23:26:57.0750 3256        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:26:57.0812 3256        Ip6Fw - ok
23:26:57.0843 3256        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:26:57.0890 3256        IpFilterDriver - ok
23:26:57.0906 3256        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:26:57.0984 3256        IpInIp - ok
23:26:58.0000 3256        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:26:58.0062 3256        IpNat - ok
23:26:58.0078 3256        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:26:58.0125 3256        IPSec - ok
23:26:58.0140 3256        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:26:58.0203 3256        IRENUM - ok
23:26:58.0218 3256        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:26:58.0281 3256        isapnp - ok
23:26:58.0343 3256        JavaQuickStarterService (890369aed0dde1a98f09f7dc239ca2bd) C:\Programme\Java\jre6\bin\jqs.exe
23:26:58.0359 3256        JavaQuickStarterService - ok
23:26:58.0359 3256        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:26:58.0406 3256        Kbdclass - ok
23:26:58.0421 3256        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:26:58.0468 3256        kbdhid - ok
23:26:58.0484 3256        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:26:58.0546 3256        kmixer - ok
23:26:58.0562 3256        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:26:58.0562 3256        KSecDD - ok
23:26:58.0593 3256        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
23:26:58.0609 3256        lanmanserver - ok
23:26:58.0625 3256        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
23:26:58.0640 3256        lanmanworkstation - ok
23:26:58.0640 3256        lbrtfdc - ok
23:26:58.0671 3256        LightScribeService (e75adcfafdef3f4c3af3332928d59926) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
23:26:58.0671 3256        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:26:58.0671 3256        LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:26:58.0703 3256        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
23:26:58.0718 3256        lirsgt ( UnsignedFile.Multi.Generic ) - warning
23:26:58.0718 3256        lirsgt - detected UnsignedFile.Multi.Generic (1)
23:26:58.0718 3256        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
23:26:58.0781 3256        LmHosts - ok
23:26:58.0812 3256        MBAMProtector  (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
23:26:58.0812 3256        MBAMProtector - ok
23:26:58.0859 3256        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
23:26:58.0875 3256        MBAMService - ok
23:26:58.0906 3256        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
23:26:58.0953 3256        Messenger - ok
23:26:58.0968 3256        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:26:59.0031 3256        mnmdd - ok
23:26:59.0062 3256        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
23:26:59.0125 3256        mnmsrvc - ok
23:26:59.0156 3256        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
23:26:59.0218 3256        Modem - ok
23:26:59.0234 3256        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:26:59.0296 3256        Mouclass - ok
23:26:59.0296 3256        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:26:59.0359 3256        MountMgr - ok
23:26:59.0421 3256        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:26:59.0421 3256        MozillaMaintenance - ok
23:26:59.0421 3256        mraid35x - ok
23:26:59.0437 3256        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:26:59.0484 3256        MRxDAV - ok
23:26:59.0515 3256        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:26:59.0546 3256        MRxSmb - ok
23:26:59.0546 3256        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
23:26:59.0609 3256        MSDTC - ok
23:26:59.0609 3256        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:26:59.0671 3256        Msfs - ok
23:26:59.0671 3256        MSICPL - ok
23:26:59.0687 3256        MSIServer - ok
23:26:59.0703 3256        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:26:59.0750 3256        MSKSSRV - ok
23:26:59.0765 3256        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:26:59.0812 3256        MSPCLOCK - ok
23:26:59.0812 3256        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:26:59.0875 3256        MSPQM - ok
23:26:59.0890 3256        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:26:59.0937 3256        mssmbios - ok
23:26:59.0968 3256        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:26:59.0968 3256        Mup - ok
23:27:00.0000 3256        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
23:27:00.0062 3256        napagent - ok
23:27:00.0062 3256        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:27:00.0140 3256        NDIS - ok
23:27:00.0156 3256        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:27:00.0171 3256        NdisTapi - ok
23:27:00.0187 3256        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:27:00.0250 3256        Ndisuio - ok
23:27:00.0281 3256        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:27:00.0343 3256        NdisWan - ok
23:27:00.0359 3256        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:27:00.0375 3256        NDProxy - ok
23:27:00.0375 3256        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:27:00.0437 3256        NetBIOS - ok
23:27:00.0453 3256        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:27:00.0500 3256        NetBT - ok
23:27:00.0531 3256        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:27:00.0593 3256        NetDDE - ok
23:27:00.0593 3256        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:27:00.0656 3256        NetDDEdsdm - ok
23:27:00.0718 3256        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:27:00.0765 3256        Netlogon - ok
23:27:00.0781 3256        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
23:27:00.0843 3256        Netman - ok
23:27:00.0937 3256        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:27:00.0953 3256        NetTcpPortSharing - ok
23:27:00.0968 3256        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:27:01.0015 3256        NIC1394 - ok
23:27:01.0046 3256        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
23:27:01.0062 3256        Nla - ok
23:27:01.0140 3256        NMIndexingService (d36107465e716cf2335a25c54b6d11c2) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
23:27:01.0156 3256        NMIndexingService - ok
23:27:01.0171 3256        nmwcd          (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
23:27:01.0203 3256        nmwcd - ok
23:27:01.0218 3256        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:27:01.0265 3256        Npfs - ok
23:27:01.0265 3256        NTACCESS - ok
23:27:01.0312 3256        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:27:01.0375 3256        Ntfs - ok
23:27:01.0390 3256        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:27:01.0437 3256        NtLmSsp - ok
23:27:01.0484 3256        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
23:27:01.0546 3256        NtmsSvc - ok
23:27:01.0562 3256        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:27:01.0625 3256        Null - ok
23:27:01.0859 3256        nv              (da63d1aa47da369c211452086992dfb4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:27:02.0031 3256        nv ( UnsignedFile.Multi.Generic ) - warning
23:27:02.0031 3256        nv - detected UnsignedFile.Multi.Generic (1)
23:27:02.0093 3256        NVSvc          (d537549216a2e6d12d02f498fcd974aa) C:\WINDOWS\system32\nvsvc32.exe
23:27:02.0109 3256        NVSvc ( UnsignedFile.Multi.Generic ) - warning
23:27:02.0109 3256        NVSvc - detected UnsignedFile.Multi.Generic (1)
23:27:02.0140 3256        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:27:02.0187 3256        NwlnkFlt - ok
23:27:02.0218 3256        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:27:02.0265 3256        NwlnkFwd - ok
23:27:02.0296 3256        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:27:02.0359 3256        ohci1394 - ok
23:27:02.0375 3256        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
23:27:02.0437 3256        Parport - ok
23:27:02.0437 3256        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:27:02.0500 3256        PartMgr - ok
23:27:02.0515 3256        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:27:02.0578 3256        ParVdm - ok
23:27:02.0593 3256        PCANDIS5        (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
23:27:02.0609 3256        PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
23:27:02.0609 3256        PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
23:27:02.0609 3256        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
23:27:02.0656 3256        PCI - ok
23:27:02.0671 3256        PCIDump - ok
23:27:02.0687 3256        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:27:02.0750 3256        PCIIde - ok
23:27:02.0781 3256        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:27:02.0843 3256        Pcmcia - ok
23:27:02.0843 3256        PDCOMP - ok
23:27:02.0843 3256        PDFRAME - ok
23:27:02.0843 3256        PDRELI - ok
23:27:02.0843 3256        PDRFRAME - ok
23:27:02.0843 3256        perc2 - ok
23:27:02.0843 3256        perc2hib - ok
23:27:02.0890 3256        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:27:02.0890 3256        PlugPlay - ok
23:27:02.0921 3256        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:27:02.0968 3256        PolicyAgent - ok
23:27:02.0968 3256        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:27:03.0031 3256        PptpMiniport - ok
23:27:03.0046 3256        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:27:03.0093 3256        ProtectedStorage - ok
23:27:03.0093 3256        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:27:03.0156 3256        PSched - ok
23:27:03.0171 3256        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:27:03.0218 3256        Ptilink - ok
23:27:03.0234 3256        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:27:03.0234 3256        PxHelp20 - ok
23:27:03.0234 3256        ql1080 - ok
23:27:03.0250 3256        Ql10wnt - ok
23:27:03.0250 3256        ql12160 - ok
23:27:03.0250 3256        ql1240 - ok
23:27:03.0250 3256        ql1280 - ok
23:27:03.0265 3256        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:27:03.0312 3256        RasAcd - ok
23:27:03.0328 3256        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
23:27:03.0375 3256        RasAuto - ok
23:27:03.0390 3256        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:27:03.0437 3256        Rasl2tp - ok
23:27:03.0453 3256        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
23:27:03.0531 3256        RasMan - ok
23:27:03.0531 3256        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:27:03.0578 3256        RasPppoe - ok
23:27:03.0578 3256        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:27:03.0640 3256        Raspti - ok
23:27:03.0656 3256        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:27:03.0718 3256        Rdbss - ok
23:27:03.0734 3256        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:27:03.0781 3256        RDPCDD - ok
23:27:03.0812 3256        RDPWD          (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:27:03.0812 3256        RDPWD - ok
23:27:03.0828 3256        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
23:27:03.0875 3256        RDSessMgr - ok
23:27:03.0906 3256        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:27:03.0968 3256        redbook - ok
23:27:03.0984 3256        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
23:27:04.0046 3256        RemoteAccess - ok
23:27:04.0062 3256        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
23:27:04.0109 3256        RpcLocator - ok
23:27:04.0156 3256        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:27:04.0171 3256        RpcSs - ok
23:27:04.0187 3256        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
23:27:04.0250 3256        RSVP - ok
23:27:04.0265 3256        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:27:04.0312 3256        SamSs - ok
23:27:04.0328 3256        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
23:27:04.0390 3256        SCardSvr - ok
23:27:04.0406 3256        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
23:27:04.0468 3256        Schedule - ok
23:27:04.0484 3256        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:27:04.0546 3256        Secdrv - ok
23:27:04.0546 3256        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
23:27:04.0593 3256        seclogon - ok
23:27:04.0609 3256        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
23:27:04.0671 3256        SENS - ok
23:27:04.0687 3256        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:27:04.0750 3256        serenum - ok
23:27:04.0765 3256        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
23:27:04.0812 3256        Serial - ok
23:27:04.0812 3256        SetupNTGLM7X - ok
23:27:04.0843 3256        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:27:04.0890 3256        Sfloppy - ok
23:27:04.0921 3256        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:27:04.0937 3256        ShellHWDetection - ok
23:27:04.0937 3256        Simbad - ok
23:27:04.0937 3256        Sparrow - ok
23:27:04.0937 3256        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:27:05.0000 3256        splitter - ok
23:27:05.0031 3256        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:27:05.0031 3256        Spooler - ok
23:27:05.0046 3256        Spyder3        (1c63fe706ab797bc3c24813ff969b4de) C:\WINDOWS\system32\DRIVERS\Spyder3.sys
23:27:05.0078 3256        Spyder3 - ok
23:27:05.0078 3256        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
23:27:05.0140 3256        sr - ok
23:27:05.0156 3256        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
23:27:05.0203 3256        srservice - ok
23:27:05.0218 3256        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:27:05.0234 3256        Srv - ok
23:27:05.0250 3256        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
23:27:05.0312 3256        SSDPSRV - ok
23:27:05.0328 3256        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:27:05.0343 3256        ssmdrv - ok
23:27:05.0375 3256        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
23:27:05.0437 3256        stisvc - ok
23:27:05.0453 3256        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:27:05.0515 3256        swenum - ok
23:27:05.0515 3256        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:27:05.0593 3256        swmidi - ok
23:27:05.0593 3256        SwPrv - ok
23:27:05.0593 3256        symc810 - ok
23:27:05.0593 3256        symc8xx - ok
23:27:05.0593 3256        sym_hi - ok
23:27:05.0593 3256        sym_u3 - ok
23:27:05.0609 3256        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:27:05.0656 3256        sysaudio - ok
23:27:05.0687 3256        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
23:27:05.0750 3256        SysmonLog - ok
23:27:05.0765 3256        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
23:27:05.0812 3256        TapiSrv - ok
23:27:05.0843 3256        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:27:05.0890 3256        Tcpip - ok
23:27:05.0906 3256        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:27:05.0953 3256        TDPIPE - ok
23:27:05.0968 3256        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:27:06.0031 3256        TDTCP - ok
23:27:06.0031 3256        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:27:06.0093 3256        TermDD - ok
23:27:06.0109 3256        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
23:27:06.0171 3256        TermService - ok
23:27:06.0203 3256        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:27:06.0218 3256        Themes - ok
23:27:06.0218 3256        TosIde - ok
23:27:06.0234 3256        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
23:27:06.0281 3256        TrkWks - ok
23:27:06.0296 3256        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:27:06.0359 3256        Udfs - ok
23:27:06.0375 3256        ultra - ok
23:27:06.0390 3256        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:27:06.0453 3256        Update - ok
23:27:06.0468 3256        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
23:27:06.0546 3256        upnphost - ok
23:27:06.0562 3256        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
23:27:06.0609 3256        UPS - ok
23:27:06.0625 3256        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:27:06.0671 3256        usbehci - ok
23:27:06.0687 3256        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:27:06.0734 3256        usbhub - ok
23:27:06.0750 3256        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:27:06.0812 3256        usbohci - ok
23:27:06.0812 3256        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:27:06.0875 3256        usbscan - ok
23:27:06.0890 3256        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:27:06.0953 3256        usbstor - ok
23:27:06.0953 3256        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:27:07.0000 3256        VgaSave - ok
23:27:07.0000 3256        ViaIde - ok
23:27:07.0062 3256        VMAuthdService  (aeabee8dd80271b884da0d444f125569) C:\Programme\VMware\VMware Server\vmware-authd.exe
23:27:07.0062 3256        VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
23:27:07.0062 3256        VMAuthdService - detected UnsignedFile.Multi.Generic (1)
23:27:07.0078 3256        VMnetAdapter    (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
23:27:07.0093 3256        VMnetAdapter - ok
23:27:07.0093 3256        VMnetBridge    (ba74018271bf7b8df01f8e2c616a0772) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
23:27:07.0109 3256        VMnetBridge ( UnsignedFile.Multi.Generic ) - warning
23:27:07.0109 3256        VMnetBridge - detected UnsignedFile.Multi.Generic (1)
23:27:07.0109 3256        VMnetDHCP      (ac695073450dff55352d94bb5be52098) C:\WINDOWS\system32\vmnetdhcp.exe
23:27:07.0125 3256        VMnetDHCP ( UnsignedFile.Multi.Generic ) - warning
23:27:07.0125 3256        VMnetDHCP - detected UnsignedFile.Multi.Generic (1)
23:27:07.0125 3256        VMnetuserif    (1bc57b77fdccd3260e20d9a3cbd46f37) C:\WINDOWS\system32\drivers\vmnetuserif.sys
23:27:07.0125 3256        VMnetuserif ( UnsignedFile.Multi.Generic ) - warning
23:27:07.0125 3256        VMnetuserif - detected UnsignedFile.Multi.Generic (1)
23:27:07.0171 3256        vmount2        (0015a806c7f3c7916f16fa6b31373023) C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
23:27:07.0171 3256        vmount2 - ok
23:27:07.0187 3256        VMparport      (36fcd1af797b942e7d4749d2a101b283) C:\WINDOWS\system32\Drivers\VMparport.sys
23:27:07.0203 3256        VMparport ( UnsignedFile.Multi.Generic ) - warning
23:27:07.0203 3256        VMparport - detected UnsignedFile.Multi.Generic (1)
23:27:07.0281 3256        vmserverdWin32  (2035b7400a0079eaa9dc2cffa9a3de90) C:\Programme\VMware\VMware Server\vmserverdWin32.exe
23:27:07.0296 3256        vmserverdWin32 ( UnsignedFile.Multi.Generic ) - warning
23:27:07.0296 3256        vmserverdWin32 - detected UnsignedFile.Multi.Generic (1)
23:27:07.0359 3256        VMware NAT Service (9dc205ba82436a760b9b19225da2b458) C:\WINDOWS\system32\vmnat.exe
23:27:07.0375 3256        VMware NAT Service ( UnsignedFile.Multi.Generic ) - warning
23:27:07.0375 3256        VMware NAT Service - detected UnsignedFile.Multi.Generic (1)
23:27:07.0390 3256        vmx86          (225a6763f4f70f7f924bee50fb226f26) C:\WINDOWS\system32\Drivers\vmx86.sys
23:27:07.0390 3256        vmx86 ( UnsignedFile.Multi.Generic ) - warning
23:27:07.0390 3256        vmx86 - detected UnsignedFile.Multi.Generic (1)
23:27:07.0421 3256        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
23:27:07.0468 3256        VolSnap - ok
23:27:07.0500 3256        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
23:27:07.0562 3256        VSS - ok
23:27:07.0593 3256        vstor2          (449bf234cae814ba938252364bb4c39d) C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys
23:27:07.0593 3256        vstor2 - ok
23:27:07.0609 3256        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
23:27:07.0656 3256        W32Time - ok
23:27:07.0671 3256        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:27:07.0718 3256        Wanarp - ok
23:27:07.0765 3256        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:27:07.0781 3256        Wdf01000 - ok
23:27:07.0781 3256        WDICA - ok
23:27:07.0812 3256        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:27:07.0875 3256        wdmaud - ok
23:27:07.0890 3256        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
23:27:07.0937 3256        WebClient - ok
23:27:07.0984 3256        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:27:08.0046 3256        winmgmt - ok
23:27:08.0062 3256        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:27:08.0078 3256        WmdmPmSN - ok
23:27:08.0093 3256        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:27:08.0140 3256        WmiApSrv - ok
23:27:08.0218 3256        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
23:27:08.0265 3256        WMPNetworkSvc - ok
23:27:08.0281 3256        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:27:08.0296 3256        WpdUsb - ok
23:27:08.0406 3256        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:27:08.0421 3256        WPFFontCache_v0400 - ok
23:27:08.0437 3256        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:27:08.0468 3256        WudfPf - ok
23:27:08.0468 3256        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:27:08.0500 3256        WudfRd - ok
23:27:08.0500 3256        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:27:08.0531 3256        WudfSvc - ok
23:27:08.0562 3256        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
23:27:08.0625 3256        WZCSVC - ok
23:27:08.0656 3256        X-Rite          (9043050ba8c2da8d9da94908ef8a0fe7) C:\WINDOWS\system32\DRIVERS\XrUsb.sys
23:27:08.0671 3256        X-Rite ( UnsignedFile.Multi.Generic ) - warning
23:27:08.0671 3256        X-Rite - detected UnsignedFile.Multi.Generic (1)
23:27:08.0703 3256        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
23:27:08.0765 3256        xmlprov - ok
23:27:08.0765 3256        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
23:27:09.0140 3256        \Device\Harddisk0\DR0 - ok
23:27:09.0156 3256        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:27:09.0203 3256        \Device\Harddisk1\DR1 - ok
23:27:09.0218 3256        Boot (0x1200)  (191776b81b55a6381f68d6a8abc1d5bf) \Device\Harddisk0\DR0\Partition0
23:27:09.0218 3256        \Device\Harddisk0\DR0\Partition0 - ok
23:27:09.0218 3256        Boot (0x1200)  (4b8ec8a1bee37e01555ba13e3b361982) \Device\Harddisk0\DR0\Partition1
23:27:09.0218 3256        \Device\Harddisk0\DR0\Partition1 - ok
23:27:09.0234 3256        Boot (0x1200)  (5b961cd131b785aaf706aa112451e1b5) \Device\Harddisk0\DR0\Partition2
23:27:09.0234 3256        \Device\Harddisk0\DR0\Partition2 - ok
23:27:09.0234 3256        Boot (0x1200)  (2d5e6fb67f672d8828d5cf030d14c5d4) \Device\Harddisk1\DR1\Partition0
23:27:09.0234 3256        \Device\Harddisk1\DR1\Partition0 - ok
23:27:09.0234 3256        ============================================================
23:27:09.0234 3256        Scan finished
23:27:09.0234 3256        ============================================================
23:27:09.0250 0780        Detected object count: 25
23:27:09.0250 0780        Actual detected object count: 25
23:28:04.0859 0780        Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0859 0780        Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0859 0780        atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0859 0780        atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        CBN ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        CBN ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        DigiCellDriver ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        DigiCellDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        DirMngr ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        DirMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        DT T-Sinus 130data(R) ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        DT T-Sinus 130data(R) ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        hcmon ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        hcmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        nv ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        VMnetBridge ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        VMnetBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        VMnetDHCP ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        VMnetDHCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        VMnetuserif ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        VMnetuserif ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        VMparport ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        VMparport ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        vmserverdWin32 ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        vmserverdWin32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        VMware NAT Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        VMware NAT Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        vmx86 ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        vmx86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:04.0875 0780        X-Rite ( UnsignedFile.Multi.Generic ) - skipped by user
23:28:04.0875 0780        X-Rite ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 14.08.2012 14:57
Das Log ist ok

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

MikeP 14.08.2012 23:02
Hallo, ich habe nun combofix ausgeführt, es wurde angemahnt, dass Antivir noch läuft, ich hatte aber den Antivir Echtzeit Scanner explizit abgeschaltet. Die Antivir Dienste/Prozesse ließen sich nicht stoppen. Ich hoffe, das war ok.

Hier nun das combofix Log:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 12-08-14.05 - Michael 14.08.2012  23:43:40.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1427 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Michael\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\Temp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\WinSys.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-14 bis 2012-08-14  ))))))))))))))))))))))))))))))
.
.
2012-08-12 10:18 . 2012-08-12 10:18        --------        d-----w-        C:\_OTL
2012-08-06 20:52 . 2012-08-06 20:52        --------        d-----w-        c:\programme\ESET
2012-07-31 16:52 . 2012-07-31 16:52        --------        d-----r-        c:\dokumente und einstellungen\NetworkService\Favoriten
2012-07-21 14:18 . 2012-07-21 14:18        --------        d-sh--w-        c:\dokumente und einstellungen\Michael\PrivacIE
2012-07-19 21:30 . 2008-04-14 02:22        26624        ----a-w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-07-19 20:21 . 2012-07-19 20:21        --------        d-----w-        c:\dokumente und einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\Apple
2012-07-19 20:18 . 2012-07-19 20:26        --------        d-----w-        c:\dokumente und einstellungen\Anja\Anwendungsdaten\dvdcss
2012-07-19 20:14 . 2012-07-19 20:14        --------        d-----w-        c:\dokumente und einstellungen\Anja\Anwendungsdaten\Garmin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:35 . 2012-06-13 07:14        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 21:35 . 2012-06-13 07:14        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-03 11:46 . 2012-06-03 13:28        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-02 13:19 . 2007-10-02 18:11        329240        ----a-w-        c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-10-02 18:11        210968        ----a-w-        c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-10-02 18:11        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:20        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:18        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-10-02 18:11        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-10-02 18:11        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:20        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 17:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-02-28 12:00        97304        ----a-w-        c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-10-02 18:11        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-10-02 18:11        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-07-18 20:10 . 2011-03-26 23:55        136672        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]
"nwiz"="nwiz.exe" [2007-02-23 1622016]
"SW20"="c:\windows\system32\sw20.exe" [2006-12-15 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-12-15 217088]
"NvMediaCenter"="NvMCTray.dll" [2007-02-23 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2008-09-05 1794048]
"ColorNavigator 6"="c:\programme\EIZO\ColorNavigator 6 Core\cn6_eacore.exe" [2011-11-15 74240]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"TrojanScanner"="c:\programme\Trojan Remover\Trjscan.exe" [2012-01-23 1238800]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Garmin Lifetime Updater"="c:\programme\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Anja\Startmenü\Programme\Autostart\
ColorNavigator 6.lnk - c:\programme\EIZO\ColorNavigator 6\ColorNavigator 6.exe [2012-1-2 142848]
OpenOffice.org 2.3.lnk - c:\programme\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\dokumente und einstellungen\Michael\Startmenü\Programme\Autostart\
ColorNavigator 6.lnk - c:\programme\EIZO\ColorNavigator 6\ColorNavigator 6.exe [2012-1-2 142848]
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [03.01.2012 11:46 36000]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.09.2008 13:03 169312]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [03.01.2012 11:46 86224]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 10:14 87344]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [03.06.2012 15:28 655944]
R2 vmserverdWin32;VMware Registration Service;c:\programme\VMware\VMware Server\vmserverdWin32.exe [06.09.2007 15:40 1650781]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [18.05.2009 09:50 265088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.06.2012 15:28 22344]
R3 X-Rite;X-Rite USB Service;c:\windows\system32\drivers\XrUsb.sys [02.01.2012 17:34 18168]
S2 DirMngr;DirMngr;c:\programme\GNU\GnuPG\dirmngr.exe [02.03.2011 17:20 224256]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13.06.2012 09:14 250056]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [18.05.2009 09:50 4352]
S3 DigiCellDriver;DigiCellDriver;c:\programme\MSI\DualCoreCenter\NTGLM7X.sys [02.10.2007 22:50 27648]
S3 DT T-Sinus 130data(R);DT T-Sinus 130data(R) Service for T-Sinus 130data;c:\windows\system32\drivers\dtusbxp.sys [02.10.2007 23:05 87552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [07.05.2012 17:45 113120]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [06.11.2007 13:08 12288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 12:11        451872        ----a-w-        c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 21:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web.de/
uInternet Settings,ProxyOverride = fritz.box
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\hv8isadc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - http:\\\\web.de
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
AddRemove-IrfanView - c:\programme\IrfanView\iv_uninstall.exe
AddRemove-NetObjects Fusion 7.5 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-14 23:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-14  23:48:25
ComboFix-quarantined-files.txt  2012-08-14 21:48
.
Vor Suchlauf: 8 Verzeichnis(se), 30.317.559.808 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 30.809.591.808 Bytes frei
.
- - End Of File - - 2628E48693B2D822B44453AC06AE8E24

--- --- ---
Gruß MikeP

cosinus 15.08.2012 19:33
Code:
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
Wieso das? Hattest du keine Internetverbindung oder hast du das abgebrochen? :wtf:

MikeP 16.08.2012 11:10
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo, combofix hat versucht die Wiederherstellungskonsole zu installieren, hat dies aber dann mit einem Fehler abgebrochen. Zu diesem Zeitpunkt stand plötzlich die Internetverbindung nicht mehr zur Verfügung, keine Ahnung warum. Vor dem Start von combofix war alles ok. Ich wollte aber auch den combofix Lauf nicht gewaltsam abbrechen. Erst nach dem Reboot war die Internetverbindung dann wieder verfügbar.

Weitere Frage:
Ich habe standardmässig den Trojan-Remover laufen, dieser meldet nun bei seinem FastScan dass der IExplore.exe Eintrag in der Registry geändert wurde und schlägt vor diesen auf den Standard Eintrag zurückzusetzen. Was soll ich tun? Bisher habe ich das verneint.

Gruß MikeP

cosinus 16.08.2012 12:34
Wir brauchen die Wiederherstellungskonsole:

Gehe auf die Microsoft Seite => http://support.microsoft.com/?scid=kb%3Bde%3B310994&x=21&y=12

Wähle den Download, der für dein Betriebssystem bestimmt ist:
Hinweis: Für WinXP Sp3 wähle die Sp2 Version.

http://i94.photobucket.com/albums/l8...ungskonsol.png

Lade die Datei herunter und speichere diese mit dem original Namen, neben ComboFix.exe ab (bzw. cofi.exe wenn umbenannt)

http://i94.photobucket.com/albums/l8...onsole_ani.gif

Nun schließe alle offenen Programme und Fenster, inklusive der Antiviren und Antimalware Programme. Dies ist notwendig, damit kein Program den Suchlauf von ComboFix behindert.
  • Ziehe die Setupdatei auf ComboFix.exe und lasse es los.
  • Folge den Aufforderungen um ComboFix zu starten und wenn Du dazu aufgefordert wirst, stimme den Nutzungsbedingungen zu um die Wiederherstellungskonsole zu installieren.
  • Bei der nächsten Eingabeaufforderung, klicke auf "Yes" um den vollständigen Suchlauf von ComboFix zu starten.
  • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in den Thread.

MikeP 16.08.2012 12:50
Ok, danke, werde ich machen.

Vielleicht noch ein Tip, wie ich die Antivir Prozesse killen kann?
Es ist auf normalem Weg ja nur möglich, den Echtzeit Scanner zu deaktivieren.
Falls das nicht ausreicht, müsste ich eine Möglichkeit finden, die Antivir Prozesse zu stoppen.

Gruß MikeP

cosinus 16.08.2012 14:02
Echtzeitscanner deaktivieren reicht, falls Meldungen kommen kann man diese ignorieren

MikeP 17.08.2012 10:26
Die Wiederherstellungskonsole ist leider über den angegebenen Link nicht mehr herunterzuladen. Auch bei einer ausgiebigen Suche auf der MS Supportseite bin ich nicht fündig geworden. Ich vermute, weil WinXP SP2 bereits aus der Wartung ist. Und für SP3 gibt es die Wiederherstellungskonsole wohl nicht.
Also habe ich nun von meiner WinXP Installations CD (SP2) die Wiederherstellungskonsole installiert (und die Warnung, dass meine installierte WinXP Version neuer ist wie die auf der CD ignoriert).

Wie soll ich nun weitermachen? Einfach nochmal einen Combofix Suchlauf machen und das Logfile posten?

Gruß MikeP

cosinus 17.08.2012 20:23
Auman, was hat M$ denn schon wieder für einen Mist gebaut :headbang: die Datei ist wirklich nicht mehr verfügbar :balla:

Starte Windows bitte neu, lade combofix.exe neu runter und mach wie schon o.g. nach Anleitung einen neuen Lauf mit combofix

MikeP 18.08.2012 11:35
OK, habe nun combofix nochmal runtergeladen und erneut ausgeführt. Seltsamerweise meldet combofix, dass keine Wiederherstellungskonsole installiert sei, obwohl ich die nun manuell installiert habe. Den Installationsversuch der Konsole bricht combofix dann auch mit der Fehlermeldung ab, dass die Installationsdateien nicht gefunden werden, da ist combofix wohl auch nicht auf dem neuesten Stand...

Wie auch immer, hier nun das aktuelle Log:

Combofix Logfile:
Code:
ComboFix 12-08-17.03 - Michael 18.08.2012  12:22:10.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1420 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Michael\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-18 bis 2012-08-18  ))))))))))))))))))))))))))))))
.
.
2012-08-17 09:00 . 2012-08-17 09:00        --------        d-----w-        C:\$WIN_NT$.~BT
2012-08-12 10:18 . 2012-08-12 10:18        --------        d-----w-        C:\_OTL
2012-08-06 20:52 . 2012-08-06 20:52        --------        d-----w-        c:\programme\ESET
2012-07-31 16:52 . 2012-07-31 16:52        --------        d-----r-        c:\dokumente und einstellungen\NetworkService\Favoriten
2012-07-21 14:18 . 2012-07-21 14:18        --------        d-sh--w-        c:\dokumente und einstellungen\Michael\PrivacIE
2012-07-19 21:30 . 2008-04-14 02:22        26624        ----a-w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-07-19 20:21 . 2012-07-19 20:21        --------        d-----w-        c:\dokumente und einstellungen\Anja\Lokale Einstellungen\Anwendungsdaten\Apple
2012-07-19 20:18 . 2012-07-19 20:26        --------        d-----w-        c:\dokumente und einstellungen\Anja\Anwendungsdaten\dvdcss
2012-07-19 20:14 . 2012-07-19 20:14        --------        d-----w-        c:\dokumente und einstellungen\Anja\Anwendungsdaten\Garmin
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:35 . 2012-06-13 07:14        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 21:35 . 2012-06-13 07:14        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-03 11:46 . 2012-06-03 13:28        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-02 13:19 . 2007-10-02 18:11        329240        ----a-w-        c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-10-02 18:11        210968        ----a-w-        c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-10-02 18:11        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:20        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:18        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-10-02 18:11        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-10-02 18:11        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:20        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 17:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-02-28 12:00        97304        ----a-w-        c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-10-02 18:11        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-10-02 18:11        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-07-18 20:10 . 2011-03-26 23:55        136672        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-08-14_21.47.25  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-18 10:07 . 2012-08-18 10:07        16384              c:\windows\Temp\Perflib_Perfdata_72c.dat
+ 2012-08-18 10:06 . 2012-08-18 10:06        16384              c:\windows\Temp\Perflib_Perfdata_61c.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]
"nwiz"="nwiz.exe" [2007-02-23 1622016]
"SW20"="c:\windows\system32\sw20.exe" [2006-12-15 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-12-15 217088]
"NvMediaCenter"="NvMCTray.dll" [2007-02-23 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2008-09-05 1794048]
"ColorNavigator 6"="c:\programme\EIZO\ColorNavigator 6 Core\cn6_eacore.exe" [2011-11-15 74240]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"TrojanScanner"="c:\programme\Trojan Remover\Trjscan.exe" [2012-01-23 1238800]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Garmin Lifetime Updater"="c:\programme\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Anja\Startmenü\Programme\Autostart\
ColorNavigator 6.lnk - c:\programme\EIZO\ColorNavigator 6\ColorNavigator 6.exe [2012-1-2 142848]
OpenOffice.org 2.3.lnk - c:\programme\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\dokumente und einstellungen\Michael\Startmenü\Programme\Autostart\
ColorNavigator 6.lnk - c:\programme\EIZO\ColorNavigator 6\ColorNavigator 6.exe [2012-1-2 142848]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\EIZO\\ColorNavigator 6 Core\\cn6_eacore.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [03.01.2012 11:46 36000]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.09.2008 13:03 169312]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [03.01.2012 11:46 86224]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 10:14 87344]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [03.06.2012 15:28 655944]
R2 vmserverdWin32;VMware Registration Service;c:\programme\VMware\VMware Server\vmserverdWin32.exe [06.09.2007 15:40 1650781]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [18.05.2009 09:50 265088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.06.2012 15:28 22344]
R3 X-Rite;X-Rite USB Service;c:\windows\system32\drivers\XrUsb.sys [02.01.2012 17:34 18168]
S2 DirMngr;DirMngr;c:\programme\GNU\GnuPG\dirmngr.exe [02.03.2011 17:20 224256]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13.06.2012 09:14 250056]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [18.05.2009 09:50 4352]
S3 DigiCellDriver;DigiCellDriver;c:\programme\MSI\DualCoreCenter\NTGLM7X.sys [02.10.2007 22:50 27648]
S3 DT T-Sinus 130data(R);DT T-Sinus 130data(R) Service for T-Sinus 130data;c:\windows\system32\drivers\dtusbxp.sys [02.10.2007 23:05 87552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [07.05.2012 17:45 113120]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [06.11.2007 13:08 12288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 12:11        451872        ----a-w-        c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 21:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web.de/
uInternet Settings,ProxyOverride = fritz.box
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\hv8isadc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - http:\\\\web.de
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-18 12:26
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3752)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-08-18  12:27:32
ComboFix-quarantined-files.txt  2012-08-18 10:27
ComboFix2.txt  2012-08-14 21:48
.
Vor Suchlauf: 9 Verzeichnis(se), 30.839.816.192 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 30.840.307.712 Bytes frei
.
- - End Of File - - 0CBC6B45A314B8D3B3EBD1A0972FFF94
--- --- ---


Gruß MikeP

cosinus 18.08.2012 14:07
Ja, das haut nicht mehr mit der WHK, liegt leider an Micro$oft, die eine Datei von ihrem Server entfernt haben :(

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

MikeP 19.08.2012 19:57
Ok, hier nun die aktuellen Logs.

GMER

Code:
GMER Logfile:

       
Code:

       
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-19 16:10:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 SAMSUNG_HD501LJ rev.CR100-10
Running: jt1rszjs.exe; Driver: C:\DOKUME~1\Michael\LOKALE~1\Temp\kwrcapow.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  BA72F944                                                                      ZwClose
SSDT                                                                                                                                  BA72F8FE                                                                      ZwCreateKey
SSDT                                                                                                                                  BA72F94E                                                                      ZwCreateSection
SSDT                                                                                                                                  BA72F8F4                                                                      ZwCreateThread
SSDT                                                                                                                                  BA72F903                                                                      ZwDeleteKey
SSDT                                                                                                                                  BA72F90D                                                                      ZwDeleteValueKey
SSDT                                                                                                                                  BA72F93F                                                                      ZwDuplicateObject
SSDT                                                                                                                                  BA72F912                                                                      ZwLoadKey
SSDT                                                                                                                                  BA72F8E0                                                                      ZwOpenProcess
SSDT                                                                                                                                  BA72F8E5                                                                      ZwOpenThread
SSDT                                                                                                                                  BA72F967                                                                      ZwQueryValueKey
SSDT                                                                                                                                  BA72F91C                                                                      ZwReplaceKey
SSDT                                                                                                                                  BA72F958                                                                      ZwRequestWaitReplyPort
SSDT                                                                                                                                  BA72F917                                                                      ZwRestoreKey
SSDT                                                                                                                                  BA72F953                                                                      ZwSetContextThread
SSDT                                                                                                                                  BA72F95D                                                                      ZwSetSecurityObject
SSDT                                                                                                                                  BA72F908                                                                      ZwSetValueKey
SSDT                                                                                                                                  BA72F962                                                                      ZwSystemDebugControl
SSDT                                                                                                                                  BA72F8EF                                                                      ZwTerminateProcess
SSDT                                                                                                                                  \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)  ZwOpenKey [0x804D70D1]
SSDT                                                                                                                                  \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70D1]                    ZwOpenKey [0x804D70D1]

INT 0x03                                                                                                                              \WINDOWS\system32\ntkrnlpa.exe[unknown section]                               804D70DB

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                      section is writeable [0xB9045360, 0x2BAB3D, 0xE8000020]
.text                                                                                                                                 C:\WINDOWS\system32\drivers\aksfridge.sys                                     section is writeable [0xB42A8000, 0x47E35, 0xE0000020]
.init                                                                                                                                 C:\WINDOWS\system32\drivers\aksfridge.sys                                     entry point in ".init" section [0xB42FC224]
.init                                                                                                                                 C:\WINDOWS\system32\drivers\aksfridge.sys                                     unknown last code section [0xB42FC000, 0x4000, 0xE20000E0]
.text                                                                                                                                 C:\WINDOWS\system32\DRIVERS\atksgt.sys                                        section is writeable [0xB427E300, 0x22020, 0xE8000020]
.text                                                                                                                                 C:\WINDOWS\system32\drivers\hardlock.sys                                      section is writeable [0xB40FE400, 0x6E6E2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB4188820]  C:\WINDOWS\system32\drivers\hardlock.sys                                      entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB4188820]
.protect˙˙˙˙hardlockunknown last code section [0xB4188600, 0x512A, 0xE0000020]                                                        C:\WINDOWS\system32\drivers\hardlock.sys                                      unknown last code section [0xB4188600, 0x512A, 0xE0000020]
.text                                                                                                                                 C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                        section is writeable [0xBA3C8300, 0x1B7E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                \Driver\usbhub \Device\00000083                                               hcmon.sys (VMware USB monitor/VMware, Inc.)
Device                                                                                                                                \Driver\usbhub \Device\00000084                                               hcmon.sys (VMware USB monitor/VMware, Inc.)
Device                                                                                                                                \Driver\usbhub \Device\00000085                                               hcmon.sys (VMware USB monitor/VMware, Inc.)
Device                                                                                                                                \Driver\usbhub \Device\00000086                                               hcmon.sys (VMware USB monitor/VMware, Inc.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk0\DR0                                            aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk1\DR1                                            aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device                                                                                                                                \Driver\usbohci \Device\USBFDO-0                                              hcmon.sys (VMware USB monitor/VMware, Inc.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk2\DP(1)0-0+a                                     aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk2\DR6                                            aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device                                                                                                                                \Driver\usbehci \Device\USBFDO-1                                              hcmon.sys (VMware USB monitor/VMware, Inc.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk3\DP(1)0-0+b                                     aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk3\DR7                                            aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk4\DP(1)0-0+c                                     aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk4\DR8                                            aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk5\DP(1)0-0+d                                     aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device                                                                                                                                \Driver\Disk \Device\Harddisk5\DR9                                            aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice                                                                                                                        \FileSystem\Fastfat \Fat                                                      fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---
OSAM

Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:18:36 on 19.08.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Michael\LOKALE~1\Temp\catchme.sys  (File not found)
"CBN" (CBN) - "MARX Datentechnik GmbH " - C:\WINDOWS\System32\Drivers\CBN.SYS
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DigiCellDriver" (DigiCellDriver) - "MICRO-STAR INT'L CO., LTD." - C:\Programme\MSI\DualCoreCenter\NTGLM7X.sys
"DT T-Sinus 130data(R) Service for T-Sinus 130data" (DT T-Sinus 130data(R)) - "Deutsche Telekom" - C:\WINDOWS\System32\DRIVERS\dtusbxp.sys
"GMSIPCI" (GMSIPCI) - ? - G:\INSTALL\GMSIPCI.SYS  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kwrcapow" (kwrcapow) - ? - C:\DOKUME~1\Michael\LOKALE~1\Temp\kwrcapow.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"MSICPL" (MSICPL) - ? - G:\install4\MSICPL.sys  (File not found)
"NTACCESS" (NTACCESS) - ? - G:\NTACCESS.sys  (File not found)
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"PCANDIS5 Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SetupNTGLM7X" (SetupNTGLM7X) - ? - G:\NTGLM7X.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"VMware Bridge Protocol" (VMnetBridge) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\hcmon.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\WINDOWS\system32\drivers\vmnetuserif.sys
"VMware VMparport" (VMparport) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\VMparport.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmx86.sys
"Vstor2 Virtual Storage Driver" (vstor2) - "VMware, Inc." - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"X-Rite USB Service" (X-Rite) - "X-Rite, Inc." - C:\WINDOWS\System32\DRIVERS\XrUsb.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8EF5DC20-419C-4E43-A088-DE5B5625CA47} "CDR Column Provider" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{F9633464-9E18-4C06-9D3A-E131C036A9FA} "CDR Property Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{7DDDBFE0-09C4-4680-9E13-8CE7D00EDE57} "CDR Property Sheet" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{7DDDBFE2-09C4-4680-9E13-8CE7D00EDE57} "CMX Property Sheet" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - C:\Programme\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{F9633465-9E18-4C06-9D3A-E131C036A9FA} "CPT Property Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{7DDDBFE1-09C4-4680-9E13-8CE7D00EDE57} "CPT Property Sheet" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~2\Trshlex.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
InCDUdfPerm extension "{B3D9AEDE-B2C3-406d-A254-6BE07767B08B}" - ? -   (File not found | COM-object registry key not found)
InCDShellExt extension "{CAE3251E-9B15-4810-B268-852AD9792A59}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"ColorNavigator 6.lnk" - ? - C:\Programme\EIZO\ColorNavigator 6\ColorNavigator 6.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"AVMWlanClient" - "AVM Berlin" - C:\Programme\avmwlanstick\wlangui.exe
"ColorNavigator 6" - ? - "C:\Programme\EIZO\ColorNavigator 6 Core\cn6_eacore.exe"  (File found, but it contains no detailed information)
"Garmin Lifetime Updater" - "Garmin" - C:\Programme\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"SW20" - ? - C:\WINDOWS\system32\sw20.exe
"SW24" - ? - C:\WINDOWS\system32\sw24.exe  (File found, but it contains no detailed information)
"TrojanScanner" - "Simply Super Software" - C:\Programme\Trojan Remover\Trjscan.exe /boot
"WinSys2" - "TODO: <Company name>" - C:\WINDOWS\system32\winsys2.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Active File Monitor V7" (AdobeActiveFileMonitor7.0) - "Adobe Systems Incorporated" - C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Programme\avmwlanstick\WlanNetService.exe
"C-DillaCdaC11BA" (C-DillaCdaC11BA) - "C-Dilla Ltd" - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
"DirMngr" (DirMngr) - ? - C:\Programme\GNU\GnuPG\dirmngr.exe  (File found, but it contains no detailed information)
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Programme\VMware\VMware Server\vmware-authd.exe
"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\WINDOWS\system32\vmnetdhcp.exe
"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\WINDOWS\system32\vmnat.exe
"VMware Registration Service" (vmserverdWin32) - "VMware, Inc." - C:\Programme\VMware\VMware Server\vmserverdWin32.exe
"VMware Virtual Mount Manager Extended" (vmount2) - "VMware, Inc." - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Hua SoftWare (www.21hua.com)" - C:\WINDOWS\system32\SANTOR~1.SCR
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 16:21:42
-----------------------------
16:21:42.531    OS Version: Windows 5.1.2600 Service Pack 3
16:21:42.531    Number of processors: 2 586 0xF0B
16:21:42.531    ComputerName: DEEPBLUE  UserName: Michael
16:21:42.781    Initialize success
16:25:00.578    AVAST engine defs: 12081900
16:26:04.796    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
16:26:04.796    Disk 0 Vendor: SAMSUNG_HD501LJ CR100-10 Size: 476940MB BusType: 3
16:26:04.796    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-22
16:26:04.796    Disk 1 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 3
16:26:04.828    Disk 0 MBR read successfully
16:26:04.828    Disk 0 MBR scan
16:26:04.859    Disk 0 Windows XP default MBR code
16:26:04.859    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76897 MB offset 63
16:26:04.859    Disk 0 Partition - 00    0F Extended LBA            400032 MB offset 157485195
16:26:04.875    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      200012 MB offset 157485258
16:26:04.875    Disk 0 Partition - 00    05    Extended            200020 MB offset 567110565
16:26:04.890    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      200020 MB offset 567110628
16:26:04.890    Disk 0 scanning sectors +976752000
16:26:04.953    Disk 0 scanning C:\WINDOWS\system32\drivers
16:26:15.406    Service scanning
16:26:23.078    Modules scanning
16:27:03.500    Disk 0 trace - called modules:
16:27:03.546    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:27:03.546    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a66cab8]
16:27:03.546    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8a66e9e8]
16:27:03.546    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8a701d98]
16:27:03.812    AVAST engine scan C:\WINDOWS
16:28:08.578    AVAST engine scan C:\WINDOWS\system32
16:37:01.078    AVAST engine scan C:\WINDOWS\system32\drivers
16:37:58.125    AVAST engine scan C:\Dokumente und Einstellungen\Michael
16:42:52.031    AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:45:11.484    Scan finished successfully
16:45:46.578    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Michael\Desktop\MBR.dat"
16:45:46.578    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Michael\Desktop\aswMBR.txt"
Gruß MikeP

cosinus 20.08.2012 21:31
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:08 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131