Trojaner-Board - Security Shield

Hallo,
danke schon mal für die hilfe.

grüße
Lurtos

Hier die beiden berichte.

OTL.Txt:OTL Logfile:

Code:

OTL logfile created on: 20.07.2012 10:23:18 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Programme

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 87,02% Memory free

5,09 Gb Paging File | 4,71 Gb Available in Paging File | 92,57% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97,65 Gb Total Space | 73,29 Gb Free Space | 75,05% Space Free | Partition Type: NTFS

Drive E: | 819,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: DIRACTIO-20C18F | User Name: Rechnungsmaster | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.20 10:08:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Programme\OTL.exe

PRC - [2012.05.08 12:54:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 12:54:55 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 12:54:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.08 12:54:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.11.17 19:03:50 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe

PRC - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2011.10.07 15:06:59 | 001,517,520 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe

PRC - [2011.09.30 13:19:12 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe

PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.05.08 12:54:56 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe

MOD - [2011.03.02 17:17:18 | 000,603,136 | ---- | M] () -- C:\Programme\GNU\GnuPG\libgcrypt-11.dll

MOD - [2011.03.02 17:16:20 | 000,208,384 | ---- | M] () -- C:\Programme\GNU\GnuPG\libksba-8.dll

MOD - [2011.03.02 17:16:08 | 000,073,216 | ---- | M] () -- C:\Programme\GNU\GnuPG\libassuan-0.dll

MOD - [2011.03.02 17:13:52 | 000,048,640 | ---- | M] () -- C:\Programme\GNU\GnuPG\libgpg-error-0.dll

MOD - [2011.03.02 17:11:52 | 000,038,400 | ---- | M] () -- C:\Programme\GNU\GnuPG\libw32pth-0.dll

MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.06.18 09:18:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.08 12:54:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 12:54:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2011.11.17 19:03:50 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Programme\GNU\GnuPG\dirmngr.exe -- (DirMngr)

SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.05.08 12:54:56 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.08 12:54:56 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)

DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2011.10.07 15:06:59 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.11 14:37:04 | 000,013,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys -- (AsrAppCharger)

DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009.05.08 11:22:28 | 001,358,720 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008.08.18 18:54:24 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)

DRV - [2008.03.25 11:48:08 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008.03.25 11:48:06 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2008.02.14 14:12:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "hxxp://diraction.org/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.05.21 10:37:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.18 09:18:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.21 10:25:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

 

[2011.10.07 14:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Mozilla\Extensions

[2011.10.07 14:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.07.04 10:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Mozilla\Firefox\Profiles\ev3kxvpb.default\extensions

[2011.10.07 14:32:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Mozilla\Firefox\Profiles\ev3kxvpb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.10.02 12:56:44 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Mozilla\Firefox\Profiles\ev3kxvpb.default\searchplugins\conduit.xml

[2011.11.10 13:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.07.04 10:40:29 | 000,743,290 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\RECHNUNGSMASTER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EV3KXVPB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.06.18 09:18:32 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.02.03 10:31:20 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.03 10:31:20 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.02.03 10:31:20 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.03 10:31:20 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.03 10:31:20 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.03 10:31:20 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ISW]  File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [TrueCrypt] C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk = C:\Programme\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)

O4 - Startup: C:\Dokumente und Einstellungen\Rechnungsmaster\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{857662C9-07AF-464A-A9BD-CB534BD39E90}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.10.07 14:03:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.18 12:04:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Malwarebytes

[2012.07.18 12:04:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.07.18 12:04:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.07.18 12:04:24 | 000,000,000 | ---D | C] -- C:\Programme\flo

[2012.07.13 13:03:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Sneacker

[2012.07.06 12:14:08 | 000,000,000 | -HSD | C] -- C:\found.000

[2012.06.27 09:38:42 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Eigene Dateien\Dropbox

[2012.06.27 09:37:01 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox

[2012.06.27 09:36:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Startmenü\Programme\Dropbox

[2012.06.27 09:36:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Dropbox

[2012.06.22 09:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D561F3542D0F0559F304CCD151FC4E

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.20 10:05:23 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2012.07.20 10:05:06 | 000,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr

[2012.07.20 10:05:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.07.19 11:08:15 | 000,081,575 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\kommissionsvertrag_muster_.pdf

[2012.07.19 10:59:50 | 000,083,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\kommissionsvertrag_risom_de.pdf

[2012.07.19 10:59:38 | 000,016,126 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\kommissionsvertrag_risom.odt

[2012.07.18 12:04:25 | 000,000,589 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.18 09:38:15 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.07.17 15:12:59 | 000,015,263 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Darlehnsvertrag DirAction.odt

[2012.07.17 15:11:01 | 000,020,948 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\99cubes Liste Aktuel.ods

[2012.07.17 13:31:31 | 000,014,811 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\soli und Band´s.ods

[2012.07.14 16:39:55 | 000,015,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\kommissionsvertrag_delikatess.odt

[2012.07.13 13:01:57 | 000,415,916 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2012.07.12 11:51:02 | 000,000,397 | ---- | M] () -- C:\WINDOWS\EasyCT.INI

[2012.07.12 09:54:15 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.07.11 17:17:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.07.10 09:36:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.07.04 10:11:23 | 000,867,742 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Gewerbeschein_frank_hoehlein.pdf

[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.06.29 10:38:22 | 000,000,745 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\.recently-used.xbel

[2012.06.27 09:37:06 | 000,001,068 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Startmenü\Programme\Autostart\Dropbox.lnk

[2012.06.24 12:44:56 | 000,009,849 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Unbenannt 1.odt

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.20 10:05:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\S.dirmngr

[2012.07.19 11:08:14 | 000,081,575 | ---- | C] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\kommissionsvertrag_muster_.pdf

[2012.07.19 10:59:38 | 000,016,126 | ---- | C] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\kommissionsvertrag_risom.odt

[2012.07.18 15:12:06 | 000,083,720 | ---- | C] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\kommissionsvertrag_risom_de.pdf

[2012.07.18 12:04:25 | 000,000,589 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.14 16:39:55 | 000,015,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\kommissionsvertrag_delikatess.odt

[2012.07.04 10:11:23 | 000,867,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Gewerbeschein_frank_hoehlein.pdf

[2012.06.29 10:38:22 | 000,000,745 | ---- | C] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\.recently-used.xbel

[2012.06.27 09:37:06 | 000,001,068 | ---- | C] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Startmenü\Programme\Autostart\Dropbox.lnk

[2012.06.24 12:44:56 | 000,009,849 | ---- | C] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Unbenannt 1.odt

[2012.02.15 10:23:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.10.07 16:08:31 | 000,000,397 | ---- | C] () -- C:\WINDOWS\EasyCT.INI

[2011.10.07 15:44:39 | 000,000,678 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.10.07 15:23:38 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2011.10.07 14:48:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.10.07 14:47:53 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.10.07 14:35:26 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2011.10.07 14:32:33 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2011.10.07 14:32:28 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2011.10.07 14:32:27 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2011.10.07 14:32:21 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2011.10.07 14:32:10 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2011.10.07 14:32:08 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2011.10.07 14:31:48 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2011.10.07 14:31:40 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2011.10.07 14:04:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.10.07 14:00:40 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

 
 ========== LOP Check ==========

 

[2011.11.29 11:35:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint

[2011.10.07 16:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EasyCash&Tax

[2012.06.22 09:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D561F3542D0F0559F304CCD151FC4E

[2011.10.07 15:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GNU

[2011.10.07 17:26:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrueCrypt

[2011.10.07 15:30:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\CheckPoint

[2012.07.20 10:05:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Dropbox

[2012.07.17 12:46:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\gnupg

[2011.12.22 11:20:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\inkscape

[2011.10.07 16:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\OpenOffice.org

[2011.10.07 15:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Thunderbird

[2011.10.07 18:43:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\TrueCrypt

[2012.03.30 11:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\XnView

[2012.07.20 10:05:23 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2012.01.18 16:50:55 | 000,000,000 | ---D | M] -- C:\BAckup andere rechner 18.01.2012

[2011.10.07 14:06:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2011.10.08 09:00:04 | 000,000,000 | ---D | M] -- C:\f691aeec2d0722aeef2aeb2b20782f

[2012.07.06 12:14:08 | 000,000,000 | -HSD | M] -- C:\found.000

[2012.07.18 12:04:24 | 000,000,000 | R--D | M] -- C:\Programme

[2011.10.07 14:41:08 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2012.07.18 12:54:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.07.20 10:05:06 | 000,000,000 | ---D | M] -- C:\WINDOWS

 
 < %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: AGP440.SYS  >

[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\Rechnungsmaster\Lokale Einstellungen\Temp\RarSFX1\procs\explorer.exe

[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe

[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe

[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\Rechnungsmaster\Lokale Einstellungen\Temp\RarSFX1\h\explorer.exe

[2012.07.18 12:01:07 | 001,012,656 | ---- | M] () MD5=C7D040F4C3C0214B460AABDE52BE9189 -- C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Programme\eXplorer.exe

 
 < MD5 for: IASTOR.SYS  >

[2008.04.14 14:00:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\001\iastor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

 
 < MD5 for: NVGTS.SYS  >

[2008.08.18 18:54:24 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\WINDOWS\system32\drivers\nvgts.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll

[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\Rechnungsmaster\Lokale Einstellungen\Temp\RarSFX1\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\flo\Chameleon\winlogon.exe

[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\Rechnungsmaster\Lokale Einstellungen\Temp\RarSFX1\winlogon.exe

[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2011.10.07 15:47:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2011.10.07 15:47:12 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2011.10.07 15:47:12 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %USERPROFILE%\*.* >

[2012.06.29 10:38:22 | 000,000,745 | ---- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\.recently-used.xbel

[2012.07.19 17:15:06 | 003,145,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\NTUSER.DAT

[2012.07.20 10:17:15 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\ntuser.dat.LOG

[2012.07.04 17:10:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Rechnungsmaster\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.06.13 15:55:13 | 001,866,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 

< End of report >

--- --- ---

und die Extras.TxtOTL Logfile:

Code:

OTL Extras logfile created on: 20.07.2012 10:23:18 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Rechnungsmaster\Desktop\Programme

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 87,02% Memory free

5,09 Gb Paging File | 4,71 Gb Available in Paging File | 92,57% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97,65 Gb Total Space | 73,29 Gb Free Space | 75,05% Space Free | Partition Type: NTFS

Drive E: | 819,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: DIRACTIO-20C18F | User Name: Rechnungsmaster | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, XnView Software - Free graphic and photo viewer, converter, organizer)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon

"C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Rechnungsmaster\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 Update 2

"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4

"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"ASRock App Charger_is1" = ASRock App Charger v1.0.4

"Avira AntiVir Desktop" = Avira Free Antivirus

"Ditto_is1" = Ditto

"EasyCash&Tax_is1" = EasyCash&Tax 1.54

"Elster-Export Plugin für EasyCash&Tax_is1" = Elster-Export 1.10

"GPG4Win" = Gpg4win (2.1.0)

"GPL Ghostscript 9.04" = GPL Ghostscript

"Inkscape" = Inkscape 0.48.2

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Drivers" = NVIDIA Drivers

"TrueCrypt" = TrueCrypt

"UltraISO_is1" = UltraISO Premium V9.36

"VirtualCloneDrive" = VirtualCloneDrive

"VLC media player" = VLC media player 1.1.11

"WinRAR archiver" = WinRAR 4.01 (32-Bit)

"XnView_is1" = XnView 1.98.2

"ZoneAlarm Free" = ZoneAlarm Free

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 05.01.2012 10:52:12 | Computer Name = DIRACTIO-20C18F | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung easyct.exe, Version 1.53.0.4, fehlgeschlagenes

 Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000218aa.

 

Error - 01.02.2012 11:58:41 | Computer Name = DIRACTIO-20C18F | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung easyct.exe, Version 1.53.0.4, fehlgeschlagenes

 Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000218aa.

 

Error - 08.03.2012 11:00:29 | Computer Name = DIRACTIO-20C18F | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung easyct.exe, Version 1.54.0.1, fehlgeschlagenes

 Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000218aa.

 

Error - 27.03.2012 03:30:02 | Computer Name = DIRACTIO-20C18F | Source = WmiAdapter | ID = 4099

Description = Dienst konnte nicht geöffnet werden.

 

[ System Events ]

Error - 17.07.2012 07:46:50 | Computer Name = DIRACTIO-20C18F | Source = Service Control Manager | ID = 7034

Description = Dienst "MS Software Shadow Copy Provider" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 17.07.2012 07:46:51 | Computer Name = DIRACTIO-20C18F | Source = Service Control Manager | ID = 7034

Description = Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 17.07.2012 07:49:21 | Computer Name = DIRACTIO-20C18F | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 17.07.2012 07:58:52 | Computer Name = DIRACTIO-20C18F | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 18.07.2012 03:38:22 | Computer Name = DIRACTIO-20C18F | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 18.07.2012 05:55:52 | Computer Name = DIRACTIO-20C18F | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 18.07.2012 07:57:44 | Computer Name = DIRACTIO-20C18F | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 18.07.2012 07:57:44 | Computer Name = DIRACTIO-20C18F | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 19.07.2012 04:43:21 | Computer Name = DIRACTIO-20C18F | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 20.07.2012 04:05:30 | Computer Name = DIRACTIO-20C18F | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

 

< End of report >

--- --- ---

Hallo,
oh das hatte ich falsch verstanden.
Konnte die Aber nur rauskopieren. nicht als datei finden.

grüße

10:58:28.0296 2100 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:58:28.0500 2100 ============================================================
10:58:28.0500 2100 Current date / time: 2012/07/31 10:58:28.0500
10:58:28.0500 2100 SystemInfo:
10:58:28.0500 2100
10:58:28.0500 2100 OS Version: 5.1.2600 ServicePack: 3.0
10:58:28.0500 2100 Product type: Workstation
10:58:28.0500 2100 ComputerName: DIRACTIO-20C18F
10:58:28.0500 2100 UserName: Rechnungsmaster
10:58:28.0500 2100 Windows directory: C:\WINDOWS
10:58:28.0500 2100 System windows directory: C:\WINDOWS
10:58:28.0500 2100 Processor architecture: Intel x86
10:58:28.0500 2100 Number of processors: 2
10:58:28.0500 2100 Page size: 0x1000
10:58:28.0500 2100 Boot type: Normal boot
10:58:28.0500 2100 ============================================================
10:58:29.0125 2100 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
10:58:29.0140 2100 ============================================================
10:58:29.0140 2100 \Device\Harddisk0\DR0:
10:58:29.0140 2100 MBR partitions:
10:58:29.0140 2100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
10:58:29.0140 2100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xE, StartLBA 0xC34F30B, BlocksNum 0x2E031A75
10:58:29.0140 2100 ============================================================
10:58:29.0140 2100 Initialize success
10:58:29.0140 2100 ============================================================
10:59:28.0328 3196 ============================================================
10:59:28.0328 3196 Scan started
10:59:28.0328 3196 Mode: Manual; SigCheck; TDLFS;
10:59:28.0328 3196 ============================================================
10:59:28.0343 3196 Abiosdsk - ok
10:59:28.0343 3196 abp480n5 - ok
10:59:28.0359 3196 ACPI - ok
10:59:28.0375 3196 ACPIEC - ok
10:59:28.0375 3196 adpu160m - ok
10:59:28.0375 3196 aec - ok
10:59:28.0390 3196 AFD - ok
10:59:28.0390 3196 Aha154x - ok
10:59:28.0406 3196 aic78u2 - ok
10:59:28.0406 3196 aic78xx - ok
10:59:28.0421 3196 Alerter - ok
10:59:28.0421 3196 ALG - ok
10:59:28.0421 3196 AliIde - ok
10:59:28.0437 3196 AmdPPM - ok
10:59:28.0437 3196 amsint - ok
10:59:28.0437 3196 AntiVirSchedulerService - ok
10:59:28.0453 3196 AntiVirService - ok
10:59:28.0453 3196 AppMgmt - ok
10:59:28.0468 3196 asc - ok
10:59:28.0468 3196 asc3350p - ok
10:59:28.0468 3196 asc3550 - ok
10:59:28.0484 3196 aspnet_state - ok
10:59:28.0484 3196 AsrAppCharger - ok
10:59:28.0500 3196 AsyncMac - ok
10:59:28.0500 3196 atapi - ok
10:59:28.0515 3196 Atdisk - ok
10:59:28.0515 3196 Atmarpc - ok
10:59:28.0515 3196 AudioSrv - ok
10:59:28.0531 3196 audstub - ok
10:59:28.0531 3196 avgntflt - ok
10:59:28.0546 3196 avipbb - ok
10:59:28.0546 3196 avkmgr - ok
10:59:28.0546 3196 Beep - ok
10:59:28.0562 3196 BITS - ok
10:59:28.0562 3196 Browser - ok
10:59:28.0562 3196 catchme - ok
10:59:28.0578 3196 cbidf2k - ok
10:59:28.0578 3196 cd20xrnt - ok
10:59:28.0593 3196 Cdaudio - ok
10:59:28.0593 3196 Cdfs - ok
10:59:28.0593 3196 Cdrom - ok
10:59:28.0609 3196 Changer - ok
10:59:28.0609 3196 CiSvc - ok
10:59:28.0625 3196 ClipSrv - ok
10:59:28.0625 3196 clr_optimization_v4.0.30319_32 - ok
10:59:28.0625 3196 CmdIde - ok
10:59:28.0640 3196 COMSysApp - ok
10:59:28.0640 3196 Cpqarray - ok
10:59:28.0656 3196 CryptSvc - ok
10:59:28.0656 3196 dac2w2k - ok
10:59:28.0656 3196 dac960nt - ok
10:59:28.0656 3196 DcomLaunch - ok
10:59:28.0671 3196 Dhcp - ok
10:59:28.0671 3196 DirMngr - ok
10:59:28.0671 3196 Disk - ok
10:59:28.0687 3196 dmadmin - ok
10:59:28.0687 3196 dmboot - ok
10:59:28.0687 3196 dmio - ok
10:59:28.0703 3196 dmload - ok
10:59:28.0703 3196 dmserver - ok
10:59:28.0703 3196 DMusic - ok
10:59:28.0718 3196 Dnscache - ok
10:59:28.0718 3196 Dot3svc - ok
10:59:28.0718 3196 dpti2o - ok
10:59:28.0734 3196 drmkaud - ok
10:59:28.0734 3196 EapHost - ok
10:59:28.0734 3196 ElbyCDIO - ok
10:59:28.0750 3196 ERSvc - ok
10:59:28.0750 3196 Eventlog - ok
10:59:28.0750 3196 EventSystem - ok
10:59:28.0765 3196 Fastfat - ok
10:59:28.0765 3196 FastUserSwitchingCompatibility - ok
10:59:28.0765 3196 Fdc - ok
10:59:28.0781 3196 Fips - ok
10:59:28.0781 3196 Flpydisk - ok
10:59:28.0781 3196 FltMgr - ok
10:59:28.0796 3196 Fs_Rec - ok
10:59:28.0796 3196 Ftdisk - ok
10:59:28.0812 3196 Gpc - ok
10:59:28.0812 3196 HDAudBus - ok
10:59:28.0812 3196 helpsvc - ok
10:59:28.0828 3196 HidServ - ok
10:59:28.0828 3196 hidusb - ok
10:59:28.0828 3196 hkmsvc - ok
10:59:28.0843 3196 hpn - ok
10:59:28.0843 3196 HTTP - ok
10:59:28.0843 3196 HTTPFilter - ok
10:59:28.0859 3196 i2omgmt - ok
10:59:28.0859 3196 i2omp - ok
10:59:28.0859 3196 i8042prt - ok
10:59:28.0875 3196 Imapi - ok
10:59:28.0875 3196 ImapiService - ok
10:59:28.0875 3196 ini910u - ok
10:59:28.0890 3196 IntelIde - ok
10:59:28.0890 3196 Ip6Fw - ok
10:59:28.0906 3196 IpFilterDriver - ok
10:59:28.0906 3196 IpInIp - ok
10:59:28.0906 3196 IpNat - ok
10:59:28.0921 3196 IPSec - ok
10:59:28.0921 3196 IRENUM - ok
10:59:28.0921 3196 isapnp - ok
10:59:28.0937 3196 ISWKL - ok
10:59:28.0937 3196 IswSvc - ok
10:59:28.0937 3196 JavaQuickStarterService - ok
10:59:28.0953 3196 Kbdclass - ok
10:59:28.0953 3196 kbdhid - ok
10:59:28.0953 3196 KL1 - ok
10:59:28.0968 3196 kl2 - ok
10:59:28.0968 3196 KLIF - ok
10:59:28.0968 3196 kmixer - ok
10:59:28.0984 3196 KSecDD - ok
10:59:28.0984 3196 LanmanServer - ok
10:59:28.0984 3196 lanmanworkstation - ok
10:59:29.0000 3196 lbrtfdc - ok
10:59:29.0000 3196 LmHosts - ok
10:59:29.0015 3196 Messenger - ok
10:59:29.0015 3196 mnmdd - ok
10:59:29.0015 3196 mnmsrvc - ok
10:59:29.0015 3196 Modem - ok
10:59:29.0031 3196 monfilt - ok
10:59:29.0031 3196 Mouclass - ok
10:59:29.0031 3196 mouhid - ok
10:59:29.0046 3196 MountMgr - ok
10:59:29.0046 3196 MozillaMaintenance - ok
10:59:29.0062 3196 mraid35x - ok
10:59:29.0062 3196 MRxDAV - ok
10:59:29.0062 3196 MRxSmb - ok
10:59:29.0062 3196 MSDTC - ok
10:59:29.0078 3196 Msfs - ok
10:59:29.0078 3196 MSIServer - ok
10:59:29.0078 3196 MSKSSRV - ok
10:59:29.0093 3196 MSPCLOCK - ok
10:59:29.0093 3196 MSPQM - ok
10:59:29.0109 3196 mssmbios - ok
10:59:29.0109 3196 Mup - ok
10:59:29.0109 3196 napagent - ok
10:59:29.0125 3196 NDIS - ok
10:59:29.0125 3196 NdisTapi - ok
10:59:29.0125 3196 Ndisuio - ok
10:59:29.0140 3196 NdisWan - ok
10:59:29.0140 3196 NDProxy - ok
10:59:29.0140 3196 NetBIOS - ok
10:59:29.0156 3196 NetBT - ok
10:59:29.0156 3196 NetDDE - ok
10:59:29.0156 3196 NetDDEdsdm - ok
10:59:29.0171 3196 Netlogon - ok
10:59:29.0171 3196 Netman - ok
10:59:29.0171 3196 NetTcpPortSharing - ok
10:59:29.0187 3196 Nla - ok
10:59:29.0187 3196 NMSAccess - ok
10:59:29.0187 3196 Npfs - ok
10:59:29.0203 3196 Ntfs - ok
10:59:29.0203 3196 NtLmSsp - ok
10:59:29.0203 3196 NtmsSvc - ok
10:59:29.0218 3196 Null - ok
10:59:29.0218 3196 nv - ok
10:59:29.0218 3196 NVENETFD - ok
10:59:29.0234 3196 nvgts - ok
10:59:29.0234 3196 nvnetbus - ok
10:59:29.0234 3196 NVSvc - ok
10:59:29.0250 3196 NwlnkFlt - ok
10:59:29.0250 3196 NwlnkFwd - ok
10:59:29.0250 3196 Parport - ok
10:59:29.0265 3196 PartMgr - ok
10:59:29.0265 3196 ParVdm - ok
10:59:29.0265 3196 PCI - ok
10:59:29.0281 3196 PCIDump - ok
10:59:29.0281 3196 PCIIde - ok
10:59:29.0281 3196 Pcmcia - ok
10:59:29.0281 3196 PDCOMP - ok
10:59:29.0296 3196 PDFRAME - ok
10:59:29.0296 3196 PDRELI - ok
10:59:29.0312 3196 PDRFRAME - ok
10:59:29.0312 3196 perc2 - ok
10:59:29.0312 3196 perc2hib - ok
10:59:29.0328 3196 PlugPlay - ok
10:59:29.0343 3196 PolicyAgent - ok
10:59:29.0343 3196 PptpMiniport - ok
10:59:29.0343 3196 Processor - ok
10:59:29.0343 3196 ProtectedStorage - ok
10:59:29.0359 3196 PSched - ok
10:59:29.0359 3196 Ptilink - ok
10:59:29.0359 3196 ql1080 - ok
10:59:29.0375 3196 Ql10wnt - ok
10:59:29.0375 3196 ql12160 - ok
10:59:29.0375 3196 ql1240 - ok
10:59:29.0390 3196 ql1280 - ok
10:59:29.0390 3196 RasAcd - ok
10:59:29.0390 3196 RasAuto - ok
10:59:29.0406 3196 Rasl2tp - ok
10:59:29.0406 3196 RasMan - ok
10:59:29.0406 3196 RasPppoe - ok
10:59:29.0421 3196 Raspti - ok
10:59:29.0421 3196 Rdbss - ok
10:59:29.0421 3196 RDPCDD - ok
10:59:29.0437 3196 rdpdr - ok
10:59:29.0437 3196 RDPWD - ok
10:59:29.0453 3196 RDSessMgr - ok
10:59:29.0453 3196 redbook - ok
10:59:29.0468 3196 RemoteAccess - ok
10:59:29.0468 3196 RemoteRegistry - ok
10:59:29.0468 3196 RpcLocator - ok
10:59:29.0484 3196 RpcSs - ok
10:59:29.0484 3196 RSVP - ok
10:59:29.0484 3196 SamSs - ok
10:59:29.0500 3196 SCardSvr - ok
10:59:29.0500 3196 Schedule - ok
10:59:29.0500 3196 Secdrv - ok
10:59:29.0515 3196 seclogon - ok
10:59:29.0515 3196 SENS - ok
10:59:29.0515 3196 serenum - ok
10:59:29.0531 3196 Serial - ok
10:59:29.0531 3196 Sfloppy - ok
10:59:29.0546 3196 SharedAccess - ok
10:59:29.0546 3196 ShellHWDetection - ok
10:59:29.0546 3196 Simbad - ok
10:59:29.0562 3196 Sparrow - ok
10:59:29.0562 3196 splitter - ok
10:59:29.0562 3196 Spooler - ok
10:59:29.0578 3196 sr - ok
10:59:29.0578 3196 srservice - ok
10:59:29.0578 3196 Srv - ok
10:59:29.0593 3196 SSDPSRV - ok
10:59:29.0593 3196 ssmdrv - ok
10:59:29.0593 3196 StarOpen - ok
10:59:29.0609 3196 stisvc - ok
10:59:29.0625 3196 swenum - ok
10:59:29.0625 3196 swmidi - ok
10:59:29.0625 3196 SwPrv - ok
10:59:29.0640 3196 symc810 - ok
10:59:29.0640 3196 symc8xx - ok
10:59:29.0640 3196 sym_hi - ok
10:59:29.0656 3196 sym_u3 - ok
10:59:29.0656 3196 sysaudio - ok
10:59:29.0656 3196 SysmonLog - ok
10:59:29.0671 3196 TapiSrv - ok
10:59:29.0671 3196 Tcpip - ok
10:59:29.0671 3196 TDPIPE - ok
10:59:29.0687 3196 TDTCP - ok
10:59:29.0687 3196 TermDD - ok
10:59:29.0703 3196 TermService - ok
10:59:29.0703 3196 Themes - ok
10:59:29.0703 3196 TlntSvr - ok
10:59:29.0718 3196 TosIde - ok
10:59:29.0718 3196 TrkWks - ok
10:59:29.0734 3196 truecrypt - ok
10:59:29.0734 3196 Udfs - ok
10:59:29.0734 3196 ultra - ok
10:59:29.0750 3196 Update - ok
10:59:29.0750 3196 upnphost - ok
10:59:29.0765 3196 UPS - ok
10:59:29.0765 3196 usbccgp - ok
10:59:29.0765 3196 usbehci - ok
10:59:29.0781 3196 usbhub - ok
10:59:29.0781 3196 usbohci - ok
10:59:29.0781 3196 usbprint - ok
10:59:29.0796 3196 USBSTOR - ok
10:59:29.0796 3196 VClone - ok
10:59:29.0812 3196 VgaSave - ok
10:59:29.0812 3196 VIAHdAudAddService - ok
10:59:29.0828 3196 ViaIde - ok
10:59:29.0828 3196 VolSnap - ok
10:59:29.0828 3196 Vsdatant - ok
10:59:29.0843 3196 vsmon - ok
10:59:29.0843 3196 VSS - ok
10:59:29.0843 3196 W32Time - ok
10:59:29.0859 3196 Wanarp - ok
10:59:29.0859 3196 WDICA - ok
10:59:29.0859 3196 wdmaud - ok
10:59:29.0875 3196 WebClient - ok
10:59:29.0875 3196 winmgmt - ok
10:59:29.0890 3196 WmdmPmSN - ok
10:59:29.0890 3196 Wmi - ok
10:59:29.0906 3196 WmiApSrv - ok
10:59:29.0906 3196 WPFFontCache_v0400 - ok
10:59:29.0906 3196 WS2IFSL - ok
10:59:29.0921 3196 wscsvc - ok
10:59:29.0921 3196 wuauserv - ok
10:59:29.0921 3196 WZCSVC - ok
10:59:29.0937 3196 xmlprov - ok
10:59:29.0953 3196 MBR (0x1B8) (1f2dbc66e67d9c5263898c0325fb6d31) \Device\Harddisk0\DR0
10:59:30.0234 3196 \Device\Harddisk0\DR0 - ok
10:59:30.0234 3196 Boot (0x1200) (b3b69ce0a54bd27a98ca9b81fa4067be) \Device\Harddisk0\DR0\Partition0
10:59:30.0234 3196 \Device\Harddisk0\DR0\Partition0 - ok
10:59:30.0234 3196 Boot (0x1200) (c23911bd194809d53acbfda1e2cb7be5) \Device\Harddisk0\DR0\Partition1
10:59:30.0234 3196 \Device\Harddisk0\DR0\Partition1 - ok
10:59:30.0234 3196 ============================================================
10:59:30.0234 3196 Scan finished
10:59:30.0234 3196 ============================================================
10:59:30.0250 3588 Detected object count: 0
10:59:30.0250 3588 Actual detected object count: 0