Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.11.2012, 00:45   #1
pinadgo
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Beitrag

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Hallo!
Da meine Mutter einen Brief von der Telekom bekommen hat, dass ihr PC vom Zeus Online-Banking Trojaner befallen ist, hatte ich Angst, dass der evtl. bei mir auch über 'nen USB-Stick draufgekommen sein könnte und hab ein paar scans gemacht. Den hab ich dann (glaube ich) nicht gefunden, aber ein paar andere infizierte Dateien. Ich benutze Avast als Virusprogramm und mache scans mit Malwarebyte's Antimalware und SuperantiSpyware (hab leider keine alten scans).
Die infizierten Dateien habe ich von Malwarebyte's Antimalware und SUPERAntiSpyware löschen lassen (siehe Logs), aber ich habe Angst, dass noch was im PC versteckt ist, und deshalb wäre es sehr schön, wenn sich mal ein Profi die logs angucken könnte (evtl. wurde der Zeus-Trojaner auch von den Programmen übersehen und schlummert noch auf meinem PC?). Wie in der Forenanleitung beschrieben hab ich alle nötigen logfiles erstellt.

Malwarebyte's:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.14.06

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
jens :: DACHS [Administrator]

14.11.2012 20:54:55
mbam-log-2012-11-14 (22-01-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343786
Laufzeit: 40 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 9
C:\Programme\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{5706DE39-B830-473B-88EE-8395CF4BDCC1}\RP1057\A0197382.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{5706DE39-B830-473B-88EE-8395CF4BDCC1}\RP1065\A0199035.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.

(Ende)
         
SuperantiSpyware

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/14/2012 at 11:30 PM

Application Version : 5.6.1014

Core Rules Database Version : 9584
Trace Rules Database Version: 7396

Scan type       : Complete Scan
Total Scan Time : 01:00:09

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 639
Memory threats detected   : 0
Registry items scanned    : 38303
Registry threats detected : 1
File items scanned        : 41023
File threats detected     : 1

Disabled.SecurityCenterOption
	HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Trojan.Agent/Gen-Nullo[Short]
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{5706DE39-B830-473B-88EE-8395CF4BDCC1}\RP1078\A0201635.EXE
         
OTL
Code:
ATTFilter
OTL logfile created on: 15.11.2012 00:03:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\jens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,09% Memory free
3,72 Gb Paging File | 3,24 Gb Available in Paging File | 86,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 67,05 Gb Total Space | 27,02 Gb Free Space | 40,29% Space Free | Partition Type: FAT32
Drive D: | 42,84 Gb Total Space | 7,65 Gb Free Space | 17,85% Space Free | Partition Type: FAT32
 
Computer Name: DACHS | User Name: jens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.14 23:53:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens\Desktop\OTL.exe
PRC - [2012.11.14 22:24:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.08.21 11:12:26 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.06.07 17:34:34 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2008.04.14 04:23:06 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.14 11:43:32 | 000,069,632 | ---- | M] (ASUS) -- C:\WINDOWS\system32\ASUSTPE.exe
PRC - [2006.10.14 05:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006.08.10 10:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006.06.08 20:33:02 | 000,053,248 | ---- | M] (ASUSTeK Computer INC.) -- C:\Programme\ASUS\ATK Media\DMedia.exe
PRC - [2006.04.24 14:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2005.10.17 17:09:34 | 000,987,136 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe
PRC - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.14 23:58:02 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012.11.14 23:57:46 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012.11.14 23:56:52 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
MOD - [2012.11.14 23:56:50 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012.11.14 23:56:46 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012.11.14 23:56:40 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012.11.14 23:56:28 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012.11.14 20:22:46 | 001,832,960 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12111401\algo.dll
MOD - [2012.07.04 22:44:54 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\df9b91c72d00cad13abd00fe7f8d12cb\System.Windows.Forms.ni.dll
MOD - [2012.07.04 22:25:50 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.05.09 20:33:18 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 20:24:18 | 000,532,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
MOD - [2012.05.09 20:24:18 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
MOD - [2012.05.09 20:19:46 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012.05.09 20:19:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.09 20:18:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.09 20:18:32 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.09 20:18:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.09 20:13:58 | 001,249,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.05.09 20:13:56 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.05.09 20:13:54 | 004,214,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2009.02.02 14:21:06 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.02 14:21:04 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.02.02 14:17:08 | 000,864,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
MOD - [2009.02.02 14:17:04 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009.02.02 14:17:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2008.06.04 08:53:14 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll
MOD - [2008.04.14 04:23:06 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
MOD - [2008.04.14 04:22:32 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll
MOD - [2007.08.21 19:48:02 | 001,671,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007.08.21 19:48:02 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007.08.21 19:48:02 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007.08.21 19:48:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007.08.21 19:48:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007.08.21 19:48:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007.08.21 19:48:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007.08.21 19:48:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007.08.21 19:48:02 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007.08.21 19:48:00 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007.08.21 19:47:10 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.34857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:10 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2589.34584__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:10 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34549__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2589.34584__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2007.08.21 19:47:08 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.34707__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:08 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.34795__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007.08.21 19:47:08 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.34776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:08 | 000,262,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard\2.0.2589.34628__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:08 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.34781__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007.08.21 19:47:08 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.34773__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007.08.21 19:47:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.34703__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007.08.21 19:47:06 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34606__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:06 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.34698__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:06 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34557__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:06 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.34748__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:06 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34613__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007.08.21 19:47:06 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34599__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:06 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.34728__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007.08.21 19:47:06 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.34694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007.08.21 19:47:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.34702__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007.08.21 19:47:06 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.34727__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007.08.21 19:47:06 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34612__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007.08.21 19:47:06 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.34747__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007.08.21 19:47:06 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime\2.0.2589.34633__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll
MOD - [2007.08.21 19:47:06 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007.08.21 19:47:06 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007.08.21 19:47:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007.08.21 19:47:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007.08.21 19:47:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007.08.21 19:47:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007.08.21 19:47:04 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007.08.21 19:47:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007.08.21 19:47:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.2560.25989__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007.08.21 19:47:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007.08.21 19:46:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007.08.21 19:46:46 | 001,404,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34543__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007.08.21 19:46:46 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007.08.21 19:46:46 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007.08.21 19:46:46 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007.08.21 19:46:46 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007.08.21 19:46:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007.08.21 19:46:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007.08.21 19:46:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007.08.21 19:46:46 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007.08.21 19:46:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007.08.21 19:46:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007.08.21 19:46:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007.08.21 19:46:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007.08.21 19:46:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll
MOD - [2007.08.21 19:46:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007.08.21 19:46:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.08.21 19:46:44 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2006.12.19 19:16:04 | 000,073,728 | ---- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2006.10.14 05:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
MOD - [2006.08.24 03:32:26 | 000,163,840 | ---- | M] () -- C:\WINDOWS\ATK0100\ASUSNet.dll
MOD - [2006.08.10 10:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
MOD - [2005.10.17 17:09:34 | 000,987,136 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe
MOD - [2004.05.27 22:13:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\ATK0100\CMSSC.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Unknown] --  -- (Avgatuvtv)
SRV - [2012.11.14 22:24:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012.10.30 17:10:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 11:12:26 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.07 17:34:34 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.08.09 04:04:04 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2007.08.31 12:28:30 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006.04.24 14:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\MpEngineStore\MpKsl9753d9dd.sys -- (MpKsl9753d9dd)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.08.21 11:13:16 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:16 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:16 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.08.21 11:13:14 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:14 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.06.07 17:25:22 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2012.06.07 17:24:24 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2012.06.07 17:24:24 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint)
DRV - [2011.07.22 18:27:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010.05.01 12:19:20 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.05.01 12:19:20 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.06.09 22:32:16 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2007.09.20 20:54:12 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.02.02 02:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.11.02 20:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.10.12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.08.29 19:10:34 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.08.13 23:40:24 | 000,027,776 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atl02_xp.sys -- (AtcL002)
DRV - [2006.04.28 17:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus)
DRV - [2006.03.21 10:04:24 | 000,889,472 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006.01.24 10:45:56 | 000,034,944 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)
DRV - [2005.02.17 10:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2004.05.27 22:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {A107B17A-F519-479A-BD44-DFF58D6ADEA1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{A107B17A-F519-479A-BD44-DFF58D6ADEA1}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2011.06.01 14:24:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.27 19:05:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.27 19:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.30 17:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.10.30 17:10:18 | 000,000,000 | ---D | M]
 
[2010.05.07 17:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Extensions
[2010.05.11 15:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.07 17:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions
[2010.05.12 16:05:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.15 22:23:24 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.25 20:04:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.27 19:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.27 19:05:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.27 19:06:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.04.21 12:16:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.14 20:24:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2011.10.14 20:24:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.14 20:24:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.14 20:24:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.14 20:24:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 11:48:28 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2010.07.06 22:38:10 | 000,408,513 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14125 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()
O4 - HKCU..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe (ASUS)
O4 - HKCU..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunServices: [ComponentPrivate] c:\programme\ati technologies\ati.ace\core-implementation\pt-br\erecordhotkeymanager.exe File not found
O4 - HKLM..\RunServices: [resourcesDataSetExtensions] c:\programme\reference assemblies\microsoft\framework\v3.5\de\resourcessystem.exe File not found
O4 - HKLM..\RunServices: [SAUpdateSUPERAntiSpyware] c:\dokume~1\jens\lokale~1\temp\bdbd.exe File not found
O4 - HKLM..\RunServices: [WizardAdobe] c:\programme\adobe\acrobat 7.0\reader\plug_ins\picturetasks\ols\acrobatadobe.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341433066625 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341433002265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6597E0-51FE-4062-8C69-0C07D8985091}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.08.21 19:11:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{05abfdca-f08d-11de-a91e-001d6041a400}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{1a600d2e-c6ef-11dd-a6b6-001bfc94372b}\Shell - "" = AutoRun
O33 - MountPoints2\{1a600d2e-c6ef-11dd-a6b6-001bfc94372b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a600d2e-c6ef-11dd-a6b6-001bfc94372b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe PSYCHOLOGIE_1.vbs
O33 - MountPoints2\{f0b08b74-e7f7-11dc-a519-001bfc94372b}\Shell\AutoRun\command - "" = H:\wdsync.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.14 23:53:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens\Desktop\OTL.exe
[2012.11.14 23:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.11.14 20:50:47 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\jens\Recent
[2012.10.30 17:10:15 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2012.10.27 19:05:47 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2008.11.22 15:11:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.14 23:57:04 | 000,467,830 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.11.14 23:57:04 | 000,448,586 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.14 23:57:04 | 000,088,846 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.11.14 23:57:04 | 000,074,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.14 23:56:36 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe
[2012.11.14 23:54:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.11.14 23:53:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens\Desktop\OTL.exe
[2012.11.14 23:52:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.14 23:50:50 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.11.14 23:48:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012.11.14 23:48:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.14 23:48:30 | 2012,467,200 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 23:46:28 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\defogger_reenable
[2012.11.14 23:46:00 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\Defogger.exe
[2012.11.14 22:06:50 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\adwcleaner.exe
[2012.11.14 19:45:54 | 000,050,774 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\00_Syllabus_2012_11_14.pdf
[2012.11.12 16:54:06 | 000,049,664 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.07 22:14:44 | 000,059,359 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\eichel.pdf
[2012.11.05 10:27:38 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini
[2012.11.01 18:46:54 | 000,000,515 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\Planung.lnk
[2012.10.28 09:57:28 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.26 18:15:12 | 000,058,775 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\AngemeldeteInabschluss272a982c-a3aa-4cd8-8156-cd3c3458e771.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.14 23:56:38 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe
[2012.11.14 23:54:36 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.11.14 23:46:16 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\defogger_reenable
[2012.11.14 23:45:55 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\Defogger.exe
[2012.11.14 22:06:48 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\adwcleaner.exe
[2012.11.14 19:45:55 | 000,050,774 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\00_Syllabus_2012_11_14.pdf
[2012.11.07 22:16:27 | 000,059,359 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\eichel.pdf
[2012.11.01 18:46:53 | 000,000,515 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\Planung.lnk
[2012.10.26 18:15:12 | 000,058,775 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\AngemeldeteInabschluss272a982c-a3aa-4cd8-8156-cd3c3458e771.pdf
[2012.03.06 22:10:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.19 12:50:21 | 000,039,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.10.06 11:43:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll
[2011.10.06 11:43:11 | 000,283,136 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll
[2011.10.06 11:43:11 | 000,259,888 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe
[2011.10.06 11:43:09 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe
[2011.03.12 15:54:59 | 000,001,048 | ---- | C] () -- C:\WINDOWS\Aeditor.INI
[2011.03.12 15:36:31 | 000,000,681 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2011.03.07 18:37:05 | 000,000,130 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\webct_upload_applet.properties
[2009.12.27 17:06:11 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\PnkBstrK.sys
[2008.12.19 01:30:46 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\JavaMediaPlayer_audiolevel.cfg
[2008.11.22 15:11:53 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\vso_ts_preview.xml
[2008.11.22 15:11:26 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\inst.exe
[2008.11.22 15:11:26 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\pcouffin.cat
[2008.11.22 15:11:26 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\pcouffin.inf
[2008.10.07 22:03:47 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat
[2008.03.05 19:14:33 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.09.01 16:32:29 | 000,049,664 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.31 11:25:34 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
 
========== ZeroAccess Check ==========
 
[2007.08.21 19:43:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.05.11 21:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2008.05.11 21:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2009.11.20 16:07:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2010.05.05 21:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.05.05 23:22:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2010.07.06 22:56:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.01.01 18:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.04.06 14:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2012.06.02 11:38:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERSetup
[2012.09.16 18:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2007.09.14 22:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Azureus
[2007.09.17 19:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Teleca
[2008.05.11 21:52:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Ulead Systems
[2008.10.07 22:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Thunderbird
[2008.11.22 15:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Vso
[2010.10.15 22:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.10.24 15:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\OpenOffice.org
[2012.10.14 13:55:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Foxit Software
 
========== Purity Check ==========
 
 

< End of report >
         
(OTL) Extras

Code:
ATTFilter
OTL Extras logfile created on: 15.11.2012 00:03:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\jens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,09% Memory free
3,72 Gb Paging File | 3,24 Gb Available in Paging File | 86,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 67,05 Gb Total Space | 27,02 Gb Free Space | 40,29% Space Free | Partition Type: FAT32
Drive D: | 42,84 Gb Total Space | 7,65 Gb Free Space | 17,85% Space Free | Partition Type: FAT32
 
Computer Name: DACHS | User Name: jens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UPDATESDISABLENOTIFY" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\BlobbyVolley\volley.exe" = C:\Programme\BlobbyVolley\volley.exe:*:Enabled:volley -- ()
"C:\Programme\Java\jre1.6.0_02\BIN\javaw.exe" = C:\Programme\Java\jre1.6.0_02\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Programme\Counter-Strike\cstrike.exe" = C:\Programme\Counter-Strike\cstrike.exe:*:Enabled:CounterStrike Launcher -- (Valve, L.L.C.)
"C:\Programme\TF2\hl2.exe" = C:\Programme\TF2\hl2.exe:*:Enabled:hl2
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Programme\Starcraft\StarCraft.exe" = C:\Programme\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Programme\Mozilla Firefox\FIREFOX.EXE" = C:\Programme\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\System32\SUPDSvc.exe" = C:\WINDOWS\System32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath  -- (Skype Technologies S.A.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Steam\steamapps\jenseman@giga4u.de\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\jenseman@giga4u.de\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FF2C26-DBCE-DADA-BEE5-0928E0F8F623}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05F4ABAC-8697-2291-16D8-4BFD7DD78B59}" = CCC Help Japanese
"{07C85A90-668F-A807-5C67-975E0777A9E8}" = Catalyst Control Center Localization Russian
"{0EA06F05-4320-E4DC-4374-E6C0986C964D}" = Catalyst Control Center Localization Finnish
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{137C5C08-8B6F-497A-1529-502359B3BA88}" = Catalyst Control Center Localization Polish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{17EE76BB-5264-8946-DA8F-D564ED25EDDD}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27599825-6BD9-1081-D1CC-0BFC01157204}" = CCC Help Hungarian
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe  1.4.89.1
"{2E13776F-DEAF-7C83-C2A9-3BF073D51BFD}" = Catalyst Control Center Localization Swedish
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}" = Catalyst Control Center Localization Norwegian
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}" = Catalyst Control Center Localization Dutch
"{3E4039F8-5DA8-0414-B7E1-8DA8C8FC1565}" = Catalyst Control Center Localization Thai
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{48D4215F-414F-1554-8534-E3D8156C0666}" = Skins
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}" = CCC Help Portuguese
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B29B49E-F274-58CE-25D2-791570F1619A}" = CCC Help French
"{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}" = Catalyst Control Center Localization Greek
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}" = Catalyst Control Center Localization Korean
"{5B701396-48C3-A3FA-43DB-FF975446759C}" = Catalyst Control Center Localization French
"{5ECA8F33-8F8E-1042-2082-5F02E64D6140}" = CCC Help Polish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}" = Catalyst Control Center Localization German
"{6AF75C96-2093-51F4-0412-501CB317A7F9}" = CCC Help Thai
"{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}" = Catalyst Control Center Localization Japanese
"{732442CA-AFFC-E75D-C586-2A3C71D8CFFE}" = CCC Help Finnish
"{767EE8DA-A2AA-00A9-1A21-9584E00867B8}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}" = CCC Help Turkish
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{857D4360-762B-978B-76AD-491AA719E47A}" = ccc-core-static
"{86552A3A-0437-319B-46C5-569FC9F7ACA9}" = ccc-utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}" = Catalyst Control Center Localization Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE3174F-3BFE-8822-4493-A0519D1E4E94}" = Catalyst Control Center Localization Portuguese
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}" = Catalyst Control Center Localization Hungarian
"{9F303CF8-2998-4541-C9F7-C3AAEC2B88B0}" = Catalyst Control Center Graphics Full Existing
"{A042FD6F-D051-ECE5-71C9-52ABFE36EBF9}" = Catalyst Control Center Localization Czech
"{A125DDDB-E0C0-08E0-F04C-7B5409DFFC79}" = Catalyst Control Center Graphics Light
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{A6E71574-2126-4E95-816E-32B2411C94BA}" = Ulead MediaStudio Pro 8.0
"{AB1E9EC2-42E4-E801-83BB-AAFF86DDEC7E}" = CCC Help Czech
"{AE3795EC-AE7F-474E-B5A7-D693AA068039}" = Stata 11
"{B02A3921-F7B7-C73F-395B-8172C9EE4006}" = Catalyst Control Center Localization Italian
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD17DEF2-8970-E4F5-337A-C10DE4D33F29}" = CCC Help Korean
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5A2542D-CF79-3EE6-7673-2CEDA2338172}" = CCC Help Greek
"{C69B9631-B617-B714-7FE2-6FCD5B891ACD}" = Catalyst Control Center Localization Chinese Traditional
"{C6D7BC96-A608-0908-F6E7-53C118423087}" = CCC Help Chinese Standard
"{C8A4038E-4DA5-879D-A353-7443FC3EE22C}" = CCC Help Spanish
"{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}" = CCC Help Swedish
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}" = CCC Help Russian
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D9D45F79-D38C-9BCA-4023-6F3E365D5D25}" = CCC Help Dutch
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4BCF2E7-B181-C240-B6EC-04A8FA633EEF}" = Catalyst Control Center Graphics Full New
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E91EBA1F-DA25-58B2-365F-FB76BDC81F86}" = Catalyst Control Center Localization Turkish
"{EA2F03AD-BF9D-EECC-F24C-549046AEC17A}" = Catalyst Control Center Localization Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE78C2A7-1413-105B-DC86-3F9FA6B10C2F}" = CCC Help Danish
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F2AAE965-966C-104E-ECCD-9F111A83139C}" = CCC Help Italian
"{F3AEE6A8-5FA3-F9AA-8CA7-D1AAD6352065}" = Catalyst Control Center Localization Chinese Standard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7F564DD-A790-D01A-5390-6D1386AA5621}" = CCC Help Norwegian
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}" = CCC Help Chinese Traditional
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Azureus" = Azureus
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Diablo II" = Diablo II
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF Blender" = PDF Blender
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Actualizar Modem Instanet 4G" = Actualizar Modem Instanet 4G
"Skat-Online V6" = Skat-Online V6
"Skat-Online V7" = Skat-Online V7
"Steam App 10" = Counter-Strike
"Sweet Home 3D - Java 3D 1.3" = Sweet Home 3D - Java 3D 1.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.07.2012 16:42:46 | Computer Name = DACHS | Source = LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für  Dienst ASP.NET_2.0.50727 (ASP.NET_2.0.50727). Der Fehlercode ist das erste DWORD
 im Datenbereich.
 
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
 falsch formatiert. Die ungültige Zeichenfolge ist 15970 und der ungültige  Indexwert
 ist das erste DWORD im Datenbereich, während die letzten gültigen  Indexwerte die
 zweiten und dritten DWORD im Datenbereich sind.
 
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
 falsch formatiert. Die ungültige Zeichenfolge ist 15970 und der ungültige  Indexwert
 ist das erste DWORD im Datenbereich, während die letzten gültigen  Indexwerte die
 zweiten und dritten DWORD im Datenbereich sind.
 
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für  Dienst aspnet_state (ASP.NET-Zustandsdienst). Der Fehlercode ist das erste DWORD
 im Datenbereich.
 
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
 falsch formatiert. Die ungültige Zeichenfolge ist 15970 und der ungültige  Indexwert
 ist das erste DWORD im Datenbereich, während die letzten gültigen  Indexwerte die
 zweiten und dritten DWORD im Datenbereich sind.
 
Error - 05.07.2012 01:42:39 | Computer Name = DACHS | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 13.07.2012 13:25:42 | Computer Name = DACHS | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.07.2012 03:56:29 | Computer Name = DACHS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 13.0.1.4548,
 fehlgeschlagenes Modul foxitr~1.ocx, Version 1.0.1.224, Fehleradresse 0x000268d1.
 
Error - 18.07.2012 02:38:47 | Computer Name = DACHS | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 27.07.2012 07:31:17 | Computer Name = DACHS | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12.11.2012 11:49:08 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 12.11.2012 18:51:29 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 13.11.2012 03:48:43 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 13.11.2012 12:56:12 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 14.11.2012 13:16:32 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 14.11.2012 17:21:45 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 14.11.2012 17:26:32 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 14.11.2012 18:36:09 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 14.11.2012 18:47:28 | Computer Name = DACHS | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 14.11.2012 18:50:44 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ System Events ]
Error - 02.11.2012 13:54:59 | Computer Name = DACHS | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 02.11.2012 13:55:04 | Computer Name = DACHS | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 08.11.2012 05:14:39 | Computer Name = DACHS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.150 für die Netzwerkkarte mit der Netzwerkadresse
 001BFC94372B wurde durch  den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 08.11.2012 12:12:17 | Computer Name = DACHS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.199.8.22 für die Netzwerkkarte mit der Netzwerkadresse
 001BFC94372B wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
Error - 09.11.2012 15:01:36 | Computer Name = DACHS | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die  Netzwerkkarte mit der Netzwerkadresse 001BFC94372B zugeteilt werden. Der
 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 14.11.2012 17:20:58 | Computer Name = DACHS | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
 
< End of report >
         
Also ich wäre wirklich sehr dankbar, wenn mir wer helfen könnte, ich selbst kann den log-Dateien leider keine brauchbaren Informationen entnehmen.
Ich hoffe, ich habe alle nötigen Infos gepostet!

Viele Grüße

Alt 15.11.2012, 00:47   #2
pinadgo
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Und hier noch der Gmer-Log.

Gmer:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-15 00:23:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120822AS rev.3.ALC
Running: jx0d6i8l.exe; Driver: C:\DOKUME~1\jens\LOKALE~1\Temp\kxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwAddBootEntry [0xAF08E708]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwAssignProcessToJobObject [0xAF08F11C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwClose [0xAF0D0401]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwCreateEvent [0xAF099F28]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwCreateEventPair [0xAF099F74]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwCreateIoCompletion [0xAF09A0F6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwCreateKey [0xAF0CFDB5]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwCreateMutant [0xAF099E96]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwCreateSection [0xAF099FB8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwCreateSemaphore [0xAF099EDE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwCreateThread [0xAF08F310]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwCreateTimer [0xAF09A0B0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwDebugActiveProcess [0xAF08FA9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwDeleteBootEntry [0xAF08E756]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwDeleteKey [0xAF0D0AC7]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwDeleteValueKey [0xAF0D0D7D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwDuplicateObject [0xAF0930E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwEnumerateKey [0xAF0D0932]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwEnumerateValueKey [0xAF0D079D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwLoadDriver [0xAF08E3BE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwModifyBootEntry [0xAF08E7A4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwNotifyChangeKey [0xAF093456]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwNotifyChangeMultipleKeys [0xAF090464]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenEvent [0xAF099F52]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenEventPair [0xAF099F96]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenIoCompletion [0xAF09A11A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenKey [0xAF0D0111]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenMutant [0xAF099EBC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenProcess [0xAF092C5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenSection [0xAF09A03A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenSemaphore [0xAF099F06]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenThread [0xAF092E8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwOpenTimer [0xAF09A0D4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwQueryKey [0xAF0D0618]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwQueryObject [0xAF090330]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwQueryValueKey [0xAF0D046A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwQueueApcThread [0xAF08FEDA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                              ZwRenameKey [0xAF14530E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwRestoreKey [0xAF0CF428]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwSetBootEntryOrder [0xAF08E7F2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwSetBootOptions [0xAF08E840]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwSetContextThread [0xAF08F91C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwSetSystemInformation [0xAF08E448]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwSetSystemPowerState [0xAF08E5F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwSetValueKey [0xAF0D0BCE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwShutdownSystem [0xAF08E59E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwSuspendProcess [0xAF08FBFE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwSuspendThread [0xAF08FD5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwSystemDebugControl [0xAF08E668]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwTerminateProcess [0xAF08F632]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwTerminateThread [0xAF08F794]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwVdmControl [0xAF08E88E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                              ZwWriteVirtualMemory [0xAF08F160]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                              ZwCreateProcessEx [0xAF151966]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                              ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                              ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2F28                                                                                                               80504820 12 Bytes  [F2, E7, 08, AF, 40, E8, 08, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2FD0                                                                                                               805048C8 12 Bytes  [FE, FB, 08, AF, 5A, FD, 08, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 300C                                                                                                               80504904 4 Bytes  CALL B390F811 
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC                                                                                                        805A64B0 4 Bytes  CALL AF090AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                                 805BC55E 5 Bytes  JMP AF14E806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                                                        805C2FE2 5 Bytes  JMP AF150320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                                                     805D119A 7 Bytes  JMP AF15196A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           win32k.sys!EngFreeUserMem + 674                                                                                                                    BF80991D 5 Bytes  JMP AF094A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFreeUserMem + 35D0                                                                                                                   BF80C879 5 Bytes  JMP AF09495E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSurface + 45                                                                                                                   BF813911 5 Bytes  JMP AF094918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3                                                                                                           BF81C56B 5 Bytes  JMP AF093FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngSetLastError + 79A8                                                                                                                  BF8240DB 5 Bytes  JMP AF0936E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateBitmap + F9C                                                                                                                   BF828A45 5 Bytes  JMP AF094BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + 2C50                                                                                                               BF831490 5 Bytes  JMP AF094DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + B687                                                                                                               BF839EC7 5 Bytes  JMP AF09481E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + C2CF                                                                                                              BF85176B 5 Bytes  JMP AF0935AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + F17                                                                                                                   BF85BC9A 5 Bytes  JMP AF09408C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 3581                                                                                                                  BF85E304 5 Bytes  JMP AF093B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 360C                                                                                                                  BF85E38F 5 Bytes  JMP AF093E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 88                                                                                                                   BF85F600 5 Bytes  JMP AF093592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 5466                                                                                                                 BF8649DE 5 Bytes  JMP AF0949A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 362A                                                                                                            BF873207 5 Bytes  JMP AF093C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 4167                                                                                                            BF873D44 5 Bytes  JMP AF093DC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetLastError + 1606                                                                                                                  BF890E3F 5 Bytes  JMP AF0940A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 26EE                                                                                                                  BF8943E9 5 Bytes  JMP AF094B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBltROP + 583                                                                                                                  BF894EC1 5 Bytes  JMP AF094D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 3862                                                                                                                      BF89C276 5 Bytes  JMP AF093FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 4DF7                                                                                                                      BF89D80B 5 Bytes  JMP AF093756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngEraseSurface + A96F                                                                                                                  BF8C1C9C 5 Bytes  JMP AF093866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1517                                                                                                                      BF8CA12D 5 Bytes  JMP AF09393E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1797                                                                                                                      BF8CA3AD 5 Bytes  JMP AF093A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + 3B2E                                                                                                               BF8EBD41 5 Bytes  JMP AF09348C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + CB49                                                                                                               BF8F4D5C 5 Bytes  JMP AF093FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 1A40                                                                                                                    BF9143A8 5 Bytes  JMP AF093682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 2614                                                                                                                    BF914F7C 5 Bytes  JMP AF093812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 4F8D                                                                                                                    BF9178F5 5 Bytes  JMP AF093F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngPlgBlt + 1934                                                                                                                        BF947A54 5 Bytes  JMP AF094C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                                             section is writeable [0xAC762300, 0x3B6D8, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                                             section is writeable [0xBA448300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Java\jre6\bin\jqs.exe[256] ntdll.dll!RtlDosSearchPath_U + 186                                                                         7C926865 1 Byte  [62]
.text           C:\Programme\Java\jre6\bin\jqs.exe[256] kernel32.dll!GetBinaryTypeW + 80                                                                           7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[304] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[304] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868D8C 1 Byte  [62]
.text           c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[400] ntdll.dll!RtlDosSearchPath_U + 186                                                     7C926865 1 Byte  [62]
.text           c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[400] kernel32.dll!GetBinaryTypeW + 80                                                       7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[416] ntdll.dll!RtlDosSearchPath_U + 186                                                                                    7C926865 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[416] kernel32.dll!GetBinaryTypeW + 80                                                                                      7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\PnkBstrA.exe[448] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\PnkBstrA.exe[448] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[540] ntdll.dll!RtlDosSearchPath_U + 186  7C926865 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[540] kernel32.dll!GetBinaryTypeW + 80    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\smss.exe[640] ntdll.dll!RtlDosSearchPath_U + 186                                                                               7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!RtlDosSearchPath_U + 186                                                                              7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[700] KERNEL32.dll!GetBinaryTypeW + 80                                                                                7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[776] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!RtlDosSearchPath_U + 186                                                                              7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetBinaryTypeW + 80                                                                                7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186                                   7C926865 1 Byte  [62]
.text           C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] kernel32.dll!GetBinaryTypeW + 80                                     7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\ATK0100\HControl.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\ATK0100\HControl.exe[1324] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186                                                                          7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1360] kernel32.dll!GetBinaryTypeW + 80                                                                            7C868D8C 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186                                            7C926865 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe[1380] kernel32.dll!GetBinaryTypeW + 80                                              7C868D8C 1 Byte  [62]
.text           C:\Programme\ASUS\ATK Media\DMEDIA.EXE[1556] ntdll.dll!RtlDosSearchPath_U + 186                                                                    7C926865 1 Byte  [62]
.text           C:\Programme\ASUS\ATK Media\DMEDIA.EXE[1556] kernel32.dll!GetBinaryTypeW + 80                                                                      7C868D8C 1 Byte  [62]
.text           C:\Programme\Wireless Console 2\wcourier.exe[1568] ntdll.dll!RtlDosSearchPath_U + 186                                                              7C926865 1 Byte  [62]
.text           C:\Programme\Wireless Console 2\wcourier.exe[1568] kernel32.dll!GetBinaryTypeW + 80                                                                7C868D8C 1 Byte  [62]
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186                                                                 7C926865 1 Byte  [62]
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[1572] kernel32.dll!GetBinaryTypeW + 80                                                                   7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wuauclt.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wuauclt.exe[1592] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1624] ntdll.dll!RtlDosSearchPath_U + 186                                                                   7C926865 1 Byte  [62]
.text           C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1624] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868D8C 1 Byte  [62]
.text           C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186                                                           7C926865 1 Byte  [62]
.text           C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1696] kernel32.dll!SetUnhandledExceptionFilter                                                     7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1696] kernel32.dll!GetBinaryTypeW + 80                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\Programme\SUPERAntiSpyware\SASCORE.EXE[1864] ntdll.dll!RtlDosSearchPath_U + 186                                                                 7C926865 1 Byte  [62]
.text           C:\Programme\SUPERAntiSpyware\SASCORE.EXE[1864] kernel32.dll!GetBinaryTypeW + 80                                                                   7C868D8C 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1888] ntdll.dll!RtlDosSearchPath_U + 186                  7C926865 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1888] kernel32.dll!GetBinaryTypeW + 80                    7C868D8C 1 Byte  [62]
.text           C:\Programme\Bonjour\mDNSResponder.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186                                                                    7C926865 1 Byte  [62]
.text           C:\Programme\Bonjour\mDNSResponder.exe[1908] kernel32.dll!GetBinaryTypeW + 80                                                                      7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186                                                7C926865 1 Byte  [62]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1932] kernel32.dll!GetBinaryTypeW + 80                                                  7C868D8C 1 Byte  [62]
.text           C:\Programme\iTunes\iTunesHelper.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186                                                                      7C926865 1 Byte  [62]
.text           C:\Programme\iTunes\iTunesHelper.exe[1968] kernel32.dll!GetBinaryTypeW + 80                                                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\ASUSTPE.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\ASUSTPE.exe[1988] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[2064] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[2064] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\ATK0100\ATKOSD.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186                                                                             7C926865 1 Byte  [62]
.text           C:\WINDOWS\ATK0100\ATKOSD.exe[2284] kernel32.dll!GetBinaryTypeW + 80                                                                               7C868D8C 1 Byte  [62]
.text           C:\Programme\iPod\bin\iPodService.exe[3220] ntdll.dll!RtlDosSearchPath_U + 186                                                                     7C926865 1 Byte  [62]
.text           C:\Programme\iPod\bin\iPodService.exe[3220] kernel32.dll!GetBinaryTypeW + 80                                                                       7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe[3268] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe[3268] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3420] ntdll.dll!RtlDosSearchPath_U + 186                                                                               7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3420] kernel32.dll!GetBinaryTypeW + 80                                                                                 7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[4072] ntdll.dll!RtlDosSearchPath_U + 186                                                                     7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[4072] kernel32.dll!GetBinaryTypeW + 80                                                                       7C868D8C 1 Byte  [62]

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Fastfat \FatCdrom                                                                                                                      aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                           aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                            SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                            SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                          aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                          aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                        aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \FileSystem\Fastfat \Fat                                                                                                                           aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                           fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                           aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                               
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                    C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                    0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                 0xA7 0x07 0x05 0x98 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                      
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                        0x13 0x45 0x61 0xE3 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                  0x56 0x4F 0x9B 0xA2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                               
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                    C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                    0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                 0xA7 0x07 0x05 0x98 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                      
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                        0x13 0x45 0x61 0xE3 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                  0x56 0x4F 0x9B 0xA2 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                               
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                    C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                    0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                 0xA7 0x07 0x05 0x98 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                      
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                        0x13 0x45 0x61 0xE3 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                  0x4B 0x49 0x9C 0xB6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                             0xA7 0x07 0x05 0x98 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                       0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                    0x13 0x45 0x61 0xE3 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                              0x56 0x4F 0x9B 0xA2 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                               
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                    C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                    0
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                 0xA7 0x07 0x05 0x98 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                      
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                        0x13 0x45 0x61 0xE3 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                  0x56 0x4F 0x9B 0xA2 ...

---- EOF - GMER 1.0.15 ----
         
__________________


Alt 17.11.2012, 15:04   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
__________________

Alt 17.11.2012, 15:29   #4
pinadgo
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Vielen vielen Dank für die Hilfe!
Hier sind die Reports (gelöscht habe ich noch nichts):

aswMBR Report
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 15:15:38
-----------------------------
15:15:38.390    OS Version: Windows 5.1.2600 Service Pack 3
15:15:38.390    Number of processors: 2 586 0xE0C
15:15:38.390    ComputerName: DACHS  UserName: jens
15:15:39.156    Initialize success
15:15:43.171    AVAST engine defs: 12111700
15:16:46.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:16:46.656    Disk 0 Vendor: ST9120822AS 3.ALC Size: 114473MB BusType: 3
15:16:46.687    Disk 0 MBR read successfully
15:16:46.687    Disk 0 MBR scan
15:16:46.687    Disk 0 Windows XP default MBR code
15:16:46.687    Disk 0 Partition 1 00     1B   Hidd FAT32 MSWIN4.1     1906 MB offset 63
15:16:46.703    Disk 0 Partition 2 80 (A) 0C    FAT32 LBA MSWIN4.1    68676 MB offset 3903795
15:16:46.703    Disk 0 Partition - 00     0F Extended LBA             43888 MB offset 144552870
15:16:46.718    Disk 0 Partition 3 00     0B        FAT32 MSWIN4.1    43888 MB offset 144552933
15:16:46.734    Disk 0 scanning sectors +234436545
15:16:46.750    Disk 0 scanning C:\WINDOWS\system32\drivers
15:16:53.359    Service scanning
15:17:03.734    Modules scanning
15:17:09.250    Disk 0 trace - called modules:
15:17:09.265    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
15:17:09.265    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8f9ab8]
15:17:09.265    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8a97e768]
15:17:09.265    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a96ad50]
15:17:09.625    AVAST engine scan C:\WINDOWS
15:17:21.109    AVAST engine scan C:\WINDOWS\system32
15:19:46.312    AVAST engine scan C:\WINDOWS\system32\drivers
15:19:57.500    AVAST engine scan C:\Dokumente und Einstellungen\jens
15:21:49.031    AVAST engine scan C:\Dokumente und Einstellungen\All Users
15:22:17.000    Scan finished successfully
15:22:26.500    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\jens\Desktop\MBR.dat"
15:22:26.500    The log file has been saved successfully to "C:\Dokumente und Einstellungen\jens\Desktop\aswMBR.txt"
         
TDSS-Killer Report:
Code:
ATTFilter
15:24:12.0375 1404  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:24:12.0531 1404  ============================================================
15:24:12.0531 1404  Current date / time: 2012/11/17 15:24:12.0531
15:24:12.0531 1404  SystemInfo:
15:24:12.0531 1404  
15:24:12.0531 1404  OS Version: 5.1.2600 ServicePack: 3.0
15:24:12.0531 1404  Product type: Workstation
15:24:12.0531 1404  ComputerName: DACHS
15:24:12.0531 1404  UserName: jens
15:24:12.0531 1404  Windows directory: C:\WINDOWS
15:24:12.0531 1404  System windows directory: C:\WINDOWS
15:24:12.0531 1404  Processor architecture: Intel x86
15:24:12.0531 1404  Number of processors: 2
15:24:12.0531 1404  Page size: 0x1000
15:24:12.0531 1404  Boot type: Normal boot
15:24:12.0531 1404  ============================================================
15:24:13.0421 1404  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:24:13.0484 1404  ============================================================
15:24:13.0484 1404  \Device\Harddisk0\DR0:
15:24:13.0484 1404  MBR partitions:
15:24:13.0484 1404  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3B9133, BlocksNum 0x8622273
15:24:13.0500 1404  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x89DB3E5, BlocksNum 0x55B83DC
15:24:13.0500 1404  ============================================================
15:24:13.0515 1404  C: <-> \Device\Harddisk0\DR0\Partition1
15:24:13.0531 1404  D: <-> \Device\Harddisk0\DR0\Partition2
15:24:13.0531 1404  ============================================================
15:24:13.0531 1404  Initialize success
15:24:13.0531 1404  ============================================================
15:24:51.0031 0168  ============================================================
15:24:51.0031 0168  Scan started
15:24:51.0031 0168  Mode: Manual; SigCheck; TDLFS; 
15:24:51.0031 0168  ============================================================
15:24:51.0406 0168  ================ Scan system memory ========================
15:24:51.0406 0168  System memory - ok
15:24:51.0406 0168  ================ Scan services =============================
15:24:51.0531 0168  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Programme\SUPERAntiSpyware\SASCORE.EXE
15:24:51.0656 0168  !SASCORE - ok
15:24:51.0734 0168  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
15:24:52.0062 0168  Aavmker4 - ok
15:24:52.0078 0168  Abiosdsk - ok
15:24:52.0078 0168  abp480n5 - ok
15:24:52.0156 0168  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:24:52.0375 0168  ACPI - ok
15:24:52.0390 0168  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:24:52.0531 0168  ACPIEC - ok
15:24:52.0593 0168  [ E850B0A94E8703CCBC980B31594DC408 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
15:24:52.0609 0168  acsint - ok
15:24:52.0656 0168  [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
15:24:52.0671 0168  acsmux - ok
15:24:52.0718 0168  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
15:24:52.0734 0168  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:24:52.0734 0168  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:24:52.0734 0168  adpu160m - ok
15:24:52.0781 0168  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:24:52.0906 0168  aec - ok
15:24:52.0953 0168  [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:24:52.0984 0168  AegisP ( UnsignedFile.Multi.Generic ) - warning
15:24:52.0984 0168  AegisP - detected UnsignedFile.Multi.Generic (1)
15:24:53.0000 0168  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:24:53.0078 0168  AFD - ok
15:24:53.0078 0168  Aha154x - ok
15:24:53.0093 0168  aic78u2 - ok
15:24:53.0093 0168  aic78xx - ok
15:24:53.0156 0168  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:24:53.0281 0168  Alerter - ok
15:24:53.0343 0168  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
15:24:53.0453 0168  ALG - ok
15:24:53.0468 0168  AliIde - ok
15:24:53.0484 0168  amsint - ok
15:24:53.0562 0168  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:24:53.0578 0168  Apple Mobile Device - ok
15:24:53.0640 0168  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:24:53.0796 0168  AppMgmt - ok
15:24:53.0812 0168  asc - ok
15:24:53.0812 0168  asc3350p - ok
15:24:53.0828 0168  asc3550 - ok
15:24:53.0890 0168  [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5         C:\WINDOWS\ATK0100\ASNDIS5.SYS
15:24:53.0906 0168  ASNDIS5 - ok
15:24:53.0984 0168  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:24:54.0000 0168  aspnet_state - ok
15:24:54.0031 0168  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:24:54.0046 0168  aswFsBlk - ok
15:24:54.0062 0168  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
15:24:54.0078 0168  aswMon2 - ok
15:24:54.0109 0168  [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
15:24:54.0125 0168  aswRdr - ok
15:24:54.0187 0168  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
15:24:54.0218 0168  aswSnx - ok
15:24:54.0250 0168  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
15:24:54.0281 0168  aswSP - ok
15:24:54.0296 0168  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
15:24:54.0312 0168  aswTdi - ok
15:24:54.0375 0168  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:24:54.0500 0168  AsyncMac - ok
15:24:54.0531 0168  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:24:54.0640 0168  atapi - ok
15:24:54.0687 0168  [ F38A6E25C67798FF5F4AF85ACED4FB87 ] AtcL002         C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
15:24:54.0734 0168  AtcL002 - ok
15:24:54.0734 0168  Atdisk - ok
15:24:54.0859 0168  [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:24:54.0937 0168  Ati HotKey Poller - ok
15:24:55.0046 0168  [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:24:55.0187 0168  ati2mtag - ok
15:24:55.0296 0168  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
15:24:55.0328 0168  atksgt - ok
15:24:55.0359 0168  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:24:55.0484 0168  Atmarpc - ok
15:24:55.0625 0168  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:24:55.0765 0168  AudioSrv - ok
15:24:55.0796 0168  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:24:55.0921 0168  audstub - ok
15:24:56.0031 0168  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
15:24:56.0046 0168  avast! Antivirus - ok
15:24:56.0093 0168  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:24:56.0156 0168  BCM43XX - ok
15:24:56.0187 0168  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:24:56.0312 0168  Beep - ok
15:24:56.0375 0168  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:24:56.0500 0168  BITS - ok
15:24:56.0578 0168  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
15:24:56.0609 0168  Bonjour Service - ok
15:24:56.0671 0168  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
15:24:56.0734 0168  Browser - ok
15:24:56.0765 0168  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:24:57.0328 0168  cbidf2k - ok
15:24:57.0390 0168  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:24:57.0500 0168  CCDECODE - ok
15:24:57.0515 0168  cd20xrnt - ok
15:24:57.0531 0168  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:24:57.0671 0168  Cdaudio - ok
15:24:57.0703 0168  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:24:57.0812 0168  Cdfs - ok
15:24:57.0843 0168  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:24:57.0953 0168  Cdrom - ok
15:24:57.0953 0168  Changer - ok
15:24:58.0046 0168  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:24:58.0171 0168  CiSvc - ok
15:24:58.0234 0168  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:24:58.0343 0168  ClipSrv - ok
15:24:58.0421 0168  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:24:58.0437 0168  clr_optimization_v2.0.50727_32 - ok
15:24:58.0468 0168  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:24:58.0593 0168  CmBatt - ok
15:24:58.0609 0168  CmdIde - ok
15:24:58.0625 0168  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:24:58.0750 0168  Compbatt - ok
15:24:58.0796 0168  COMSysApp - ok
15:24:58.0812 0168  Cpqarray - ok
15:24:58.0906 0168  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:24:59.0046 0168  CryptSvc - ok
15:24:59.0062 0168  dac2w2k - ok
15:24:59.0078 0168  dac960nt - ok
15:24:59.0140 0168  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:24:59.0218 0168  DcomLaunch - ok
15:24:59.0281 0168  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:24:59.0406 0168  Dhcp - ok
15:24:59.0437 0168  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:24:59.0546 0168  Disk - ok
15:24:59.0593 0168  dmadmin - ok
15:24:59.0671 0168  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:24:59.0796 0168  dmboot - ok
15:24:59.0812 0168  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:24:59.0937 0168  dmio - ok
15:24:59.0953 0168  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:25:00.0062 0168  dmload - ok
15:25:00.0109 0168  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:25:00.0234 0168  dmserver - ok
15:25:00.0265 0168  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:25:00.0406 0168  DMusic - ok
15:25:00.0468 0168  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:25:00.0515 0168  Dnscache - ok
15:25:00.0609 0168  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:25:00.0734 0168  Dot3svc - ok
15:25:00.0750 0168  dpti2o - ok
15:25:00.0781 0168  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:25:00.0890 0168  drmkaud - ok
15:25:00.0937 0168  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:25:01.0062 0168  EapHost - ok
15:25:01.0140 0168  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:25:01.0265 0168  ERSvc - ok
15:25:01.0328 0168  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
15:25:01.0359 0168  Eventlog - ok
15:25:01.0421 0168  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
15:25:01.0468 0168  EventSystem - ok
15:25:01.0500 0168  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:25:01.0609 0168  Fastfat - ok
15:25:01.0640 0168  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:25:01.0687 0168  FastUserSwitchingCompatibility - ok
15:25:01.0718 0168  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
15:25:01.0828 0168  Fdc - ok
15:25:01.0843 0168  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:25:01.0968 0168  Fips - ok
15:25:02.0000 0168  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:25:02.0125 0168  Flpydisk - ok
15:25:02.0156 0168  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
15:25:02.0281 0168  FltMgr - ok
15:25:02.0390 0168  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:25:02.0406 0168  FontCache3.0.0.0 - ok
15:25:02.0437 0168  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:25:02.0578 0168  Fs_Rec - ok
15:25:02.0593 0168  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:25:02.0718 0168  Ftdisk - ok
15:25:02.0750 0168  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:25:02.0765 0168  GEARAspiWDM - ok
15:25:02.0812 0168  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\WINDOWS\system32\giveio.sys
15:25:02.0828 0168  giveio ( UnsignedFile.Multi.Generic ) - warning
15:25:02.0828 0168  giveio - detected UnsignedFile.Multi.Generic (1)
15:25:02.0859 0168  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:25:02.0984 0168  Gpc - ok
15:25:03.0015 0168  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:25:03.0140 0168  HDAudBus - ok
15:25:03.0187 0168  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:25:03.0312 0168  helpsvc - ok
15:25:03.0343 0168  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:25:03.0468 0168  HidServ - ok
15:25:03.0500 0168  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:25:03.0625 0168  HidUsb - ok
15:25:03.0703 0168  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:25:03.0828 0168  hkmsvc - ok
15:25:03.0828 0168  hpn - ok
15:25:03.0890 0168  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:25:03.0937 0168  HTTP - ok
15:25:04.0000 0168  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:25:04.0125 0168  HTTPFilter - ok
15:25:04.0156 0168  i2omgmt - ok
15:25:04.0156 0168  i2omp - ok
15:25:04.0187 0168  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:25:04.0312 0168  i8042prt - ok
15:25:04.0375 0168  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:25:04.0390 0168  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:25:04.0390 0168  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:25:04.0468 0168  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:25:04.0515 0168  idsvc - ok
15:25:04.0562 0168  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:25:04.0687 0168  Imapi - ok
15:25:04.0750 0168  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:25:04.0859 0168  ImapiService - ok
15:25:04.0875 0168  ini910u - ok
15:25:05.0078 0168  [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:25:05.0343 0168  IntcAzAudAddService - ok
15:25:05.0390 0168  IntelIde - ok
15:25:05.0421 0168  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:25:05.0562 0168  intelppm - ok
15:25:05.0593 0168  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
15:25:05.0703 0168  Ip6Fw - ok
15:25:05.0734 0168  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:25:05.0859 0168  IpFilterDriver - ok
15:25:05.0906 0168  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:25:06.0031 0168  IpInIp - ok
15:25:06.0078 0168  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:25:06.0203 0168  IpNat - ok
15:25:06.0328 0168  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
15:25:06.0359 0168  iPod Service - ok
15:25:06.0390 0168  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:25:06.0515 0168  IPSec - ok
15:25:06.0546 0168  [ EE8CC26924A6F07972BBF04487EBD552 ] ipswuio         C:\WINDOWS\system32\DRIVERS\ipswuio.sys
15:25:06.0562 0168  ipswuio ( UnsignedFile.Multi.Generic ) - warning
15:25:06.0562 0168  ipswuio - detected UnsignedFile.Multi.Generic (1)
15:25:06.0593 0168  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:25:06.0718 0168  IRENUM - ok
15:25:06.0765 0168  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:25:06.0875 0168  isapnp - ok
15:25:06.0968 0168  [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
15:25:07.0031 0168  JavaQuickStarterService - ok
15:25:07.0062 0168  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:25:07.0187 0168  Kbdclass - ok
15:25:07.0218 0168  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:25:07.0343 0168  kbdhid - ok
15:25:07.0390 0168  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:25:07.0500 0168  kmixer - ok
15:25:07.0828 0168  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:25:07.0968 0168  KSecDD - ok
15:25:08.0546 0168  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
15:25:08.0625 0168  lanmanserver - ok
15:25:09.0359 0168  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:25:09.0406 0168  lanmanworkstation - ok
15:25:09.0421 0168  lbrtfdc - ok
15:25:09.0500 0168  [ 5712DCBE52D68865CCA91AE04807B755 ] LightScribeService c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
15:25:09.0515 0168  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:25:09.0515 0168  LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:25:09.0562 0168  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
15:25:09.0578 0168  lirsgt - ok
15:25:09.0625 0168  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:25:09.0765 0168  LmHosts - ok
15:25:09.0796 0168  [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta        C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
15:25:09.0812 0168  LVUSBSta - ok
15:25:09.0875 0168  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:25:10.0000 0168  Messenger - ok
15:25:10.0031 0168  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:25:10.0156 0168  mnmdd - ok
15:25:10.0203 0168  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:25:10.0328 0168  mnmsrvc - ok
15:25:10.0343 0168  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:25:10.0468 0168  Modem - ok
15:25:10.0484 0168  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:25:10.0609 0168  MODEMCSA - ok
15:25:10.0640 0168  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:25:10.0765 0168  Mouclass - ok
15:25:10.0796 0168  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:25:10.0937 0168  mouhid - ok
15:25:10.0968 0168  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:25:11.0062 0168  MountMgr - ok
15:25:11.0140 0168  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
15:25:11.0156 0168  MozillaMaintenance - ok
15:25:11.0234 0168  MpKsl9753d9dd - ok
15:25:11.0250 0168  mraid35x - ok
15:25:11.0281 0168  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:25:11.0406 0168  MRxDAV - ok
15:25:11.0453 0168  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:25:11.0546 0168  MRxSmb - ok
15:25:11.0593 0168  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:25:11.0734 0168  MSDTC - ok
15:25:11.0750 0168  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:25:11.0875 0168  Msfs - ok
15:25:11.0906 0168  MSIServer - ok
15:25:11.0953 0168  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:25:12.0078 0168  MSKSSRV - ok
15:25:12.0109 0168  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:25:12.0218 0168  MSPCLOCK - ok
15:25:12.0234 0168  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:25:12.0359 0168  MSPQM - ok
15:25:12.0375 0168  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:25:12.0484 0168  mssmbios - ok
15:25:12.0500 0168  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
15:25:12.0625 0168  MSTEE - ok
15:25:12.0656 0168  [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
15:25:12.0671 0168  MTsensor - ok
15:25:12.0703 0168  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:25:12.0750 0168  Mup - ok
15:25:12.0781 0168  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:25:12.0906 0168  NABTSFEC - ok
15:25:12.0984 0168  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:25:13.0109 0168  napagent - ok
15:25:13.0140 0168  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:25:13.0265 0168  NDIS - ok
15:25:13.0281 0168  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:25:13.0406 0168  NdisIP - ok
15:25:13.0453 0168  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:25:13.0484 0168  NdisTapi - ok
15:25:13.0531 0168  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:25:13.0656 0168  Ndisuio - ok
15:25:13.0703 0168  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:25:13.0812 0168  NdisWan - ok
15:25:13.0843 0168  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:25:13.0906 0168  NDProxy - ok
15:25:13.0921 0168  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:25:14.0046 0168  NetBIOS - ok
15:25:14.0078 0168  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\NETBT.SYS
15:25:14.0203 0168  NetBT - ok
15:25:14.0265 0168  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:25:14.0375 0168  NetDDE - ok
15:25:14.0375 0168  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:25:14.0484 0168  NetDDEdsdm - ok
15:25:14.0593 0168  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:25:14.0718 0168  Netlogon - ok
15:25:14.0796 0168  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
15:25:15.0046 0168  Netman - ok
15:25:15.0156 0168  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:25:15.0171 0168  NetTcpPortSharing - ok
15:25:15.0218 0168  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:25:15.0265 0168  Nla - ok
15:25:15.0281 0168  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:25:15.0390 0168  Npfs - ok
15:25:15.0484 0168  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:25:15.0656 0168  Ntfs - ok
15:25:15.0687 0168  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:25:15.0796 0168  NtLmSsp - ok
15:25:15.0968 0168  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:25:16.0093 0168  NtmsSvc - ok
15:25:16.0140 0168  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:25:16.0250 0168  Null - ok
15:25:16.0281 0168  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:25:16.0421 0168  NwlnkFlt - ok
15:25:16.0421 0168  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:25:16.0562 0168  NwlnkFwd - ok
15:25:16.0593 0168  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
15:25:16.0718 0168  Parport - ok
15:25:16.0750 0168  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:25:16.0859 0168  PartMgr - ok
15:25:16.0875 0168  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:25:17.0000 0168  ParVdm - ok
15:25:17.0031 0168  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:25:17.0140 0168  PCI - ok
15:25:17.0156 0168  PCIDump - ok
15:25:17.0156 0168  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:25:17.0296 0168  PCIIde - ok
15:25:17.0328 0168  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:25:17.0453 0168  Pcmcia - ok
15:25:17.0484 0168  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
15:25:17.0484 0168  pcouffin ( UnsignedFile.Multi.Generic ) - warning
15:25:17.0484 0168  pcouffin - detected UnsignedFile.Multi.Generic (1)
15:25:17.0500 0168  PDCOMP - ok
15:25:17.0515 0168  PDFRAME - ok
15:25:17.0515 0168  PDRELI - ok
15:25:17.0531 0168  PDRFRAME - ok
15:25:17.0531 0168  perc2 - ok
15:25:17.0546 0168  perc2hib - ok
15:25:17.0656 0168  [ A7598E897DA639E255AD4188FA398478 ] PID_PEPI        C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
15:25:17.0703 0168  PID_PEPI - ok
15:25:17.0781 0168  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
15:25:17.0828 0168  PlugPlay - ok
15:25:17.0875 0168  [ 831883B107684301F48ACE752C963984 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
15:25:17.0890 0168  PnkBstrA - ok
15:25:17.0953 0168  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:25:18.0078 0168  PolicyAgent - ok
15:25:18.0125 0168  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:25:18.0250 0168  PptpMiniport - ok
15:25:18.0265 0168  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:25:18.0375 0168  ProtectedStorage - ok
15:25:18.0421 0168  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:25:18.0593 0168  PSched - ok
15:25:18.0609 0168  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:25:18.0750 0168  Ptilink - ok
15:25:18.0765 0168  ql1080 - ok
15:25:18.0765 0168  Ql10wnt - ok
15:25:18.0781 0168  ql12160 - ok
15:25:18.0796 0168  ql1240 - ok
15:25:18.0796 0168  ql1280 - ok
15:25:18.0859 0168  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:25:19.0000 0168  RasAcd - ok
15:25:19.0062 0168  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:25:19.0171 0168  RasAuto - ok
15:25:19.0203 0168  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:25:19.0328 0168  Rasl2tp - ok
15:25:19.0390 0168  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:25:19.0515 0168  RasMan - ok
15:25:19.0531 0168  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:25:19.0671 0168  RasPppoe - ok
15:25:19.0687 0168  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:25:19.0812 0168  Raspti - ok
15:25:19.0843 0168  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:25:19.0953 0168  Rdbss - ok
15:25:19.0968 0168  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:25:20.0125 0168  RDPCDD - ok
15:25:20.0156 0168  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:25:20.0281 0168  rdpdr - ok
15:25:20.0312 0168  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:25:20.0375 0168  RDPWD - ok
15:25:20.0406 0168  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:25:20.0531 0168  RDSessMgr - ok
15:25:20.0578 0168  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:25:20.0687 0168  redbook - ok
15:25:20.0781 0168  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:25:20.0921 0168  RemoteAccess - ok
15:25:20.0953 0168  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:25:21.0062 0168  RemoteRegistry - ok
15:25:21.0125 0168  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:25:21.0250 0168  RpcLocator - ok
15:25:21.0296 0168  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
15:25:21.0328 0168  RpcSs - ok
15:25:21.0390 0168  [ A3B23FB3F295694091F51865F98588B2 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
15:25:21.0390 0168  rspndr ( UnsignedFile.Multi.Generic ) - warning
15:25:21.0390 0168  rspndr - detected UnsignedFile.Multi.Generic (1)
15:25:21.0453 0168  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:25:21.0578 0168  RSVP - ok
15:25:21.0609 0168  [ DAAF657C0B5BD0595669496857040F75 ] RTSTOR          C:\WINDOWS\system32\drivers\RTSTOR.SYS
15:25:21.0656 0168  RTSTOR - ok
15:25:21.0718 0168  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:25:21.0828 0168  SamSs - ok
15:25:21.0906 0168  [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
15:25:21.0921 0168  Samsung UPD Service - ok
15:25:21.0984 0168  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
15:25:22.0000 0168  SASDIFSV - ok
15:25:22.0015 0168  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
15:25:22.0031 0168  SASKUTIL - ok
15:25:22.0078 0168  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:25:22.0203 0168  SCardSvr - ok
15:25:22.0265 0168  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:25:22.0375 0168  Schedule - ok
15:25:22.0406 0168  [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus         C:\WINDOWS\system32\DRIVERS\SE27bus.sys
15:25:22.0421 0168  SE27bus ( UnsignedFile.Multi.Generic ) - warning
15:25:22.0421 0168  SE27bus - detected UnsignedFile.Multi.Generic (1)
15:25:22.0453 0168  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:25:22.0578 0168  Secdrv - ok
15:25:22.0625 0168  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:25:22.0750 0168  seclogon - ok
15:25:22.0812 0168  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
15:25:22.0937 0168  SENS - ok
15:25:22.0968 0168  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
15:25:23.0109 0168  Serial - ok
15:25:23.0140 0168  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:25:23.0250 0168  Sfloppy - ok
15:25:23.0312 0168  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:25:23.0453 0168  SharedAccess - ok
15:25:23.0484 0168  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:25:23.0531 0168  ShellHWDetection - ok
15:25:23.0546 0168  Simbad - ok
15:25:23.0781 0168  [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:25:23.0890 0168  Skype C2C Service - ok
15:25:24.0078 0168  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
15:25:24.0093 0168  SkypeUpdate - ok
15:25:24.0156 0168  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:25:24.0281 0168  SLIP - ok
15:25:24.0359 0168  [ B8C571FBF5A4B341A95CDF0DE74D7B11 ] smserial        C:\WINDOWS\system32\DRIVERS\smserial.sys
15:25:24.0421 0168  smserial - ok
15:25:24.0437 0168  Sparrow - ok
15:25:24.0500 0168  [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan        C:\WINDOWS\system32\speedfan.sys
15:25:24.0515 0168  speedfan - ok
15:25:24.0562 0168  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:25:24.0687 0168  splitter - ok
15:25:24.0750 0168  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:25:24.0781 0168  Spooler - ok
15:25:24.0843 0168  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
15:25:24.0890 0168  sptd - ok
15:25:24.0906 0168  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:25:25.0015 0168  sr - ok
15:25:25.0109 0168  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:25:25.0234 0168  srservice - ok
15:25:25.0265 0168  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:25:25.0328 0168  Srv - ok
15:25:25.0390 0168  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:25:25.0500 0168  SSDPSRV - ok
15:25:25.0546 0168  [ 5EC550B8952882EE856B862CF648522D ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:25:25.0562 0168  ssmdrv - ok
15:25:25.0609 0168  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:25:25.0750 0168  stisvc - ok
15:25:25.0781 0168  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:25:25.0906 0168  streamip - ok
15:25:25.0921 0168  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:25:26.0046 0168  swenum - ok
15:25:26.0078 0168  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:25:26.0187 0168  swmidi - ok
15:25:26.0250 0168  SwPrv - ok
15:25:26.0265 0168  symc810 - ok
15:25:26.0281 0168  symc8xx - ok
15:25:26.0328 0168  [ 3C6790D26D03FE5163E2BEC490E51A7E ] SymEvent        C:\Programme\Symantec\SYMEVENT.SYS
15:25:26.0343 0168  SymEvent - ok
15:25:26.0359 0168  sym_hi - ok
15:25:26.0359 0168  sym_u3 - ok
15:25:26.0390 0168  [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:25:26.0453 0168  SynTP - ok
15:25:26.0484 0168  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:25:26.0609 0168  sysaudio - ok
15:25:26.0687 0168  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:25:26.0796 0168  SysmonLog - ok
15:25:26.0859 0168  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:25:26.0984 0168  TapiSrv - ok
15:25:27.0031 0168  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:25:27.0078 0168  Tcpip - ok
15:25:27.0140 0168  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:25:27.0234 0168  TDPIPE - ok
15:25:27.0250 0168  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:25:27.0375 0168  TDTCP - ok
15:25:27.0406 0168  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:25:27.0515 0168  TermDD - ok
15:25:27.0578 0168  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
15:25:27.0703 0168  TermService - ok
15:25:27.0765 0168  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:25:27.0781 0168  Themes - ok
15:25:27.0843 0168  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:25:27.0984 0168  TlntSvr - ok
15:25:27.0984 0168  TosIde - ok
15:25:28.0062 0168  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:25:28.0187 0168  TrkWks - ok
15:25:28.0218 0168  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:25:28.0328 0168  Udfs - ok
15:25:28.0421 0168  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
15:25:28.0437 0168  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
15:25:28.0437 0168  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
15:25:28.0453 0168  ultra - ok
15:25:28.0484 0168  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:25:28.0625 0168  Update - ok
15:25:28.0687 0168  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:25:28.0812 0168  upnphost - ok
15:25:28.0859 0168  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
15:25:28.0984 0168  UPS - ok
15:25:29.0015 0168  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
15:25:29.0078 0168  USBAAPL - ok
15:25:29.0109 0168  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
15:25:29.0218 0168  usbaudio - ok
15:25:29.0234 0168  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:25:29.0359 0168  usbccgp - ok
15:25:29.0375 0168  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:25:29.0484 0168  usbehci - ok
15:25:29.0515 0168  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:25:29.0640 0168  usbhub - ok
15:25:29.0671 0168  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:25:29.0796 0168  usbohci - ok
15:25:29.0828 0168  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:25:29.0953 0168  usbprint - ok
15:25:29.0984 0168  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:25:30.0109 0168  usbscan - ok
15:25:30.0125 0168  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:25:30.0250 0168  usbstor - ok
15:25:30.0281 0168  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:25:30.0406 0168  VgaSave - ok
15:25:30.0406 0168  ViaIde - ok
15:25:30.0453 0168  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:25:30.0562 0168  VolSnap - ok
15:25:30.0671 0168  [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
15:25:30.0703 0168  vpnagent - ok
15:25:30.0718 0168  [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
15:25:30.0734 0168  vpnva - ok
15:25:30.0828 0168  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
15:25:30.0953 0168  VSS - ok
15:25:31.0015 0168  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
15:25:31.0140 0168  W32Time - ok
15:25:31.0171 0168  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:25:31.0296 0168  Wanarp - ok
15:25:31.0296 0168  WDICA - ok
15:25:31.0343 0168  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:25:31.0468 0168  wdmaud - ok
15:25:31.0515 0168  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:25:31.0656 0168  WebClient - ok
15:25:31.0718 0168  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:25:31.0828 0168  winmgmt - ok
15:25:31.0890 0168  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
15:25:31.0921 0168  WmdmPmSN - ok
15:25:32.0000 0168  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:25:32.0078 0168  Wmi - ok
15:25:32.0125 0168  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:25:32.0250 0168  WmiApSrv - ok
15:25:32.0359 0168  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
15:25:32.0406 0168  WMPNetworkSvc - ok
15:25:32.0453 0168  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:25:32.0593 0168  WS2IFSL - ok
15:25:32.0671 0168  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:25:32.0796 0168  wscsvc - ok
15:25:32.0828 0168  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:25:32.0953 0168  WSTCODEC - ok
15:25:33.0031 0168  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:25:33.0140 0168  wuauserv - ok
15:25:33.0187 0168  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:25:33.0203 0168  WudfPf - ok
15:25:33.0218 0168  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:25:33.0250 0168  WudfRd - ok
15:25:33.0328 0168  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
15:25:33.0359 0168  WudfSvc - ok
15:25:33.0421 0168  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:25:33.0562 0168  WZCSVC - ok
15:25:33.0625 0168  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:25:33.0734 0168  xmlprov - ok
15:25:33.0750 0168  ================ Scan global ===============================
15:25:33.0890 0168  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
15:25:34.0000 0168  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:25:34.0078 0168  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:25:34.0140 0168  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
15:25:34.0140 0168  [Global] - ok
15:25:34.0140 0168  ================ Scan MBR ==================================
15:25:34.0171 0168  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
15:25:34.0343 0168  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:25:34.0359 0168  \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:25:34.0359 0168  ================ Scan VBR ==================================
15:25:34.0359 0168  [ 187BFD3000C2B45FA5E76283303E12FE ] \Device\Harddisk0\DR0\Partition1
15:25:34.0359 0168  \Device\Harddisk0\DR0\Partition1 - ok
15:25:34.0375 0168  [ 821A80601B683DBD00ADE3FD5ED5F8A5 ] \Device\Harddisk0\DR0\Partition2
15:25:34.0375 0168  \Device\Harddisk0\DR0\Partition2 - ok
15:25:34.0375 0168  ============================================================
15:25:34.0375 0168  Scan finished
15:25:34.0375 0168  ============================================================
15:25:34.0515 3632  Detected object count: 11
15:25:34.0515 3632  Actual detected object count: 11
15:25:59.0671 3632  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0671 3632  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0687 3632  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0687 3632  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0687 3632  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0687 3632  ipswuio ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632  ipswuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0687 3632  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0687 3632  pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632  pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0687 3632  rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632  rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0687 3632  SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0687 3632  SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0703 3632  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
15:25:59.0703 3632  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:25:59.0703 3632  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:25:59.0703 3632  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         

Alt 17.11.2012, 21:20   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Du hast einen TDL drauf! Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.11.2012, 22:38   #6
pinadgo
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Ich habe alles wie befolgt gemacht.
ComboFix hatte alle Stufen durch und hat 3 Dateien gelöscht im Ordner
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
(ich bin mir nicht ganz sicher, dass es auf jeden Fall auch der Ordner war). Die Dateien waren zwei .tmp und eine .exe Dateien mit Buchstaben und Zahlen im Namen.
Dann kam der Schritt
"Lösche Ordner

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP"

Und es hat sich für 'ne knappe halbe Stunde nichts mehr getan, der PC hat auch nicht mehr gearbeitet. Da hab ich das Programm abgebrochen, da mir das seltsam lange vorkam. Ich hoffe das war kein Fehler. In C:\ ist leider keine Logdatei.

Daraufhin habe ich ComoFix nochmal ausgeführt, aber wieder hat Combo Fix bei dem Schritt aufgehört, etwas zu machen (quasi Leerlauf, weil er den Ordner nicht löschen kann?)
Beim zweiten mal konnte ich den Inhalt aus dem Anzeigefeld in eine Textdatei kopieren:
Code:
ATTFilter
Suche nach infizierten Dateien....
Dies dauert normalerweise nicht l„nger als 10 Minuten.
Die Scanzeit fr stark infizierte Rechner kann sich leicht verdoppeln.

Fertiggestellt Stufe_1
Fertiggestellt Stufe_2
Fertiggestellt Stufe_3
Fertiggestellt Stufe_4
Fertiggestellt Stufe_5
Fertiggestellt Stufe_6
Fertiggestellt Stufe_6A
Fertiggestellt Stufe_7
Fertiggestellt Stufe_8
Fertiggestellt Stufe_9
Fertiggestellt Stufe_10
Fertiggestellt Stufe_11
Fertiggestellt Stufe_12
Fertiggestellt Stufe_13
Fertiggestellt Stufe_14
Fertiggestellt Stufe_15
Fertiggestellt Stufe_16
Fertiggestellt Stufe_17
Fertiggestellt Stufe_18
Fertiggestellt Stufe_19
Fertiggestellt Stufe_19B
Fertiggestellt Stufe_20
Fertiggestellt Stufe_21
Fertiggestellt Stufe_22
Fertiggestellt Stufe_23
Fertiggestellt Stufe_24
Fertiggestellt Stufe_25
Fertiggestellt Stufe_26
Fertiggestellt Stufe_27
Fertiggestellt Stufe_28
Fertiggestellt Stufe_29
Fertiggestellt Stufe_30
Fertiggestellt Stufe_31
Fertiggestellt Stufe_32
Fertiggestellt Stufe_32A
Fertiggestellt Stufe_33
Fertiggestellt Stufe_34
Fertiggestellt Stufe_35
Fertiggestellt Stufe_36
Fertiggestellt Stufe_37
Fertiggestellt Stufe_38
Fertiggestellt Stufe_39
Fertiggestellt Stufe_40
Fertiggestellt Stufe_41
Fertiggestellt Stufe_42
Fertiggestellt Stufe_43
Fertiggestellt Stufe_44
Fertiggestellt Stufe_45
Fertiggestellt Stufe_46
Fertiggestellt Stufe_47
Fertiggestellt Stufe_48
Fertiggestellt Stufe_49
Fertiggestellt Stufe_50


L”sche Ordner

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
         
"Lösche Ornder" hat wieder so lange gedauert, dass ich es irgendwann abgebrochen habe.

Oder muss ich das mehrere Stunden laufen lassen?

Danke für deine Zeit!

//edit: wenn ich über den arbeitsplatz in den TEMP ordner gehe, ist er leer (versteckte dateien anzeigen habe ich angeschaltet)

Geändert von pinadgo (17.11.2012 um 22:52 Uhr)

Alt 17.11.2012, 23:20   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.11.2012, 23:22   #8
pinadgo
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Ich hatte bevor ich deine Antwort gelesen hab, den TEMP Ordner Manuell gelöscht. Nach einem Neustart und neuem Scan habe ich jetzt hier den Log:

Code:
ATTFilter
ComboFix 12-11-16.02 - jens 17.11.2012  23:11:27.3.2 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1919.1272 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\jens\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-17 bis 2012-11-17  ))))))))))))))))))))))))))))))
.
.
2012-10-30 16:10 . 2012-10-30 16:10	--------	d-----w-	c:\programme\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 08:36 . 2012-04-01 21:43	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-08 08:36 . 2011-05-16 20:42	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2011-06-01 13:24	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-05-05 23:26	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-05-05 23:26	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2010-05-05 23:26	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2010-05-05 23:26	97608	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2010-05-05 23:26	89752	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2010-05-05 23:26	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-05-05 23:26	25256	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-06-29 14:16	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:51 . 2010-05-05 23:25	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-22 19:56 . 2004-09-07 15:08	1866496	----a-w-	c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-09-07 15:08	58368	----a-w-	c:\windows\system32\synceng.dll
2012-09-29 18:54 . 2010-01-11 09:40	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-28 16:05 . 2004-09-07 15:08	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-28 16:05 . 2004-09-07 15:07	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-28 16:05 . 2004-09-07 15:07	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-08-28 13:07 . 2004-09-07 15:07	385024	----a-w-	c:\windows\system32\html.iec
2012-08-24 14:53 . 2004-09-07 15:08	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-08-23 07:26 . 2004-08-03 23:50	2030080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-23 07:26 . 2004-08-03 23:50	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-21 12:01 . 2011-01-01 17:49	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2011-01-01 17:49	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-10-27 18:06 . 2012-10-27 18:05	261600	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\programme\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-10-14 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATKMEDIA"="c:\programme\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Power_Gear"="c:\programme\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Jens_2\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2006-05-30 09:28	811008	----a-w-	c:\programme\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 20:32	59280	----a-w-	c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2006-02-21 14:20	180224	----a-w-	c:\programme\ASUS\ASUS Live Update\ALU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2012-06-07 16:35	522744	----a-w-	c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-09-18 15:16	171464	----a-w-	c:\programme\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30	421776	----a-w-	c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2006-04-13 10:54	1101824	----a-w-	c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2006-06-29 13:40	774144	----a-w-	c:\programme\ASUS\PowerForPhone\PowerForPhone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36	421888	----a-w-	c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 02:01	32768	----a-w-	c:\programme\ASUSTek\ASUSDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-10-30 05:49	16269312	------r-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 05:04	2879488	------r-	c:\windows\SkyTel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\Programme\\BlobbyVolley\\volley.exe"=
"c:\\Programme\\Counter-Strike\\cstrike.exe"=
"c:\\Programme\\Starcraft\\StarCraft.exe"=
"c:\\Programme\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\System32\\SUPDSvc.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Steam\\steamapps\\jenseman@giga4u.de\\counter-strike\\hl.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01.06.2011 14:24 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06.05.2010 00:26 361032]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06.05.2010 00:26 21256]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [07.06.2012 17:34 478712]
S1 MpKsl9753d9dd;MpKsl9753d9dd;\??\c:\windows\system32\MpEngineStore\MpKsl9753d9dd.sys --> c:\windows\system32\MpEngineStore\MpKsl9753d9dd.sys [?]
S2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19.06.2012 17:32 3048136]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [07.06.2012 19:12 160944]
S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [06.04.2012 14:15 38440]
S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [11.10.2012 17:08 57256]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [21.08.2007 19:52 34944]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22.11.2008 15:11 47360]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [06.10.2011 11:43 131888]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.09.2007 20:54 685816]
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2010-09-25 01:48]
.
2012-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-11-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 22:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: !HIDDEN! 2009-10-05 14:25; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
MSConfigStartUp-AdVantage - c:\programme\AdVantage\AdVantage.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\programme\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-setup2ksetup2k10 - c:\programme\installshield installation information\{83f73cb1-7705-49d1-9852-84d839ca2a45}\setupsetup2k10.01.238.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-17 23:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-11-17  23:20:37
ComboFix-quarantined-files.txt  2012-11-17 22:20
.
Vor Suchlauf: 13 Verzeichnis(se), 28.742.189.056 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 28.815.163.392 Bytes frei
.
- - End Of File - - D2883278A49F407E677FB5339C423E49
         
Nachdem ich den PC heute morgen angemacht habe, ist Mozilla nicht mehr Standardbrowser und eine Verknüpfung zum InternetExplorer ist aufm Desktop. Mein Virenprogramm AVAST hat sich nicht mehr automatisch mit dem System mitgestartet, aber ich konnte es manuell starten.

edit2:
Avast muss jetzt jedes mal manuell gestartet werden, startet nicht im autostart mit. Sonst gibt es aber keine Probleme im System (außer, dass da anscheinend ein "TDL" im Hintergrund läuft?)

Alt 19.11.2012, 17:15   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Mach bitte neue Logs mit aswMBR und TDSS-Killer
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2012, 17:33   #10
pinadgo
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Sehr gerne!

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 17:24:29
-----------------------------
17:24:29.031    OS Version: Windows 5.1.2600 Service Pack 3
17:24:29.031    Number of processors: 2 586 0xE0C
17:24:29.031    ComputerName: DACHS  UserName: jens
17:24:29.625    Initialize success
17:24:32.453    AVAST engine defs: 12111900
17:24:48.140    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:24:48.140    Disk 0 Vendor: ST9120822AS 3.ALC Size: 114473MB BusType: 3
17:24:48.156    Disk 0 MBR read successfully
17:24:48.156    Disk 0 MBR scan
17:24:48.171    Disk 0 Windows XP default MBR code
17:24:48.187    Disk 0 Partition 1 00     1B   Hidd FAT32 MSWIN4.1     1906 MB offset 63
17:24:48.203    Disk 0 Partition 2 80 (A) 0C    FAT32 LBA MSWIN4.1    68676 MB offset 3903795
17:24:48.203    Disk 0 Partition - 00     0F Extended LBA             43888 MB offset 144552870
17:24:48.218    Disk 0 Partition 3 00     0B        FAT32 MSWIN4.1    43888 MB offset 144552933
17:24:48.218    Disk 0 scanning sectors +234436545
17:24:48.265    Disk 0 scanning C:\WINDOWS\system32\drivers
17:24:54.406    Service scanning
17:25:04.484    Modules scanning
17:25:08.125    Disk 0 trace - called modules:
17:25:08.140    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
17:25:08.156    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a896ab8]
17:25:08.156    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000080[0x8a914250]
17:25:08.156    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a911d98]
17:25:08.531    AVAST engine scan C:\WINDOWS
17:25:19.593    AVAST engine scan C:\WINDOWS\system32
17:27:38.890    AVAST engine scan C:\WINDOWS\system32\drivers
17:27:49.046    AVAST engine scan C:\Dokumente und Einstellungen\jens
17:29:32.781    AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:29:57.968    Scan finished successfully
17:30:04.671    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\jens\Desktop\MBR.dat"
17:30:04.671    The log file has been saved successfully to "C:\Dokumente und Einstellungen\jens\Desktop\aswMBR.txt"
         
TDSS Killer:

Code:
ATTFilter
17:30:14.0156 4064  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:30:14.0390 4064  ============================================================
17:30:14.0390 4064  Current date / time: 2012/11/19 17:30:14.0390
17:30:14.0390 4064  SystemInfo:
17:30:14.0390 4064  
17:30:14.0390 4064  OS Version: 5.1.2600 ServicePack: 3.0
17:30:14.0390 4064  Product type: Workstation
17:30:14.0390 4064  ComputerName: DACHS
17:30:14.0390 4064  UserName: jens
17:30:14.0390 4064  Windows directory: C:\WINDOWS
17:30:14.0390 4064  System windows directory: C:\WINDOWS
17:30:14.0390 4064  Processor architecture: Intel x86
17:30:14.0390 4064  Number of processors: 2
17:30:14.0390 4064  Page size: 0x1000
17:30:14.0390 4064  Boot type: Normal boot
17:30:14.0390 4064  ============================================================
17:30:15.0265 4064  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:30:15.0312 4064  ============================================================
17:30:15.0312 4064  \Device\Harddisk0\DR0:
17:30:15.0312 4064  MBR partitions:
17:30:15.0312 4064  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3B9133, BlocksNum 0x8622273
17:30:15.0328 4064  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x89DB3E5, BlocksNum 0x55B83DC
17:30:15.0328 4064  ============================================================
17:30:15.0343 4064  C: <-> \Device\Harddisk0\DR0\Partition1
17:30:15.0359 4064  D: <-> \Device\Harddisk0\DR0\Partition2
17:30:15.0359 4064  ============================================================
17:30:15.0359 4064  Initialize success
17:30:15.0359 4064  ============================================================
17:30:40.0015 3824  ============================================================
17:30:40.0015 3824  Scan started
17:30:40.0015 3824  Mode: Manual; SigCheck; TDLFS; 
17:30:40.0015 3824  ============================================================
17:30:40.0375 3824  ================ Scan system memory ========================
17:30:40.0375 3824  System memory - ok
17:30:40.0375 3824  ================ Scan services =============================
17:30:40.0468 3824  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Programme\SUPERAntiSpyware\SASCORE.EXE
17:30:40.0609 3824  !SASCORE - ok
17:30:40.0687 3824  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
17:30:40.0796 3824  Aavmker4 - ok
17:30:40.0796 3824  Abiosdsk - ok
17:30:40.0812 3824  abp480n5 - ok
17:30:40.0843 3824  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:30:41.0062 3824  ACPI - ok
17:30:41.0078 3824  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:30:41.0203 3824  ACPIEC - ok
17:30:41.0250 3824  [ E850B0A94E8703CCBC980B31594DC408 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
17:30:41.0265 3824  acsint - ok
17:30:41.0281 3824  [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
17:30:41.0296 3824  acsmux - ok
17:30:41.0343 3824  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
17:30:41.0375 3824  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:30:41.0375 3824  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
17:30:41.0390 3824  adpu160m - ok
17:30:41.0421 3824  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:30:41.0578 3824  aec - ok
17:30:41.0625 3824  [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:30:41.0640 3824  AegisP ( UnsignedFile.Multi.Generic ) - warning
17:30:41.0640 3824  AegisP - detected UnsignedFile.Multi.Generic (1)
17:30:41.0671 3824  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:30:41.0718 3824  AFD - ok
17:30:41.0734 3824  Aha154x - ok
17:30:41.0734 3824  aic78u2 - ok
17:30:41.0750 3824  aic78xx - ok
17:30:41.0796 3824  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:30:41.0921 3824  Alerter - ok
17:30:41.0968 3824  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
17:30:42.0078 3824  ALG - ok
17:30:42.0078 3824  AliIde - ok
17:30:42.0093 3824  amsint - ok
17:30:42.0171 3824  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:42.0187 3824  Apple Mobile Device - ok
17:30:42.0265 3824  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:30:42.0406 3824  AppMgmt - ok
17:30:42.0421 3824  asc - ok
17:30:42.0437 3824  asc3350p - ok
17:30:42.0437 3824  asc3550 - ok
17:30:42.0500 3824  [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5         C:\WINDOWS\ATK0100\ASNDIS5.SYS
17:30:42.0515 3824  ASNDIS5 - ok
17:30:42.0593 3824  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:30:42.0609 3824  aspnet_state - ok
17:30:42.0625 3824  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:30:42.0640 3824  aswFsBlk - ok
17:30:42.0671 3824  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
17:30:42.0687 3824  aswMon2 - ok
17:30:42.0718 3824  [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
17:30:42.0734 3824  aswRdr - ok
17:30:42.0781 3824  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
17:30:42.0812 3824  aswSnx - ok
17:30:42.0843 3824  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
17:30:42.0859 3824  aswSP - ok
17:30:42.0875 3824  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
17:30:42.0890 3824  aswTdi - ok
17:30:42.0953 3824  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:30:43.0093 3824  AsyncMac - ok
17:30:43.0125 3824  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:30:43.0234 3824  atapi - ok
17:30:43.0281 3824  [ F38A6E25C67798FF5F4AF85ACED4FB87 ] AtcL002         C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
17:30:43.0312 3824  AtcL002 - ok
17:30:43.0312 3824  Atdisk - ok
17:30:43.0437 3824  [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:30:43.0546 3824  Ati HotKey Poller - ok
17:30:43.0640 3824  [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:30:43.0781 3824  ati2mtag - ok
17:30:43.0890 3824  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:30:43.0921 3824  atksgt - ok
17:30:43.0953 3824  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:30:44.0078 3824  Atmarpc - ok
17:30:44.0187 3824  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:30:44.0312 3824  AudioSrv - ok
17:30:44.0359 3824  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:30:44.0468 3824  audstub - ok
17:30:44.0578 3824  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
17:30:44.0593 3824  avast! Antivirus - ok
17:30:44.0640 3824  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:30:44.0718 3824  BCM43XX - ok
17:30:44.0734 3824  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:30:44.0875 3824  Beep - ok
17:30:44.0937 3824  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:30:45.0078 3824  BITS - ok
17:30:45.0156 3824  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
17:30:45.0218 3824  Bonjour Service - ok
17:30:45.0265 3824  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
17:30:45.0312 3824  Browser - ok
17:30:45.0406 3824  catchme - ok
17:30:45.0421 3824  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:30:45.0546 3824  cbidf2k - ok
17:30:45.0578 3824  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:30:45.0687 3824  CCDECODE - ok
17:30:45.0703 3824  cd20xrnt - ok
17:30:45.0734 3824  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:30:45.0875 3824  Cdaudio - ok
17:30:45.0890 3824  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:30:46.0000 3824  Cdfs - ok
17:30:46.0031 3824  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:30:46.0140 3824  Cdrom - ok
17:30:46.0156 3824  Changer - ok
17:30:46.0234 3824  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:30:46.0375 3824  CiSvc - ok
17:30:46.0421 3824  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:30:46.0546 3824  ClipSrv - ok
17:30:46.0609 3824  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:46.0625 3824  clr_optimization_v2.0.50727_32 - ok
17:30:46.0656 3824  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:30:46.0796 3824  CmBatt - ok
17:30:46.0796 3824  CmdIde - ok
17:30:46.0812 3824  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:30:46.0937 3824  Compbatt - ok
17:30:46.0984 3824  COMSysApp - ok
17:30:47.0000 3824  Cpqarray - ok
17:30:47.0109 3824  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:30:47.0250 3824  CryptSvc - ok
17:30:47.0265 3824  dac2w2k - ok
17:30:47.0281 3824  dac960nt - ok
17:30:47.0328 3824  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:30:47.0390 3824  DcomLaunch - ok
17:30:47.0437 3824  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:30:47.0546 3824  Dhcp - ok
17:30:47.0578 3824  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:30:47.0703 3824  Disk - ok
17:30:47.0750 3824  dmadmin - ok
17:30:47.0812 3824  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:30:47.0968 3824  dmboot - ok
17:30:48.0000 3824  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:30:48.0125 3824  dmio - ok
17:30:48.0125 3824  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:30:48.0250 3824  dmload - ok
17:30:48.0296 3824  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:30:48.0421 3824  dmserver - ok
17:30:48.0453 3824  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:30:48.0578 3824  DMusic - ok
17:30:48.0640 3824  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:30:48.0671 3824  Dnscache - ok
17:30:48.0750 3824  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:30:48.0890 3824  Dot3svc - ok
17:30:48.0906 3824  dpti2o - ok
17:30:48.0921 3824  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:30:49.0031 3824  drmkaud - ok
17:30:49.0078 3824  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:30:49.0218 3824  EapHost - ok
17:30:49.0281 3824  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:30:49.0421 3824  ERSvc - ok
17:30:49.0468 3824  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
17:30:49.0515 3824  Eventlog - ok
17:30:49.0562 3824  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
17:30:49.0625 3824  EventSystem - ok
17:30:49.0640 3824  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:30:49.0765 3824  Fastfat - ok
17:30:49.0796 3824  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:30:49.0828 3824  FastUserSwitchingCompatibility - ok
17:30:49.0875 3824  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
17:30:49.0984 3824  Fdc - ok
17:30:50.0000 3824  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:30:50.0125 3824  Fips - ok
17:30:50.0156 3824  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
17:30:50.0281 3824  Flpydisk - ok
17:30:50.0312 3824  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:30:50.0437 3824  FltMgr - ok
17:30:50.0546 3824  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:30:50.0562 3824  FontCache3.0.0.0 - ok
17:30:50.0609 3824  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:30:50.0750 3824  Fs_Rec - ok
17:30:50.0765 3824  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:30:50.0906 3824  Ftdisk - ok
17:30:50.0937 3824  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:30:50.0953 3824  GEARAspiWDM - ok
17:30:51.0000 3824  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\WINDOWS\system32\giveio.sys
17:30:51.0015 3824  giveio ( UnsignedFile.Multi.Generic ) - warning
17:30:51.0015 3824  giveio - detected UnsignedFile.Multi.Generic (1)
17:30:51.0046 3824  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:30:51.0171 3824  Gpc - ok
17:30:51.0203 3824  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:30:51.0343 3824  HDAudBus - ok
17:30:51.0390 3824  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:30:51.0500 3824  helpsvc - ok
17:30:51.0546 3824  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:30:51.0671 3824  HidServ - ok
17:30:51.0703 3824  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:30:51.0828 3824  HidUsb - ok
17:30:51.0890 3824  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:30:52.0015 3824  hkmsvc - ok
17:30:52.0031 3824  hpn - ok
17:30:52.0078 3824  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:30:52.0125 3824  HTTP - ok
17:30:52.0171 3824  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:30:52.0296 3824  HTTPFilter - ok
17:30:52.0312 3824  i2omgmt - ok
17:30:52.0328 3824  i2omp - ok
17:30:52.0359 3824  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:30:52.0484 3824  i8042prt - ok
17:30:52.0546 3824  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:30:52.0578 3824  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:30:52.0578 3824  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:30:52.0656 3824  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:30:52.0718 3824  idsvc - ok
17:30:52.0750 3824  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:30:52.0890 3824  Imapi - ok
17:30:52.0937 3824  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:30:53.0078 3824  ImapiService - ok
17:30:53.0093 3824  ini910u - ok
17:30:53.0296 3824  [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:30:53.0671 3824  IntcAzAudAddService - ok
17:30:53.0718 3824  IntelIde - ok
17:30:53.0750 3824  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:30:53.0859 3824  intelppm - ok
17:30:53.0890 3824  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:30:54.0000 3824  Ip6Fw - ok
17:30:54.0031 3824  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:30:54.0156 3824  IpFilterDriver - ok
17:30:54.0187 3824  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:30:54.0312 3824  IpInIp - ok
17:30:54.0359 3824  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:30:54.0484 3824  IpNat - ok
17:30:54.0609 3824  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
17:30:54.0671 3824  iPod Service - ok
17:30:54.0718 3824  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:30:54.0843 3824  IPSec - ok
17:30:54.0875 3824  [ EE8CC26924A6F07972BBF04487EBD552 ] ipswuio         C:\WINDOWS\system32\DRIVERS\ipswuio.sys
17:30:54.0890 3824  ipswuio ( UnsignedFile.Multi.Generic ) - warning
17:30:54.0890 3824  ipswuio - detected UnsignedFile.Multi.Generic (1)
17:30:54.0921 3824  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:30:55.0046 3824  IRENUM - ok
17:30:55.0078 3824  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:30:55.0203 3824  isapnp - ok
17:30:55.0296 3824  [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
17:30:55.0343 3824  JavaQuickStarterService - ok
17:30:55.0375 3824  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:30:55.0484 3824  Kbdclass - ok
17:30:55.0500 3824  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:30:55.0625 3824  kbdhid - ok
17:30:55.0671 3824  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:30:55.0796 3824  kmixer - ok
17:30:55.0828 3824  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:30:55.0859 3824  KSecDD - ok
17:30:55.0906 3824  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:30:55.0953 3824  lanmanserver - ok
17:30:56.0062 3824  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:30:56.0109 3824  lanmanworkstation - ok
17:30:56.0109 3824  lbrtfdc - ok
17:30:56.0187 3824  [ 5712DCBE52D68865CCA91AE04807B755 ] LightScribeService c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
17:30:56.0218 3824  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:30:56.0218 3824  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:30:56.0250 3824  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:30:56.0265 3824  lirsgt - ok
17:30:56.0328 3824  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:30:56.0453 3824  LmHosts - ok
17:30:56.0484 3824  [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta        C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
17:30:56.0500 3824  LVUSBSta - ok
17:30:56.0546 3824  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:30:56.0671 3824  Messenger - ok
17:30:56.0687 3824  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:30:56.0828 3824  mnmdd - ok
17:30:56.0875 3824  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:30:57.0000 3824  mnmsrvc - ok
17:30:57.0031 3824  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:30:57.0156 3824  Modem - ok
17:30:57.0171 3824  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:30:57.0312 3824  MODEMCSA - ok
17:30:57.0343 3824  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:30:57.0468 3824  Mouclass - ok
17:30:57.0484 3824  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:30:57.0625 3824  mouhid - ok
17:30:57.0656 3824  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:30:57.0765 3824  MountMgr - ok
17:30:57.0828 3824  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:30:57.0859 3824  MozillaMaintenance - ok
17:30:57.0937 3824  MpKsl9753d9dd - ok
17:30:57.0953 3824  mraid35x - ok
17:30:57.0984 3824  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:30:58.0109 3824  MRxDAV - ok
17:30:58.0156 3824  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:30:58.0234 3824  MRxSmb - ok
17:30:58.0296 3824  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:30:58.0421 3824  MSDTC - ok
17:30:58.0437 3824  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:30:58.0562 3824  Msfs - ok
17:30:58.0609 3824  MSIServer - ok
17:30:58.0640 3824  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:30:58.0765 3824  MSKSSRV - ok
17:30:58.0796 3824  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:30:58.0906 3824  MSPCLOCK - ok
17:30:58.0921 3824  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:30:59.0046 3824  MSPQM - ok
17:30:59.0078 3824  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:30:59.0171 3824  mssmbios - ok
17:30:59.0187 3824  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
17:30:59.0312 3824  MSTEE - ok
17:30:59.0343 3824  [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
17:30:59.0359 3824  MTsensor - ok
17:30:59.0406 3824  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:30:59.0437 3824  Mup - ok
17:30:59.0468 3824  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:30:59.0593 3824  NABTSFEC - ok
17:30:59.0671 3824  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:30:59.0812 3824  napagent - ok
17:30:59.0843 3824  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:30:59.0968 3824  NDIS - ok
17:30:59.0984 3824  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:31:00.0109 3824  NdisIP - ok
17:31:00.0156 3824  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:31:00.0187 3824  NdisTapi - ok
17:31:00.0234 3824  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:31:00.0343 3824  Ndisuio - ok
17:31:00.0359 3824  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:31:00.0500 3824  NdisWan - ok
17:31:00.0531 3824  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:31:00.0562 3824  NDProxy - ok
17:31:00.0593 3824  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:31:00.0718 3824  NetBIOS - ok
17:31:00.0750 3824  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\NETBT.SYS
17:31:00.0875 3824  NetBT - ok
17:31:00.0937 3824  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:31:01.0078 3824  NetDDE - ok
17:31:01.0078 3824  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:31:01.0187 3824  NetDDEdsdm - ok
17:31:01.0296 3824  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:31:01.0421 3824  Netlogon - ok
17:31:01.0500 3824  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
17:31:01.0640 3824  Netman - ok
17:31:01.0750 3824  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:31:01.0765 3824  NetTcpPortSharing - ok
17:31:01.0828 3824  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:31:01.0859 3824  Nla - ok
17:31:01.0890 3824  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:31:02.0015 3824  Npfs - ok
17:31:02.0093 3824  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:31:02.0250 3824  Ntfs - ok
17:31:02.0281 3824  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:31:02.0390 3824  NtLmSsp - ok
17:31:02.0546 3824  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:31:02.0703 3824  NtmsSvc - ok
17:31:02.0734 3824  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:31:02.0859 3824  Null - ok
17:31:02.0890 3824  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:31:03.0031 3824  NwlnkFlt - ok
17:31:03.0031 3824  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:31:03.0171 3824  NwlnkFwd - ok
17:31:03.0203 3824  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
17:31:03.0328 3824  Parport - ok
17:31:03.0343 3824  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:31:03.0468 3824  PartMgr - ok
17:31:03.0484 3824  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:31:03.0609 3824  ParVdm - ok
17:31:03.0625 3824  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:31:03.0734 3824  PCI - ok
17:31:03.0750 3824  PCIDump - ok
17:31:03.0765 3824  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:31:03.0890 3824  PCIIde - ok
17:31:03.0921 3824  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:31:04.0062 3824  Pcmcia - ok
17:31:04.0093 3824  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
17:31:04.0109 3824  pcouffin ( UnsignedFile.Multi.Generic ) - warning
17:31:04.0109 3824  pcouffin - detected UnsignedFile.Multi.Generic (1)
17:31:04.0109 3824  PDCOMP - ok
17:31:04.0125 3824  PDFRAME - ok
17:31:04.0140 3824  PDRELI - ok
17:31:04.0140 3824  PDRFRAME - ok
17:31:04.0156 3824  perc2 - ok
17:31:04.0156 3824  perc2hib - ok
17:31:04.0265 3824  [ A7598E897DA639E255AD4188FA398478 ] PID_PEPI        C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
17:31:04.0343 3824  PID_PEPI - ok
17:31:04.0406 3824  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
17:31:04.0421 3824  PlugPlay - ok
17:31:04.0515 3824  [ 831883B107684301F48ACE752C963984 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
17:31:04.0531 3824  PnkBstrA - ok
17:31:04.0593 3824  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:31:04.0703 3824  PolicyAgent - ok
17:31:04.0750 3824  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:31:04.0875 3824  PptpMiniport - ok
17:31:04.0906 3824  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:31:05.0015 3824  ProtectedStorage - ok
17:31:05.0062 3824  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:31:05.0218 3824  PSched - ok
17:31:05.0250 3824  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:31:05.0390 3824  Ptilink - ok
17:31:05.0390 3824  ql1080 - ok
17:31:05.0406 3824  Ql10wnt - ok
17:31:05.0421 3824  ql12160 - ok
17:31:05.0421 3824  ql1240 - ok
17:31:05.0437 3824  ql1280 - ok
17:31:05.0515 3824  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:31:05.0656 3824  RasAcd - ok
17:31:05.0718 3824  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:31:05.0828 3824  RasAuto - ok
17:31:05.0859 3824  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:31:05.0984 3824  Rasl2tp - ok
17:31:06.0062 3824  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:31:06.0203 3824  RasMan - ok
17:31:06.0218 3824  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:31:06.0343 3824  RasPppoe - ok
17:31:06.0375 3824  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:31:06.0500 3824  Raspti - ok
17:31:06.0531 3824  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:31:06.0640 3824  Rdbss - ok
17:31:06.0671 3824  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:31:06.0812 3824  RDPCDD - ok
17:31:06.0859 3824  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:31:06.0984 3824  rdpdr - ok
17:31:07.0046 3824  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:31:07.0093 3824  RDPWD - ok
17:31:07.0140 3824  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:31:07.0265 3824  RDSessMgr - ok
17:31:07.0281 3824  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:31:07.0406 3824  redbook - ok
17:31:07.0500 3824  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:31:07.0625 3824  RemoteAccess - ok
17:31:07.0671 3824  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:31:07.0781 3824  RemoteRegistry - ok
17:31:07.0859 3824  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:31:07.0984 3824  RpcLocator - ok
17:31:08.0031 3824  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
17:31:08.0046 3824  RpcSs - ok
17:31:08.0093 3824  [ A3B23FB3F295694091F51865F98588B2 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:31:08.0093 3824  rspndr ( UnsignedFile.Multi.Generic ) - warning
17:31:08.0093 3824  rspndr - detected UnsignedFile.Multi.Generic (1)
17:31:08.0156 3824  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:31:08.0296 3824  RSVP - ok
17:31:08.0328 3824  [ DAAF657C0B5BD0595669496857040F75 ] RTSTOR          C:\WINDOWS\system32\drivers\RTSTOR.SYS
17:31:08.0359 3824  RTSTOR - ok
17:31:08.0421 3824  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:31:08.0531 3824  SamSs - ok
17:31:08.0593 3824  [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
17:31:08.0625 3824  Samsung UPD Service - ok
17:31:08.0687 3824  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
17:31:08.0703 3824  SASDIFSV - ok
17:31:08.0718 3824  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
17:31:08.0734 3824  SASKUTIL - ok
17:31:08.0781 3824  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:31:08.0921 3824  SCardSvr - ok
17:31:08.0984 3824  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:31:09.0109 3824  Schedule - ok
17:31:09.0156 3824  [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus         C:\WINDOWS\system32\DRIVERS\SE27bus.sys
17:31:09.0156 3824  SE27bus ( UnsignedFile.Multi.Generic ) - warning
17:31:09.0156 3824  SE27bus - detected UnsignedFile.Multi.Generic (1)
17:31:09.0203 3824  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:31:09.0312 3824  Secdrv - ok
17:31:09.0375 3824  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:31:09.0484 3824  seclogon - ok
17:31:09.0531 3824  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
17:31:09.0671 3824  SENS - ok
17:31:09.0703 3824  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
17:31:09.0843 3824  Serial - ok
17:31:09.0875 3824  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:31:09.0984 3824  Sfloppy - ok
17:31:10.0062 3824  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:31:10.0203 3824  SharedAccess - ok
17:31:10.0250 3824  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:31:10.0281 3824  ShellHWDetection - ok
17:31:10.0296 3824  Simbad - ok
17:31:10.0531 3824  [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:31:10.0734 3824  Skype C2C Service - ok
17:31:10.0921 3824  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
17:31:10.0937 3824  SkypeUpdate - ok
17:31:11.0000 3824  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:31:11.0109 3824  SLIP - ok
17:31:11.0187 3824  [ B8C571FBF5A4B341A95CDF0DE74D7B11 ] smserial        C:\WINDOWS\system32\DRIVERS\smserial.sys
17:31:11.0265 3824  smserial - ok
17:31:11.0281 3824  Sparrow - ok
17:31:11.0343 3824  [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan        C:\WINDOWS\system32\speedfan.sys
17:31:11.0359 3824  speedfan - ok
17:31:11.0406 3824  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:31:11.0515 3824  splitter - ok
17:31:11.0562 3824  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:31:11.0593 3824  Spooler - ok
17:31:11.0656 3824  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
17:31:11.0703 3824  sptd - ok
17:31:11.0718 3824  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:31:11.0843 3824  sr - ok
17:31:11.0921 3824  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:31:12.0078 3824  srservice - ok
17:31:12.0109 3824  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:31:12.0171 3824  Srv - ok
17:31:12.0234 3824  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:31:12.0359 3824  SSDPSRV - ok
17:31:12.0390 3824  [ 5EC550B8952882EE856B862CF648522D ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:31:12.0406 3824  ssmdrv - ok
17:31:12.0453 3824  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:31:12.0609 3824  stisvc - ok
17:31:12.0640 3824  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:31:12.0765 3824  streamip - ok
17:31:12.0796 3824  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:31:12.0921 3824  swenum - ok
17:31:12.0953 3824  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:31:13.0062 3824  swmidi - ok
17:31:13.0125 3824  SwPrv - ok
17:31:13.0140 3824  symc810 - ok
17:31:13.0140 3824  symc8xx - ok
17:31:13.0203 3824  [ 3C6790D26D03FE5163E2BEC490E51A7E ] SymEvent        C:\Programme\Symantec\SYMEVENT.SYS
17:31:13.0218 3824  SymEvent - ok
17:31:13.0234 3824  sym_hi - ok
17:31:13.0234 3824  sym_u3 - ok
17:31:13.0281 3824  [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:31:13.0328 3824  SynTP - ok
17:31:13.0359 3824  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:31:13.0484 3824  sysaudio - ok
17:31:13.0546 3824  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:31:13.0687 3824  SysmonLog - ok
17:31:13.0734 3824  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:31:13.0875 3824  TapiSrv - ok
17:31:13.0921 3824  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:31:13.0984 3824  Tcpip - ok
17:31:14.0046 3824  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:31:14.0156 3824  TDPIPE - ok
17:31:14.0171 3824  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:31:14.0296 3824  TDTCP - ok
17:31:14.0328 3824  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:31:14.0437 3824  TermDD - ok
17:31:14.0484 3824  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:31:14.0640 3824  TermService - ok
17:31:14.0687 3824  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:31:14.0703 3824  Themes - ok
17:31:14.0781 3824  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:31:14.0921 3824  TlntSvr - ok
17:31:14.0921 3824  TosIde - ok
17:31:14.0984 3824  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:31:15.0140 3824  TrkWks - ok
17:31:15.0171 3824  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:31:15.0281 3824  Udfs - ok
17:31:15.0375 3824  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
17:31:15.0390 3824  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
17:31:15.0390 3824  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
17:31:15.0406 3824  ultra - ok
17:31:15.0437 3824  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:31:15.0593 3824  Update - ok
17:31:15.0656 3824  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:31:15.0796 3824  upnphost - ok
17:31:15.0843 3824  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
17:31:15.0968 3824  UPS - ok
17:31:16.0000 3824  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
17:31:16.0031 3824  USBAAPL - ok
17:31:16.0062 3824  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
17:31:16.0187 3824  usbaudio - ok
17:31:16.0203 3824  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:31:16.0328 3824  usbccgp - ok
17:31:16.0343 3824  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:31:16.0468 3824  usbehci - ok
17:31:16.0500 3824  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:31:16.0640 3824  usbhub - ok
17:31:16.0640 3824  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:31:16.0781 3824  usbohci - ok
17:31:16.0828 3824  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:31:16.0953 3824  usbprint - ok
17:31:16.0968 3824  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:31:17.0109 3824  usbscan - ok
17:31:17.0109 3824  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:31:17.0234 3824  usbstor - ok
17:31:17.0265 3824  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:31:17.0390 3824  VgaSave - ok
17:31:17.0406 3824  ViaIde - ok
17:31:17.0437 3824  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:31:17.0562 3824  VolSnap - ok
17:31:17.0656 3824  [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:31:17.0703 3824  vpnagent - ok
17:31:17.0734 3824  [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
17:31:17.0750 3824  vpnva - ok
17:31:17.0828 3824  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
17:31:17.0968 3824  VSS - ok
17:31:18.0031 3824  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
17:31:18.0156 3824  W32Time - ok
17:31:18.0203 3824  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:31:18.0328 3824  Wanarp - ok
17:31:18.0328 3824  WDICA - ok
17:31:18.0375 3824  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:31:18.0515 3824  wdmaud - ok
17:31:18.0562 3824  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:31:18.0687 3824  WebClient - ok
17:31:18.0765 3824  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:31:18.0890 3824  winmgmt - ok
17:31:18.0953 3824  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:31:18.0968 3824  WmdmPmSN - ok
17:31:19.0046 3824  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:31:19.0109 3824  Wmi - ok
17:31:19.0171 3824  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:31:19.0296 3824  WmiApSrv - ok
17:31:19.0421 3824  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
17:31:19.0515 3824  WMPNetworkSvc - ok
17:31:19.0562 3824  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:31:19.0718 3824  WS2IFSL - ok
17:31:19.0843 3824  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:31:19.0968 3824  wscsvc - ok
17:31:20.0015 3824  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:31:20.0140 3824  WSTCODEC - ok
17:31:20.0218 3824  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:31:20.0343 3824  wuauserv - ok
17:31:20.0375 3824  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:31:20.0390 3824  WudfPf - ok
17:31:20.0406 3824  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:31:20.0437 3824  WudfRd - ok
17:31:20.0500 3824  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:31:20.0531 3824  WudfSvc - ok
17:31:20.0609 3824  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:31:20.0765 3824  WZCSVC - ok
17:31:20.0828 3824  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:31:20.0937 3824  xmlprov - ok
17:31:20.0953 3824  ================ Scan global ===============================
17:31:21.0093 3824  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:31:21.0203 3824  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:31:21.0296 3824  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:31:21.0359 3824  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:31:21.0359 3824  [Global] - ok
17:31:21.0359 3824  ================ Scan MBR ==================================
17:31:21.0390 3824  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:31:21.0546 3824  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:31:21.0546 3824  \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:31:21.0546 3824  ================ Scan VBR ==================================
17:31:21.0562 3824  [ 16AACC28D1253A82505A6D112ED33193 ] \Device\Harddisk0\DR0\Partition1
17:31:21.0562 3824  \Device\Harddisk0\DR0\Partition1 - ok
17:31:21.0578 3824  [ FE176BB4F15D15B35F394F0B48DA185C ] \Device\Harddisk0\DR0\Partition2
17:31:21.0578 3824  \Device\Harddisk0\DR0\Partition2 - ok
17:31:21.0578 3824  ============================================================
17:31:21.0578 3824  Scan finished
17:31:21.0578 3824  ============================================================
17:31:21.0718 3016  Detected object count: 11
17:31:21.0718 3016  Actual detected object count: 11
17:31:30.0296 3016  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0296 3016  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0296 3016  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0296 3016  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0296 3016  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0296 3016  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0296 3016  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0296 3016  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0312 3016  ipswuio ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016  ipswuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0312 3016  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0312 3016  pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016  pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0312 3016  rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016  rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0312 3016  SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016  SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0312 3016  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:30.0312 3016  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:30.0312 3016  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:31:30.0312 3016  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         
Viele Grüße

Alt 19.11.2012, 19:04   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Code:
ATTFilter
17:31:30.0312 3016  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2012, 19:21   #12
pinadgo
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Danke!
Ich habe nach dem Löschen des Eintrages sowie nach dem Scan (nach Neustart) ein Log gemacht. Ich poste beide:

Log nach Löschen
Code:
ATTFilter
19:09:54.0468 1192  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:09:54.0703 1192  ============================================================
19:09:54.0703 1192  Current date / time: 2012/11/19 19:09:54.0703
19:09:54.0703 1192  SystemInfo:
19:09:54.0703 1192  
19:09:54.0703 1192  OS Version: 5.1.2600 ServicePack: 3.0
19:09:54.0703 1192  Product type: Workstation
19:09:54.0703 1192  ComputerName: DACHS
19:09:54.0703 1192  UserName: jens
19:09:54.0703 1192  Windows directory: C:\WINDOWS
19:09:54.0703 1192  System windows directory: C:\WINDOWS
19:09:54.0718 1192  Processor architecture: Intel x86
19:09:54.0718 1192  Number of processors: 2
19:09:54.0718 1192  Page size: 0x1000
19:09:54.0718 1192  Boot type: Normal boot
19:09:54.0718 1192  ============================================================
19:09:55.0468 1192  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:09:55.0515 1192  ============================================================
19:09:55.0515 1192  \Device\Harddisk0\DR0:
19:09:55.0515 1192  MBR partitions:
19:09:55.0515 1192  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3B9133, BlocksNum 0x8622273
19:09:55.0531 1192  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x89DB3E5, BlocksNum 0x55B83DC
19:09:55.0531 1192  ============================================================
19:09:55.0546 1192  C: <-> \Device\Harddisk0\DR0\Partition1
19:09:55.0578 1192  D: <-> \Device\Harddisk0\DR0\Partition2
19:09:55.0578 1192  ============================================================
19:09:55.0578 1192  Initialize success
19:09:55.0578 1192  ============================================================
19:10:07.0546 3364  ============================================================
19:10:07.0546 3364  Scan started
19:10:07.0546 3364  Mode: Manual; SigCheck; TDLFS; 
19:10:07.0546 3364  ============================================================
19:10:07.0937 3364  ================ Scan system memory ========================
19:10:07.0937 3364  System memory - ok
19:10:07.0937 3364  ================ Scan services =============================
19:10:08.0093 3364  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Programme\SUPERAntiSpyware\SASCORE.EXE
19:10:08.0234 3364  !SASCORE - ok
19:10:08.0296 3364  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
19:10:08.0343 3364  Aavmker4 - ok
19:10:08.0359 3364  Abiosdsk - ok
19:10:08.0359 3364  abp480n5 - ok
19:10:08.0406 3364  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:10:08.0640 3364  ACPI - ok
19:10:08.0656 3364  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:10:08.0796 3364  ACPIEC - ok
19:10:08.0843 3364  [ E850B0A94E8703CCBC980B31594DC408 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
19:10:08.0859 3364  acsint - ok
19:10:08.0890 3364  [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
19:10:08.0906 3364  acsmux - ok
19:10:08.0968 3364  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
19:10:08.0984 3364  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
19:10:08.0984 3364  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
19:10:08.0984 3364  adpu160m - ok
19:10:09.0031 3364  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:10:09.0156 3364  aec - ok
19:10:09.0203 3364  [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:10:09.0234 3364  AegisP ( UnsignedFile.Multi.Generic ) - warning
19:10:09.0234 3364  AegisP - detected UnsignedFile.Multi.Generic (1)
19:10:09.0250 3364  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:10:09.0296 3364  AFD - ok
19:10:09.0312 3364  Aha154x - ok
19:10:09.0312 3364  aic78u2 - ok
19:10:09.0328 3364  aic78xx - ok
19:10:09.0375 3364  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:10:09.0484 3364  Alerter - ok
19:10:09.0531 3364  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
19:10:09.0656 3364  ALG - ok
19:10:09.0656 3364  AliIde - ok
19:10:09.0671 3364  amsint - ok
19:10:09.0765 3364  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:10:09.0796 3364  Apple Mobile Device - ok
19:10:09.0859 3364  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:10:10.0015 3364  AppMgmt - ok
19:10:10.0031 3364  asc - ok
19:10:10.0031 3364  asc3350p - ok
19:10:10.0046 3364  asc3550 - ok
19:10:10.0109 3364  [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5         C:\WINDOWS\ATK0100\ASNDIS5.SYS
19:10:10.0125 3364  ASNDIS5 - ok
19:10:10.0187 3364  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:10:10.0203 3364  aspnet_state - ok
19:10:10.0218 3364  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:10:10.0234 3364  aswFsBlk - ok
19:10:10.0250 3364  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
19:10:10.0281 3364  aswMon2 - ok
19:10:10.0281 3364  [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
19:10:10.0312 3364  aswRdr - ok
19:10:10.0343 3364  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
19:10:10.0390 3364  aswSnx - ok
19:10:10.0437 3364  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
19:10:10.0468 3364  aswSP - ok
19:10:10.0515 3364  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
19:10:10.0531 3364  aswTdi - ok
19:10:10.0562 3364  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:10:10.0687 3364  AsyncMac - ok
19:10:10.0718 3364  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:10:10.0843 3364  atapi - ok
19:10:10.0875 3364  [ F38A6E25C67798FF5F4AF85ACED4FB87 ] AtcL002         C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
19:10:10.0906 3364  AtcL002 - ok
19:10:10.0921 3364  Atdisk - ok
19:10:11.0046 3364  [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:10:11.0109 3364  Ati HotKey Poller - ok
19:10:11.0218 3364  [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:10:11.0312 3364  ati2mtag - ok
19:10:11.0437 3364  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:10:11.0468 3364  atksgt - ok
19:10:11.0515 3364  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:10:11.0625 3364  Atmarpc - ok
19:10:11.0734 3364  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:10:11.0890 3364  AudioSrv - ok
19:10:11.0921 3364  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:10:12.0031 3364  audstub - ok
19:10:12.0140 3364  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
19:10:12.0156 3364  avast! Antivirus - ok
19:10:12.0218 3364  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:10:12.0265 3364  BCM43XX - ok
19:10:12.0296 3364  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:10:12.0421 3364  Beep - ok
19:10:12.0484 3364  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:10:12.0609 3364  BITS - ok
19:10:12.0687 3364  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
19:10:12.0703 3364  Bonjour Service - ok
19:10:12.0765 3364  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
19:10:12.0812 3364  Browser - ok
19:10:12.0906 3364  catchme - ok
19:10:12.0937 3364  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:10:13.0062 3364  cbidf2k - ok
19:10:13.0093 3364  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:10:13.0203 3364  CCDECODE - ok
19:10:13.0203 3364  cd20xrnt - ok
19:10:13.0234 3364  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:10:13.0375 3364  Cdaudio - ok
19:10:13.0406 3364  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:10:13.0515 3364  Cdfs - ok
19:10:13.0531 3364  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:10:13.0640 3364  Cdrom - ok
19:10:13.0656 3364  Changer - ok
19:10:13.0812 3364  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:10:13.0953 3364  CiSvc - ok
19:10:14.0000 3364  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:10:14.0125 3364  ClipSrv - ok
19:10:14.0187 3364  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:10:14.0203 3364  clr_optimization_v2.0.50727_32 - ok
19:10:14.0234 3364  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:10:14.0359 3364  CmBatt - ok
19:10:14.0375 3364  CmdIde - ok
19:10:14.0390 3364  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:10:14.0515 3364  Compbatt - ok
19:10:14.0562 3364  COMSysApp - ok
19:10:14.0578 3364  Cpqarray - ok
19:10:14.0703 3364  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:10:14.0843 3364  CryptSvc - ok
19:10:14.0843 3364  dac2w2k - ok
19:10:14.0859 3364  dac960nt - ok
19:10:14.0906 3364  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:10:14.0937 3364  DcomLaunch - ok
19:10:15.0000 3364  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:10:15.0109 3364  Dhcp - ok
19:10:15.0140 3364  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:10:15.0265 3364  Disk - ok
19:10:15.0296 3364  dmadmin - ok
19:10:15.0437 3364  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:10:15.0562 3364  dmboot - ok
19:10:15.0578 3364  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:10:15.0703 3364  dmio - ok
19:10:15.0718 3364  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:10:15.0828 3364  dmload - ok
19:10:15.0875 3364  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:10:16.0000 3364  dmserver - ok
19:10:16.0031 3364  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:10:16.0171 3364  DMusic - ok
19:10:16.0218 3364  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:10:16.0250 3364  Dnscache - ok
19:10:16.0328 3364  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:10:16.0453 3364  Dot3svc - ok
19:10:16.0468 3364  dpti2o - ok
19:10:16.0484 3364  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:10:16.0593 3364  drmkaud - ok
19:10:16.0640 3364  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:10:16.0781 3364  EapHost - ok
19:10:16.0843 3364  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:10:16.0984 3364  ERSvc - ok
19:10:17.0046 3364  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
19:10:17.0078 3364  Eventlog - ok
19:10:17.0140 3364  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
19:10:17.0171 3364  EventSystem - ok
19:10:17.0187 3364  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:10:17.0296 3364  Fastfat - ok
19:10:17.0343 3364  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:10:17.0375 3364  FastUserSwitchingCompatibility - ok
19:10:17.0421 3364  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
19:10:17.0531 3364  Fdc - ok
19:10:17.0531 3364  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:10:17.0671 3364  Fips - ok
19:10:17.0671 3364  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:10:17.0796 3364  Flpydisk - ok
19:10:17.0828 3364  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:10:17.0953 3364  FltMgr - ok
19:10:18.0062 3364  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:10:18.0078 3364  FontCache3.0.0.0 - ok
19:10:18.0109 3364  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:10:18.0250 3364  Fs_Rec - ok
19:10:18.0265 3364  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:10:18.0406 3364  Ftdisk - ok
19:10:18.0437 3364  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:10:18.0453 3364  GEARAspiWDM - ok
19:10:18.0500 3364  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\WINDOWS\system32\giveio.sys
19:10:18.0515 3364  giveio ( UnsignedFile.Multi.Generic ) - warning
19:10:18.0515 3364  giveio - detected UnsignedFile.Multi.Generic (1)
19:10:18.0531 3364  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:10:18.0671 3364  Gpc - ok
19:10:18.0703 3364  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:10:18.0828 3364  HDAudBus - ok
19:10:18.0875 3364  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:10:18.0984 3364  helpsvc - ok
19:10:19.0046 3364  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:10:19.0171 3364  HidServ - ok
19:10:19.0187 3364  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:10:19.0328 3364  HidUsb - ok
19:10:19.0406 3364  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:10:19.0515 3364  hkmsvc - ok
19:10:19.0531 3364  hpn - ok
19:10:19.0578 3364  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:10:19.0609 3364  HTTP - ok
19:10:19.0656 3364  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:10:19.0796 3364  HTTPFilter - ok
19:10:19.0796 3364  i2omgmt - ok
19:10:19.0812 3364  i2omp - ok
19:10:19.0828 3364  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:10:19.0953 3364  i8042prt - ok
19:10:20.0031 3364  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:10:20.0046 3364  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:10:20.0046 3364  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:10:20.0125 3364  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:10:20.0156 3364  idsvc - ok
19:10:20.0218 3364  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:10:20.0343 3364  Imapi - ok
19:10:20.0406 3364  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:10:20.0515 3364  ImapiService - ok
19:10:20.0531 3364  ini910u - ok
19:10:20.0734 3364  [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:10:20.0937 3364  IntcAzAudAddService - ok
19:10:20.0984 3364  IntelIde - ok
19:10:21.0031 3364  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:10:21.0140 3364  intelppm - ok
19:10:21.0187 3364  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:10:21.0296 3364  Ip6Fw - ok
19:10:21.0328 3364  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:10:21.0468 3364  IpFilterDriver - ok
19:10:21.0500 3364  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:10:21.0625 3364  IpInIp - ok
19:10:21.0656 3364  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:10:21.0781 3364  IpNat - ok
19:10:21.0906 3364  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
19:10:21.0937 3364  iPod Service - ok
19:10:21.0968 3364  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:10:22.0093 3364  IPSec - ok
19:10:22.0125 3364  [ EE8CC26924A6F07972BBF04487EBD552 ] ipswuio         C:\WINDOWS\system32\DRIVERS\ipswuio.sys
19:10:22.0140 3364  ipswuio ( UnsignedFile.Multi.Generic ) - warning
19:10:22.0140 3364  ipswuio - detected UnsignedFile.Multi.Generic (1)
19:10:22.0171 3364  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:10:22.0296 3364  IRENUM - ok
19:10:22.0343 3364  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:10:22.0453 3364  isapnp - ok
19:10:22.0546 3364  [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
19:10:22.0562 3364  JavaQuickStarterService - ok
19:10:22.0593 3364  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:10:22.0718 3364  Kbdclass - ok
19:10:22.0750 3364  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:10:22.0875 3364  kbdhid - ok
19:10:22.0921 3364  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:10:23.0062 3364  kmixer - ok
19:10:23.0093 3364  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:10:23.0109 3364  KSecDD - ok
19:10:23.0171 3364  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:10:23.0203 3364  lanmanserver - ok
19:10:23.0312 3364  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:10:23.0359 3364  lanmanworkstation - ok
19:10:23.0359 3364  lbrtfdc - ok
19:10:23.0437 3364  [ 5712DCBE52D68865CCA91AE04807B755 ] LightScribeService c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
19:10:23.0453 3364  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:10:23.0453 3364  LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:10:23.0484 3364  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:10:23.0500 3364  lirsgt - ok
19:10:23.0562 3364  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:10:23.0687 3364  LmHosts - ok
19:10:23.0718 3364  [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta        C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
19:10:23.0734 3364  LVUSBSta - ok
19:10:23.0796 3364  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:10:23.0906 3364  Messenger - ok
19:10:23.0937 3364  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:10:24.0078 3364  mnmdd - ok
19:10:24.0125 3364  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:10:24.0250 3364  mnmsrvc - ok
19:10:24.0281 3364  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:10:24.0406 3364  Modem - ok
19:10:24.0421 3364  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:10:24.0546 3364  MODEMCSA - ok
19:10:24.0562 3364  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:10:24.0687 3364  Mouclass - ok
19:10:24.0734 3364  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:10:24.0875 3364  mouhid - ok
19:10:24.0906 3364  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:10:25.0015 3364  MountMgr - ok
19:10:25.0078 3364  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:10:25.0093 3364  MozillaMaintenance - ok
19:10:25.0171 3364  MpKsl9753d9dd - ok
19:10:25.0187 3364  mraid35x - ok
19:10:25.0218 3364  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:10:25.0343 3364  MRxDAV - ok
19:10:25.0406 3364  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:10:25.0453 3364  MRxSmb - ok
19:10:25.0500 3364  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:10:25.0640 3364  MSDTC - ok
19:10:25.0656 3364  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:10:25.0781 3364  Msfs - ok
19:10:25.0828 3364  MSIServer - ok
19:10:25.0921 3364  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:10:26.0046 3364  MSKSSRV - ok
19:10:26.0078 3364  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:10:26.0187 3364  MSPCLOCK - ok
19:10:26.0203 3364  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:10:26.0328 3364  MSPQM - ok
19:10:26.0359 3364  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:10:26.0453 3364  mssmbios - ok
19:10:26.0468 3364  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:10:26.0593 3364  MSTEE - ok
19:10:26.0625 3364  [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
19:10:26.0640 3364  MTsensor - ok
19:10:26.0687 3364  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:10:26.0718 3364  Mup - ok
19:10:26.0750 3364  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:10:26.0875 3364  NABTSFEC - ok
19:10:26.0953 3364  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:10:27.0078 3364  napagent - ok
19:10:27.0109 3364  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:10:27.0234 3364  NDIS - ok
19:10:27.0265 3364  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:10:27.0390 3364  NdisIP - ok
19:10:27.0421 3364  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:10:27.0453 3364  NdisTapi - ok
19:10:27.0500 3364  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:10:27.0609 3364  Ndisuio - ok
19:10:27.0640 3364  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:10:27.0765 3364  NdisWan - ok
19:10:27.0781 3364  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:10:27.0828 3364  NDProxy - ok
19:10:27.0843 3364  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:10:27.0968 3364  NetBIOS - ok
19:10:28.0000 3364  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\NETBT.SYS
19:10:28.0125 3364  NetBT - ok
19:10:28.0187 3364  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:10:28.0296 3364  NetDDE - ok
19:10:28.0312 3364  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:10:28.0421 3364  NetDDEdsdm - ok
19:10:28.0531 3364  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:10:28.0656 3364  Netlogon - ok
19:10:28.0734 3364  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
19:10:28.0859 3364  Netman - ok
19:10:28.0968 3364  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:10:28.0984 3364  NetTcpPortSharing - ok
19:10:29.0046 3364  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:10:29.0093 3364  Nla - ok
19:10:29.0125 3364  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:10:29.0218 3364  Npfs - ok
19:10:29.0281 3364  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:10:29.0421 3364  Ntfs - ok
19:10:29.0453 3364  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:10:29.0562 3364  NtLmSsp - ok
19:10:29.0718 3364  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:10:29.0859 3364  NtmsSvc - ok
19:10:29.0906 3364  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:10:30.0015 3364  Null - ok
19:10:30.0062 3364  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:10:30.0187 3364  NwlnkFlt - ok
19:10:30.0203 3364  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:10:30.0343 3364  NwlnkFwd - ok
19:10:30.0375 3364  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
19:10:30.0500 3364  Parport - ok
19:10:30.0515 3364  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:10:30.0640 3364  PartMgr - ok
19:10:30.0656 3364  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:10:30.0781 3364  ParVdm - ok
19:10:30.0796 3364  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:10:30.0906 3364  PCI - ok
19:10:30.0906 3364  PCIDump - ok
19:10:30.0937 3364  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:10:31.0062 3364  PCIIde - ok
19:10:31.0093 3364  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:10:31.0203 3364  Pcmcia - ok
19:10:31.0250 3364  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
19:10:31.0250 3364  pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:10:31.0250 3364  pcouffin - detected UnsignedFile.Multi.Generic (1)
19:10:31.0265 3364  PDCOMP - ok
19:10:31.0265 3364  PDFRAME - ok
19:10:31.0281 3364  PDRELI - ok
19:10:31.0296 3364  PDRFRAME - ok
19:10:31.0296 3364  perc2 - ok
19:10:31.0312 3364  perc2hib - ok
19:10:31.0406 3364  [ A7598E897DA639E255AD4188FA398478 ] PID_PEPI        C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
19:10:31.0468 3364  PID_PEPI - ok
19:10:31.0531 3364  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
19:10:31.0546 3364  PlugPlay - ok
19:10:31.0593 3364  [ 831883B107684301F48ACE752C963984 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
19:10:31.0625 3364  PnkBstrA - ok
19:10:31.0671 3364  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:10:31.0781 3364  PolicyAgent - ok
19:10:31.0828 3364  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:10:31.0953 3364  PptpMiniport - ok
19:10:31.0984 3364  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:10:32.0093 3364  ProtectedStorage - ok
19:10:32.0140 3364  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:10:32.0296 3364  PSched - ok
19:10:32.0312 3364  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:10:32.0453 3364  Ptilink - ok
19:10:32.0468 3364  ql1080 - ok
19:10:32.0484 3364  Ql10wnt - ok
19:10:32.0484 3364  ql12160 - ok
19:10:32.0500 3364  ql1240 - ok
19:10:32.0500 3364  ql1280 - ok
19:10:32.0578 3364  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:10:32.0703 3364  RasAcd - ok
19:10:32.0765 3364  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:10:32.0890 3364  RasAuto - ok
19:10:32.0921 3364  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:10:33.0046 3364  Rasl2tp - ok
19:10:33.0109 3364  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:10:33.0234 3364  RasMan - ok
19:10:33.0250 3364  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:10:33.0390 3364  RasPppoe - ok
19:10:33.0406 3364  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:10:33.0531 3364  Raspti - ok
19:10:33.0562 3364  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:10:33.0671 3364  Rdbss - ok
19:10:33.0703 3364  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:10:33.0843 3364  RDPCDD - ok
19:10:33.0875 3364  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:10:34.0000 3364  rdpdr - ok
19:10:34.0046 3364  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:10:34.0078 3364  RDPWD - ok
19:10:34.0125 3364  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:10:34.0234 3364  RDSessMgr - ok
19:10:34.0265 3364  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:10:34.0390 3364  redbook - ok
19:10:34.0484 3364  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:10:34.0609 3364  RemoteAccess - ok
19:10:34.0656 3364  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:10:34.0765 3364  RemoteRegistry - ok
19:10:34.0828 3364  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:10:34.0953 3364  RpcLocator - ok
19:10:35.0000 3364  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
19:10:35.0015 3364  RpcSs - ok
19:10:35.0062 3364  [ A3B23FB3F295694091F51865F98588B2 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:10:35.0062 3364  rspndr ( UnsignedFile.Multi.Generic ) - warning
19:10:35.0062 3364  rspndr - detected UnsignedFile.Multi.Generic (1)
19:10:35.0125 3364  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:10:35.0265 3364  RSVP - ok
19:10:35.0281 3364  [ DAAF657C0B5BD0595669496857040F75 ] RTSTOR          C:\WINDOWS\system32\drivers\RTSTOR.SYS
19:10:35.0312 3364  RTSTOR - ok
19:10:35.0375 3364  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:10:35.0484 3364  SamSs - ok
19:10:35.0546 3364  [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
19:10:35.0578 3364  Samsung UPD Service - ok
19:10:35.0640 3364  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
19:10:35.0656 3364  SASDIFSV - ok
19:10:35.0656 3364  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
19:10:35.0671 3364  SASKUTIL - ok
19:10:35.0734 3364  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:10:35.0859 3364  SCardSvr - ok
19:10:35.0921 3364  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:10:36.0031 3364  Schedule - ok
19:10:36.0078 3364  [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus         C:\WINDOWS\system32\DRIVERS\SE27bus.sys
19:10:36.0078 3364  SE27bus ( UnsignedFile.Multi.Generic ) - warning
19:10:36.0078 3364  SE27bus - detected UnsignedFile.Multi.Generic (1)
19:10:36.0125 3364  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:10:36.0234 3364  Secdrv - ok
19:10:36.0296 3364  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:10:36.0406 3364  seclogon - ok
19:10:36.0453 3364  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
19:10:36.0578 3364  SENS - ok
19:10:36.0625 3364  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
19:10:36.0750 3364  Serial - ok
19:10:36.0796 3364  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:10:36.0906 3364  Sfloppy - ok
19:10:36.0984 3364  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:10:37.0109 3364  SharedAccess - ok
19:10:37.0156 3364  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:10:37.0187 3364  ShellHWDetection - ok
19:10:37.0187 3364  Simbad - ok
19:10:37.0437 3364  [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:10:37.0546 3364  Skype C2C Service - ok
19:10:37.0703 3364  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
19:10:37.0718 3364  SkypeUpdate - ok
19:10:37.0796 3364  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:10:37.0906 3364  SLIP - ok
19:10:37.0984 3364  [ B8C571FBF5A4B341A95CDF0DE74D7B11 ] smserial        C:\WINDOWS\system32\DRIVERS\smserial.sys
19:10:38.0062 3364  smserial - ok
19:10:38.0078 3364  Sparrow - ok
19:10:38.0125 3364  [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan        C:\WINDOWS\system32\speedfan.sys
19:10:38.0140 3364  speedfan - ok
19:10:38.0187 3364  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:10:38.0296 3364  splitter - ok
19:10:38.0343 3364  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:10:38.0375 3364  Spooler - ok
19:10:38.0453 3364  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
19:10:38.0484 3364  sptd - ok
19:10:38.0500 3364  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:10:38.0609 3364  sr - ok
19:10:38.0703 3364  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:10:38.0828 3364  srservice - ok
19:10:38.0859 3364  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:10:38.0906 3364  Srv - ok
19:10:38.0953 3364  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:10:39.0062 3364  SSDPSRV - ok
19:10:39.0109 3364  [ 5EC550B8952882EE856B862CF648522D ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:10:39.0125 3364  ssmdrv - ok
19:10:39.0187 3364  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:10:39.0312 3364  stisvc - ok
19:10:39.0343 3364  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:10:39.0468 3364  streamip - ok
19:10:39.0500 3364  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:10:39.0625 3364  swenum - ok
19:10:39.0671 3364  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:10:39.0781 3364  swmidi - ok
19:10:39.0843 3364  SwPrv - ok
19:10:39.0843 3364  symc810 - ok
19:10:39.0859 3364  symc8xx - ok
19:10:39.0906 3364  [ 3C6790D26D03FE5163E2BEC490E51A7E ] SymEvent        C:\Programme\Symantec\SYMEVENT.SYS
19:10:39.0921 3364  SymEvent - ok
19:10:39.0937 3364  sym_hi - ok
19:10:39.0953 3364  sym_u3 - ok
19:10:39.0984 3364  [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:10:40.0015 3364  SynTP - ok
19:10:40.0046 3364  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:10:40.0171 3364  sysaudio - ok
19:10:40.0250 3364  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:10:40.0375 3364  SysmonLog - ok
19:10:40.0421 3364  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:10:40.0546 3364  TapiSrv - ok
19:10:40.0578 3364  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:10:40.0625 3364  Tcpip - ok
19:10:40.0671 3364  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:10:40.0781 3364  TDPIPE - ok
19:10:40.0796 3364  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:10:40.0921 3364  TDTCP - ok
19:10:40.0953 3364  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:10:41.0062 3364  TermDD - ok
19:10:41.0125 3364  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:10:41.0250 3364  TermService - ok
19:10:41.0296 3364  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:10:41.0328 3364  Themes - ok
19:10:41.0390 3364  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:10:41.0515 3364  TlntSvr - ok
19:10:41.0531 3364  TosIde - ok
19:10:41.0593 3364  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:10:41.0734 3364  TrkWks - ok
19:10:41.0765 3364  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:10:41.0875 3364  Udfs - ok
19:10:41.0953 3364  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
19:10:41.0968 3364  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
19:10:41.0968 3364  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
19:10:41.0984 3364  ultra - ok
19:10:42.0031 3364  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:10:42.0156 3364  Update - ok
19:10:42.0218 3364  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:10:42.0343 3364  upnphost - ok
19:10:42.0406 3364  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
19:10:42.0531 3364  UPS - ok
19:10:42.0562 3364  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
19:10:42.0593 3364  USBAAPL - ok
19:10:42.0625 3364  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:10:42.0750 3364  usbaudio - ok
19:10:42.0765 3364  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:10:42.0890 3364  usbccgp - ok
19:10:42.0921 3364  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:10:43.0046 3364  usbehci - ok
19:10:43.0062 3364  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:10:43.0187 3364  usbhub - ok
19:10:43.0203 3364  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:10:43.0343 3364  usbohci - ok
19:10:43.0375 3364  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:10:43.0500 3364  usbprint - ok
19:10:43.0531 3364  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:10:43.0656 3364  usbscan - ok
19:10:43.0656 3364  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:10:43.0781 3364  usbstor - ok
19:10:43.0812 3364  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:10:43.0937 3364  VgaSave - ok
19:10:43.0953 3364  ViaIde - ok
19:10:43.0984 3364  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:10:44.0109 3364  VolSnap - ok
19:10:44.0203 3364  [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
19:10:44.0234 3364  vpnagent - ok
19:10:44.0281 3364  [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
19:10:44.0296 3364  vpnva - ok
19:10:44.0390 3364  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:10:44.0515 3364  VSS - ok
19:10:44.0578 3364  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
19:10:44.0687 3364  W32Time - ok
19:10:44.0703 3364  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:10:44.0828 3364  Wanarp - ok
19:10:44.0828 3364  WDICA - ok
19:10:44.0875 3364  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:10:45.0000 3364  wdmaud - ok
19:10:45.0062 3364  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:10:45.0187 3364  WebClient - ok
19:10:45.0250 3364  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:10:45.0375 3364  winmgmt - ok
19:10:45.0437 3364  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:10:45.0453 3364  WmdmPmSN - ok
19:10:45.0515 3364  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:10:45.0562 3364  Wmi - ok
19:10:45.0593 3364  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:10:45.0718 3364  WmiApSrv - ok
19:10:45.0828 3364  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
19:10:45.0875 3364  WMPNetworkSvc - ok
19:10:45.0921 3364  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:10:46.0078 3364  WS2IFSL - ok
19:10:46.0156 3364  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:10:46.0281 3364  wscsvc - ok
19:10:46.0312 3364  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:10:46.0421 3364  WSTCODEC - ok
19:10:46.0500 3364  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:10:46.0609 3364  wuauserv - ok
19:10:46.0640 3364  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:10:46.0671 3364  WudfPf - ok
19:10:46.0687 3364  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:10:46.0703 3364  WudfRd - ok
19:10:46.0781 3364  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:10:46.0812 3364  WudfSvc - ok
19:10:46.0890 3364  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:10:47.0031 3364  WZCSVC - ok
19:10:47.0093 3364  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:10:47.0203 3364  xmlprov - ok
19:10:47.0218 3364  ================ Scan global ===============================
19:10:47.0359 3364  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:10:47.0468 3364  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:10:47.0546 3364  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:10:47.0609 3364  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:10:47.0609 3364  [Global] - ok
19:10:47.0609 3364  ================ Scan MBR ==================================
19:10:47.0640 3364  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:10:47.0812 3364  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:10:47.0812 3364  \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:10:47.0812 3364  ================ Scan VBR ==================================
19:10:47.0812 3364  [ BF30917383F8E116AC1A4405BC6C3D08 ] \Device\Harddisk0\DR0\Partition1
19:10:47.0812 3364  \Device\Harddisk0\DR0\Partition1 - ok
19:10:47.0843 3364  [ FE176BB4F15D15B35F394F0B48DA185C ] \Device\Harddisk0\DR0\Partition2
19:10:47.0843 3364  \Device\Harddisk0\DR0\Partition2 - ok
19:10:47.0843 3364  ============================================================
19:10:47.0843 3364  Scan finished
19:10:47.0843 3364  ============================================================
19:10:47.0953 1436  Detected object count: 11
19:10:47.0953 1436  Actual detected object count: 11
19:12:14.0093 1436  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0093 1436  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0093 1436  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0093 1436  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0093 1436  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0093 1436  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0093 1436  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0093 1436  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0109 1436  ipswuio ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436  ipswuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0109 1436  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0109 1436  pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436  pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0109 1436  rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436  rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0109 1436  SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436  SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0109 1436  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
19:12:14.0109 1436  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:14.0265 1436  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:12:14.0265 1436  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
19:12:14.0265 1436  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
19:12:14.0281 1436  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
19:12:14.0281 1436  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
19:12:14.0281 1436  \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
19:12:14.0281 1436  \Device\Harddisk0\DR0\TDLFS - deleted
19:12:14.0281 1436  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
         
Log nach Neustart
Code:
ATTFilter
19:16:42.0906 0292  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:16:43.0250 0292  ============================================================
19:16:43.0250 0292  Current date / time: 2012/11/19 19:16:43.0250
19:16:43.0250 0292  SystemInfo:
19:16:43.0250 0292  
19:16:43.0250 0292  OS Version: 5.1.2600 ServicePack: 3.0
19:16:43.0250 0292  Product type: Workstation
19:16:43.0250 0292  ComputerName: DACHS
19:16:43.0250 0292  UserName: jens
19:16:43.0250 0292  Windows directory: C:\WINDOWS
19:16:43.0250 0292  System windows directory: C:\WINDOWS
19:16:43.0250 0292  Processor architecture: Intel x86
19:16:43.0250 0292  Number of processors: 2
19:16:43.0250 0292  Page size: 0x1000
19:16:43.0250 0292  Boot type: Normal boot
19:16:43.0250 0292  ============================================================
19:16:44.0343 0292  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:16:44.0390 0292  ============================================================
19:16:44.0390 0292  \Device\Harddisk0\DR0:
19:16:44.0406 0292  MBR partitions:
19:16:44.0406 0292  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3B9133, BlocksNum 0x8622273
19:16:44.0421 0292  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x89DB3E5, BlocksNum 0x55B83DC
19:16:44.0421 0292  ============================================================
19:16:44.0437 0292  C: <-> \Device\Harddisk0\DR0\Partition1
19:16:44.0453 0292  D: <-> \Device\Harddisk0\DR0\Partition2
19:16:44.0453 0292  ============================================================
19:16:44.0453 0292  Initialize success
19:16:44.0453 0292  ============================================================
19:16:58.0828 0532  ============================================================
19:16:58.0828 0532  Scan started
19:16:58.0828 0532  Mode: Manual; SigCheck; TDLFS; 
19:16:58.0828 0532  ============================================================
19:16:58.0921 0532  ================ Scan system memory ========================
19:16:58.0921 0532  System memory - ok
19:16:58.0921 0532  ================ Scan services =============================
19:16:59.0203 0532  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Programme\SUPERAntiSpyware\SASCORE.EXE
19:16:59.0406 0532  !SASCORE - ok
19:16:59.0468 0532  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
19:16:59.0640 0532  Aavmker4 - ok
19:16:59.0656 0532  Abiosdsk - ok
19:16:59.0656 0532  abp480n5 - ok
19:16:59.0703 0532  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:17:01.0093 0532  ACPI - ok
19:17:01.0125 0532  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:17:01.0312 0532  ACPIEC - ok
19:17:01.0359 0532  [ E850B0A94E8703CCBC980B31594DC408 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
19:17:01.0375 0532  acsint - ok
19:17:01.0406 0532  [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
19:17:01.0421 0532  acsmux - ok
19:17:01.0484 0532  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
19:17:01.0500 0532  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
19:17:01.0500 0532  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
19:17:01.0500 0532  adpu160m - ok
19:17:01.0546 0532  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:17:01.0687 0532  aec - ok
19:17:01.0734 0532  [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:17:01.0765 0532  AegisP ( UnsignedFile.Multi.Generic ) - warning
19:17:01.0765 0532  AegisP - detected UnsignedFile.Multi.Generic (1)
19:17:01.0812 0532  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:17:01.0890 0532  AFD - ok
19:17:01.0890 0532  Aha154x - ok
19:17:01.0906 0532  aic78u2 - ok
19:17:01.0921 0532  aic78xx - ok
19:17:01.0968 0532  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:17:02.0109 0532  Alerter - ok
19:17:02.0156 0532  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
19:17:02.0281 0532  ALG - ok
19:17:02.0281 0532  AliIde - ok
19:17:02.0296 0532  amsint - ok
19:17:02.0390 0532  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:17:02.0390 0532  Apple Mobile Device - ok
19:17:02.0468 0532  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:17:02.0625 0532  AppMgmt - ok
19:17:02.0640 0532  asc - ok
19:17:02.0656 0532  asc3350p - ok
19:17:02.0656 0532  asc3550 - ok
19:17:02.0734 0532  [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5         C:\WINDOWS\ATK0100\ASNDIS5.SYS
19:17:02.0750 0532  ASNDIS5 - ok
19:17:02.0828 0532  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:17:02.0843 0532  aspnet_state - ok
19:17:02.0875 0532  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:17:02.0890 0532  aswFsBlk - ok
19:17:02.0906 0532  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
19:17:02.0921 0532  aswMon2 - ok
19:17:02.0953 0532  [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
19:17:02.0968 0532  aswRdr - ok
19:17:03.0015 0532  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
19:17:03.0046 0532  aswSnx - ok
19:17:03.0078 0532  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
19:17:03.0109 0532  aswSP - ok
19:17:03.0125 0532  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
19:17:03.0140 0532  aswTdi - ok
19:17:03.0187 0532  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:17:03.0328 0532  AsyncMac - ok
19:17:03.0359 0532  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:17:03.0468 0532  atapi - ok
19:17:03.0515 0532  [ F38A6E25C67798FF5F4AF85ACED4FB87 ] AtcL002         C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
19:17:03.0562 0532  AtcL002 - ok
19:17:03.0562 0532  Atdisk - ok
19:17:03.0687 0532  [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:17:03.0796 0532  Ati HotKey Poller - ok
19:17:03.0890 0532  [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:17:04.0031 0532  ati2mtag - ok
19:17:04.0140 0532  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:17:04.0171 0532  atksgt - ok
19:17:04.0218 0532  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:17:04.0343 0532  Atmarpc - ok
19:17:04.0453 0532  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:17:04.0593 0532  AudioSrv - ok
19:17:04.0640 0532  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:17:04.0765 0532  audstub - ok
19:17:04.0859 0532  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
19:17:04.0875 0532  avast! Antivirus - ok
19:17:04.0937 0532  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:17:05.0015 0532  BCM43XX - ok
19:17:05.0031 0532  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:17:05.0171 0532  Beep - ok
19:17:05.0234 0532  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:17:05.0375 0532  BITS - ok
19:17:05.0453 0532  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
19:17:05.0500 0532  Bonjour Service - ok
19:17:05.0562 0532  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
19:17:05.0625 0532  Browser - ok
19:17:05.0718 0532  catchme - ok
19:17:05.0750 0532  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:17:05.0875 0532  cbidf2k - ok
19:17:05.0921 0532  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:17:06.0031 0532  CCDECODE - ok
19:17:06.0031 0532  cd20xrnt - ok
19:17:06.0062 0532  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:17:06.0203 0532  Cdaudio - ok
19:17:06.0250 0532  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:17:06.0359 0532  Cdfs - ok
19:17:06.0390 0532  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:17:06.0500 0532  Cdrom - ok
19:17:06.0515 0532  Changer - ok
19:17:06.0593 0532  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:17:06.0734 0532  CiSvc - ok
19:17:06.0796 0532  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:17:06.0921 0532  ClipSrv - ok
19:17:06.0984 0532  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:07.0000 0532  clr_optimization_v2.0.50727_32 - ok
19:17:07.0031 0532  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:17:07.0156 0532  CmBatt - ok
19:17:07.0171 0532  CmdIde - ok
19:17:07.0187 0532  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:17:07.0312 0532  Compbatt - ok
19:17:07.0359 0532  COMSysApp - ok
19:17:07.0375 0532  Cpqarray - ok
19:17:07.0500 0532  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:17:07.0640 0532  CryptSvc - ok
19:17:07.0656 0532  dac2w2k - ok
19:17:07.0656 0532  dac960nt - ok
19:17:07.0703 0532  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:17:07.0781 0532  DcomLaunch - ok
19:17:07.0843 0532  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:17:07.0968 0532  Dhcp - ok
19:17:08.0000 0532  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:17:08.0109 0532  Disk - ok
19:17:08.0156 0532  dmadmin - ok
19:17:08.0281 0532  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:17:08.0437 0532  dmboot - ok
19:17:08.0468 0532  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:17:08.0593 0532  dmio - ok
19:17:08.0593 0532  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:17:08.0718 0532  dmload - ok
19:17:08.0765 0532  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:17:08.0890 0532  dmserver - ok
19:17:08.0921 0532  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:17:09.0046 0532  DMusic - ok
19:17:09.0109 0532  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:17:09.0171 0532  Dnscache - ok
19:17:09.0250 0532  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:17:09.0390 0532  Dot3svc - ok
19:17:09.0406 0532  dpti2o - ok
19:17:09.0437 0532  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:17:09.0546 0532  drmkaud - ok
19:17:09.0609 0532  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:17:09.0734 0532  EapHost - ok
19:17:09.0812 0532  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:17:09.0953 0532  ERSvc - ok
19:17:10.0015 0532  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
19:17:10.0046 0532  Eventlog - ok
19:17:10.0109 0532  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
19:17:10.0171 0532  EventSystem - ok
19:17:10.0203 0532  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:17:10.0312 0532  Fastfat - ok
19:17:10.0359 0532  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:17:10.0406 0532  FastUserSwitchingCompatibility - ok
19:17:10.0437 0532  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
19:17:10.0546 0532  Fdc - ok
19:17:10.0562 0532  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:17:10.0687 0532  Fips - ok
19:17:10.0718 0532  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:17:10.0843 0532  Flpydisk - ok
19:17:10.0875 0532  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:17:11.0000 0532  FltMgr - ok
19:17:11.0109 0532  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:17:11.0125 0532  FontCache3.0.0.0 - ok
19:17:11.0156 0532  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:17:11.0296 0532  Fs_Rec - ok
19:17:11.0312 0532  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:17:11.0453 0532  Ftdisk - ok
19:17:11.0500 0532  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:17:11.0500 0532  GEARAspiWDM - ok
19:17:11.0546 0532  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\WINDOWS\system32\giveio.sys
19:17:11.0578 0532  giveio ( UnsignedFile.Multi.Generic ) - warning
19:17:11.0578 0532  giveio - detected UnsignedFile.Multi.Generic (1)
19:17:11.0609 0532  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:17:11.0734 0532  Gpc - ok
19:17:11.0765 0532  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:17:11.0890 0532  HDAudBus - ok
19:17:11.0937 0532  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:17:12.0062 0532  helpsvc - ok
19:17:12.0093 0532  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:17:12.0218 0532  HidServ - ok
19:17:12.0250 0532  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:17:12.0375 0532  HidUsb - ok
19:17:12.0453 0532  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:17:12.0578 0532  hkmsvc - ok
19:17:12.0578 0532  hpn - ok
19:17:12.0640 0532  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:17:12.0703 0532  HTTP - ok
19:17:12.0765 0532  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:17:12.0890 0532  HTTPFilter - ok
19:17:12.0906 0532  i2omgmt - ok
19:17:12.0906 0532  i2omp - ok
19:17:12.0937 0532  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:17:13.0062 0532  i8042prt - ok
19:17:13.0140 0532  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:17:13.0156 0532  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:17:13.0156 0532  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:17:13.0234 0532  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:17:13.0296 0532  idsvc - ok
19:17:13.0328 0532  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:17:13.0453 0532  Imapi - ok
19:17:13.0515 0532  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:17:13.0640 0532  ImapiService - ok
19:17:13.0656 0532  ini910u - ok
19:17:13.0859 0532  [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:17:14.0093 0532  IntcAzAudAddService - ok
19:17:14.0156 0532  IntelIde - ok
19:17:14.0171 0532  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:17:14.0312 0532  intelppm - ok
19:17:14.0343 0532  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:17:14.0453 0532  Ip6Fw - ok
19:17:14.0484 0532  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:17:14.0625 0532  IpFilterDriver - ok
19:17:14.0656 0532  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:17:14.0796 0532  IpInIp - ok
19:17:14.0828 0532  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:17:14.0968 0532  IpNat - ok
19:17:15.0078 0532  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
19:17:15.0140 0532  iPod Service - ok
19:17:15.0187 0532  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:17:15.0328 0532  IPSec - ok
19:17:15.0359 0532  [ EE8CC26924A6F07972BBF04487EBD552 ] ipswuio         C:\WINDOWS\system32\DRIVERS\ipswuio.sys
19:17:15.0375 0532  ipswuio ( UnsignedFile.Multi.Generic ) - warning
19:17:15.0375 0532  ipswuio - detected UnsignedFile.Multi.Generic (1)
19:17:15.0406 0532  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:17:15.0531 0532  IRENUM - ok
19:17:15.0578 0532  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:17:15.0734 0532  isapnp - ok
19:17:15.0843 0532  [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
19:17:15.0859 0532  JavaQuickStarterService - ok
19:17:15.0890 0532  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:17:16.0031 0532  Kbdclass - ok
19:17:16.0046 0532  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:17:16.0171 0532  kbdhid - ok
19:17:16.0234 0532  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:17:16.0359 0532  kmixer - ok
19:17:16.0390 0532  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:17:16.0453 0532  KSecDD - ok
19:17:16.0515 0532  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:17:16.0578 0532  lanmanserver - ok
19:17:16.0703 0532  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:17:16.0765 0532  lanmanworkstation - ok
19:17:16.0781 0532  lbrtfdc - ok
19:17:16.0859 0532  [ 5712DCBE52D68865CCA91AE04807B755 ] LightScribeService c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
19:17:16.0890 0532  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:17:16.0890 0532  LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:17:16.0921 0532  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:17:16.0937 0532  lirsgt - ok
19:17:17.0000 0532  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:17:17.0125 0532  LmHosts - ok
19:17:17.0156 0532  [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta        C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
19:17:17.0171 0532  LVUSBSta - ok
19:17:17.0218 0532  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:17:17.0343 0532  Messenger - ok
19:17:17.0375 0532  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:17:17.0515 0532  mnmdd - ok
19:17:17.0546 0532  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:17:17.0671 0532  mnmsrvc - ok
19:17:17.0703 0532  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:17:17.0843 0532  Modem - ok
19:17:17.0859 0532  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:17:18.0000 0532  MODEMCSA - ok
19:17:18.0031 0532  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:17:18.0156 0532  Mouclass - ok
19:17:18.0187 0532  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:17:18.0328 0532  mouhid - ok
19:17:18.0359 0532  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:17:18.0468 0532  MountMgr - ok
19:17:18.0531 0532  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:17:18.0562 0532  MozillaMaintenance - ok
19:17:18.0640 0532  MpKsl9753d9dd - ok
19:17:18.0656 0532  mraid35x - ok
19:17:18.0687 0532  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:17:18.0828 0532  MRxDAV - ok
19:17:18.0875 0532  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:17:18.0953 0532  MRxSmb - ok
19:17:19.0015 0532  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:17:19.0140 0532  MSDTC - ok
19:17:19.0171 0532  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:17:19.0296 0532  Msfs - ok
19:17:19.0328 0532  MSIServer - ok
19:17:19.0421 0532  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:17:19.0546 0532  MSKSSRV - ok
19:17:19.0625 0532  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:17:19.0734 0532  MSPCLOCK - ok
19:17:19.0750 0532  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:17:19.0875 0532  MSPQM - ok
19:17:19.0906 0532  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:17:20.0015 0532  mssmbios - ok
19:17:20.0031 0532  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:17:20.0156 0532  MSTEE - ok
19:17:20.0203 0532  [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
19:17:20.0203 0532  MTsensor - ok
19:17:20.0250 0532  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:17:20.0312 0532  Mup - ok
19:17:20.0328 0532  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:17:20.0468 0532  NABTSFEC - ok
19:17:20.0546 0532  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:17:20.0687 0532  napagent - ok
19:17:20.0718 0532  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:17:20.0828 0532  NDIS - ok
19:17:20.0859 0532  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:17:20.0984 0532  NdisIP - ok
19:17:21.0015 0532  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:17:21.0062 0532  NdisTapi - ok
19:17:21.0109 0532  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:17:21.0234 0532  Ndisuio - ok
19:17:21.0265 0532  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:17:21.0406 0532  NdisWan - ok
19:17:21.0437 0532  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:17:21.0484 0532  NDProxy - ok
19:17:21.0500 0532  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:17:21.0625 0532  NetBIOS - ok
19:17:21.0656 0532  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\NETBT.SYS
19:17:21.0796 0532  NetBT - ok
19:17:21.0859 0532  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:17:21.0984 0532  NetDDE - ok
19:17:22.0000 0532  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:17:22.0109 0532  NetDDEdsdm - ok
19:17:22.0218 0532  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:17:22.0343 0532  Netlogon - ok
19:17:22.0406 0532  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
19:17:22.0546 0532  Netman - ok
19:17:22.0687 0532  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:17:22.0703 0532  NetTcpPortSharing - ok
19:17:22.0765 0532  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:17:22.0812 0532  Nla - ok
19:17:22.0828 0532  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:17:22.0937 0532  Npfs - ok
19:17:23.0000 0532  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:17:23.0171 0532  Ntfs - ok
19:17:23.0203 0532  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:17:23.0312 0532  NtLmSsp - ok
19:17:23.0421 0532  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:17:23.0578 0532  NtmsSvc - ok
19:17:23.0640 0532  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:17:23.0765 0532  Null - ok
19:17:23.0796 0532  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:17:23.0937 0532  NwlnkFlt - ok
19:17:23.0937 0532  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:17:24.0093 0532  NwlnkFwd - ok
19:17:24.0125 0532  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
19:17:24.0250 0532  Parport - ok
19:17:24.0281 0532  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:17:24.0390 0532  PartMgr - ok
19:17:24.0406 0532  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:17:24.0546 0532  ParVdm - ok
19:17:24.0562 0532  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:17:24.0671 0532  PCI - ok
19:17:24.0671 0532  PCIDump - ok
19:17:24.0703 0532  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:17:24.0828 0532  PCIIde - ok
19:17:24.0859 0532  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:17:25.0000 0532  Pcmcia - ok
19:17:25.0031 0532  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
19:17:25.0046 0532  pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:17:25.0046 0532  pcouffin - detected UnsignedFile.Multi.Generic (1)
19:17:25.0046 0532  PDCOMP - ok
19:17:25.0062 0532  PDFRAME - ok
19:17:25.0078 0532  PDRELI - ok
19:17:25.0078 0532  PDRFRAME - ok
19:17:25.0093 0532  perc2 - ok
19:17:25.0109 0532  perc2hib - ok
19:17:25.0203 0532  [ A7598E897DA639E255AD4188FA398478 ] PID_PEPI        C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
19:17:25.0296 0532  PID_PEPI - ok
19:17:25.0375 0532  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
19:17:25.0390 0532  PlugPlay - ok
19:17:25.0453 0532  [ 831883B107684301F48ACE752C963984 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
19:17:25.0468 0532  PnkBstrA - ok
19:17:25.0515 0532  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:17:25.0625 0532  PolicyAgent - ok
19:17:25.0687 0532  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:17:25.0812 0532  PptpMiniport - ok
19:17:25.0828 0532  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:17:25.0937 0532  ProtectedStorage - ok
19:17:25.0984 0532  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:17:26.0156 0532  PSched - ok
19:17:26.0156 0532  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:17:26.0312 0532  Ptilink - ok
19:17:26.0312 0532  ql1080 - ok
19:17:26.0328 0532  Ql10wnt - ok
19:17:26.0343 0532  ql12160 - ok
19:17:26.0343 0532  ql1240 - ok
19:17:26.0359 0532  ql1280 - ok
19:17:26.0421 0532  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:17:26.0562 0532  RasAcd - ok
19:17:26.0625 0532  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:17:26.0750 0532  RasAuto - ok
19:17:26.0781 0532  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:17:26.0906 0532  Rasl2tp - ok
19:17:26.0968 0532  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:17:27.0125 0532  RasMan - ok
19:17:27.0125 0532  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:17:27.0265 0532  RasPppoe - ok
19:17:27.0281 0532  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:17:27.0421 0532  Raspti - ok
19:17:27.0453 0532  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:17:27.0562 0532  Rdbss - ok
19:17:27.0593 0532  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:17:27.0734 0532  RDPCDD - ok
19:17:27.0765 0532  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:17:27.0906 0532  rdpdr - ok
19:17:27.0953 0532  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:17:28.0015 0532  RDPWD - ok
19:17:28.0046 0532  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:17:28.0171 0532  RDSessMgr - ok
19:17:28.0218 0532  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:17:28.0328 0532  redbook - ok
19:17:28.0421 0532  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:17:28.0562 0532  RemoteAccess - ok
19:17:28.0593 0532  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:17:28.0718 0532  RemoteRegistry - ok
19:17:28.0781 0532  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:17:28.0906 0532  RpcLocator - ok
19:17:28.0953 0532  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
19:17:28.0984 0532  RpcSs - ok
19:17:29.0031 0532  [ A3B23FB3F295694091F51865F98588B2 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:17:29.0031 0532  rspndr ( UnsignedFile.Multi.Generic ) - warning
19:17:29.0031 0532  rspndr - detected UnsignedFile.Multi.Generic (1)
19:17:29.0093 0532  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:17:29.0234 0532  RSVP - ok
19:17:29.0265 0532  [ DAAF657C0B5BD0595669496857040F75 ] RTSTOR          C:\WINDOWS\system32\drivers\RTSTOR.SYS
19:17:29.0312 0532  RTSTOR - ok
19:17:29.0375 0532  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:17:29.0484 0532  SamSs - ok
19:17:29.0546 0532  [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
19:17:29.0578 0532  Samsung UPD Service - ok
19:17:29.0671 0532  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
19:17:29.0687 0532  SASDIFSV - ok
19:17:29.0703 0532  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
19:17:29.0718 0532  SASKUTIL - ok
19:17:29.0765 0532  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:17:29.0906 0532  SCardSvr - ok
19:17:29.0968 0532  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:17:30.0093 0532  Schedule - ok
19:17:30.0140 0532  [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus         C:\WINDOWS\system32\DRIVERS\SE27bus.sys
19:17:30.0140 0532  SE27bus ( UnsignedFile.Multi.Generic ) - warning
19:17:30.0140 0532  SE27bus - detected UnsignedFile.Multi.Generic (1)
19:17:30.0187 0532  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:17:30.0296 0532  Secdrv - ok
19:17:30.0359 0532  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:17:30.0468 0532  seclogon - ok
19:17:30.0515 0532  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
19:17:30.0656 0532  SENS - ok
19:17:30.0687 0532  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
19:17:30.0828 0532  Serial - ok
19:17:30.0859 0532  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:17:30.0968 0532  Sfloppy - ok
19:17:31.0046 0532  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:17:31.0187 0532  SharedAccess - ok
19:17:31.0234 0532  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:17:31.0265 0532  ShellHWDetection - ok
19:17:31.0281 0532  Simbad - ok
19:17:31.0500 0532  [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:17:31.0718 0532  Skype C2C Service - ok
19:17:31.0890 0532  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
19:17:31.0921 0532  SkypeUpdate - ok
19:17:31.0984 0532  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:17:32.0093 0532  SLIP - ok
19:17:32.0171 0532  [ B8C571FBF5A4B341A95CDF0DE74D7B11 ] smserial        C:\WINDOWS\system32\DRIVERS\smserial.sys
19:17:32.0281 0532  smserial - ok
19:17:32.0296 0532  Sparrow - ok
19:17:32.0359 0532  [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan        C:\WINDOWS\system32\speedfan.sys
19:17:32.0375 0532  speedfan - ok
19:17:32.0421 0532  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:17:32.0546 0532  splitter - ok
19:17:32.0609 0532  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:17:32.0656 0532  Spooler - ok
19:17:32.0718 0532  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
19:17:32.0781 0532  sptd - ok
19:17:32.0796 0532  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:17:32.0921 0532  sr - ok
19:17:33.0015 0532  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:17:33.0156 0532  srservice - ok
19:17:33.0187 0532  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:17:33.0296 0532  Srv - ok
19:17:33.0359 0532  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:17:33.0484 0532  SSDPSRV - ok
19:17:33.0531 0532  [ 5EC550B8952882EE856B862CF648522D ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:17:33.0546 0532  ssmdrv - ok
19:17:33.0609 0532  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:17:33.0765 0532  stisvc - ok
19:17:33.0796 0532  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:17:33.0921 0532  streamip - ok
19:17:33.0953 0532  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:17:34.0078 0532  swenum - ok
19:17:34.0109 0532  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:17:34.0218 0532  swmidi - ok
19:17:34.0281 0532  SwPrv - ok
19:17:34.0296 0532  symc810 - ok
19:17:34.0312 0532  symc8xx - ok
19:17:34.0359 0532  [ 3C6790D26D03FE5163E2BEC490E51A7E ] SymEvent        C:\Programme\Symantec\SYMEVENT.SYS
19:17:34.0375 0532  SymEvent - ok
19:17:34.0390 0532  sym_hi - ok
19:17:34.0406 0532  sym_u3 - ok
19:17:34.0437 0532  [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:17:34.0515 0532  SynTP - ok
19:17:34.0546 0532  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:17:34.0671 0532  sysaudio - ok
19:17:34.0750 0532  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:17:34.0890 0532  SysmonLog - ok
19:17:34.0953 0532  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:17:35.0093 0532  TapiSrv - ok
19:17:35.0140 0532  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:17:35.0203 0532  Tcpip - ok
19:17:35.0265 0532  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:17:35.0375 0532  TDPIPE - ok
19:17:35.0390 0532  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:17:35.0515 0532  TDTCP - ok
19:17:35.0546 0532  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:17:35.0656 0532  TermDD - ok
19:17:35.0718 0532  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:17:35.0859 0532  TermService - ok
19:17:35.0921 0532  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:17:35.0937 0532  Themes - ok
19:17:36.0000 0532  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:17:36.0125 0532  TlntSvr - ok
19:17:36.0140 0532  TosIde - ok
19:17:36.0203 0532  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:17:36.0343 0532  TrkWks - ok
19:17:36.0375 0532  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:17:36.0484 0532  Udfs - ok
19:17:36.0593 0532  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
19:17:36.0609 0532  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
19:17:36.0609 0532  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
19:17:36.0625 0532  ultra - ok
19:17:36.0687 0532  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:17:36.0828 0532  Update - ok
19:17:36.0890 0532  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:17:37.0031 0532  upnphost - ok
19:17:37.0078 0532  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
19:17:37.0203 0532  UPS - ok
19:17:37.0234 0532  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
19:17:37.0281 0532  USBAAPL - ok
19:17:37.0312 0532  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:17:37.0437 0532  usbaudio - ok
19:17:37.0453 0532  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:17:37.0578 0532  usbccgp - ok
19:17:37.0609 0532  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:17:37.0718 0532  usbehci - ok
19:17:37.0750 0532  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:17:37.0890 0532  usbhub - ok
19:17:37.0921 0532  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:17:38.0031 0532  usbohci - ok
19:17:38.0078 0532  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:17:38.0203 0532  usbprint - ok
19:17:38.0218 0532  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:17:38.0343 0532  usbscan - ok
19:17:38.0359 0532  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:17:38.0484 0532  usbstor - ok
19:17:38.0515 0532  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:17:38.0640 0532  VgaSave - ok
19:17:38.0656 0532  ViaIde - ok
19:17:38.0687 0532  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:17:38.0812 0532  VolSnap - ok
19:17:38.0906 0532  [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
19:17:38.0953 0532  vpnagent - ok
19:17:38.0968 0532  [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
19:17:38.0984 0532  vpnva - ok
19:17:39.0078 0532  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:17:39.0218 0532  VSS - ok
19:17:39.0265 0532  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
19:17:39.0406 0532  W32Time - ok
19:17:39.0437 0532  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:17:39.0562 0532  Wanarp - ok
19:17:39.0578 0532  WDICA - ok
19:17:39.0609 0532  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:17:39.0750 0532  wdmaud - ok
19:17:39.0796 0532  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:17:39.0937 0532  WebClient - ok
19:17:40.0000 0532  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:17:40.0125 0532  winmgmt - ok
19:17:40.0187 0532  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:17:40.0234 0532  WmdmPmSN - ok
19:17:40.0296 0532  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:17:40.0406 0532  Wmi - ok
19:17:40.0437 0532  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:17:40.0578 0532  WmiApSrv - ok
19:17:40.0687 0532  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
19:17:40.0796 0532  WMPNetworkSvc - ok
19:17:40.0843 0532  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:17:41.0000 0532  WS2IFSL - ok
19:17:41.0125 0532  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:17:41.0265 0532  wscsvc - ok
19:17:41.0296 0532  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:17:41.0421 0532  WSTCODEC - ok
19:17:41.0500 0532  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:17:41.0625 0532  wuauserv - ok
19:17:41.0671 0532  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:17:41.0687 0532  WudfPf - ok
19:17:41.0703 0532  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:17:41.0734 0532  WudfRd - ok
19:17:41.0812 0532  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:17:41.0843 0532  WudfSvc - ok
19:17:41.0906 0532  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:17:42.0078 0532  WZCSVC - ok
19:17:42.0140 0532  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:17:42.0265 0532  xmlprov - ok
19:17:42.0281 0532  ================ Scan global ===============================
19:17:42.0390 0532  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:17:42.0515 0532  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:17:42.0593 0532  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:17:42.0656 0532  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:17:42.0656 0532  [Global] - ok
19:17:42.0656 0532  ================ Scan MBR ==================================
19:17:42.0687 0532  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:17:42.0921 0532  \Device\Harddisk0\DR0 - ok
19:17:42.0921 0532  ================ Scan VBR ==================================
19:17:42.0921 0532  [ D9EC8C4A659D1AFB1A543A22BDDAA6B5 ] \Device\Harddisk0\DR0\Partition1
19:17:42.0921 0532  \Device\Harddisk0\DR0\Partition1 - ok
19:17:42.0937 0532  [ 6C84868757949F188DDEBAB3A3D0E0B6 ] \Device\Harddisk0\DR0\Partition2
19:17:42.0937 0532  \Device\Harddisk0\DR0\Partition2 - ok
19:17:42.0937 0532  ============================================================
19:17:42.0937 0532  Scan finished
19:17:42.0937 0532  ============================================================
19:17:43.0078 0520  Detected object count: 10
19:17:43.0078 0520  Actual detected object count: 10
19:17:55.0312 0520  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:55.0312 0520  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:55.0312 0520  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:55.0312 0520  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:55.0312 0520  ipswuio ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0312 0520  ipswuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:55.0328 0520  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:55.0328 0520  pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520  pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:55.0328 0520  rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520  rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:55.0328 0520  SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520  SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:55.0328 0520  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:55.0328 0520  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Viele Grüße

Alt 19.11.2012, 19:57   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2012, 20:06   #14
pinadgo
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Hier ist die Logdatei:

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 19/11/2012 um 20:04:55 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : jens - DACHS
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\jens\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Programme\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gefunden : HKCU\Software\pdfforge.org
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\pdfforge.org
Schlüssel Gefunden : HKU\S-1-5-21-906765128-4224003750-1731297779-1004\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}
Schlüssel Gefunden : HKU\S-1-5-21-906765128-4224003750-1731297779-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1944 octets] - [19/11/2012 20:04:55]

########## EOF - C:\AdwCleaner[R1].txt - [2004 octets] ##########
         
Vielen Dank!

Alt 19.11.2012, 20:17   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Standard

Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?



Versuch bitte alle im adwCleaner-Log erwähnten Einträge (wie zB conduit oder pdfforge.org) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen.
Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?
0xc0000001, adobe, antivirus, application/pdf:, avast, avira, bho, bonjour, brief, converter, e-banking, error, fehler, firefox, flash player, gefährlich?, gen-nullo, infizierte, install.exe, jdownloader, load.tubes, mozilla, mp3, object, photoshop, realtek, rundll, software, starten, superantispyware, symantec, trojaner, udp, usb 2.0, windows internet, wlan, wscript.exe



Ähnliche Themen: Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?


  1. Trojan.Agent - netlogger.exe - MalwareBytes findet nach Routinescan einen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.09.2014 (11)
  2. Polizei-Trojaner ("Swiss Edition") / Trojan.Ransom / Trojan.Agent
    Log-Analyse und Auswertung - 29.11.2012 (17)
  3. Trojaner "Trojan.Agent.VGENX"
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  4. TR/Trash.Gen/Trojan.Agent/Gen-Nullo[Short]/Risktool.KillFiles
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (54)
  5. Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden
    Log-Analyse und Auswertung - 02.04.2012 (28)
  6. Nach Problemen mit Internetkonnektivität "Getdo (Trojan.Agent)" gefunden
    Log-Analyse und Auswertung - 30.01.2012 (16)
  7. Trojaner "appconf32.exe" und "Trojan.Banker" gefunden
    Log-Analyse und Auswertung - 11.01.2012 (7)
  8. Generelle Frage zu bestimmten Trojaner "Trojan.Win32.Agent"
    Log-Analyse und Auswertung - 06.12.2011 (9)
  9. "trojan-dropper.win32.Agent.dglg" und "trojan.Win32.Autohit.wh"
    Log-Analyse und Auswertung - 03.02.2011 (10)
  10. (Trojan.Agent) in "C:\Dokumente und Einstellungen...\SYSTEM32.dll" gefunden !
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (13)
  11. Älterer PC XP&ME mit Trojaner Hiloti, Trojan Agent, u.a. "befallen"
    Log-Analyse und Auswertung - 12.04.2010 (19)
  12. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  13. Wie gefährlich sind "I-Worm.Bagle.AAKP","Trojan.DL.Bagle.ABWF","Bagle.Gen 21"
    Plagegeister aller Art und deren Bekämpfung - 31.10.2009 (1)
  14. Hilfe! "Trojan.Agent" und "Rogue.Residue" auf dem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 03.05.2009 (13)
  15. Trojaner "TR/Agent.ahze" mit Avira gefunden!
    Mülltonne - 09.11.2008 (0)
  16. Mehrere Trojaner gefunden "trojan-spy.win32.greenscreen"....
    Plagegeister aller Art und deren Bekämpfung - 13.10.2008 (38)
  17. Mehrer Trojaner gefunden "Trojan-Spy.Win32.GreenScreen" ...
    Plagegeister aller Art und deren Bekämpfung - 14.09.2008 (3)

Zum Thema Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? - Hallo! Da meine Mutter einen Brief von der Telekom bekommen hat, dass ihr PC vom Zeus Online-Banking Trojaner befallen ist, hatte ich Angst, dass der evtl. bei mir auch über - Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?...
Archiv
Du betrachtest: Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.