Trojaner-Board - Trojaner: weißer Bildschirm "Bitte warten Sie während die Verbindung hergestellt wird"

Hallo Arne,

hier kommt der Inhalt der OTL.txt:

OTL Logfile:

Code:

OTL logfile created on: 21.06.2012 00:12:18 - Run 1

OTL by OldTimer - Version 3.2.49.0     Folder = C:\Dokumente und Einstellungen\Dargel\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

447,48 Mb Total Physical Memory | 262,21 Mb Available Physical Memory | 58,60% Memory free

1,03 Gb Paging File | 0,91 Gb Available in Paging File | 88,29% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 19,53 Gb Total Space | 10,46 Gb Free Space | 53,54% Space Free | Partition Type: NTFS

Drive D: | 56,79 Gb Total Space | 26,94 Gb Free Space | 47,45% Space Free | Partition Type: NTFS

 

Computer Name: SHUTTLE | User Name: Dargel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.19 16:05:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dargel\Desktop\OTL.exe

PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010.01.24 18:32:07 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2007.01.30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Programme\FinePixViewer\QuickDCF2.exe

PRC - [2004.09.16 12:39:44 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU

MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2007.02.16 20:01:00 | 000,081,920 | ---- | M] () -- C:\Programme\FinePixViewer\wia_register_event.dll

MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.06.12 23:16:07 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009.09.04 17:48:58 | 000,049,170 | ---- | M] (Fortinet Inc.) [Auto | Stopped] -- C:\Programme\Fortinet\FortiClient\scheduler.exe -- (FA_Scheduler)

SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcam.sys -- (DCamUSBNW802)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2009.05.25 11:04:12 | 000,033,312 | ---- | M] (Fortinet Inc) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fortishield.sys -- (FortiShield)

DRV - [2009.05.25 11:04:10 | 000,046,112 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fortirmon.sys -- (FARegMon)

DRV - [2009.05.25 11:04:10 | 000,029,728 | ---- | M] (Fortinet Inc) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\FortiRdr.sys -- (FortiRdr)

DRV - [2009.05.25 11:04:08 | 000,119,712 | ---- | M] (Fortinet Inc) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fortipfw.sys -- (FortiPFW)

DRV - [2009.05.25 11:04:06 | 000,038,432 | ---- | M] (Fortinet Inc) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fortimon2.sys -- (FAFileMon)

DRV - [2005.07.06 10:36:44 | 000,102,912 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etFilter.sys -- (FiltUSBET)

DRV - [2005.07.01 16:14:34 | 000,005,760 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etScan.sys -- (ScanUSBET)

DRV - [2005.07.01 16:14:22 | 000,088,704 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etDevice.sys -- (DCamUSBET)

DRV - [2005.02.11 10:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)

DRV - [2005.02.11 10:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)

DRV - [2005.02.11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)

DRV - [2004.09.21 11:53:18 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2002.12.27 12:41:00 | 000,026,880 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)

DRV - [2002.04.01 17:47:42 | 000,045,312 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1993962763-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1993962763-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1993962763-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:2.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.16 21:37:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.03.16 21:37:46 | 000,000,000 | ---D | M]

 

[2009.07.27 23:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Mozilla\Extensions

[2012.06.16 19:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Mozilla\Firefox\Profiles\hba7gekd.default\extensions

[2012.04.14 18:36:37 | 000,000,000 | ---D | M] (Stealthy) -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Mozilla\Firefox\Profiles\hba7gekd.default\extensions\stealthyextension@gmail.com

[2012.04.14 18:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Mozilla\Firefox\Profiles\hba7gekd.default\extensions\stealthyextension@gmail.com\chrome

[2012.04.14 18:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Mozilla\Firefox\Profiles\hba7gekd.default\extensions\stealthyextension@gmail.com\components

[2012.06.16 19:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.07.05 22:58:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.07.05 22:58:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2011.11.14 00:33:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.14 00:33:24 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.14 00:33:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.14 00:33:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.14 00:33:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.06.04 07:22:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ExifLauncher2.lnk = C:\Programme\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AB88F51-8C06-4B30-8C90-D303A313E7D6}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1993962763-1935655697-839522115-1003 Winlogon: Shell - (c:\dokumente und einstellungen\dargel\anwendungsdaten\winarchiver.exe) -  File not found

O20 - HKU\S-1-5-21-1993962763-1935655697-839522115-1003 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {Sfl6IjRn-vQaw-O9Ad-8r0V-rJqDEF0Tul98} - 

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.JPGL - C:\WINDOWS\jpgl.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.21 00:05:38 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dargel\Desktop\OTL.exe

[2012.06.16 19:35:15 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.06.12 23:35:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Malwarebytes

[2012.06.12 23:35:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware

[2012.06.12 23:35:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.06.12 23:35:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.06.12 23:35:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes_Anti-Malware

[2012.06.12 23:33:27 | 000,000,000 | ---D | C] -- C:\temp

[2012.06.04 07:22:51 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe

[2012.06.04 07:22:49 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.06.03 20:12:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.20 23:47:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.06.20 23:47:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.06.19 16:05:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dargel\Desktop\OTL.exe

[2012.06.16 23:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.06.12 23:35:40 | 000,000,749 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.12 23:35:40 | 000,000,749 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2011.09.01 00:57:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\jpgl.dll

[2011.09.01 00:57:49 | 000,032,768 | ---- | C] () -- C:\WINDOWS\div_iyuv.dll

[2010.10.02 17:26:24 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2010.10.02 17:26:03 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat

[2010.10.02 17:25:56 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

 
 ========== LOP Check ==========

 

[2010.01.29 21:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Applications

[2009.07.30 17:02:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2009.07.28 00:40:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay

[2011.06.18 19:15:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp

[2010.07.13 20:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009.11.22 21:13:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009.07.30 17:30:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Canon

[2009.08.03 00:04:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\FUJIFILM

[2010.04.07 11:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\WordToPDF

[2010.04.07 09:59:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\XnView

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.06.16 19:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Adobe

[2010.09.15 00:55:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Apple Computer

[2009.07.30 17:30:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Canon

[2011.07.17 20:03:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\dvdcss

[2009.08.03 00:04:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\FUJIFILM

[2010.10.07 00:22:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Help

[2009.07.24 09:33:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Identities

[2009.08.02 23:49:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\InstallShield

[2009.08.07 13:25:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Macromedia

[2012.06.12 23:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Malwarebytes

[2012.01.07 19:35:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Microsoft

[2009.07.27 23:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Mozilla

[2010.01.24 18:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Real

[2012.06.19 01:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Skype

[2009.10.27 16:31:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\Sun

[2011.10.05 18:46:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\vlc

[2009.07.24 10:00:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\WinRAR

[2010.04.07 11:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\WordToPDF

[2010.04.07 09:59:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dargel\Anwendungsdaten\XnView

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\dllcache\user32.dll

[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes_Anti-Malware\Chameleon\winlogon.exe

[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2009.07.24 11:04:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2009.07.24 11:04:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2009.07.24 11:04:28 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

Wie geht's nun weiter? Kann der Rechner wieder uneingeschränkt genutzt werden?

Gruß, Andy

Hallo Arne,

hier der Inhalt des Log-Files vom TDSS-Killer-Scan:

Code:

17:49:28.0921 3824        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

17:49:29.0000 3824        ============================================================

17:49:29.0015 3824        Current date / time: 2012/06/22 17:49:29.0000

17:49:29.0015 3824        SystemInfo:

17:49:29.0015 3824        

17:49:29.0015 3824        OS Version: 5.1.2600 ServicePack: 2.0

17:49:29.0015 3824        Product type: Workstation

17:49:29.0015 3824        ComputerName: SHUTTLE

17:49:29.0015 3824        UserName: Dargel

17:49:29.0015 3824        Windows directory: C:\WINDOWS

17:49:29.0015 3824        System windows directory: C:\WINDOWS

17:49:29.0015 3824        Processor architecture: Intel x86

17:49:29.0015 3824        Number of processors: 1

17:49:29.0015 3824        Page size: 0x1000

17:49:29.0015 3824        Boot type: Normal boot

17:49:29.0015 3824        ============================================================

17:49:35.0156 3824        Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:49:35.0156 3824        ============================================================

17:49:35.0156 3824        \Device\Harddisk0\DR0:

17:49:35.0156 3824        MBR partitions:

17:49:35.0156 3824        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637

17:49:35.0171 3824        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x7192A76

17:49:35.0171 3824        ============================================================

17:49:35.0218 3824        D: <-> \Device\Harddisk0\DR0\Partition1

17:49:35.0250 3824        C: <-> \Device\Harddisk0\DR0\Partition0

17:49:35.0265 3824        ============================================================

17:49:35.0265 3824        Initialize success

17:49:35.0265 3824        ============================================================

17:50:31.0781 3956        ============================================================

17:50:31.0781 3956        Scan started

17:50:31.0781 3956        Mode: Manual; SigCheck; TDLFS; 

17:50:31.0781 3956        ============================================================

17:50:32.0468 3956        Abiosdsk - ok

17:50:32.0500 3956        abp480n5 - ok

17:50:32.0812 3956        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:50:34.0296 3956        ACPI - ok

17:50:34.0312 3956        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:50:34.0546 3956        ACPIEC - ok

17:50:34.0609 3956        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:50:34.0625 3956        AdobeFlashPlayerUpdateSvc - ok

17:50:34.0656 3956        adpu160m - ok

17:50:34.0703 3956        aec             (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

17:50:34.0937 3956        aec - ok

17:50:34.0968 3956        AFD             (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

17:50:35.0234 3956        AFD - ok

17:50:35.0265 3956        Aha154x - ok

17:50:35.0281 3956        aic78u2 - ok

17:50:35.0312 3956        aic78xx - ok

17:50:35.0453 3956        ALCXWDM         (292ce6f164008e825d71c07fd0265943) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

17:50:35.0687 3956        ALCXWDM - ok

17:50:35.0781 3956        Alerter         (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll

17:50:36.0000 3956        Alerter - ok

17:50:36.0031 3956        ALG             (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe

17:50:36.0140 3956        ALG - ok

17:50:36.0171 3956        AliIde - ok

17:50:36.0187 3956        AmdK7           (fbf9ffb0b638df1448821bd0aceeb780) C:\WINDOWS\system32\DRIVERS\amdk7.sys

17:50:36.0421 3956        AmdK7 - ok

17:50:36.0437 3956        amsint - ok

17:50:36.0546 3956        Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:50:36.0578 3956        Apple Mobile Device - ok

17:50:36.0625 3956        AppMgmt         (becd5328e7869807d6557be4fe60c72f) C:\WINDOWS\System32\appmgmts.dll

17:50:36.0718 3956        AppMgmt - ok

17:50:36.0734 3956        Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:50:36.0968 3956        Arp1394 - ok

17:50:36.0984 3956        asc - ok

17:50:37.0000 3956        asc3350p - ok

17:50:37.0031 3956        asc3550 - ok

17:50:37.0062 3956        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:50:37.0296 3956        AsyncMac - ok

17:50:37.0343 3956        atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:50:37.0562 3956        atapi - ok

17:50:37.0578 3956        Atdisk - ok

17:50:37.0609 3956        Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:50:37.0843 3956        Atmarpc - ok

17:50:37.0875 3956        AudioSrv        (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll

17:50:38.0109 3956        AudioSrv - ok

17:50:38.0125 3956        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:50:38.0359 3956        audstub - ok

17:50:38.0406 3956        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:50:38.0625 3956        Beep - ok

17:50:38.0687 3956        BITS            (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll

17:50:38.0968 3956        BITS - ok

17:50:39.0062 3956        Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Programme\Bonjour\mDNSResponder.exe

17:50:39.0093 3956        Bonjour Service - ok

17:50:39.0140 3956        Browser         (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll

17:50:39.0390 3956        Browser - ok

17:50:39.0437 3956        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:50:39.0671 3956        cbidf2k - ok

17:50:39.0703 3956        CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:50:40.0031 3956        CCDECODE - ok

17:50:40.0062 3956        cd20xrnt - ok

17:50:40.0093 3956        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:50:40.0343 3956        Cdaudio - ok

17:50:40.0375 3956        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

17:50:40.0625 3956        Cdfs - ok

17:50:40.0656 3956        Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:50:40.0921 3956        Cdrom - ok

17:50:40.0937 3956        Changer - ok

17:50:40.0968 3956        CiSvc           (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe

17:50:41.0187 3956        CiSvc - ok

17:50:41.0234 3956        ClipSrv         (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe

17:50:41.0484 3956        ClipSrv - ok

17:50:41.0500 3956        CmdIde - ok

17:50:41.0515 3956        COMSysApp - ok

17:50:41.0562 3956        Cpqarray - ok

17:50:41.0609 3956        CryptSvc        (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll

17:50:41.0828 3956        CryptSvc - ok

17:50:41.0843 3956        dac2w2k - ok

17:50:41.0859 3956        dac960nt - ok

17:50:41.0906 3956        DCamUSBET       (040e114b9952b96dbd147cba10831b8f) C:\WINDOWS\system32\DRIVERS\etDevice.sys

17:50:41.0921 3956        DCamUSBET ( UnsignedFile.Multi.Generic ) - warning

17:50:41.0937 3956        DCamUSBET - detected UnsignedFile.Multi.Generic (1)

17:50:41.0937 3956        DCamUSBNW802 - ok

17:50:42.0015 3956        DcomLaunch      (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll

17:50:42.0296 3956        DcomLaunch - ok

17:50:42.0343 3956        Dhcp            (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll

17:50:42.0562 3956        Dhcp - ok

17:50:42.0625 3956        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

17:50:42.0875 3956        Disk - ok

17:50:42.0890 3956        dmadmin - ok

17:50:42.0968 3956        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys

17:50:43.0250 3956        dmboot - ok

17:50:43.0281 3956        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys

17:50:43.0531 3956        dmio - ok

17:50:43.0562 3956        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:50:43.0812 3956        dmload - ok

17:50:43.0859 3956        dmserver        (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll

17:50:44.0093 3956        dmserver - ok

17:50:44.0140 3956        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

17:50:44.0359 3956        DMusic - ok

17:50:44.0390 3956        Dnscache        (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll

17:50:44.0625 3956        Dnscache - ok

17:50:44.0640 3956        dpti2o - ok

17:50:44.0687 3956        drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

17:50:44.0906 3956        drmkaud - ok

17:50:44.0921 3956        ERSvc           (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll

17:50:45.0171 3956        ERSvc - ok

17:50:45.0203 3956        Eventlog        (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe

17:50:45.0437 3956        Eventlog - ok

17:50:45.0500 3956        EventSystem     (4e1a8645ee77cb9454ffe53c59620a25) C:\WINDOWS\system32\es.dll

17:50:45.0750 3956        EventSystem - ok

17:50:45.0781 3956        FAFileMon       (0686aa1d84798c21e6010ac285c107a7) C:\WINDOWS\system32\drivers\fortimon2.sys

17:50:45.0828 3956        FAFileMon - ok

17:50:45.0859 3956        FARegMon        (383966410c4fcb90335502eb8b21167d) C:\WINDOWS\system32\drivers\fortirmon.sys

17:50:45.0875 3956        FARegMon - ok

17:50:45.0906 3956        Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

17:50:46.0156 3956        Fastfat - ok

17:50:46.0203 3956        FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll

17:50:46.0421 3956        FastUserSwitchingCompatibility - ok

17:50:46.0531 3956        FA_Scheduler    (a889905fc7d58f8d5197ce59bdd3939d) C:\Programme\Fortinet\FortiClient\scheduler.exe

17:50:46.0546 3956        FA_Scheduler ( UnsignedFile.Multi.Generic ) - warning

17:50:46.0546 3956        FA_Scheduler - detected UnsignedFile.Multi.Generic (1)

17:50:46.0578 3956        Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:50:46.0828 3956        Fdc - ok

17:50:46.0875 3956        FiltUSBET       (1cf51c5b0ca1cb656d67c242c7a0207e) C:\WINDOWS\system32\DRIVERS\etFilter.sys

17:50:46.0906 3956        FiltUSBET ( UnsignedFile.Multi.Generic ) - warning

17:50:46.0906 3956        FiltUSBET - detected UnsignedFile.Multi.Generic (1)

17:50:46.0937 3956        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys

17:50:47.0187 3956        Fips - ok

17:50:47.0218 3956        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:50:47.0453 3956        Flpydisk - ok

17:50:47.0562 3956        FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:50:47.0796 3956        FltMgr - ok

17:50:47.0828 3956        FortiPFW        (c4074c34293f0d30d2ccdf7d16477092) C:\WINDOWS\system32\drivers\FortiPFW.sys

17:50:47.0843 3956        FortiPFW - ok

17:50:47.0890 3956        FortiRdr        (42f3a6c2b4134f029c2cbcfba8ef4a6f) C:\WINDOWS\system32\drivers\FortiRdr.sys

17:50:47.0890 3956        FortiRdr - ok

17:50:47.0921 3956        FortiShield     (8d4696aad3cd30fb4811283bf14851f9) C:\WINDOWS\system32\drivers\fortishield.sys

17:50:47.0921 3956        FortiShield - ok

17:50:47.0953 3956        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:50:48.0187 3956        Fs_Rec - ok

17:50:48.0218 3956        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:50:48.0453 3956        Ftdisk - ok

17:50:48.0515 3956        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:50:48.0531 3956        GEARAspiWDM - ok

17:50:48.0562 3956        Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:50:48.0796 3956        Gpc - ok

17:50:48.0921 3956        helpsvc         (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:50:49.0125 3956        helpsvc - ok

17:50:49.0156 3956        HidServ - ok

17:50:49.0203 3956        HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:50:49.0406 3956        HidUsb - ok

17:50:49.0421 3956        hpn - ok

17:50:49.0468 3956        HTTP            (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

17:50:49.0703 3956        HTTP - ok

17:50:49.0734 3956        HTTPFilter      (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll

17:50:49.0953 3956        HTTPFilter - ok

17:50:49.0968 3956        i2omgmt - ok

17:50:49.0984 3956        i2omp - ok

17:50:50.0031 3956        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:50:50.0265 3956        i8042prt - ok

17:50:50.0312 3956        Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:50:50.0531 3956        Imapi - ok

17:50:50.0578 3956        ImapiService    (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe

17:50:50.0828 3956        ImapiService - ok

17:50:50.0859 3956        ini910u - ok

17:50:50.0890 3956        IntelIde - ok

17:50:50.0921 3956        Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:50:51.0140 3956        Ip6Fw - ok

17:50:51.0171 3956        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:50:51.0406 3956        IpFilterDriver - ok

17:50:51.0437 3956        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:50:51.0656 3956        IpInIp - ok

17:50:51.0703 3956        IpNat           (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:50:51.0906 3956        IpNat - ok

17:50:52.0000 3956        iPod Service    (8f610078437a459948480407f4db91ea) C:\Programme\iPod\bin\iPodService.exe

17:50:52.0046 3956        iPod Service - ok

17:50:52.0093 3956        IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:50:52.0296 3956        IPSec - ok

17:50:52.0328 3956        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:50:52.0406 3956        IRENUM - ok

17:50:52.0453 3956        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:50:52.0671 3956        isapnp - ok

17:50:52.0750 3956        JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe

17:50:52.0781 3956        JavaQuickStarterService - ok

17:50:52.0828 3956        k750bus         (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys

17:50:52.0859 3956        k750bus - ok

17:50:52.0906 3956        k750mdfl        (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys

17:50:52.0968 3956        k750mdfl - ok

17:50:52.0984 3956        k750mdm         (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys

17:50:53.0015 3956        k750mdm - ok

17:50:53.0062 3956        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:50:53.0281 3956        Kbdclass - ok

17:50:53.0328 3956        kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

17:50:53.0578 3956        kmixer - ok

17:50:53.0609 3956        KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

17:50:53.0828 3956        KSecDD - ok

17:50:53.0875 3956        lanmanserver    (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll

17:50:54.0093 3956        lanmanserver - ok

17:50:54.0156 3956        lanmanworkstation (36d74668f5448d55887fa3958488dc06) C:\WINDOWS\System32\wkssvc.dll

17:50:54.0390 3956        lanmanworkstation - ok

17:50:54.0390 3956        lbrtfdc - ok

17:50:54.0468 3956        LmHosts         (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll

17:50:54.0671 3956        LmHosts - ok

17:50:54.0765 3956        MDM             (44ce5579514334b801eed77e8c618cd8) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

17:50:54.0796 3956        MDM ( UnsignedFile.Multi.Generic ) - warning

17:50:54.0796 3956        MDM - detected UnsignedFile.Multi.Generic (1)

17:50:54.0843 3956        Messenger       (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll

17:50:55.0078 3956        Messenger - ok

17:50:55.0125 3956        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:50:55.0296 3956        mnmdd - ok

17:50:55.0343 3956        mnmsrvc         (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe

17:50:55.0546 3956        mnmsrvc - ok

17:50:55.0578 3956        Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys

17:50:55.0796 3956        Modem - ok

17:50:55.0812 3956        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:50:56.0015 3956        Mouclass - ok

17:50:56.0062 3956        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:50:56.0265 3956        mouhid - ok

17:50:56.0312 3956        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

17:50:56.0531 3956        MountMgr - ok

17:50:56.0562 3956        mraid35x - ok

17:50:56.0593 3956        MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:50:56.0796 3956        MRxDAV - ok

17:50:56.0859 3956        MRxSmb          (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:50:57.0078 3956        MRxSmb - ok

17:50:57.0125 3956        MSDTC           (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe

17:50:57.0328 3956        MSDTC - ok

17:50:57.0359 3956        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

17:50:57.0546 3956        Msfs - ok

17:50:57.0578 3956        MSIServer - ok

17:50:57.0625 3956        MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:50:57.0828 3956        MSKSSRV - ok

17:50:57.0859 3956        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:50:58.0062 3956        MSPCLOCK - ok

17:50:58.0093 3956        MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

17:50:58.0328 3956        MSPQM - ok

17:50:58.0375 3956        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:50:58.0578 3956        mssmbios - ok

17:50:58.0609 3956        MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

17:50:58.0828 3956        MSTEE - ok

17:50:58.0875 3956        Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

17:50:59.0078 3956        Mup - ok

17:50:59.0125 3956        NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:50:59.0328 3956        NABTSFEC - ok

17:50:59.0375 3956        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

17:50:59.0609 3956        NDIS - ok

17:50:59.0656 3956        NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:50:59.0875 3956        NdisIP - ok

17:50:59.0906 3956        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:51:00.0125 3956        NdisTapi - ok

17:51:00.0171 3956        Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:51:00.0375 3956        Ndisuio - ok

17:51:00.0421 3956        NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:51:00.0656 3956        NdisWan - ok

17:51:00.0687 3956        NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

17:51:00.0906 3956        NDProxy - ok

17:51:00.0937 3956        NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:51:01.0140 3956        NetBIOS - ok

17:51:01.0234 3956        NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:51:01.0453 3956        NetBT - ok

17:51:01.0484 3956        NetDDE          (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe

17:51:01.0734 3956        NetDDE - ok

17:51:01.0750 3956        NetDDEdsdm      (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe

17:51:01.0937 3956        NetDDEdsdm - ok

17:51:01.0968 3956        Netlogon        (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

17:51:02.0187 3956        Netlogon - ok

17:51:02.0234 3956        Netman          (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll

17:51:02.0453 3956        Netman - ok

17:51:02.0484 3956        NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:51:02.0687 3956        NIC1394 - ok

17:51:02.0734 3956        Nla             (b36e08f680bae4dfc5c24d00a2dfc9e7) C:\WINDOWS\System32\mswsock.dll

17:51:02.0953 3956        Nla - ok

17:51:02.0984 3956        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

17:51:03.0187 3956        Npfs - ok

17:51:03.0250 3956        Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

17:51:03.0468 3956        Ntfs - ok

17:51:03.0484 3956        NtLmSsp         (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

17:51:03.0687 3956        NtLmSsp - ok

17:51:03.0812 3956        NtmsSvc         (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll

17:51:04.0187 3956        NtmsSvc - ok

17:51:04.0203 3956        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:51:04.0375 3956        Null - ok

17:51:04.0437 3956        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:51:04.0640 3956        NwlnkFlt - ok

17:51:04.0718 3956        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:51:04.0890 3956        NwlnkFwd - ok

17:51:05.0046 3956        ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:51:05.0250 3956        ohci1394 - ok

17:51:05.0515 3956        Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys

17:51:05.0734 3956        Parport - ok

17:51:05.0796 3956        PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

17:51:05.0984 3956        PartMgr - ok

17:51:06.0000 3956        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

17:51:06.0187 3956        ParVdm - ok

17:51:06.0328 3956        PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys

17:51:06.0562 3956        PCI - ok

17:51:06.0562 3956        PCIDump - ok

17:51:06.0593 3956        PCIIde - ok

17:51:06.0781 3956        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:51:07.0031 3956        Pcmcia - ok

17:51:07.0046 3956        PDCOMP - ok

17:51:07.0062 3956        PDFRAME - ok

17:51:07.0093 3956        PDRELI - ok

17:51:07.0109 3956        PDRFRAME - ok

17:51:07.0140 3956        perc2 - ok

17:51:07.0156 3956        perc2hib - ok

17:51:07.0265 3956        PlugPlay        (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe

17:51:07.0484 3956        PlugPlay - ok

17:51:07.0484 3956        PolicyAgent     (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

17:51:07.0656 3956        PolicyAgent - ok

17:51:07.0703 3956        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:51:07.0890 3956        PptpMiniport - ok

17:51:07.0890 3956        ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

17:51:08.0109 3956        ProtectedStorage - ok

17:51:08.0125 3956        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

17:51:08.0328 3956        PSched - ok

17:51:08.0375 3956        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:51:08.0578 3956        Ptilink - ok

17:51:08.0593 3956        ql1080 - ok

17:51:08.0609 3956        Ql10wnt - ok

17:51:08.0625 3956        ql12160 - ok

17:51:08.0656 3956        ql1240 - ok

17:51:08.0671 3956        ql1280 - ok

17:51:08.0718 3956        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:51:08.0890 3956        RasAcd - ok

17:51:08.0937 3956        RasAuto         (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll

17:51:09.0156 3956        RasAuto - ok

17:51:09.0171 3956        Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:51:09.0390 3956        Rasl2tp - ok

17:51:09.0437 3956        RasMan          (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll

17:51:09.0609 3956        RasMan - ok

17:51:09.0640 3956        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:51:09.0859 3956        RasPppoe - ok

17:51:09.0890 3956        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:51:10.0109 3956        Raspti - ok

17:51:10.0156 3956        Rdbss           (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:51:10.0328 3956        Rdbss - ok

17:51:10.0375 3956        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:51:10.0546 3956        RDPCDD - ok

17:51:10.0593 3956        rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:51:10.0796 3956        rdpdr - ok

17:51:10.0875 3956        RDPWD           (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

17:51:11.0062 3956        RDPWD - ok

17:51:11.0109 3956        RDSessMgr       (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe

17:51:11.0328 3956        RDSessMgr - ok

17:51:11.0359 3956        redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:51:11.0531 3956        redbook - ok

17:51:11.0546 3956        RemoteAccess    (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll

17:51:11.0734 3956        RemoteAccess - ok

17:51:11.0765 3956        RemoteRegistry  (ae81cf7d7cfa79cd03e8fb99788a7e09) C:\WINDOWS\system32\regsvc.dll

17:51:11.0968 3956        RemoteRegistry - ok

17:51:12.0000 3956        RpcLocator      (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe

17:51:12.0203 3956        RpcLocator - ok

17:51:12.0265 3956        RpcSs           (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll

17:51:12.0468 3956        RpcSs - ok

17:51:12.0515 3956        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

17:51:12.0750 3956        RSVP - ok

17:51:12.0765 3956        rtl8139         (dbd3887e257c4348e314e0b94c4cf3ff) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

17:51:12.0812 3956        rtl8139 - ok

17:51:12.0843 3956        SamSs           (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe

17:51:13.0015 3956        SamSs - ok

17:51:13.0062 3956        ScanUSBET       (b4e1136482def80976e4aaed17d1d557) C:\WINDOWS\system32\DRIVERS\etScan.sys

17:51:13.0078 3956        ScanUSBET ( UnsignedFile.Multi.Generic ) - warning

17:51:13.0078 3956        ScanUSBET - detected UnsignedFile.Multi.Generic (1)

17:51:13.0109 3956        SCardSvr        (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe

17:51:13.0312 3956        SCardSvr - ok

17:51:13.0375 3956        Schedule        (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll

17:51:13.0562 3956        Schedule - ok

17:51:13.0593 3956        Secdrv          (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:51:13.0671 3956        Secdrv - ok

17:51:13.0734 3956        seclogon        (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll

17:51:13.0906 3956        seclogon - ok

17:51:13.0953 3956        SENS            (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll

17:51:14.0140 3956        SENS - ok

17:51:14.0171 3956        serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:51:14.0343 3956        serenum - ok

17:51:14.0375 3956        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys

17:51:14.0578 3956        Serial - ok

17:51:14.0609 3956        Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:51:14.0796 3956        Sfloppy - ok

17:51:14.0859 3956        SharedAccess    (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll

17:51:15.0078 3956        SharedAccess - ok

17:51:15.0125 3956        ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll

17:51:15.0296 3956        ShellHWDetection - ok

17:51:15.0328 3956        Simbad - ok

17:51:15.0406 3956        SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe

17:51:15.0453 3956        SkypeUpdate - ok

17:51:15.0500 3956        SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:51:15.0671 3956        SLIP - ok

17:51:15.0687 3956        Sparrow - ok

17:51:15.0718 3956        splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

17:51:15.0906 3956        splitter - ok

17:51:15.0953 3956        Spooler         (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe

17:51:16.0140 3956        Spooler - ok

17:51:16.0187 3956        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys

17:51:16.0281 3956        sr - ok

17:51:16.0328 3956        srservice       (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll

17:51:16.0406 3956        srservice - ok

17:51:16.0453 3956        Srv             (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

17:51:16.0656 3956        Srv - ok

17:51:16.0687 3956        SSDPSRV         (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll

17:51:16.0781 3956        SSDPSRV - ok

17:51:16.0828 3956        StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys

17:51:16.0984 3956        StillCam - ok

17:51:17.0062 3956        stisvc          (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll

17:51:17.0265 3956        stisvc - ok

17:51:17.0296 3956        streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:51:17.0468 3956        streamip - ok

17:51:17.0500 3956        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:51:17.0671 3956        swenum - ok

17:51:17.0703 3956        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

17:51:17.0890 3956        swmidi - ok

17:51:17.0890 3956        SwPrv - ok

17:51:17.0921 3956        symc810 - ok

17:51:17.0937 3956        symc8xx - ok

17:51:17.0968 3956        sym_hi - ok

17:51:17.0984 3956        sym_u3 - ok

17:51:18.0031 3956        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

17:51:18.0218 3956        sysaudio - ok

17:51:18.0265 3956        SysmonLog       (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe

17:51:18.0453 3956        SysmonLog - ok

17:51:18.0484 3956        TapiSrv         (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll

17:51:18.0671 3956        TapiSrv - ok

17:51:18.0734 3956        Tcpip           (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:51:18.0968 3956        Tcpip - ok

17:51:19.0015 3956        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:51:19.0203 3956        TDPIPE - ok

17:51:19.0234 3956        TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

17:51:19.0375 3956        TDTCP - ok

17:51:19.0421 3956        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:51:19.0625 3956        TermDD - ok

17:51:19.0671 3956        TermService     (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll

17:51:19.0828 3956        TermService - ok

17:51:19.0875 3956        Themes          (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll

17:51:20.0156 3956        Themes - ok

17:51:20.0234 3956        TlntSvr         (58708746b8267033e5cf2b29659e7f74) C:\WINDOWS\system32\tlntsvr.exe

17:51:20.0312 3956        TlntSvr - ok

17:51:20.0328 3956        TosIde - ok

17:51:20.0375 3956        TrkWks          (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll

17:51:20.0531 3956        TrkWks - ok

17:51:20.0578 3956        uagp35          (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys

17:51:20.0750 3956        uagp35 - ok

17:51:20.0796 3956        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

17:51:20.0968 3956        Udfs - ok

17:51:20.0984 3956        ultra - ok

17:51:21.0031 3956        Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

17:51:21.0234 3956        Update - ok

17:51:21.0281 3956        upnphost        (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll

17:51:21.0375 3956        upnphost - ok

17:51:21.0406 3956        UPS             (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe

17:51:21.0578 3956        UPS - ok

17:51:21.0609 3956        usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:51:21.0812 3956        usbccgp - ok

17:51:21.0843 3956        usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:51:22.0015 3956        usbehci - ok

17:51:22.0062 3956        usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:51:22.0234 3956        usbhub - ok

17:51:22.0265 3956        usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:51:22.0468 3956        usbprint - ok

17:51:22.0500 3956        usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:51:22.0687 3956        usbscan - ok

17:51:22.0718 3956        USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:51:22.0890 3956        USBSTOR - ok

17:51:22.0937 3956        usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:51:23.0109 3956        usbuhci - ok

17:51:23.0156 3956        VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

17:51:23.0328 3956        VgaSave - ok

17:51:23.0375 3956        viaagp1         (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

17:51:23.0406 3956        viaagp1 - ok

17:51:23.0453 3956        viagfx          (384cf3deed181bfa2af291fe983ca5ba) C:\WINDOWS\system32\DRIVERS\vtmini.sys

17:51:23.0500 3956        viagfx - ok

17:51:23.0531 3956        ViaIde          (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

17:51:23.0687 3956        ViaIde - ok

17:51:23.0750 3956        VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys

17:51:23.0937 3956        VolSnap - ok

17:51:24.0015 3956        VSS             (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe

17:51:24.0140 3956        VSS - ok

17:51:24.0187 3956        W32Time         (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll

17:51:24.0359 3956        W32Time - ok

17:51:24.0390 3956        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:51:24.0562 3956        Wanarp - ok

17:51:24.0578 3956        WDICA - ok

17:51:24.0609 3956        wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

17:51:24.0781 3956        wdmaud - ok

17:51:24.0812 3956        WebClient       (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll

17:51:24.0984 3956        WebClient - ok

17:51:25.0046 3956        winmgmt         (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:51:25.0234 3956        winmgmt - ok

17:51:25.0312 3956        WmdmPmSN        (d68cc4ebf7b03fd770d5962295ad814e) C:\WINDOWS\system32\mspmsnsv.dll

17:51:25.0515 3956        WmdmPmSN - ok

17:51:25.0578 3956        Wmi             (9cbb06e4438d6a0d52a46e0b44796d37) C:\WINDOWS\System32\advapi32.dll

17:51:25.0781 3956        Wmi - ok

17:51:25.0843 3956        WmiApSrv        (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:51:26.0031 3956        WmiApSrv - ok

17:51:26.0093 3956        wscsvc          (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll

17:51:26.0265 3956        wscsvc - ok

17:51:26.0312 3956        WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:51:26.0468 3956        WSTCODEC - ok

17:51:26.0515 3956        wuauserv        (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll

17:51:26.0656 3956        wuauserv - ok

17:51:26.0703 3956        WZCSVC          (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll

17:51:26.0921 3956        WZCSVC - ok

17:51:26.0968 3956        xmlprov         (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll

17:51:27.0156 3956        xmlprov - ok

17:51:27.0218 3956        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

17:51:27.0734 3956        \Device\Harddisk0\DR0 - ok

17:51:27.0765 3956        Boot (0x1200)   (da67bdfc4c8cb361279e6229305fa7ac) \Device\Harddisk0\DR0\Partition0

17:51:27.0765 3956        \Device\Harddisk0\DR0\Partition0 - ok

17:51:27.0796 3956        Boot (0x1200)   (2d16bc25e517141976a1854b1e5fe497) \Device\Harddisk0\DR0\Partition1

17:51:27.0796 3956        \Device\Harddisk0\DR0\Partition1 - ok

17:51:27.0812 3956        ============================================================

17:51:27.0812 3956        Scan finished

17:51:27.0812 3956        ============================================================

17:51:27.0968 3996        Detected object count: 5

17:51:27.0968 3996        Actual detected object count: 5

17:52:39.0343 3996        DCamUSBET ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:39.0343 3996        DCamUSBET ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:52:39.0343 3996        FA_Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:39.0343 3996        FA_Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:52:39.0343 3996        FiltUSBET ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:39.0343 3996        FiltUSBET ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:52:39.0359 3996        MDM ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:39.0359 3996        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:52:39.0359 3996        ScanUSBET ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:39.0359 3996        ScanUSBET ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:55:30.0250 0268        Deinitialize success

Der ESET Online Scanner hatte ja auch bereits einige Threats gefunden. Wann und mit welchem Tool sollen diese denn entfernt bzw. in Quarantäne geschoben werden?

Gruß, Andy