Trojaner-Board - Data Recovery Virus lässt sich nicht entfernen

Hallo,

da der Data Recovery Virus gestern den Laptop meiner Frau erwischt hat, bin ich auf der Suche nach Hilfe und Lösungen auf dieses Forum gestoßen. Nach ausgiebiger Lektüre hier und auf anderen Seiten im Netz, habe ich mich an die Lösung des Problems gewagt. Leider ohne Erfolg :headbang:

Ich bin gestern knapp 8 Stunden jeden Lösungvorschlag durch, die Anleitung von euch hier: http://www.trojaner-board.de/103458-...entfernen.html

und eine weitere im Netz (von malwaretips.com), die die Installation der Tools im abgesicherten Modus empfiehlt. Leider habe ich immer wieder nach dem Neustart den Virus an den Hacken.

Ich bin wie gesagt schon alles mehrmals durch und komme nicht mehr weiter. Ich hoffe ihr könnt mir bei meinem Problem helfen.

rkill lässt sich nun nicht mehr dazu bewegen die Prozeße zu killen, es kommen leider immer Fehlermeldungen das Zugriffe verweigert wurden. Mein derzeitiger weg ist mit OTH und Malwarebytes Anti-Malware im Nichtabgesicherten Modus.

Der Laptop läuft mit Windows XP und SP3.

Sobald der Scan des PC fertig ist stell ich die Logfiles rein - es läuft gerade Anti-Malware (ich schreibe gerade am anderen Rechner)

Danke schonmal

So, der Sca ist durchn, zur info noch, ich hatte das Anti-Malware Programm in mybambam.exe umbenannt.

Hier das OTL.Txt:

OTL Logfile:

Code:

OTL logfile created on: 16.07.2012 12:29:59 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Cathi\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1015,17 Mb Total Physical Memory | 740,15 Mb Available Physical Memory | 72,91% Memory free

2,39 Gb Paging File | 2,27 Gb Available in Paging File | 95,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 72,06 Gb Total Space | 2,51 Gb Free Space | 3,49% Space Free | Partition Type: NTFS

Drive D: | 72,05 Gb Total Space | 6,06 Gb Free Space | 8,42% Space Free | Partition Type: NTFS

 

Computer Name: BUTTERFLY | User Name: Cathi | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Cathi\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (NeroMediaHomeService.4) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (Changer) --  File not found

DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found

DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found

DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found

DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found

DRV - (btaudio) -- system32\drivers\btaudio.sys File not found

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)

DRV - (UDXTTM6000) -- C:\WINDOWS\system32\drivers\UDXTTM6000.sys ()

DRV - (UDXTTM6000HID) -- C:\WINDOWS\system32\drivers\UDXTTM6000HID.sys (DTV-DVB)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\..\SearchScopes,DefaultScope = {7143CF09-A95B-4B94-A6F7-483E3F17DB83}

IE - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\..\SearchScopes\{7143CF09-A95B-4B94-A6F7-483E3F17DB83}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.1.2

FF - prefs.js..network.proxy.type: 4

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.16 20:32:40 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.30 11:41:19 | 000,000,000 | -H-D | M]

 

[2009.07.18 20:22:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Cathi\Anwendungsdaten\Mozilla\Extensions

[2012.07.03 15:30:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Cathi\Anwendungsdaten\Mozilla\Firefox\Profiles\wdiyi828.default\extensions

[2011.05.07 17:11:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.06.16 20:32:40 | 000,085,472 | -H-- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.06.16 20:32:34 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.16 20:32:34 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.06.16 20:32:34 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.16 20:32:34 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.16 20:32:34 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.16 20:32:34 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.03.12 23:31:12 | 000,380,722 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 13114 more lines...

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\MalwarebytesAnti-Malware2\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Nero MediaHome 4] C:\Programme\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006..\Run: [CEZlgshyH0MUPe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CEZlgshyH0MUPe.exe (WMF)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\BAMBAM\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Vertrauenswürdige Sites)

O15 - HKU\S-1-5-21-3586614867-2066942678-3361961634-1006\..Trusted Domains: windowsupdate.com ([]https in Vertrauenswürdige Sites)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.10 212.18.0.5 212.18.3.5

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F375BCB-7BFD-40AE-8583-A3F71EBED278}: DhcpNameServer = 10.0.1.10 212.18.0.5 212.18.3.5

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Cathi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Cathi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.05.13 21:41:50 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{42b6175d-4005-11de-bdd2-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{42b6175d-4005-11de-bdd2-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{42b6175d-4005-11de-bdd2-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.16 12:22:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cathi\Desktop\OTL.exe

[2012.07.16 11:16:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BAMBAM

[2012.07.16 11:16:22 | 000,000,000 | ---D | C] -- C:\Programme\BAMBAM

[2012.07.16 11:13:07 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Cathi\Desktop\mybambam.exe

[2012.07.16 10:15:26 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Cathi\Recent

[2012.07.16 02:23:42 | 002,135,640 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Cathi\Desktop\schwupp.exe

[2012.07.16 01:00:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MalwarebytAnti-Malware2

[2012.07.16 01:00:20 | 000,000,000 | -H-D | C] -- C:\Programme\MalwarebytesAnti-Malware2

[2012.07.16 00:59:28 | 010,652,120 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Cathi\Desktop\CASAMBAM-setup-1.62.0.1300.exe

[2012.07.15 21:47:44 | 002,135,640 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Cathi\Desktop\tdsskiller.exe

[2012.07.15 21:44:54 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cathi\Desktop\OTH.scr

[2012.07.15 21:11:18 | 002,135,640 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Cathi\Desktop\zigzagtss.exe

[2012.07.15 21:03:32 | 007,718,272 | -H-- | C] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\Cathi\Desktop\HitmanPro36.exe

[2012.07.15 21:01:24 | 010,652,120 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Cathi\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.15 19:40:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Cathi\Anwendungsdaten\Malwarebytes

[2012.07.15 18:34:02 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.07.15 18:34:00 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.07.15 18:33:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.07.15 18:33:59 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.07.15 17:40:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Cathi\Eigene Dateien\Eigene Videos

[2012.07.15 17:34:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Cathi\Startmenü\Programme\File Recovery

[2012.07.15 17:33:47 | 000,249,856 | -H-- | C] (WMF) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CEZlgshyH0MUPe.exe

[2012.06.28 23:36:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Cathi\Eigene Dateien\SHARE

[2012.06.28 23:35:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Cathi\Anwendungsdaten\Nero

[2012.06.28 23:34:57 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Cathi\Lokale Einstellungen\Anwendungsdaten\Nero

[2012.06.28 23:32:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nero

[2012.06.28 23:32:30 | 000,000,000 | -H-D | C] -- C:\Programme\Nero

[2012.06.28 23:32:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero

[2012.06.28 23:32:13 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Nero

[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.16 12:22:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cathi\Desktop\OTL.exe

[2012.07.16 12:02:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.07.16 12:01:54 | 014,942,208 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\NTUSER.DAT

[2012.07.16 12:01:54 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Cathi\ntuser.ini

[2012.07.16 11:16:24 | 000,000,614 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.16 11:13:07 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Cathi\Desktop\mybambam.exe

[2012.07.16 10:55:48 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cathi\Desktop\OTH.scr

[2012.07.16 10:18:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2012.07.16 10:17:59 | 001,077,264 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2012.07.16 10:07:02 | 001,012,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\mytask.exe

[2012.07.16 02:44:17 | 000,000,567 | -H-- | M] () -- C:\WINDOWS\win.ini

[2012.07.16 02:35:32 | 000,744,853 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\PAVARK.exe

[2012.07.16 02:34:54 | 000,311,591 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\antirootkit.zip

[2012.07.16 02:23:43 | 002,135,640 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Cathi\Desktop\schwupp.exe

[2012.07.16 02:11:03 | 001,012,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\iExemu.exe

[2012.07.16 00:59:33 | 010,652,120 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Cathi\Desktop\CASAMBAM-setup-1.62.0.1300.exe

[2012.07.16 00:47:57 | 000,000,111 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\Remove SMART HDD,Data Recovery ,S.M.A.R.T Repair and Check virus (2).url

[2012.07.16 00:45:00 | 001,012,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\myIExplo.exe

[2012.07.16 00:37:30 | 000,000,111 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\Remove SMART HDD,Data Recovery ,S.M.A.R.T Repair and Check virus.url

[2012.07.15 21:47:46 | 002,135,640 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Cathi\Desktop\tdsskiller.exe

[2012.07.15 21:11:19 | 002,135,640 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Cathi\Desktop\zigzagtss.exe

[2012.07.15 21:03:36 | 007,718,272 | -H-- | M] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\Cathi\Desktop\HitmanPro36.exe

[2012.07.15 21:01:40 | 010,652,120 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Cathi\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.15 18:33:34 | 000,001,324 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.07.15 17:37:09 | 000,000,112 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CEZlgshyH0MUPe

[2012.07.15 17:34:24 | 000,000,072 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-CEZlgshyH0MUPer

[2012.07.15 17:34:24 | 000,000,072 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-CEZlgshyH0MUPe

[2012.07.15 17:34:23 | 000,000,847 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\File_Recovery.lnk

[2012.07.15 17:33:47 | 000,249,856 | -H-- | M] (WMF) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CEZlgshyH0MUPe.exe

[2012.07.13 10:34:04 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.07.11 23:34:57 | 000,196,960 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.07.11 23:11:05 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK

[2012.07.08 20:45:39 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.07.06 10:19:44 | 000,000,810 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pixum Fotobuch.lnk

[2012.07.06 10:19:44 | 000,000,785 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Fotoschau.lnk

[2012.07.06 10:02:37 | 001,564,048 | -H-- | M] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\setup_Pixum_Fotobuch.exe

[2012.07.04 22:34:39 | 000,426,184 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.07.04 22:34:39 | 000,070,344 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.06.28 23:32:50 | 000,002,004 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero MediaHome 4.lnk

[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.16 10:07:02 | 001,012,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\mytask.exe

[2012.07.16 02:35:20 | 000,744,853 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\PAVARK.exe

[2012.07.16 02:34:54 | 000,311,591 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\antirootkit.zip

[2012.07.16 02:11:01 | 001,012,656 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\iExemu.exe

[2012.07.16 00:47:57 | 000,000,111 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\Remove SMART HDD,Data Recovery ,S.M.A.R.T Repair and Check virus (2).url

[2012.07.16 00:44:56 | 001,012,656 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\myIExplo.exe

[2012.07.16 00:37:30 | 000,000,111 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\Remove SMART HDD,Data Recovery ,S.M.A.R.T Repair and Check virus.url

[2012.07.15 21:02:11 | 000,000,614 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.15 17:34:23 | 000,000,072 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-CEZlgshyH0MUPer

[2012.07.15 17:34:23 | 000,000,072 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-CEZlgshyH0MUPe

[2012.07.15 17:34:22 | 000,000,847 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\File_Recovery.lnk

[2012.07.15 17:33:57 | 000,000,112 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CEZlgshyH0MUPe

[2012.07.06 10:01:31 | 001,564,048 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Desktop\setup_Pixum_Fotobuch.exe

[2012.06.28 23:32:50 | 000,002,004 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero MediaHome 4.lnk

[2012.02.15 09:05:27 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.10.13 09:14:31 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011.02.11 18:36:46 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.08.10 18:56:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009.08.02 19:12:05 | 000,020,992 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.07.20 09:58:13 | 000,000,032 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat

[2009.07.19 01:45:29 | 001,077,264 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2009.07.19 01:45:29 | 000,041,648 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

[2009.07.19 01:45:29 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Cathi\ntuser.ini

[2009.07.19 01:45:29 | 000,000,141 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2009.07.19 01:45:28 | 014,942,208 | -H-- | C] () -- C:\Dokumente und Einstellungen\Cathi\NTUSER.DAT

[2009.07.19 01:44:45 | 000,262,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT

 
 ========== LOP Check ==========

 

[2009.10.24 08:53:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF

[2012.07.06 10:20:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp

[2009.05.13 22:29:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wireless LAN Card

[2012.03.29 10:33:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.05.20 20:04:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Cathi\Anwendungsdaten\Fit3DLive

[2009.10.18 10:57:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Cathi\Anwendungsdaten\OpenOffice.org

[2010.01.20 00:16:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Cathi\Anwendungsdaten\Opera

[2012.01.22 14:43:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Cathi\Anwendungsdaten\TeamViewer

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 20 bytes -> C:\Dokumente und Einstellungen\Cathi\Desktop\PAVARK.exe:License
 

< End of report >

--- --- ---

[/code]

Und das Extras.Txt:

OTL Logfile:

Code:

OTL Extras logfile created on: 16.07.2012 12:29:59 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Cathi\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1015,17 Mb Total Physical Memory | 740,15 Mb Available Physical Memory | 72,91% Memory free

2,39 Gb Paging File | 2,27 Gb Available in Paging File | 95,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 72,06 Gb Total Space | 2,51 Gb Free Space | 3,49% Space Free | Partition Type: NTFS

Drive D: | 72,05 Gb Total Space | 6,06 Gb Free Space | 8,42% Space Free | Partition Type: NTFS

 

Computer Name: BUTTERFLY | User Name: Cathi | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-3586614867-2066942678-3361961634-1006\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

htmlfile [print] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Fotoschau] -- "C:\Programme\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()

Directory [Pixum Fotobuch] -- "C:\Programme\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"ANTIVIRUSDISABLENOTIFY" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe" = C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Enabled:Nero MediaHome 4 -- (Nero AG)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie

"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC

"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger

"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch

"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{ca3a995f-0389-4ef1-87b4-2ead5c351aec}" = Nero MediaHome 4 Essentials

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Eee Docking_is1" = Eee Docking 1.3.1.0

"FreePDF_XP" = FreePDF (Remove only)

"GPL Ghostscript 8.70" = GPL Ghostscript 8.70

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Opera 11.64.1403" = Opera 11.64

"Pixum Fotobuch" = Pixum Fotobuch

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"VLC media player" = VLC media player 1.0.1

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 12.04.2012 11:06:21 | Computer Name = BUTTERFLY | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung skype.exe, Version 5.5.0.124, fehlgeschlagenes

 Modul skype.exe, Version 5.5.0.124, Fehleradresse 0x00130042.

 

Error - 13.04.2012 06:28:58 | Computer Name = BUTTERFLY | Source = ESENT | ID = 490

Description = svchost (1064) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\edb.log"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

Error - 03.05.2012 15:40:16 | Computer Name = BUTTERFLY | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 03.05.2012 15:40:19 | Computer Name = BUTTERFLY | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 19.05.2012 06:24:27 | Computer Name = BUTTERFLY | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

Error - 27.05.2012 05:51:09 | Computer Name = BUTTERFLY | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes

 Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e.

 

Error - 27.05.2012 06:38:11 | Computer Name = BUTTERFLY | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung avguard.exe, Version 12.3.0.15, fehlgeschlagenes

 Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00011689.

 

Error - 29.06.2012 13:21:20 | Computer Name = BUTTERFLY | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.

 

Error - 02.07.2012 11:21:05 | Computer Name = BUTTERFLY | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.

 

Error - 04.07.2012 06:21:06 | Computer Name = BUTTERFLY | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.

 

[ System Events ]

Error - 16.07.2012 04:49:52 | Computer Name = BUTTERFLY | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 0022439D91F1 zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 16.07.2012 04:50:22 | Computer Name = BUTTERFLY | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 0022439D91F1 zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 16.07.2012 05:12:37 | Computer Name = BUTTERFLY | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.07.2012 06:00:15 | Computer Name = BUTTERFLY | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.07.2012 06:00:27 | Computer Name = BUTTERFLY | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.07.2012 06:01:22 | Computer Name = BUTTERFLY | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.07.2012 06:01:29 | Computer Name = BUTTERFLY | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.07.2012 06:01:53 | Computer Name = BUTTERFLY | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 16.07.2012 06:02:58 | Computer Name = BUTTERFLY | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 16.07.2012 06:04:13 | Computer Name = BUTTERFLY | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   atapi  Fips  intelppm  PCIIde

 

 

< End of report >

--- --- ---

[/code]

Hier noch das Log von MBAM:

Code:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org
 

Database version: v2012.07.16.06
 

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 7.0.5730.13

Cathi :: BUTTERFLY [administrator]
 

Protection: Disabled
 

16.07.2012 11:22:05

mbam-log-2012-07-16 (11-22-05).txt
 

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 314651

Time elapsed: 34 minute(s), 5 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vYniAswDRjgvi.exe (Trojan.FakeAV) -> Data: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vYniAswDRjgvi.exe -> Quarantined and deleted successfully.
 

Registry Data Items Detected: 6

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 1

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vYniAswDRjgvi.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
 

(end)

Hoffentlich könnt ihr mir weiterhelfen

Grüße

Das Problem hat sich glaube ich erledigt. Nach mehreren Scans, final nochmal mit HitManPro hat sich das Rootkit entfernen lassen. Jetzt geht wieder alles, und die Scanner zeigen keine Fehlerhaften Dateien mehr an.

Trotzdem könntet ihr eventuell ein Blick darauf werfen, ob es nun passt oder ob noch irgendwo was schlummert.

Hallo,

hier das Logfile:

Code:

16:36:22.0484 1472        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35

16:36:24.0484 1472        ============================================================

16:36:24.0484 1472        Current date / time: 2012/07/16 16:36:24.0484

16:36:24.0484 1472        SystemInfo:

16:36:24.0484 1472        

16:36:24.0484 1472        OS Version: 5.1.2600 ServicePack: 3.0

16:36:24.0484 1472        Product type: Workstation

16:36:24.0484 1472        ComputerName: BUTTERFLY

16:36:24.0484 1472        UserName: Cathi

16:36:24.0484 1472        Windows directory: C:\WINDOWS

16:36:24.0484 1472        System windows directory: C:\WINDOWS

16:36:24.0484 1472        Processor architecture: Intel x86

16:36:24.0484 1472        Number of processors: 2

16:36:24.0484 1472        Page size: 0x1000

16:36:24.0484 1472        Boot type: Safe boot with network

16:36:24.0484 1472        ============================================================

16:36:25.0765 1472        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:36:25.0765 1472        ============================================================

16:36:25.0765 1472        \Device\Harddisk0\DR0:

16:36:25.0781 1472        MBR partitions:

16:36:25.0781 1472        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0

16:36:25.0781 1472        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E

16:36:25.0781 1472        ============================================================

16:36:25.0812 1472        C: <-> \Device\Harddisk0\DR0\Partition0

16:36:25.0843 1472        D: <-> \Device\Harddisk0\DR0\Partition1

16:36:25.0875 1472        ============================================================

16:36:25.0875 1472        Initialize success

16:36:25.0875 1472        ============================================================

16:36:27.0796 1568        ============================================================

16:36:27.0796 1568        Scan started

16:36:27.0796 1568        Mode: Manual; 

16:36:27.0796 1568        ============================================================

16:36:28.0203 1568        Abiosdsk - ok

16:36:28.0234 1568        abp480n5 - ok

16:36:28.0343 1568        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:36:28.0359 1568        ACPI - ok

16:36:28.0390 1568        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:36:28.0390 1568        ACPIEC - ok

16:36:28.0406 1568        adpu160m - ok

16:36:28.0484 1568        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:36:28.0500 1568        aec - ok

16:36:28.0562 1568        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:36:28.0562 1568        AFD - ok

16:36:28.0578 1568        Aha154x - ok

16:36:28.0609 1568        aic78u2 - ok

16:36:28.0640 1568        aic78xx - ok

16:36:28.0687 1568        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

16:36:28.0703 1568        Alerter - ok

16:36:28.0734 1568        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

16:36:28.0750 1568        ALG - ok

16:36:28.0765 1568        AliIde - ok

16:36:28.0984 1568        Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

16:36:29.0046 1568        Ambfilt - ok

16:36:29.0125 1568        amsint - ok

16:36:29.0218 1568        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:36:29.0218 1568        Apple Mobile Device - ok

16:36:29.0265 1568        AppMgmt - ok

16:36:29.0421 1568        AR5416          (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys

16:36:29.0468 1568        AR5416 - ok

16:36:29.0578 1568        asc - ok

16:36:29.0609 1568        asc3350p - ok

16:36:29.0640 1568        asc3550 - ok

16:36:29.0796 1568        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

16:36:29.0828 1568        aspnet_state - ok

16:36:29.0875 1568        AsusACPI        (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

16:36:29.0875 1568        AsusACPI - ok

16:36:29.0906 1568        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:36:29.0906 1568        AsyncMac - ok

16:36:29.0953 1568        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:36:29.0953 1568        atapi - ok

16:36:29.0968 1568        Atdisk - ok

16:36:30.0015 1568        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:36:30.0015 1568        Atmarpc - ok

16:36:30.0078 1568        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

16:36:30.0078 1568        AudioSrv - ok

16:36:30.0125 1568        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:36:30.0125 1568        audstub - ok

16:36:30.0171 1568        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:36:30.0171 1568        Beep - ok

16:36:30.0250 1568        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

16:36:30.0328 1568        BITS - ok

16:36:30.0453 1568        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe

16:36:30.0468 1568        Bonjour Service - ok

16:36:30.0515 1568        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

16:36:30.0515 1568        Browser - ok

16:36:30.0531 1568        btaudio - ok

16:36:30.0578 1568        BTDriver - ok

16:36:30.0593 1568        BTWDNDIS - ok

16:36:30.0625 1568        btwhid - ok

16:36:30.0656 1568        BTWUSB - ok

16:36:30.0703 1568        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:36:30.0703 1568        cbidf2k - ok

16:36:30.0750 1568        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

16:36:30.0750 1568        CCDECODE - ok

16:36:30.0765 1568        cd20xrnt - ok

16:36:30.0812 1568        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:36:30.0812 1568        Cdaudio - ok

16:36:30.0859 1568        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:36:30.0859 1568        Cdfs - ok

16:36:30.0875 1568        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:36:30.0875 1568        Cdrom - ok

16:36:30.0906 1568        Changer - ok

16:36:30.0937 1568        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

16:36:30.0953 1568        CiSvc - ok

16:36:30.0984 1568        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

16:36:30.0984 1568        ClipSrv - ok

16:36:31.0093 1568        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:36:31.0109 1568        clr_optimization_v2.0.50727_32 - ok

16:36:31.0156 1568        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:36:31.0156 1568        CmBatt - ok

16:36:31.0171 1568        CmdIde - ok

16:36:31.0218 1568        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:36:31.0218 1568        Compbatt - ok

16:36:31.0234 1568        COMSysApp - ok

16:36:31.0296 1568        Cpqarray - ok

16:36:31.0343 1568        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

16:36:31.0343 1568        CryptSvc - ok

16:36:31.0375 1568        dac2w2k - ok

16:36:31.0406 1568        dac960nt - ok

16:36:31.0484 1568        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

16:36:31.0500 1568        DcomLaunch - ok

16:36:31.0546 1568        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

16:36:31.0562 1568        Dhcp - ok

16:36:31.0593 1568        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:36:31.0593 1568        Disk - ok

16:36:31.0625 1568        dmadmin - ok

16:36:31.0734 1568        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

16:36:31.0750 1568        dmboot - ok

16:36:31.0796 1568        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

16:36:31.0796 1568        dmio - ok

16:36:31.0828 1568        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:36:31.0828 1568        dmload - ok

16:36:31.0859 1568        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

16:36:31.0875 1568        dmserver - ok

16:36:31.0921 1568        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:36:31.0921 1568        DMusic - ok

16:36:31.0984 1568        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

16:36:31.0984 1568        Dnscache - ok

16:36:32.0031 1568        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

16:36:32.0031 1568        Dot3svc - ok

16:36:32.0046 1568        dpti2o - ok

16:36:32.0093 1568        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:36:32.0093 1568        drmkaud - ok

16:36:32.0140 1568        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

16:36:32.0140 1568        EapHost - ok

16:36:32.0171 1568        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

16:36:32.0171 1568        ERSvc - ok

16:36:32.0218 1568        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

16:36:32.0218 1568        Eventlog - ok

16:36:32.0281 1568        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

16:36:32.0281 1568        EventSystem - ok

16:36:32.0328 1568        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:36:32.0328 1568        Fastfat - ok

16:36:32.0390 1568        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

16:36:32.0406 1568        FastUserSwitchingCompatibility - ok

16:36:32.0421 1568        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

16:36:32.0421 1568        Fdc - ok

16:36:32.0468 1568        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

16:36:32.0468 1568        Fips - ok

16:36:32.0500 1568        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

16:36:32.0500 1568        Flpydisk - ok

16:36:32.0546 1568        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

16:36:32.0562 1568        FltMgr - ok

16:36:32.0671 1568        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

16:36:32.0671 1568        FontCache3.0.0.0 - ok

16:36:32.0703 1568        fssfltr         (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

16:36:32.0703 1568        fssfltr - ok

16:36:32.0828 1568        fsssvc          (9b1622ebeb31b3411b13382ffcb8737d) C:\Programme\Windows Live\Family Safety\fsssvc.exe

16:36:32.0875 1568        fsssvc - ok

16:36:32.0906 1568        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:36:32.0906 1568        Fs_Rec - ok

16:36:32.0953 1568        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:36:32.0968 1568        Ftdisk - ok

16:36:33.0000 1568        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:36:33.0000 1568        GEARAspiWDM - ok

16:36:33.0031 1568        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:36:33.0046 1568        Gpc - ok

16:36:33.0078 1568        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:36:33.0093 1568        HDAudBus - ok

16:36:33.0125 1568        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:36:33.0125 1568        helpsvc - ok

16:36:33.0156 1568        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

16:36:33.0156 1568        HidServ - ok

16:36:33.0203 1568        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:36:33.0203 1568        HidUsb - ok

16:36:33.0281 1568        hitmanpro36     (47eece68857817f39c8c6f33a7e5e76c) C:\WINDOWS\system32\drivers\hitmanpro36.sys

16:36:33.0296 1568        hitmanpro36 - ok

16:36:33.0343 1568        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

16:36:33.0359 1568        hkmsvc - ok

16:36:33.0375 1568        hpn - ok

16:36:33.0421 1568        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:36:33.0437 1568        HTTP - ok

16:36:33.0468 1568        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

16:36:33.0468 1568        HTTPFilter - ok

16:36:33.0500 1568        i2omgmt - ok

16:36:33.0515 1568        i2omp - ok

16:36:33.0562 1568        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:36:33.0578 1568        i8042prt - ok

16:36:34.0000 1568        ialm            (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

16:36:34.0187 1568        ialm - ok

16:36:34.0328 1568        iaStor          (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys

16:36:34.0328 1568        iaStor - ok

16:36:34.0500 1568        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:36:34.0531 1568        idsvc - ok

16:36:34.0562 1568        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:36:34.0562 1568        Imapi - ok

16:36:34.0593 1568        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

16:36:34.0609 1568        ImapiService - ok

16:36:34.0625 1568        ini910u - ok

16:36:35.0031 1568        IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys

16:36:35.0187 1568        IntcAzAudAddService - ok

16:36:35.0281 1568        IntelIde - ok

16:36:35.0312 1568        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:36:35.0312 1568        intelppm - ok

16:36:35.0343 1568        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

16:36:35.0359 1568        Ip6Fw - ok

16:36:35.0390 1568        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:36:35.0390 1568        IpFilterDriver - ok

16:36:35.0406 1568        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:36:35.0406 1568        IpInIp - ok

16:36:35.0453 1568        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:36:35.0453 1568        IpNat - ok

16:36:35.0562 1568        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Programme\iPod\bin\iPodService.exe

16:36:35.0578 1568        iPod Service - ok

16:36:35.0609 1568        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:36:35.0609 1568        IPSec - ok

16:36:35.0656 1568        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:36:35.0656 1568        IRENUM - ok

16:36:35.0703 1568        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:36:35.0703 1568        isapnp - ok

16:36:35.0734 1568        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:36:35.0734 1568        Kbdclass - ok

16:36:35.0781 1568        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:36:35.0781 1568        kbdhid - ok

16:36:35.0812 1568        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:36:35.0828 1568        kmixer - ok

16:36:35.0859 1568        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:36:35.0859 1568        KSecDD - ok

16:36:35.0906 1568        L1c             (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

16:36:35.0906 1568        L1c - ok

16:36:35.0953 1568        LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

16:36:35.0953 1568        LanmanServer - ok

16:36:36.0000 1568        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

16:36:36.0000 1568        lanmanworkstation - ok

16:36:36.0015 1568        lbrtfdc - ok

16:36:36.0078 1568        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

16:36:36.0078 1568        LmHosts - ok

16:36:36.0125 1568        MBAMProtector   (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys

16:36:36.0125 1568        MBAMProtector - ok

16:36:36.0265 1568        MBAMService     (43683e970f008c93c9429ef428147a54) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

16:36:36.0281 1568        MBAMService - ok

16:36:36.0328 1568        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

16:36:36.0328 1568        Messenger - ok

16:36:36.0343 1568        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:36:36.0343 1568        mnmdd - ok

16:36:36.0406 1568        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

16:36:36.0421 1568        mnmsrvc - ok

16:36:36.0453 1568        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

16:36:36.0453 1568        Modem - ok

16:36:36.0578 1568        Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

16:36:36.0609 1568        Monfilt - ok

16:36:36.0656 1568        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:36:36.0656 1568        Mouclass - ok

16:36:36.0687 1568        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:36:36.0687 1568        mouhid - ok

16:36:36.0718 1568        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:36:36.0734 1568        MountMgr - ok

16:36:36.0812 1568        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

16:36:36.0812 1568        MozillaMaintenance - ok

16:36:36.0859 1568        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

16:36:36.0859 1568        MPE - ok

16:36:36.0875 1568        mraid35x - ok

16:36:36.0906 1568        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:36:36.0906 1568        MRxDAV - ok

16:36:36.0968 1568        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:36:36.0984 1568        MRxSmb - ok

16:36:37.0031 1568        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

16:36:37.0031 1568        MSDTC - ok

16:36:37.0062 1568        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:36:37.0062 1568        Msfs - ok

16:36:37.0093 1568        MSIServer - ok

16:36:37.0125 1568        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:36:37.0125 1568        MSKSSRV - ok

16:36:37.0140 1568        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:36:37.0156 1568        MSPCLOCK - ok

16:36:37.0171 1568        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:36:37.0171 1568        MSPQM - ok

16:36:37.0218 1568        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:36:37.0218 1568        mssmbios - ok

16:36:37.0234 1568        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

16:36:37.0234 1568        MSTEE - ok

16:36:37.0296 1568        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:36:37.0296 1568        Mup - ok

16:36:37.0328 1568        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

16:36:37.0328 1568        NABTSFEC - ok

16:36:37.0375 1568        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

16:36:37.0390 1568        napagent - ok

16:36:37.0421 1568        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:36:37.0437 1568        NDIS - ok

16:36:37.0468 1568        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

16:36:37.0468 1568        NdisIP - ok

16:36:37.0500 1568        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:36:37.0500 1568        NdisTapi - ok

16:36:37.0531 1568        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:36:37.0531 1568        Ndisuio - ok

16:36:37.0562 1568        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:36:37.0562 1568        NdisWan - ok

16:36:37.0593 1568        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:36:37.0593 1568        NDProxy - ok

16:36:37.0687 1568        NeroMediaHomeService.4 (d660376bd52df3d33390acae9fa1a54c) C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe

16:36:37.0703 1568        NeroMediaHomeService.4 - ok

16:36:37.0734 1568        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:36:37.0734 1568        NetBIOS - ok

16:36:37.0781 1568        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:36:37.0781 1568        NetBT - ok

16:36:37.0828 1568        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

16:36:37.0828 1568        NetDDE - ok

16:36:37.0843 1568        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

16:36:37.0843 1568        NetDDEdsdm - ok

16:36:37.0875 1568        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:36:37.0875 1568        Netlogon - ok

16:36:37.0921 1568        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

16:36:37.0921 1568        Netman - ok

16:36:38.0031 1568        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:36:38.0046 1568        NetTcpPortSharing - ok

16:36:38.0093 1568        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

16:36:38.0093 1568        Nla - ok

16:36:38.0140 1568        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:36:38.0140 1568        Npfs - ok

16:36:38.0203 1568        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:36:38.0218 1568        Ntfs - ok

16:36:38.0234 1568        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:36:38.0234 1568        NtLmSsp - ok

16:36:38.0296 1568        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

16:36:38.0312 1568        NtmsSvc - ok

16:36:38.0359 1568        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:36:38.0359 1568        Null - ok

16:36:38.0406 1568        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:36:38.0406 1568        NwlnkFlt - ok

16:36:38.0421 1568        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:36:38.0421 1568        NwlnkFwd - ok

16:36:38.0453 1568        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

16:36:38.0468 1568        Parport - ok

16:36:38.0484 1568        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:36:38.0484 1568        PartMgr - ok

16:36:38.0515 1568        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

16:36:38.0515 1568        ParVdm - ok

16:36:38.0546 1568        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

16:36:38.0546 1568        PCI - ok

16:36:38.0562 1568        PCIDump - ok

16:36:38.0593 1568        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:36:38.0593 1568        PCIIde - ok

16:36:38.0640 1568        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

16:36:38.0640 1568        Pcmcia - ok

16:36:38.0656 1568        PDCOMP - ok

16:36:38.0687 1568        PDFRAME - ok

16:36:38.0703 1568        PDRELI - ok

16:36:38.0734 1568        PDRFRAME - ok

16:36:38.0750 1568        perc2 - ok

16:36:38.0781 1568        perc2hib - ok

16:36:38.0875 1568        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

16:36:38.0890 1568        PlugPlay - ok

16:36:38.0906 1568        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:36:38.0906 1568        PolicyAgent - ok

16:36:38.0953 1568        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:36:38.0953 1568        PptpMiniport - ok

16:36:38.0968 1568        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:36:38.0968 1568        ProtectedStorage - ok

16:36:39.0000 1568        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:36:39.0000 1568        PSched - ok

16:36:39.0031 1568        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:36:39.0031 1568        Ptilink - ok

16:36:39.0046 1568        ql1080 - ok

16:36:39.0062 1568        Ql10wnt - ok

16:36:39.0093 1568        ql12160 - ok

16:36:39.0125 1568        ql1240 - ok

16:36:39.0125 1568        ql1280 - ok

16:36:39.0156 1568        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:36:39.0156 1568        RasAcd - ok

16:36:39.0203 1568        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

16:36:39.0203 1568        RasAuto - ok

16:36:39.0234 1568        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:36:39.0234 1568        Rasl2tp - ok

16:36:39.0265 1568        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

16:36:39.0281 1568        RasMan - ok

16:36:39.0296 1568        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:36:39.0312 1568        RasPppoe - ok

16:36:39.0328 1568        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:36:39.0328 1568        Raspti - ok

16:36:39.0390 1568        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:36:39.0390 1568        Rdbss - ok

16:36:39.0421 1568        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:36:39.0421 1568        RDPCDD - ok

16:36:39.0484 1568        RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

16:36:39.0484 1568        RDPWD - ok

16:36:39.0546 1568        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

16:36:39.0562 1568        RDSessMgr - ok

16:36:39.0593 1568        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:36:39.0593 1568        redbook - ok

16:36:39.0625 1568        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

16:36:39.0625 1568        RemoteAccess - ok

16:36:39.0671 1568        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

16:36:39.0671 1568        RpcLocator - ok

16:36:39.0750 1568        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

16:36:39.0765 1568        RpcSs - ok

16:36:39.0796 1568        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

16:36:39.0796 1568        RSVP - ok

16:36:39.0828 1568        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:36:39.0843 1568        SamSs - ok

16:36:39.0859 1568        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

16:36:39.0859 1568        SCardSvr - ok

16:36:39.0921 1568        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

16:36:39.0921 1568        Schedule - ok

16:36:40.0015 1568        SeaPort         (d358e077a0a05d9b12da22d137ee8464) C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

16:36:40.0015 1568        SeaPort - ok

16:36:40.0031 1568        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:36:40.0031 1568        Secdrv - ok

16:36:40.0078 1568        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

16:36:40.0078 1568        seclogon - ok

16:36:40.0093 1568        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

16:36:40.0093 1568        SENS - ok

16:36:40.0140 1568        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

16:36:40.0140 1568        Serial - ok

16:36:40.0203 1568        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:36:40.0203 1568        Sfloppy - ok

16:36:40.0265 1568        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

16:36:40.0265 1568        SharedAccess - ok

16:36:40.0328 1568        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

16:36:40.0328 1568        ShellHWDetection - ok

16:36:40.0343 1568        Simbad - ok

16:36:40.0390 1568        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

16:36:40.0390 1568        SLIP - ok

16:36:40.0421 1568        Sparrow - ok

16:36:40.0468 1568        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:36:40.0468 1568        splitter - ok

16:36:40.0515 1568        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

16:36:40.0515 1568        Spooler - ok

16:36:40.0562 1568        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

16:36:40.0578 1568        sr - ok

16:36:40.0609 1568        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

16:36:40.0609 1568        srservice - ok

16:36:40.0687 1568        SRS_PremiumSound_Service (0bd44aa4743a9dbd2c638d699a7fd438) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys

16:36:40.0687 1568        SRS_PremiumSound_Service - ok

16:36:40.0750 1568        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:36:40.0750 1568        Srv - ok

16:36:40.0796 1568        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

16:36:40.0796 1568        SSDPSRV - ok

16:36:40.0859 1568        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

16:36:40.0859 1568        stisvc - ok

16:36:40.0890 1568        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

16:36:40.0890 1568        streamip - ok

16:36:40.0921 1568        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:36:40.0921 1568        swenum - ok

16:36:40.0953 1568        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:36:40.0953 1568        swmidi - ok

16:36:40.0984 1568        SwPrv - ok

16:36:41.0000 1568        symc810 - ok

16:36:41.0031 1568        symc8xx - ok

16:36:41.0062 1568        sym_hi - ok

16:36:41.0078 1568        sym_u3 - ok

16:36:41.0140 1568        SynTP           (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys

16:36:41.0140 1568        SynTP - ok

16:36:41.0171 1568        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:36:41.0171 1568        sysaudio - ok

16:36:41.0203 1568        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

16:36:41.0218 1568        SysmonLog - ok

16:36:41.0265 1568        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

16:36:41.0265 1568        TapiSrv - ok

16:36:41.0328 1568        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:36:41.0328 1568        Tcpip - ok

16:36:41.0359 1568        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:36:41.0359 1568        TDPIPE - ok

16:36:41.0375 1568        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:36:41.0375 1568        TDTCP - ok

16:36:41.0421 1568        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:36:41.0421 1568        TermDD - ok

16:36:41.0468 1568        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

16:36:41.0484 1568        TermService - ok

16:36:41.0531 1568        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

16:36:41.0531 1568        Themes - ok

16:36:41.0546 1568        TosIde - ok

16:36:41.0593 1568        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

16:36:41.0609 1568        TrkWks - ok

16:36:41.0656 1568        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:36:41.0656 1568        Udfs - ok

16:36:41.0703 1568        UDXTTM6000      (74113c378e9eeaa1690a27af2388d185) C:\WINDOWS\system32\Drivers\UDXTTM6000.sys

16:36:41.0718 1568        UDXTTM6000 - ok

16:36:41.0750 1568        UDXTTM6000HID   (ef986704a3baf1c6cb3df3d334cf7752) C:\WINDOWS\system32\drivers\UDXTTM6000HID.sys

16:36:41.0750 1568        UDXTTM6000HID - ok

16:36:41.0765 1568        ultra - ok

16:36:41.0843 1568        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:36:41.0843 1568        Update - ok

16:36:41.0890 1568        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

16:36:41.0906 1568        upnphost - ok

16:36:41.0921 1568        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

16:36:41.0921 1568        UPS - ok

16:36:41.0968 1568        USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys

16:36:41.0968 1568        USBAAPL - ok

16:36:42.0015 1568        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:36:42.0015 1568        usbccgp - ok

16:36:42.0046 1568        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:36:42.0046 1568        usbehci - ok

16:36:42.0062 1568        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:36:42.0078 1568        usbhub - ok

16:36:42.0125 1568        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:36:42.0125 1568        usbscan - ok

16:36:42.0171 1568        usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:36:42.0171 1568        usbstor - ok

16:36:42.0187 1568        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:36:42.0187 1568        usbuhci - ok

16:36:42.0234 1568        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

16:36:42.0234 1568        usbvideo - ok

16:36:42.0265 1568        uvclf           (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys

16:36:42.0265 1568        uvclf - ok

16:36:42.0296 1568        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:36:42.0296 1568        VgaSave - ok

16:36:42.0312 1568        ViaIde - ok

16:36:42.0375 1568        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

16:36:42.0375 1568        VolSnap - ok

16:36:42.0437 1568        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

16:36:42.0437 1568        VSS - ok

16:36:42.0484 1568        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

16:36:42.0500 1568        W32Time - ok

16:36:42.0687 1568        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:36:42.0687 1568        Wanarp - ok

16:36:42.0765 1568        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

16:36:42.0765 1568        Wdf01000 - ok

16:36:42.0781 1568        WDICA - ok

16:36:42.0828 1568        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:36:42.0828 1568        wdmaud - ok

16:36:42.0875 1568        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

16:36:42.0875 1568        WebClient - ok

16:36:42.0968 1568        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

16:36:42.0968 1568        winmgmt - ok

16:36:43.0046 1568        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

16:36:43.0046 1568        WmdmPmSN - ok

16:36:43.0109 1568        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

16:36:43.0109 1568        WmiApSrv - ok

16:36:43.0265 1568        WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe

16:36:43.0296 1568        WMPNetworkSvc - ok

16:36:43.0343 1568        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

16:36:43.0359 1568        wscsvc - ok

16:36:43.0437 1568        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

16:36:43.0437 1568        WSTCODEC - ok

16:36:43.0484 1568        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

16:36:43.0484 1568        wuauserv - ok

16:36:43.0531 1568        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:36:43.0546 1568        WudfPf - ok

16:36:43.0562 1568        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:36:43.0562 1568        WudfRd - ok

16:36:43.0593 1568        WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

16:36:43.0609 1568        WudfSvc - ok

16:36:43.0671 1568        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

16:36:43.0687 1568        WZCSVC - ok

16:36:43.0718 1568        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

16:36:43.0718 1568        xmlprov - ok

16:36:43.0781 1568        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

16:36:44.0687 1568        \Device\Harddisk0\DR0 - ok

16:36:44.0703 1568        Boot (0x1200)   (fa7211ea8bf340e5ff5de0a654d7f6e5) \Device\Harddisk0\DR0\Partition0

16:36:44.0703 1568        \Device\Harddisk0\DR0\Partition0 - ok

16:36:44.0734 1568        Boot (0x1200)   (23d9801df2bad941df900c69868db793) \Device\Harddisk0\DR0\Partition1

16:36:44.0734 1568        \Device\Harddisk0\DR0\Partition1 - ok

16:36:44.0734 1568        ============================================================

16:36:44.0734 1568        Scan finished

16:36:44.0734 1568        ============================================================

16:36:44.0781 1504        Detected object count: 0

16:36:44.0781 1504        Actual detected object count: 0

16:36:48.0140 1524        Deinitialize success