Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GUV Angriff

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.02.2013, 16:29   #1
nerd18
 
GUV Angriff - Standard

GUV Angriff



Hallo,

gestern hat mich nun auch erwischt. Ich habe meinen Rechner eigentlich auch wieder hin bekommen. Jedoch bin ich da etwas unsicher ob das Ding wirklich weg ist.
Ich habe mal das Antimalware Tool durch laufen lassen, es hat aber nicht geunden

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.12.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Mario :: [Administrator]

12.02.2013 16:16:54
mbam-log-2013-02-12 (16-16-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 283528
Laufzeit: 4 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

Ich habe es über die Sys Wiederherstellung gemacht. Was muss/sollte ich jetzt tun um sicher zu gehen (wenn überhaupt möglich ist) das dieser GUV-Müll tatsächlich entfernt wurde?

gruß mario

Alt 13.02.2013, 11:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Angriff - Standard

GUV Angriff



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 13.02.2013, 15:04   #3
nerd18
 
GUV Angriff - Standard

GUV Angriff



Code:
ATTFilter
OTL logfile created on: 13.02.2013 14:52:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,46% Memory free
4,84 Gb Paging File | 4,02 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 698,63 Gb Total Space | 285,84 Gb Free Space | 40,91% Space Free | Partition Type: NTFS
 
Computer  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Mario\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Programme\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
PRC - C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe ()
PRC - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\AVAST Software\Avast\defs\13021201\algo.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\Ad-Aware Antivirus\Definitions\libMachoUniv.dll ()
MOD - C:\Programme\Ad-Aware Antivirus\Definitions\libBase64.dll ()
MOD - C:\Programme\ffdshow\ffdshow.ax ()
MOD - C:\Programme\LAV Filters\libbluray.dll ()
MOD - C:\Programme\LAV Filters\avcodec-lav-53.dll ()
MOD - C:\Programme\LAV Filters\avformat-lav-53.dll ()
MOD - C:\Programme\LAV Filters\avutil-lav-51.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\WINDOWS\system32\SNXPWIA.dll ()
MOD - C:\WINDOWS\system32\SNXPEH.dll ()
MOD - C:\WINDOWS\system32\ac3filter.acm ()
MOD - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
MOD - C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe ()
MOD - C:\Programme\IVT Corporation\BlueSoleil\setup.dll ()
MOD - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
MOD - C:\WINDOWS\system32\BsMobileSDK.dll ()
MOD - C:\WINDOWS\system32\Bs2Res.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\BsLangInDepRes.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\cx21sl3.dll ()
MOD - C:\WINDOWS\system32\tsd32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HitmanProScheduler) -- C:\Programme\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer Free\DfSdkS.exe (mst software GmbH, Germany)
SRV - (BlueSoleilCS) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (BsHelpCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva397) -- C:\WINDOWS\system32\XDva397.sys File not found
DRV - (WDICA) --  File not found
DRV - (Scutum50) -- System32\Drivers\Scutum50.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\WINDOWS\system32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\WINDOWS\system32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (NTIOLib_1_0_4) -- C:\Programme\MSI\Live Update 5\NTIOLib.sys (MSI)
DRV - (BlueToothUsb_w732) -- C:\WINDOWS\system32\drivers\BlueToothUsb_w732.sys (3DSP Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\Programme\MSI\Live Update 5\msibios32_100507.sys (Your Corporation)
DRV - (RTLTEAMING) -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS (Realtek Semiconductor Corporation)
DRV - (WLAN3DSPUSBXP) -- C:\WINDOWS\system32\drivers\wlusb732.sys (3DSP Corporation)
DRV - (TdspUsbBus_w732) -- C:\WINDOWS\system32\drivers\tdspusbbus_w732.sys (Windows (R) Win 7 DDK provider)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (63696872) -- C:\WINDOWS\system32\drivers\63696872.sys (Kaspersky Lab)
DRV - (setup_9.0.0.722_07.07.2012_12-34drv) -- C:\WINDOWS\system32\drivers\6369687.sys (Kaspersky Lab)
DRV - (63696871) -- C:\WINDOWS\system32\drivers\63696871.sys (Kaspersky Lab)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (BTUSBCARD) -- C:\WINDOWS\system32\drivers\BtUsbCard.sys ()
DRV - (RtNdPt5x) -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys (Realtek Semiconductor Corporation                           )
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\WINDOWS\system32\drivers\BtHidBus.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (RDID1076) -- C:\WINDOWS\system32\drivers\Rdwm1076.sys (Roland Corporation)
DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation)
DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows (R) 2000 DDK provider)
DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (QCEmerald) -- C:\WINDOWS\system32\drivers\OVCE.sys (Microsoft Corporation)
DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\OVSound2.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-448539723-1035525444-839522115-1003\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
IE - HKU\S-1-5-21-448539723-1035525444-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "CannaPower User-Uploads"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.klamm.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.5pre.130210a
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.4
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2013.01.22 09:21:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.11 22:54:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.12.28 00:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Extensions
[2013.02.12 15:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions
[2013.01.08 09:26:54 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.12.18 13:19:02 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.01.12 01:36:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.16 18:16:48 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\ich@maltegoetz.de
[2012.12.18 13:19:20 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.01.15 14:14:51 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\wotstats@mywot.com
[2013.02.02 11:56:57 | 000,130,828 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.07.06 13:25:59 | 000,123,385 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.09.13 16:34:29 | 000,621,521 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.01.31 00:48:11 | 000,533,536 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.01.05 16:48:42 | 000,220,411 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.02.01 13:33:28 | 000,817,973 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.12 15:46:56 | 000,800,129 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.05.10 17:09:29 | 000,005,027 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\h06ady70.default\searchplugins\cannapower-user-uploads.xml
[2013.02.11 22:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.11 22:54:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.08 13:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2013.01.22 09:21:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.02.08 13:03:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.10.28 18:00:55 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.28 18:00:55 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.28 18:00:55 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.28 18:00:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.28 18:00:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.28 18:00:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.18 00:35:52 | 000,444,929 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15281 more lines...
O2 - BHO: (Giant Savings Extension) - {11111111-1111-1111-1111-110211181110} - C:\Programme\Giant Savings Extension\Giant Savings Extension.dll (215 Apps)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [USBMaLoader.exe] C:\Programme\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe (3DSP corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-21-448539723-1035525444-839522115-1007..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\20Dollars2Surf.lnk = C:\Programme\20Dollars2Surf\20dollars2surf.exe (20Dollars2Surf.com)
O4 - Startup: C:\Dokumente und Einstellungen\Freia\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1035525444-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1035525444-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-448539723-1035525444-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FC0A662-DAAC-441E-89A7-A86634F6358A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7161C45F-1F04-4982-BBC2-59C40EAD4C0A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B70FFE54-E0DB-409F-8E0F-1A8102436EB6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browserprotect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.27 19:54:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0eb94c14-3137-11e1-9689-f3d51baf18b9}\Shell - "" = AutoRun
O33 - MountPoints2\{0eb94c14-3137-11e1-9689-f3d51baf18b9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0eb94c14-3137-11e1-9689-f3d51baf18b9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.13 14:39:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mario\Desktop\OTL.exe
[2013.02.13 12:23:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013.02.12 23:28:37 | 000,000,000 | ---D | C] -- C:\Programme\HitmanPro
[2013.02.12 23:27:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013.02.12 23:16:30 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mario\Recent
[2013.02.11 22:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2013.02.11 22:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013.02.11 22:14:43 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.02.08 13:03:31 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.02.01 15:01:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mario\Lokale Einstellungen\Anwendungsdaten\Google
[2013.02.01 12:33:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mario\Eigene Dateien\864875.zpTEMP
[2013.02.01 07:11:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox.bak
[2013.01.31 12:55:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mario\Startmenü\Programme\O&O Software
[2013.01.31 12:55:28 | 000,000,000 | ---D | C] -- C:\Programme\OO Software
[2013.01.28 20:12:12 | 000,227,328 | R--- | C] (Samsung Electronics) -- C:\WINDOWS\System32\snWIAMUI.dll
[2013.01.18 19:42:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2013.01.18 19:41:43 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2013.01.18 19:41:11 | 000,000,000 | ---D | C] -- C:\Programme\Giant Savings Extension
[2013.01.18 19:40:21 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2013.01.15 20:12:47 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Mario\UserData
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.13 14:44:28 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\defogger_reenable
[2013.02.13 14:39:57 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\gmer_2.0.18454.exe
[2013.02.13 14:39:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mario\Desktop\OTL.exe
[2013.02.13 14:38:57 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Defogger.exe
[2013.02.13 12:22:22 | 000,013,758 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.13 12:22:12 | 000,001,603 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013.02.13 12:22:10 | 000,003,097 | ---- | M] () -- C:\WINDOWS\System32\drivers\USBWBCONF.ini
[2013.02.13 12:22:09 | 000,003,097 | ---- | M] () -- C:\WINDOWS\USBWBCONF.ini
[2013.02.13 12:20:58 | 000,000,921 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2013.02.13 12:20:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.13 00:42:05 | 000,021,390 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013.02.13 00:14:56 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.12 23:28:37 | 000,001,594 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HitmanPro.lnk
[2013.02.11 23:20:05 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\skype.ini
[2013.02.10 13:07:53 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.02.06 14:46:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.02.01 15:03:20 | 000,001,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.02.01 15:01:54 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.31 22:02:48 | 001,835,558 | ---- | M] () -- C:\IMG_0535.jpg
[2013.01.31 22:02:08 | 002,650,388 | ---- | M] () -- C:\IMG_0534.jpg
[2013.01.31 22:02:01 | 002,390,552 | ---- | M] () -- C:\IMG_0533.jpg
[2013.01.31 22:01:54 | 002,402,752 | ---- | M] () -- C:\IMG_0532.jpg
[2013.01.31 22:01:21 | 002,339,086 | ---- | M] () -- C:\IMG_0531.jpg
[2013.01.31 22:01:05 | 001,760,936 | ---- | M] () -- C:\IMG_0530.jpg
[2013.01.31 22:00:56 | 002,105,309 | ---- | M] () -- C:\IMG_0529.jpg
[2013.01.31 22:00:48 | 002,100,925 | ---- | M] () -- C:\IMG_0528.jpg
[2013.01.31 22:00:42 | 001,674,045 | ---- | M] () -- C:\IMG_0527.jpg
[2013.01.31 18:45:27 | 002,285,808 | ---- | M] () -- C:\IMG_0521.jpg
[2013.01.31 18:44:47 | 001,867,201 | ---- | M] () -- C:\IMG_0520.jpg
[2013.01.31 18:43:58 | 001,887,408 | ---- | M] () -- C:\IMG_0519.jpg
[2013.01.31 18:43:26 | 002,726,407 | ---- | M] () -- C:\IMG_0518.jpg
[2013.01.31 18:42:32 | 002,876,447 | ---- | M] () -- C:\IMG_0517.jpg
[2013.01.26 22:50:58 | 000,430,079 | ---- | M] () -- C:\AnalysisLog.sr0
[2013.01.22 09:21:41 | 000,003,010 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.01.22 09:21:41 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.13 14:44:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\defogger_reenable
[2013.02.13 14:39:56 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\gmer_2.0.18454.exe
[2013.02.13 14:38:57 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Defogger.exe
[2013.02.13 00:03:25 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013.02.12 23:28:37 | 000,001,594 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HitmanPro.lnk
[2013.02.11 19:52:11 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\skype.ini
[2013.02.01 15:03:20 | 000,001,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.02.01 15:01:54 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.31 22:02:48 | 001,835,558 | ---- | C] () -- C:\IMG_0535.jpg
[2013.01.31 22:02:08 | 002,650,388 | ---- | C] () -- C:\IMG_0534.jpg
[2013.01.31 22:02:01 | 002,390,552 | ---- | C] () -- C:\IMG_0533.jpg
[2013.01.31 22:01:54 | 002,402,752 | ---- | C] () -- C:\IMG_0532.jpg
[2013.01.31 22:01:21 | 002,339,086 | ---- | C] () -- C:\IMG_0531.jpg
[2013.01.31 22:01:05 | 001,760,936 | ---- | C] () -- C:\IMG_0530.jpg
[2013.01.31 22:00:56 | 002,105,309 | ---- | C] () -- C:\IMG_0529.jpg
[2013.01.31 22:00:48 | 002,100,925 | ---- | C] () -- C:\IMG_0528.jpg
[2013.01.31 22:00:42 | 001,674,045 | ---- | C] () -- C:\IMG_0527.jpg
[2013.01.31 18:45:27 | 002,285,808 | ---- | C] () -- C:\IMG_0521.jpg
[2013.01.31 18:44:47 | 001,867,201 | ---- | C] () -- C:\IMG_0520.jpg
[2013.01.31 18:43:58 | 001,887,408 | ---- | C] () -- C:\IMG_0519.jpg
[2013.01.31 18:43:26 | 002,726,407 | ---- | C] () -- C:\IMG_0518.jpg
[2013.01.31 18:42:32 | 002,876,447 | ---- | C] () -- C:\IMG_0517.jpg
[2013.01.26 22:50:41 | 000,430,079 | ---- | C] () -- C:\AnalysisLog.sr0
[2012.12.17 13:10:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2012.12.02 14:17:40 | 000,000,212 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2012.11.04 12:59:56 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2012.11.04 12:59:55 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2012.07.25 12:17:26 | 000,000,923 | ---- | C] () -- C:\WINDOWS\kaiser.ini
[2012.06.18 20:28:39 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2012.05.26 16:30:42 | 000,031,862 | ---- | C] () -- C:\WINDOWS\System32\RdCi1076.dll
[2012.05.26 16:30:42 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\RD3T1076.DAT
[2012.05.01 13:35:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012.05.01 13:34:57 | 000,000,262 | ---- | C] () -- C:\WINDOWS\game.ini
[2012.03.23 13:44:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012.03.23 13:44:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012.03.23 13:44:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012.03.23 13:40:52 | 000,000,214 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2012.02.26 09:30:54 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.02.26 09:30:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.02.15 10:08:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.27 22:22:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.17 16:31:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012.01.07 23:43:41 | 000,013,484 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.01.07 13:54:31 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.12.29 16:15:06 | 000,005,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Utility.xml
[2011.12.29 15:08:38 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.12.29 15:08:38 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.12.29 15:08:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.12.29 15:08:16 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011.12.29 01:11:43 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2011.12.29 00:46:11 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.12.29 00:30:07 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.12.28 20:34:01 | 000,000,536 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011.12.28 00:42:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.12.27 20:51:32 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2011.12.27 20:11:38 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011.12.27 20:06:18 | 000,108,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.27 19:56:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.12.27 19:52:18 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.12.27 19:45:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.12.27 19:44:39 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.18 13:36:32 | 000,494,592 | ---- | C] () -- C:\WINDOWS\System32\SNXPWIA.dll
[2011.02.18 13:36:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SNWIAUI.dll
[2011.02.18 13:36:24 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\SNXPEH.dll
 
========== ZeroAccess Check ==========
 
[2011.12.29 00:19:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 12:33:21 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.16 01:06:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.06.02 00:22:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Absolutist
[2013.02.11 20:57:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Antivirus
[2012.12.18 13:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2011.12.28 10:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.03.22 11:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.01.04 15:26:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core
[2013.02.13 00:04:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2012.07.09 19:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iRinger
[2012.01.07 13:34:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.12.29 15:34:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2012.01.02 18:41:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SWTCWRH
[2012.10.25 17:30:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.08.22 21:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB
[2013.02.01 14:22:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zoom Player
[2012.10.06 13:06:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.01.07 18:10:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.12.20 04:57:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dana\Anwendungsdaten\Ad-Aware Antivirus
[2013.02.11 13:32:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dana\Anwendungsdaten\adawaretb
[2012.12.11 09:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dana\Anwendungsdaten\GetRightToGo
[2012.08.23 23:42:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dana\Anwendungsdaten\OpenOffice.org
[2013.02.02 15:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dana\Anwendungsdaten\Sony Online Entertainment
[2012.05.15 20:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dana\Anwendungsdaten\Splashtop
[2012.10.08 05:18:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dana\Anwendungsdaten\TuneUp Software
[2013.01.24 00:50:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freia\Anwendungsdaten\Ad-Aware Antivirus
[2013.01.05 14:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freia\Anwendungsdaten\adawaretb
[2012.01.15 14:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freia\Anwendungsdaten\OpenOffice.org
[2012.01.04 14:59:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freia\Anwendungsdaten\Origin
[2012.05.15 20:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freia\Anwendungsdaten\Splashtop
[2012.12.11 18:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freia\Anwendungsdaten\Systweak
[2012.10.14 15:35:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freia\Anwendungsdaten\TuneUp Software
[2012.08.03 14:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freia\Anwendungsdaten\WB Games
[2012.01.15 14:14:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freia\Anwendungsdaten\WOT
[2013.01.15 20:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\.minecraft
[2012.12.23 00:46:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\Ad-Aware Antivirus
[2013.02.07 18:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\adawaretb
[2012.12.14 15:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\Advanced System Protector
[2013.01.18 19:40:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\BabSolution
[2012.05.15 20:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\Splashtop
[2012.12.15 10:15:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\Systweak
[2012.10.07 17:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\TuneUp Software
[2012.09.09 14:51:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\Unity
[2012.08.02 07:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leif\Anwendungsdaten\WB Games
[2012.06.30 10:30:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\.minecraft
[2012.12.20 00:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Ad-Aware Antivirus
[2012.12.18 13:20:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\adawaretb
[2012.05.12 11:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\AnvSoft
[2012.03.23 00:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\DAEMON Tools Lite
[2011.12.29 01:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\driveridentifier
[2011.12.29 00:21:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Easeware
[2011.12.29 02:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Leadertech
[2012.01.07 13:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\MAGIX
[2012.01.25 09:42:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\OpenOffice.org
[2012.05.15 20:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Splashtop
[2012.12.15 10:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Systweak
[2012.10.06 13:07:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\TuneUp Software
[2012.08.04 12:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\WB Games
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 13.02.2013 14:52:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,46% Memory free
4,84 Gb Paging File | 4,02 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 698,63 Gb Total Space | 285,84 Gb Free Space | 40,91% Space Free | Partition Type: NTFS
 
Computer Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-448539723-1035525444-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Spiele Leif\Battlefield 1942\BF1942.exe" = C:\Spiele Leif\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Spiele Leif\Republic Heroes\Republic Heroes.exe" = C:\Spiele Leif\Republic Heroes\Republic Heroes.exe:*:Enabled:Republic Heroes -- (LucasArts)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"C:\Programme\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe" = C:\Programme\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:Die Siedler 7 -- (Blue Byte GmbH)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Sierra\Empire Earth\Empire Earth.exe" = C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"C:\Spiele\Anno 1701\Anno1701.exe" = C:\Spiele\Anno 1701\Anno1701.exe:*:Disabled:Anno 1701 -- (Related Designs Software GmbH)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- ()
"C:\Spiele\Call of Duty 2\CoD2MP_s.exe" = C:\Spiele\Call of Duty 2\CoD2MP_s.exe:*:Disabled:CoD2MP_s -- ()
"C:\Spiele\BrickForce\BfLauncher.exe" = C:\Spiele\BrickForce\BfLauncher.exe:*:Enabled:BFLauncher -- ()
"C:\Spiele\BrickForce\BrickForce.exe" = C:\Spiele\BrickForce\BrickForce.exe:*:Enabled:BrickForce -- ()
"C:\Spiele\Postal2STP\System\UCC.exe" = C:\Spiele\Postal2STP\System\UCC.exe:*:Enabled:UCC -- ()
"C:\Programme\Samsung\Samsung Universal Scan Driver\USDAgent.exe" = C:\Programme\Samsung\Samsung Universal Scan Driver\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe" = C:\Programme\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe:*:Enabled:Samsung ICCUpdater Module -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0C70AB22-8E53-4622-AC68-5337972BB7AD}" = GT-10 Librarian
"{13E87F71-56A8-43BA-BFE0-94C03D8CEEAC}" = Dracula - The Last Sactuary Part 1
"{1D5D11D1-4395-4CC0-B563-1584C5582787}" = 3DSP WLAN and Bluetooth USB Adapter
"{1EE9BBA1-312F-4EC0-9DEA-A8FE22BBABAA}_is1" = 20Dollars2Surf 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3E4F9D98-82C6-4158-BB47-461F67CF4B83}" = Bluesoleil 5.2.227.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{53480230-2DE4-44A9-919C-39381946614F}" = O&O UnErase
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{6FD9FEEB-AED1-47B0-86B8-DCB5DE9156A3}" = XPC 802.11b+g Wireless Kit Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1" = TeamingGenie
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Die Jahre 1-4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"07F6F3DB62A9D59A719B35E8758992268D8D6D8A" = ENE CIR Receiver Driver
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.7
"Ashampoo WinOptimizer Free_is1" = Ashampoo WinOptimizer Free v.1.0.0
"avast" = avast! Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BrickForce" = BrickForce 1.9.87
"Bubble Shooter Premium_is1" = Bubble Shooter Premium
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow v1.1.4222 [2012-01-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Giant Savings Extension" = Giant Savings Extension
"GT-10FxFloorBoard" = GT-10FxFloorBoard 20121023
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HitmanPro37" = HitmanPro 3.7
"I Love Beauty Make-up Studio/DE-German_is1" = I Love Beauty Make-up Studio
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"LAV Filters" = LAV Filters (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"LucasArts' Monkey4" = LucasArts' Monkey4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Paradiesbar_is1" = Paradiesbar 2.1 Release Candidate
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.0.2
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97
"Zattoo" = Zattoo 3.1.1 Beta
"ZoomPlayer" = Zoom Player (remove only)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.02.2013 11:32:25 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 12.02.2013 11:36:22 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 12.02.2013 11:46:52 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 12.02.2013 11:59:36 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 12.02.2013 17:55:27 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 12.02.2013 18:02:02 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 12.02.2013 19:06:19 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 12.02.2013 19:06:40 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 13.02.2013 07:21:01 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 13.02.2013 07:21:25 | Computer Name = ACAB | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
[ System Events ]
Error - 12.02.2013 19:06:22 | Computer Name = ACAB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Scutum50 NDIS Protocol Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 12.02.2013 19:06:22 | Computer Name = ACAB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 12.02.2013 19:06:22 | Computer Name = ACAB | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet:   %%1747
 
Error - 12.02.2013 19:06:34 | Computer Name = ACAB | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
Error - 12.02.2013 19:09:05 | Computer Name = ACAB | Source = PlugPlayManager | ID = 12
Description = Das Gerät "HL-DT-ST DVD-RAM GH22NS30" (IDE\CdRomHL-DT-ST_DVD-RAM_GH22NS30_______________1.02____\5&13b587c1&0&0.1.0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.02.2013 19:42:04 | Computer Name = ACAB | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 12.02.2013 19:56:44 | Computer Name = ACAB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 13.02.2013 07:21:04 | Computer Name = ACAB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Scutum50 NDIS Protocol Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 13.02.2013 07:21:04 | Computer Name = ACAB | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet:   %%1747
 
Error - 13.02.2013 07:22:15 | Computer Name = ACAB | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
 
< End of report >
         
__________________

Alt 13.02.2013, 15:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Angriff - Standard

GUV Angriff



Zitat:
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.02.2013, 15:07   #5
nerd18
 
GUV Angriff - Standard

GUV Angriff



Ich hoffe das dies erstmal das ist, was du dir gewünscht hast. Mit den anderen Sachen beschäftige ich mich jetzt weiter.

Nein die gab es halt mal günstig als ich eine Neue brauchte nachdem mir mein Rechner mal abgeschmiert ist. Stellt das jetzt ein Problem dar?


Alt 13.02.2013, 15:13   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Angriff - Standard

GUV Angriff



Bei Professional Editionen kann es sehr wahrscheinlich sein, dass gewerbliche Nutzung vorliegt, also zB ein Büro-Rechner. Aus verschiedenen Gründen ist das problematisch und normalerweise bereinigen/analysieren wir gewerblich genutzte Systeme nicht. Aber nun gut

Mach mal bitte weiter:

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> GUV Angriff

Alt 13.02.2013, 16:17   #7
nerd18
 
GUV Angriff - Standard

GUV Angriff



Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 15:54:45
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 SAMSUNG_HD753LJ rev.1AA01118 698,64GB
Running: gmer_2.0.18454.exe; Driver: C:\DOKUME~1\Mario\LOKALE~1\Temp\pxtdrpoc.sys


---- System - GMER 2.0 ----

SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwAddBootEntry [0xB2E4C4BA]
SSDT   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                               ZwAllocateVirtualMemory [0xB2EF9C22]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwAssignProcessToJobObject [0xB2E4CED6]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwClose [0xB2E8E811]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwCreateEvent [0xB2E57FA8]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwCreateEventPair [0xB2E57FF4]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwCreateIoCompletion [0xB2E58176]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwCreateKey [0xB2E8E1C5]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwCreateMutant [0xB2E57F16]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwCreateSection [0xB2E58038]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwCreateSemaphore [0xB2E57F5E]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwCreateThread [0xB2E4D11C]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwCreateTimer [0xB2E58130]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwDebugActiveProcess [0xB2E4D93E]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwDeleteBootEntry [0xB2E4C508]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwDeleteKey [0xB2E8EED7]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwDeleteValueKey [0xB2E8F18D]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwDuplicateObject [0xB2E511C2]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwEnumerateKey [0xB2E8ED42]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwEnumerateValueKey [0xB2E8EBAD]
SSDT   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                               ZwFreeVirtualMemory [0xB2EF9CEA]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwLoadDriver [0xB2E4C170]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwModifyBootEntry [0xB2E4C556]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwNotifyChangeKey [0xB2E51534]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwNotifyChangeMultipleKeys [0xB2E4E3A6]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenEvent [0xB2E57FD2]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenEventPair [0xB2E58016]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenIoCompletion [0xB2E5819A]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenKey [0xB2E8E521]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenMutant [0xB2E57F3C]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenProcess [0xB2E50C3E]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenSection [0xB2E580BA]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenSemaphore [0xB2E57F86]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenThread [0xB2E50F14]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwOpenTimer [0xB2E58154]
SSDT   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                               ZwProtectVirtualMemory [0xB2EF9E4A]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwQueryKey [0xB2E8EA28]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwQueryObject [0xB2E4E272]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwQueryValueKey [0xB2E8E87A]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwQueueApcThread [0xB2E4DDD4]
SSDT   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                               ZwRenameKey [0xB2F067D2]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwRestoreKey [0xB2E8D838]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwSetBootEntryOrder [0xB2E4C5A4]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwSetBootOptions [0xB2E4C5F2]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwSetContextThread [0xB2E4D7BE]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwSetSystemInformation [0xB2E4C1FA]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwSetSystemPowerState [0xB2E4C3AA]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwSetValueKey [0xB2E8EFDE]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwShutdownSystem [0xB2E4C350]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwSuspendProcess [0xB2E4DAF8]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwSuspendThread [0xB2E4DC54]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwSystemDebugControl [0xB2E4C41A]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwTerminateProcess [0xB2E4D4D4]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwTerminateThread [0xB2E4D636]
SSDT   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                               ZwUnloadDriver [0xB2EF841C]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwVdmControl [0xB2E4C640]
SSDT   \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                               ZwWriteVirtualMemory [0xB2E4CF1A]

Code   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                               ZwCreateProcessEx [0xB2F12E56]
Code   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                               ObInsertObject
Code   \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                               ObMakeTemporaryObject

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwCallbackReturn + 2C40                                                                                                                80504538 4 Bytes  CALL D0A0F825 
.text  ntkrnlpa.exe!ZwCallbackReturn + 2CF9                                                                                                                805045F1 3 Bytes  CALL E1BA78A8 
.text  ntkrnlpa.exe!ZwCallbackReturn + 2D28                                                                                                                80504620 4 Bytes  JMP 9CB2EF9C 
.text  ntkrnlpa.exe!ZwCallbackReturn + 2DB8                                                                                                                805046B0 8 Bytes  [21, E5, E8, B2, 3C, 7F, E5, ...]
.text  ntkrnlpa.exe!ZwCallbackReturn + 2E5C                                                                                                                80504754 4 Bytes  [28, EA, E8, B2]
.text  ...                                                                                                                                                 
PAGE   ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC                                                                                                         805A64B0 4 Bytes  CALL B2E4EA77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE   ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                                  805BC55E 5 Bytes  JMP B2F0FCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE   ntkrnlpa.exe!ObInsertObject                                                                                                                         805C2FE2 5 Bytes  JMP B2F11810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE   ntkrnlpa.exe!ZwCreateProcessEx                                                                                                                      805D119A 7 Bytes  JMP B2F12E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                            section is writeable [0xB6343380, 0x8D6CD5, 0xE8000020]
.text  win32k.sys!EngFreeUserMem + 674                                                                                                                     BF80991D 5 Bytes  JMP B2E52B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngFreeUserMem + 35D0                                                                                                                    BF80C879 5 Bytes  JMP B2E52A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngDeleteSurface + 45                                                                                                                    BF813911 5 Bytes  JMP B2E529F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3                                                                                                            BF81C56B 5 Bytes  JMP B2E520A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngSetLastError + 79A8                                                                                                                   BF8240DB 5 Bytes  JMP B2E517C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngCreateBitmap + F9C                                                                                                                    BF828A45 5 Bytes  JMP B2E52CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngUnmapFontFileFD + 2C50                                                                                                                BF831490 5 Bytes  JMP B2E52EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngUnmapFontFileFD + B687                                                                                                                BF839EC7 5 Bytes  JMP B2E528FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!FONTOBJ_pxoGetXform + C2CF                                                                                                               BF85176B 5 Bytes  JMP B2E51688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!XLATEOBJ_iXlate + F17                                                                                                                    BF85BC9A 5 Bytes  JMP B2E5216A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!XLATEOBJ_iXlate + 3581                                                                                                                   BF85E304 5 Bytes  JMP B2E51C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!XLATEOBJ_iXlate + 360C                                                                                                                   BF85E38F 5 Bytes  JMP B2E51EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngCreatePalette + 88                                                                                                                    BF85F600 5 Bytes  JMP B2E51670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngCreatePalette + 5466                                                                                                                  BF8649DE 5 Bytes  JMP B2E52A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngGetCurrentCodePage + 3651                                                                                                             BF87322E 5 Bytes  JMP B2E51CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngGetCurrentCodePage + 418E                                                                                                             BF873D6B 5 Bytes  JMP B2E51E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngGetLastError + 1606                                                                                                                   BF890E66 5 Bytes  JMP B2E52182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngGradientFill + 26EE                                                                                                                   BF894410 5 Bytes  JMP B2E52BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngStretchBltROP + 583                                                                                                                   BF894EE8 5 Bytes  JMP B2E52E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngCopyBits + 3862                                                                                                                       BF89C29E 5 Bytes  JMP B2E52090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngCopyBits + 4DF7                                                                                                                       BF89D833 5 Bytes  JMP B2E51834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngEraseSurface + A977                                                                                                                   BF8C1CCC 5 Bytes  JMP B2E51944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngFillPath + 1517                                                                                                                       BF8CA15D 5 Bytes  JMP B2E51A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngFillPath + 1797                                                                                                                       BF8CA3DD 5 Bytes  JMP B2E51B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngDeleteSemaphore + 3B2E                                                                                                                BF8EBD71 5 Bytes  JMP B2E5156A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngDeleteSemaphore + CB31                                                                                                                BF8F4D74 5 Bytes  JMP B2E520C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngCreateClip + 1A40                                                                                                                     BF914401 5 Bytes  JMP B2E51760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngCreateClip + 2614                                                                                                                     BF914FD5 5 Bytes  JMP B2E518F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngCreateClip + 4F8D                                                                                                                     BF91794E 5 Bytes  JMP B2E51FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngPlgBlt + 1934                                                                                                                         BF947AAD 5 Bytes  JMP B2E52D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                                              section is writeable [0xB1966300, 0x3ACC8, 0xE8000020]
.text  C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                                              section is writeable [0xB8428300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 2.0 ----

.text  C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!RtlDosSearchPath_U + 186                                                                             7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!GetBinaryTypeW + 80                                                                               7C868E04 1 Byte  [62]
.text  C:\WINDOWS\System32\smss.exe[520] ntdll.dll!RtlDosSearchPath_U + 186                                                                                7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\csrss.exe[576] ntdll.dll!RtlDosSearchPath_U + 186                                                                               7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\csrss.exe[576] KERNEL32.dll!GetBinaryTypeW + 80                                                                                 7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\winlogon.exe[600] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\winlogon.exe[600] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\services.exe[644] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\services.exe[644] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\lsass.exe[656] ntdll.dll!RtlDosSearchPath_U + 186                                                                               7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!GetBinaryTypeW + 80                                                                                 7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!RtlDosSearchPath_U + 186                                                                             7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetBinaryTypeW + 80                                                                               7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!RtlDosSearchPath_U + 186                                                                             7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 80                                                                               7C868E04 1 Byte  [62]
.text  C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!RtlDosSearchPath_U + 186                                                                             7C926865 1 Byte  [62]
.text  C:\WINDOWS\System32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 80                                                                               7C868E04 1 Byte  [62]
.text  C:\Programme\HitmanPro\hmpsched.exe[988] ntdll.dll!RtlDosSearchPath_U + 186                                                                         7C926865 1 Byte  [62]
.text  C:\Programme\HitmanPro\hmpsched.exe[988] kernel32.dll!GetBinaryTypeW + 80                                                                           7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868E04 1 Byte  [62]
.text  C:\Programme\AVAST Software\Avast\AvastSvc.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186                                                             7C926865 1 Byte  [62]
.text  C:\Programme\AVAST Software\Avast\AvastSvc.exe[1220] kernel32.dll!SetUnhandledExceptionFilter                                                       7C8449CD 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text  C:\Programme\AVAST Software\Avast\AvastSvc.exe[1220] kernel32.dll!GetBinaryTypeW + 80                                                               7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\spoolsv.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\spoolsv.exe[1244] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868E04 1 Byte  [62]
.text  C:\Programme\Ad-Aware Antivirus\AdAwareService.exe[1280] ntdll.dll!RtlDosSearchPath_U + 186                                                         7C926865 1 Byte  [62]
.text  C:\Programme\Ad-Aware Antivirus\AdAwareService.exe[1280] kernel32.dll!GetBinaryTypeW + 80                                                           7C868E04 1 Byte  [62]
.text  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186                   7C926865 1 Byte  [62]
.text  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1304] kernel32.dll!GetBinaryTypeW + 80                     7C868E04 1 Byte  [62]
.text  C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186                                                   7C926865 1 Byte  [62]
.text  C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1336] kernel32.dll!GetBinaryTypeW + 80                                                     7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868E04 1 Byte  [62]
.text  C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186                                                                 7C926865 1 Byte  [62]
.text  C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1484] kernel32.dll!GetBinaryTypeW + 80                                                                   7C868E04 1 Byte  [62]
.text  C:\Programme\Java\jre6\bin\jqs.exe[1552] ntdll.dll!RtlDosSearchPath_U + 186                                                                         7C926865 1 Byte  [62]
.text  C:\Programme\Java\jre6\bin\jqs.exe[1552] kernel32.dll!GetBinaryTypeW + 80                                                                           7C868E04 1 Byte  [62]
.text  C:\Programme\Google\Update\GoogleUpdate.exe[1564] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C926865 1 Byte  [62]
.text  C:\Programme\Google\Update\GoogleUpdate.exe[1564] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868E04 1 Byte  [62]
.text  C:\Programme\Google\Update\1.3.21.124\GoogleCrashHandler.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186                                               7C926865 1 Byte  [62]
.text  C:\Programme\Google\Update\1.3.21.124\GoogleCrashHandler.exe[1672] kernel32.dll!GetBinaryTypeW + 80                                                 7C868E04 1 Byte  [62]
.text  C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186                                                 7C926865 1 Byte  [62]
.text  C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1676] kernel32.dll!GetBinaryTypeW + 80                                                   7C868E04 1 Byte  [62]
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1996] ntdll.dll!RtlDosSearchPath_U + 186  7C926865 1 Byte  [62]
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1996] kernel32.dll!GetBinaryTypeW + 80    7C868E04 1 Byte  [62]
.text  C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe[2340] ntdll.dll!LdrLoadDll                                                                     7C92632D 5 Bytes  JMP 003701F8 
.text  C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe[2340] ntdll.dll!RtlDosSearchPath_U + 186                                                       7C926865 1 Byte  [62]
.text  C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe[2340] ntdll.dll!LdrUnloadDll                                                                   7C9271CD 5 Bytes  JMP 003703FC 
.text  C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe[2340] KERNEL32.dll!GetBinaryTypeW + 80                                                         7C868E04 1 Byte  [62]
.text  C:\Dokumente und Einstellungen\Mario\Desktop\gmer_2.0.18454.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186                                            7C926865 1 Byte  [62]
.text  C:\Dokumente und Einstellungen\Mario\Desktop\gmer_2.0.18454.exe[2636] kernel32.dll!GetBinaryTypeW + 80                                              7C868E04 1 Byte  [62]
.text  C:\WINDOWS\Explorer.EXE[2640] ntdll.dll!LdrLoadDll                                                                                                  7C92632D 5 Bytes  JMP 002C01F8 
.text  C:\WINDOWS\Explorer.EXE[2640] ntdll.dll!RtlDosSearchPath_U + 186                                                                                    7C926865 1 Byte  [62]
.text  C:\WINDOWS\Explorer.EXE[2640] ntdll.dll!LdrUnloadDll                                                                                                7C9271CD 5 Bytes  JMP 002C03FC 
.text  C:\WINDOWS\Explorer.EXE[2640] KERNEL32.dll!GetBinaryTypeW + 80                                                                                      7C868E04 1 Byte  [62]
.text  C:\WINDOWS\Explorer.EXE[2640] ADVAPI32.dll!SetServiceObjectSecurity                                                                                 77E06D81 5 Bytes  JMP 003E1014 
.text  C:\WINDOWS\Explorer.EXE[2640] ADVAPI32.dll!ChangeServiceConfigA                                                                                     77E06E69 5 Bytes  JMP 003E0804 
.text  C:\WINDOWS\Explorer.EXE[2640] ADVAPI32.dll!ChangeServiceConfigW                                                                                     77E07001 5 Bytes  JMP 003E0A08 
.text  C:\WINDOWS\Explorer.EXE[2640] ADVAPI32.dll!ChangeServiceConfig2A                                                                                    77E07101 5 Bytes  JMP 003E0C0C 
.text  C:\WINDOWS\Explorer.EXE[2640] ADVAPI32.dll!ChangeServiceConfig2W                                                                                    77E07189 5 Bytes  JMP 003E0E10 
.text  C:\WINDOWS\Explorer.EXE[2640] ADVAPI32.dll!CreateServiceA                                                                                           77E07211 5 Bytes  JMP 003E01F8 
.text  C:\WINDOWS\Explorer.EXE[2640] ADVAPI32.dll!CreateServiceW                                                                                           77E073A9 5 Bytes  JMP 003E03FC 
.text  C:\WINDOWS\Explorer.EXE[2640] ADVAPI32.dll!DeleteService                                                                                            77E074B1 5 Bytes  JMP 003E0600 
.text  C:\WINDOWS\Explorer.EXE[2640] USER32.dll!SetWindowsHookExW                                                                                          7E37820F 5 Bytes  JMP 00CE0804 
.text  C:\WINDOWS\Explorer.EXE[2640] USER32.dll!UnhookWindowsHookEx                                                                                        7E37D5F3 5 Bytes  JMP 00CE0A08 
.text  C:\WINDOWS\Explorer.EXE[2640] USER32.dll!SetWindowsHookExA                                                                                          7E381211 5 Bytes  JMP 00CE0600 
.text  C:\WINDOWS\Explorer.EXE[2640] USER32.dll!SetWinEventHook                                                                                            7E3817F7 5 Bytes  JMP 00CE01F8 
.text  C:\WINDOWS\Explorer.EXE[2640] USER32.dll!UnhookWinEvent                                                                                             7E3818AC 5 Bytes  JMP 00CE03FC 
.text  C:\WINDOWS\System32\alg.exe[2784] ntdll.dll!LdrLoadDll                                                                                              7C92632D 5 Bytes  JMP 002C01F8 
.text  C:\WINDOWS\System32\alg.exe[2784] ntdll.dll!RtlDosSearchPath_U + 186                                                                                7C926865 1 Byte  [62]
.text  C:\WINDOWS\System32\alg.exe[2784] ntdll.dll!LdrUnloadDll                                                                                            7C9271CD 5 Bytes  JMP 002C03FC 
.text  C:\WINDOWS\System32\alg.exe[2784] KERNEL32.dll!GetBinaryTypeW + 80                                                                                  7C868E04 1 Byte  [62]
.text  C:\Programme\AVAST Software\Avast\avastUI.exe[2884] ntdll.dll!RtlDosSearchPath_U + 186                                                              7C926865 1 Byte  [62]
.text  C:\Programme\AVAST Software\Avast\avastUI.exe[2884] kernel32.dll!GetBinaryTypeW + 80                                                                7C868E04 1 Byte  [62]
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ntdll.dll!LdrLoadDll                                                                                     7C92632D 5 Bytes  JMP 003901F8 
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ntdll.dll!RtlDosSearchPath_U + 186                                                                       7C926865 1 Byte  [62]
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ntdll.dll!LdrUnloadDll                                                                                   7C9271CD 5 Bytes  JMP 003903FC 
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] KERNEL32.dll!GetBinaryTypeW + 80                                                                         7C868E04 1 Byte  [62]
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity                                                                    77E06D81 5 Bytes  JMP 013C1014 
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ADVAPI32.dll!ChangeServiceConfigA                                                                        77E06E69 5 Bytes  JMP 013C0804 
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ADVAPI32.dll!ChangeServiceConfigW                                                                        77E07001 5 Bytes  JMP 013C0A08 
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A                                                                       77E07101 5 Bytes  JMP 013C0C0C 
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W                                                                       77E07189 5 Bytes  JMP 013C0E10 
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ADVAPI32.dll!CreateServiceA                                                                              77E07211 5 Bytes  JMP 013C01F8 
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ADVAPI32.dll!CreateServiceW                                                                              77E073A9 5 Bytes  JMP 013C03FC 
.text  C:\Programme\iTunes\iTunesHelper.exe[2932] ADVAPI32.dll!DeleteService                                                                               77E074B1 5 Bytes  JMP 013C0600 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ntdll.dll!LdrLoadDll                                                                       7C92632D 5 Bytes  JMP 003901F8 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ntdll.dll!RtlDosSearchPath_U + 186                                                         7C926865 1 Byte  [62]
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ntdll.dll!LdrUnloadDll                                                                     7C9271CD 5 Bytes  JMP 003903FC 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] KERNEL32.dll!GetBinaryTypeW + 80                                                           7C868E04 1 Byte  [62]
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ADVAPI32.dll!SetServiceObjectSecurity                                                      77E06D81 5 Bytes  JMP 01BE1014 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ADVAPI32.dll!ChangeServiceConfigA                                                          77E06E69 5 Bytes  JMP 01BE0804 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ADVAPI32.dll!ChangeServiceConfigW                                                          77E07001 5 Bytes  JMP 01BE0A08 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ADVAPI32.dll!ChangeServiceConfig2A                                                         77E07101 5 Bytes  JMP 01BE0C0C 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ADVAPI32.dll!ChangeServiceConfig2W                                                         77E07189 5 Bytes  JMP 01BE0E10 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ADVAPI32.dll!CreateServiceA                                                                77E07211 5 Bytes  JMP 01BE01F8 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ADVAPI32.dll!CreateServiceW                                                                77E073A9 5 Bytes  JMP 01BE03FC 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] ADVAPI32.dll!DeleteService                                                                 77E074B1 5 Bytes  JMP 01BE0600 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] USER32.dll!SetWindowsHookExW                                                               7E37820F 5 Bytes  JMP 01DA0804 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] USER32.dll!UnhookWindowsHookEx                                                             7E37D5F3 5 Bytes  JMP 01DA0A08 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] USER32.dll!SetWindowsHookExA                                                               7E381211 5 Bytes  JMP 01DA0600 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] USER32.dll!SetWinEventHook                                                                 7E3817F7 5 Bytes  JMP 01DA01F8 
.text  C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe[3016] USER32.dll!UnhookWinEvent                                                                  7E3818AC 5 Bytes  JMP 01DA03FC 
.text  C:\WINDOWS\system32\rundll32.exe[3072] ntdll.dll!LdrLoadDll                                                                                         7C92632D 5 Bytes  JMP 002C01F8 
.text  C:\WINDOWS\system32\rundll32.exe[3072] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\rundll32.exe[3072] ntdll.dll!LdrUnloadDll                                                                                       7C9271CD 5 Bytes  JMP 002C03FC 
.text  C:\WINDOWS\system32\rundll32.exe[3072] KERNEL32.dll!GetBinaryTypeW + 80                                                                             7C868E04 1 Byte  [62]
.text  C:\WINDOWS\system32\rundll32.exe[3072] ADVAPI32.dll!SetServiceObjectSecurity                                                                        77E06D81 5 Bytes  JMP 009F1014 
.text  C:\WINDOWS\system32\rundll32.exe[3072] ADVAPI32.dll!ChangeServiceConfigA                                                                            77E06E69 5 Bytes  JMP 009F0804 
.text  C:\WINDOWS\system32\rundll32.exe[3072] ADVAPI32.dll!ChangeServiceConfigW                                                                            77E07001 5 Bytes  JMP 009F0A08 
.text  C:\WINDOWS\system32\rundll32.exe[3072] ADVAPI32.dll!ChangeServiceConfig2A                                                                           77E07101 5 Bytes  JMP 009F0C0C 
.text  C:\WINDOWS\system32\rundll32.exe[3072] ADVAPI32.dll!ChangeServiceConfig2W                                                                           77E07189 5 Bytes  JMP 009F0E10 
.text  C:\WINDOWS\system32\rundll32.exe[3072] ADVAPI32.dll!CreateServiceA                                                                                  77E07211 5 Bytes  JMP 009F01F8 
.text  C:\WINDOWS\system32\rundll32.exe[3072] ADVAPI32.dll!CreateServiceW                                                                                  77E073A9 5 Bytes  JMP 009F03FC 
.text  C:\WINDOWS\system32\rundll32.exe[3072] ADVAPI32.dll!DeleteService                                                                                   77E074B1 5 Bytes  JMP 009F0600 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ntdll.dll!LdrLoadDll                      7C92632D 5 Bytes  JMP 003901F8 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ntdll.dll!RtlDosSearchPath_U + 186        7C926865 1 Byte  [62]
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ntdll.dll!LdrUnloadDll                    7C9271CD 5 Bytes  JMP 003903FC 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] KERNEL32.dll!GetBinaryTypeW + 80          7C868E04 1 Byte  [62]
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ADVAPI32.dll!SetServiceObjectSecurity     77E06D81 5 Bytes  JMP 003C1014 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ADVAPI32.dll!ChangeServiceConfigA         77E06E69 5 Bytes  JMP 003C0804 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ADVAPI32.dll!ChangeServiceConfigW         77E07001 5 Bytes  JMP 003C0A08 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ADVAPI32.dll!ChangeServiceConfig2A        77E07101 5 Bytes  JMP 003C0C0C 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ADVAPI32.dll!ChangeServiceConfig2W        77E07189 5 Bytes  JMP 003C0E10 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ADVAPI32.dll!CreateServiceA               77E07211 5 Bytes  JMP 003C01F8 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ADVAPI32.dll!CreateServiceW               77E073A9 5 Bytes  JMP 003C03FC 
.text  C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe[3176] ADVAPI32.dll!DeleteService                77E074B1 5 Bytes  JMP 003C0600 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ntdll.dll!LdrLoadDll                                                                                    7C92632D 5 Bytes  JMP 003801F8 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ntdll.dll!RtlDosSearchPath_U + 186                                                                      7C926865 1 Byte  [62]
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ntdll.dll!LdrUnloadDll                                                                                  7C9271CD 5 Bytes  JMP 003803FC 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] KERNEL32.dll!GetBinaryTypeW + 80                                                                        7C868E04 1 Byte  [62]
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ADVAPI32.dll!SetServiceObjectSecurity                                                                   77E06D81 5 Bytes  JMP 01811014 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ADVAPI32.dll!ChangeServiceConfigA                                                                       77E06E69 5 Bytes  JMP 01810804 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ADVAPI32.dll!ChangeServiceConfigW                                                                       77E07001 5 Bytes  JMP 01810A08 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ADVAPI32.dll!ChangeServiceConfig2A                                                                      77E07101 5 Bytes  JMP 01810C0C 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ADVAPI32.dll!ChangeServiceConfig2W                                                                      77E07189 5 Bytes  JMP 01810E10 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ADVAPI32.dll!CreateServiceA                                                                             77E07211 5 Bytes  JMP 018101F8 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ADVAPI32.dll!CreateServiceW                                                                             77E073A9 3 Bytes  JMP 018103FC 
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ADVAPI32.dll!CreateServiceW + 4                                                                         77E073AD 1 Byte  [89]
.text  C:\Programme\iPod\bin\iPodService.exe[3296] ADVAPI32.dll!DeleteService                                                                              77E074B1 5 Bytes  JMP 01810600 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ntdll.dll!LdrLoadDll                                                                                 7C92632D 5 Bytes  JMP 015934B0 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ntdll.dll!RtlDosSearchPath_U + 186                                                                   7C926865 1 Byte  [62]
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ntdll.dll!LdrUnloadDll                                                                               7C9271CD 5 Bytes  JMP 002D03FC 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] KERNEL32.dll!LoadLibraryExW + C4                                                                     7C801BB9 4 Bytes  CALL 02A30001 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] KERNEL32.dll!lstrlenW + 43                                                                           7C809AEC 7 Bytes  JMP 018E5B5C C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] KERNEL32.dll!MapViewOfFileEx + 6A                                                                    7C80B9A0 7 Bytes  JMP 018E5B39 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] KERNEL32.dll!ValidateLocale + B1C8                                                                   7C8449C8 7 Bytes  JMP 015AEF24 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] KERNEL32.dll!GetBinaryTypeW + 80                                                                     7C868E04 1 Byte  [62]
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] USER32.dll!SetWindowsHookExW                                                                         7E37820F 5 Bytes  JMP 02590804 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] USER32.dll!UnhookWindowsHookEx                                                                       7E37D5F3 5 Bytes  JMP 02590A08 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] USER32.dll!SetWindowsHookExA                                                                         7E381211 5 Bytes  JMP 02590600 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] USER32.dll!SetWinEventHook                                                                           7E3817F7 5 Bytes  JMP 025901F8 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] USER32.dll!UnhookWinEvent                                                                            7E3818AC 5 Bytes  JMP 025903FC 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] GDI32.dll!SetDIBitsToDevice + 20A                                                                    77EF9E14 7 Bytes  JMP 018E5ABA C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity                                                                77E06D81 5 Bytes  JMP 036F1014 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ADVAPI32.dll!ChangeServiceConfigA                                                                    77E06E69 5 Bytes  JMP 036F0804 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ADVAPI32.dll!ChangeServiceConfigW                                                                    77E07001 5 Bytes  JMP 036F0A08 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A                                                                   77E07101 5 Bytes  JMP 036F0C0C 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W                                                                   77E07189 5 Bytes  JMP 036F0E10 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ADVAPI32.dll!CreateServiceA                                                                          77E07211 5 Bytes  JMP 036F01F8 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ADVAPI32.dll!CreateServiceW                                                                          77E073A9 5 Bytes  JMP 036F03FC 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] ADVAPI32.dll!DeleteService                                                                           77E074B1 5 Bytes  JMP 036F0600 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] WS2_32.dll!WSALookupServiceNextW                                                                     71A13181 6 Bytes  JMP 71A90F5A 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] WS2_32.dll!WSALookupServiceEnd                                                                       71A1350E 6 Bytes  JMP 71A60F5A 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] WS2_32.dll!WSALookupServiceBeginW                                                                    71A135EF 6 Bytes  JMP 71AF0F5A 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] WS2_32.dll!send                                                                                      71A14C27 6 Bytes  JMP 719F0F5A 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] WS2_32.dll!WSARecv                                                                                   71A14CB5 6 Bytes  JMP 71960F5A 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] WS2_32.dll!recv                                                                                      71A1676F 6 Bytes  JMP 719C0F5A 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] WS2_32.dll!WSASend                                                                                   71A168FA 6 Bytes  JMP 71990F5A 
.text  C:\Programme\Mozilla Firefox\firefox.exe[3480] WS2_32.dll!WSAGetOverlappedResult                                                                    71A20D1B 6 Bytes  JMP 71930F5A 
.text  C:\WINDOWS\system32\wscntfy.exe[3628] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C926865 1 Byte  [62]
.text  C:\WINDOWS\system32\wscntfy.exe[3628] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868E04 1 Byte  [62]

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001583140531 (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001583140531 (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001583140531 (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583140531                                                                         

---- EOF - GMER 2.0 ----
         
Anhand der Log`s müsste doch aber zu erkennen sein, daß der Rechner nicht gewerblich genzutz wird oder?

mbar.exe hat keine Objekte gefunden.

Alt 14.02.2013, 09:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Angriff - Standard

GUV Angriff



Zitat:
Anhand der Log`s müsste doch aber zu erkennen sein, daß der Rechner nicht gewerblich genzutz wird oder?
Im Log steht aber Professional Edition oder sind derartige Nachfragen eines Helfers nicht mehr gestattet, nur der Hilfesuchende darf Fragen stellen oder wie?!
Gerade wenn nur reine private Nutzung vorliegt ist der Einsatz eines Professional-Windows recht fragwürdig und es stellt sich die Frage wo du die her hast, aber das wurde ja geklärt nachdem ich nachgefragt und du mir Infos gepostet hast.

Was bitte ist mit dem anderen Log (MBAR) ?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Geändert von cosinus (14.02.2013 um 09:42 Uhr)

Alt 14.02.2013, 15:30   #9
nerd18
 
GUV Angriff - Standard

GUV Angriff



Also zu 1. Ich habe die XP Version vor ca. 4 Monaten im Octomedia Rastatt für 29.90€ gekauft und ich versichere dir, daß ich die ausschließlich privat nutze. Und natürlich darfst du Fragen stellen, schließlich will ich was von dir/euch und nicht umgekehrt.

Zu 2.

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.339000 GHz
Memory total: 3220287488, free: 2187362304

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.339000 GHz
Memory total: 3220287488, free: 2185416704

------------ Kernel report ------------
     02/13/2013 16:51:05
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
gfibto.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
Mup.sys
BtHidBus.sys
63696872.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\VcommMgr.sys
\SystemRoot\System32\Drivers\IvtBtBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\6369687.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\LEqdUsb.Sys
\SystemRoot\System32\Drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\SBREDrv.sys
\SystemRoot\System32\Drivers\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\system32\DRIVERS\63696871.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\RtNdPt5x.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\VComm.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\LBeepKE.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\tdspusbbus_w732.sys
\SystemRoot\system32\DRIVERS\BlueToothUsb_w732.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\wlusb732.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b1efab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-10\
Lower Device Object: 0xffffffff8b1e8940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.13.07
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b1efab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b1f0b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b1efab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b1f59e8, DeviceName: \Device\00000081\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b1e8940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-10\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe86f63d8, 0xffffffff8b1efab8, 0xffffffff87cc4040
Lower DeviceData: 0xffffffffe82506e8, 0xffffffff8b1e8940, 0xffffffff88019d38
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 502F502E

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 1465127937
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...
Done!
Performing system, memory and registry scan...
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.339000 GHz
Memory total: 3220287488, free: 2119852032

------------ Kernel report ------------
     02/13/2013 18:24:44
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
gfibto.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
Mup.sys
BtHidBus.sys
63696872.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\VcommMgr.sys
\SystemRoot\System32\Drivers\IvtBtBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\6369687.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\LEqdUsb.Sys
\SystemRoot\System32\Drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\SBREDrv.sys
\SystemRoot\System32\Drivers\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\system32\DRIVERS\63696871.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\RtNdPt5x.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\VComm.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\LBeepKE.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\tdspusbbus_w732.sys
\SystemRoot\system32\DRIVERS\BlueToothUsb_w732.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\wlusb732.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\2EAF2BC1.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b1efab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-10\
Lower Device Object: 0xffffffff8b1e8940
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffff88019d38
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.339000 GHz
Memory total: 3220287488, free: 2700144640

=======================================
         

Alt 14.02.2013, 15:34   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Angriff - Standard

GUV Angriff



Danke, dass ich Fragen stellen darf

Du hast das falsche Log von MBAR gepostet, bitte die Anleitungen sorgfältiger lesen und umsetzen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 21:21   #11
nerd18
 
GUV Angriff - Standard

GUV Angriff



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.14.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512


14.02.2013 21:19:05
mbar-log-2013-02-14 (21-19-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29662
Time elapsed: 1 hour(s), 11 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 15.02.2013, 10:51   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Angriff - Standard

GUV Angriff



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.02.2013, 18:41   #13
nerd18
 
GUV Angriff - Standard

GUV Angriff



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-15 17:43:16
-----------------------------
17:43:16.921    OS Version: Windows 5.1.2600 Service Pack 3
17:43:16.921    Number of processors: 4 586 0x170A
17:43:16.921    ComputerName:   UserName: 
17:43:25.078    Initialize success
17:43:25.218    AVAST engine defs: 13021500
17:43:38.296    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
17:43:38.312    Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715404MB BusType: 3
17:43:38.328    Disk 0 MBR read successfully
17:43:38.328    Disk 0 MBR scan
17:43:38.328    Disk 0 Windows XP default MBR code
17:43:38.343    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       715394 MB offset 63
17:43:38.359    Disk 0 scanning sectors +1465128000
17:43:38.484    Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:09.406    Service scanning
17:44:40.609    Modules scanning
17:45:10.156    Disk 0 trace - called modules:
17:45:10.187    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 
17:45:10.187    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b232ab8]
17:45:10.187    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000081[0x8b1f49e8]
17:45:10.187    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8b236940]
17:45:18.109    AVAST engine scan C:\WINDOWS
17:46:17.296    AVAST engine scan C:\WINDOWS\system32
17:53:32.546    AVAST engine scan C:\WINDOWS\system32\drivers
17:55:13.437    AVAST engine scan C:\Dokumente und Einstellungen\Mario
18:23:30.046    AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:31:49.390    Scan finished successfully
18:39:58.250    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Mario\Desktop\MBR.dat"
18:39:58.250    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Mario\Desktop\aswMBR.txt"
         
Code:
ATTFilter
18:42:19.0046 2896  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:42:19.0203 2896  ============================================================
18:42:19.0203 2896  Current date / time: 2013/02/15 18:42:19.0203
18:42:19.0203 2896  SystemInfo:
18:42:19.0203 2896  
18:42:19.0203 2896  OS Version: 5.1.2600 ServicePack: 3.0
18:42:19.0203 2896  Product type: Workstation
18:42:19.0203 2896  ComputerName:
18:42:19.0203 2896  UserName: 
18:42:19.0203 2896  Windows directory: C:\WINDOWS
18:42:19.0203 2896  System windows directory: C:\WINDOWS
18:42:19.0203 2896  Processor architecture: Intel x86
18:42:19.0203 2896  Number of processors: 4
18:42:19.0203 2896  Page size: 0x1000
18:42:19.0203 2896  Boot type: Normal boot
18:42:19.0203 2896  ============================================================
18:42:20.0687 2896  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:42:20.0703 2896  ============================================================
18:42:20.0703 2896  \Device\Harddisk0\DR0:
18:42:20.0703 2896  MBR partitions:
18:42:20.0703 2896  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57541401
18:42:20.0703 2896  ============================================================
18:42:20.0734 2896  C: <-> \Device\Harddisk0\DR0\Partition1
18:42:20.0734 2896  ============================================================
18:42:20.0734 2896  Initialize success
18:42:20.0734 2896  ============================================================
18:43:14.0687 3492  ============================================================
18:43:14.0687 3492  Scan started
18:43:14.0687 3492  Mode: Manual; SigCheck; TDLFS; 
18:43:14.0687 3492  ============================================================
18:43:15.0718 3492  ================ Scan system memory ========================
18:43:15.0718 3492  System memory - ok
18:43:15.0718 3492  ================ Scan services =============================
18:43:16.0000 3492  [ 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C ] 63696871        C:\WINDOWS\system32\DRIVERS\63696871.sys
18:43:16.0187 3492  63696871 - ok
18:43:16.0218 3492  [ A305FAD3719C5DB0C13D1C2BFD08A04D ] 63696872        C:\WINDOWS\system32\DRIVERS\63696872.sys
18:43:16.0234 3492  63696872 - ok
18:43:16.0265 3492  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
18:43:16.0281 3492  Aavmker4 - ok
18:43:16.0281 3492  Abiosdsk - ok
18:43:16.0281 3492  abp480n5 - ok
18:43:16.0343 3492  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:43:16.0765 3492  ACPI - ok
18:43:16.0796 3492  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
18:43:16.0906 3492  ACPIEC - ok
18:43:17.0375 3492  [ A09A61CFDE15E5A67701EA812CE3F43F ] Ad-Aware Service C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
18:43:17.0984 3492  Ad-Aware Service - ok
18:43:18.0109 3492  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:43:18.0187 3492  AdobeFlashPlayerUpdateSvc - ok
18:43:18.0203 3492  adpu160m - ok
18:43:18.0250 3492  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
18:43:18.0390 3492  aec - ok
18:43:18.0468 3492  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
18:43:18.0562 3492  AFD - ok
18:43:18.0562 3492  Aha154x - ok
18:43:18.0562 3492  aic78u2 - ok
18:43:18.0562 3492  aic78xx - ok
18:43:18.0625 3492  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
18:43:18.0718 3492  ALG - ok
18:43:18.0718 3492  AliIde - ok
18:43:19.0171 3492  [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
18:43:20.0078 3492  Ambfilt - ok
18:43:20.0093 3492  amsint - ok
18:43:20.0156 3492  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:43:20.0187 3492  Apple Mobile Device - ok
18:43:20.0265 3492  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
18:43:20.0406 3492  AppMgmt - ok
18:43:20.0421 3492  asc - ok
18:43:20.0421 3492  asc3350p - ok
18:43:20.0421 3492  asc3550 - ok
18:43:20.0531 3492  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:43:20.0578 3492  aspnet_state - ok
18:43:20.0593 3492  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:43:20.0609 3492  aswFsBlk - ok
18:43:20.0656 3492  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
18:43:20.0687 3492  aswMon2 - ok
18:43:20.0718 3492  [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
18:43:20.0734 3492  aswRdr - ok
18:43:20.0937 3492  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
18:43:21.0296 3492  aswSnx - ok
18:43:21.0390 3492  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
18:43:21.0562 3492  aswSP - ok
18:43:21.0593 3492  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
18:43:21.0625 3492  aswTdi - ok
18:43:21.0640 3492  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:43:21.0750 3492  AsyncMac - ok
18:43:21.0796 3492  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
18:43:21.0906 3492  atapi - ok
18:43:21.0906 3492  Atdisk - ok
18:43:22.0000 3492  [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
18:43:22.0093 3492  atksgt ( UnsignedFile.Multi.Generic ) - warning
18:43:22.0093 3492  atksgt - detected UnsignedFile.Multi.Generic (1)
18:43:22.0109 3492  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:43:22.0234 3492  Atmarpc - ok
18:43:22.0265 3492  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
18:43:22.0375 3492  AudioSrv - ok
18:43:22.0406 3492  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
18:43:22.0500 3492  audstub - ok
18:43:22.0593 3492  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
18:43:22.0609 3492  avast! Antivirus - ok
18:43:22.0640 3492  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:43:22.0750 3492  Beep - ok
18:43:22.0875 3492  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
18:43:23.0203 3492  BITS - ok
18:43:23.0562 3492  [ 0241CE991BF44F297866C75216ACF830 ] BlueSoleilCS    C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
18:43:23.0953 3492  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - warning
18:43:23.0953 3492  BlueSoleilCS - detected UnsignedFile.Multi.Generic (1)
18:43:24.0062 3492  [ 1AE68AAF7A3FBA941B3C309DC8E378E6 ] BlueToothUsb_w732 C:\WINDOWS\system32\DRIVERS\BlueToothUsb_w732.sys
18:43:24.0140 3492  BlueToothUsb_w732 ( UnsignedFile.Multi.Generic ) - warning
18:43:24.0140 3492  BlueToothUsb_w732 - detected UnsignedFile.Multi.Generic (1)
18:43:24.0265 3492  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
18:43:24.0437 3492  Bonjour Service - ok
18:43:24.0468 3492  [ 76762D169FFC6727359FD58C8FC00487 ] BsHelpCS        C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe
18:43:24.0531 3492  BsHelpCS ( UnsignedFile.Multi.Generic ) - warning
18:43:24.0531 3492  BsHelpCS - detected UnsignedFile.Multi.Generic (1)
18:43:24.0562 3492  [ 32CCF60F6E491A2A931A63E928677403 ] BT              C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
18:43:24.0593 3492  BT - ok
18:43:24.0609 3492  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
18:43:24.0734 3492  BthEnum - ok
18:43:24.0750 3492  [ FCF500C9E89E193E038DCFCDBA6AA032 ] BtHidBus        C:\WINDOWS\system32\Drivers\BtHidBus.sys
18:43:24.0765 3492  BtHidBus - ok
18:43:24.0812 3492  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
18:43:24.0968 3492  BthPan - ok
18:43:25.0062 3492  [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
18:43:25.0187 3492  BTHPORT - ok
18:43:25.0218 3492  [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ         C:\WINDOWS\System32\bthserv.dll
18:43:25.0375 3492  BthServ - ok
18:43:25.0375 3492  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
18:43:25.0500 3492  BTHUSB - ok
18:43:25.0625 3492  [ 1F0F5603867AB7ED6CF7D0C3CEBA4812 ] BTUSBCARD       C:\WINDOWS\system32\DRIVERS\BtUsbCard.sys
18:43:25.0734 3492  BTUSBCARD - ok
18:43:25.0765 3492  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
18:43:25.0906 3492  cbidf2k - ok
18:43:25.0953 3492  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:43:26.0062 3492  CCDECODE - ok
18:43:26.0062 3492  cd20xrnt - ok
18:43:26.0093 3492  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
18:43:26.0203 3492  Cdaudio - ok
18:43:26.0218 3492  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
18:43:26.0328 3492  Cdfs - ok
18:43:26.0390 3492  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:43:26.0515 3492  Cdrom - ok
18:43:26.0515 3492  Changer - ok
18:43:26.0546 3492  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
18:43:26.0671 3492  CiSvc - ok
18:43:26.0703 3492  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
18:43:26.0812 3492  ClipSrv - ok
18:43:26.0843 3492  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:43:26.0937 3492  clr_optimization_v2.0.50727_32 - ok
18:43:26.0937 3492  CmdIde - ok
18:43:26.0937 3492  COMSysApp - ok
18:43:26.0953 3492  Cpqarray - ok
18:43:26.0984 3492  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
18:43:27.0093 3492  CryptSvc - ok
18:43:27.0093 3492  dac2w2k - ok
18:43:27.0093 3492  dac960nt - ok
18:43:27.0234 3492  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:43:27.0437 3492  DcomLaunch - ok
18:43:27.0656 3492  [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS          C:\Programme\Ashampoo\Ashampoo WinOptimizer Free\Dfsdks.exe
18:43:27.0828 3492  DfSdkS ( UnsignedFile.Multi.Generic ) - warning
18:43:27.0828 3492  DfSdkS - detected UnsignedFile.Multi.Generic (1)
18:43:27.0890 3492  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
18:43:28.0015 3492  Dhcp - ok
18:43:28.0031 3492  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
18:43:28.0156 3492  Disk - ok
18:43:28.0156 3492  dmadmin - ok
18:43:28.0390 3492  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
18:43:28.0828 3492  dmboot - ok
18:43:28.0875 3492  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\DRIVERS\dmio.sys
18:43:29.0062 3492  dmio - ok
18:43:29.0078 3492  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
18:43:29.0171 3492  dmload - ok
18:43:29.0203 3492  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
18:43:29.0312 3492  dmserver - ok
18:43:29.0343 3492  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
18:43:29.0484 3492  DMusic - ok
18:43:29.0531 3492  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:43:29.0578 3492  Dnscache - ok
18:43:29.0640 3492  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:43:29.0765 3492  Dot3svc - ok
18:43:29.0765 3492  dpti2o - ok
18:43:29.0765 3492  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:43:29.0875 3492  drmkaud - ok
18:43:29.0890 3492  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
18:43:30.0000 3492  EapHost - ok
18:43:30.0015 3492  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
18:43:30.0125 3492  ERSvc - ok
18:43:30.0171 3492  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
18:43:30.0265 3492  Eventlog - ok
18:43:30.0390 3492  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
18:43:30.0484 3492  EventSystem - ok
18:43:30.0531 3492  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
18:43:30.0671 3492  Fastfat - ok
18:43:30.0750 3492  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:43:30.0812 3492  FastUserSwitchingCompatibility - ok
18:43:30.0843 3492  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
18:43:30.0937 3492  Fdc - ok
18:43:30.0968 3492  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
18:43:31.0078 3492  Fips - ok
18:43:31.0078 3492  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
18:43:31.0187 3492  Flpydisk - ok
18:43:31.0250 3492  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:43:31.0390 3492  FltMgr - ok
18:43:31.0437 3492  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:43:31.0453 3492  FontCache3.0.0.0 - ok
18:43:31.0484 3492  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:43:31.0609 3492  Fs_Rec - ok
18:43:31.0656 3492  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:43:31.0781 3492  Ftdisk - ok
18:43:31.0812 3492  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:43:31.0828 3492  GEARAspiWDM - ok
18:43:31.0859 3492  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
18:43:31.0875 3492  gfibto - ok
18:43:31.0906 3492  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:43:32.0031 3492  Gpc - ok
18:43:32.0125 3492  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
18:43:32.0171 3492  gupdate - ok
18:43:32.0218 3492  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
18:43:32.0218 3492  gupdatem - ok
18:43:32.0250 3492  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
18:43:32.0265 3492  hamachi - ok
18:43:32.0718 3492  [ F31D7F8A7699575DBB3B3A3AB4AA6216 ] Hamachi2Svc     C:\Programme\LogMeIn Hamachi\hamachi-2.exe
18:43:33.0562 3492  Hamachi2Svc - ok
18:43:33.0593 3492  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:43:33.0765 3492  HDAudBus - ok
18:43:33.0890 3492  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:43:34.0109 3492  helpsvc - ok
18:43:34.0156 3492  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
18:43:34.0296 3492  HidServ - ok
18:43:34.0328 3492  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:43:34.0437 3492  hidusb - ok
18:43:34.0515 3492  [ 7602D89068E124D55B91ED3072B7F442 ] HitmanProScheduler C:\Programme\HitmanPro\hmpsched.exe
18:43:34.0546 3492  HitmanProScheduler - ok
18:43:34.0609 3492  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
18:43:34.0703 3492  hkmsvc - ok
18:43:34.0703 3492  hpn - ok
18:43:34.0812 3492  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
18:43:34.0953 3492  HTTP - ok
18:43:34.0984 3492  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
18:43:35.0125 3492  HTTPFilter - ok
18:43:35.0125 3492  i2omgmt - ok
18:43:35.0125 3492  i2omp - ok
18:43:35.0156 3492  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:43:35.0359 3492  i8042prt - ok
18:43:35.0406 3492  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:43:35.0437 3492  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:43:35.0437 3492  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:43:35.0718 3492  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:43:36.0156 3492  idsvc - ok
18:43:36.0187 3492  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
18:43:36.0328 3492  Imapi - ok
18:43:36.0390 3492  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
18:43:36.0546 3492  ImapiService - ok
18:43:36.0546 3492  ini910u - ok
18:43:38.0468 3492  [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:43:42.0171 3492  IntcAzAudAddService - ok
18:43:42.0171 3492  IntelIde - ok
18:43:42.0218 3492  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:43:42.0328 3492  intelppm - ok
18:43:42.0343 3492  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
18:43:42.0484 3492  Ip6Fw - ok
18:43:42.0531 3492  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:43:42.0656 3492  IpFilterDriver - ok
18:43:42.0687 3492  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:43:42.0812 3492  IpInIp - ok
18:43:42.0859 3492  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:43:43.0000 3492  IpNat - ok
18:43:43.0218 3492  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
18:43:43.0437 3492  iPod Service - ok
18:43:43.0468 3492  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:43:43.0593 3492  IPSec - ok
18:43:43.0609 3492  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
18:43:43.0671 3492  IRENUM - ok
18:43:43.0718 3492  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:43:43.0843 3492  isapnp - ok
18:43:43.0875 3492  [ D53D7ED7D85A18B0CD4626B88B6DA52A ] IvtBtBUs        C:\WINDOWS\system32\Drivers\IvtBtBus.sys
18:43:43.0890 3492  IvtBtBUs - ok
18:43:43.0984 3492  [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
18:43:44.0046 3492  JavaQuickStarterService - ok
18:43:44.0046 3492  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:43:44.0156 3492  Kbdclass - ok
18:43:44.0171 3492  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:43:44.0281 3492  kbdhid - ok
18:43:44.0359 3492  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
18:43:44.0484 3492  kmixer - ok
18:43:44.0531 3492  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
18:43:44.0593 3492  KSecDD - ok
18:43:44.0656 3492  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
18:43:44.0734 3492  lanmanserver - ok
18:43:44.0734 3492  Lavasoft Kernexplorer - ok
18:43:44.0750 3492  [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
18:43:44.0765 3492  LBeepKE - ok
18:43:44.0765 3492  lbrtfdc - ok
18:43:44.0906 3492  [ 910344E2A984010435AE84783B25E5EB ] LBTServ         C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
18:43:45.0031 3492  LBTServ - ok
18:43:45.0062 3492  [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb         C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
18:43:45.0078 3492  LEqdUsb - ok
18:43:45.0109 3492  [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd         C:\WINDOWS\system32\Drivers\LHidEqd.Sys
18:43:45.0125 3492  LHidEqd - ok
18:43:45.0156 3492  [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:43:45.0171 3492  LHidFilt - ok
18:43:45.0218 3492  [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
18:43:45.0234 3492  lirsgt ( UnsignedFile.Multi.Generic ) - warning
18:43:45.0234 3492  lirsgt - detected UnsignedFile.Multi.Generic (1)
18:43:45.0265 3492  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
18:43:45.0359 3492  LmHosts - ok
18:43:45.0375 3492  [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:43:45.0406 3492  LMouFilt - ok
18:43:45.0406 3492  [ 081CAF42D5DB1FCF8794FD77BEFD1B11 ] lusbaudio       C:\WINDOWS\system32\drivers\OVSound2.sys
18:43:45.0515 3492  lusbaudio - ok
18:43:45.0531 3492  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
18:43:45.0656 3492  mnmdd - ok
18:43:45.0687 3492  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
18:43:45.0796 3492  mnmsrvc - ok
18:43:45.0812 3492  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
18:43:45.0937 3492  Modem - ok
18:43:45.0968 3492  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:43:46.0078 3492  MODEMCSA - ok
18:43:46.0468 3492  [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
18:43:47.0250 3492  Monfilt - ok
18:43:47.0265 3492  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:43:47.0359 3492  Mouclass - ok
18:43:47.0375 3492  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:43:47.0468 3492  mouhid - ok
18:43:47.0484 3492  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
18:43:47.0609 3492  MountMgr - ok
18:43:47.0703 3492  [ 59EA30F848EC832E7CEC6F56F428C24B ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:43:47.0750 3492  MozillaMaintenance - ok
18:43:47.0750 3492  mraid35x - ok
18:43:47.0828 3492  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:43:47.0984 3492  MRxDAV - ok
18:43:48.0015 3492  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
18:43:48.0109 3492  MSDTC - ok
18:43:48.0125 3492  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:43:48.0250 3492  Msfs - ok
18:43:48.0250 3492  MSIServer - ok
18:43:48.0312 3492  [ 3846C05A66A3F5CD1D33E1A323C1762C ] MSI_MSIBIOS_010507 C:\Programme\MSI\Live Update 5\msibios32_100507.sys
18:43:48.0328 3492  MSI_MSIBIOS_010507 - ok
18:43:48.0359 3492  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:43:48.0453 3492  MSKSSRV - ok
18:43:48.0453 3492  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:43:48.0546 3492  MSPCLOCK - ok
18:43:48.0546 3492  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:43:48.0671 3492  MSPQM - ok
18:43:48.0671 3492  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:43:48.0765 3492  mssmbios - ok
18:43:48.0812 3492  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:43:48.0906 3492  MSTEE - ok
18:43:48.0953 3492  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
18:43:49.0000 3492  Mup - ok
18:43:49.0046 3492  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:43:49.0171 3492  NABTSFEC - ok
18:43:49.0296 3492  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:43:49.0468 3492  napagent - ok
18:43:49.0531 3492  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:43:49.0671 3492  NDIS - ok
18:43:49.0687 3492  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:43:49.0796 3492  NdisIP - ok
18:43:49.0828 3492  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:43:49.0843 3492  NdisTapi - ok
18:43:49.0859 3492  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:43:49.0953 3492  Ndisuio - ok
18:43:49.0984 3492  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:43:50.0125 3492  NdisWan - ok
18:43:50.0171 3492  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:43:50.0218 3492  NDProxy - ok
18:43:50.0265 3492  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:43:50.0406 3492  NetBT - ok
18:43:50.0468 3492  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:43:50.0578 3492  NetDDE - ok
18:43:50.0609 3492  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:43:50.0703 3492  NetDDEdsdm - ok
18:43:50.0781 3492  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
18:43:50.0937 3492  Netman - ok
18:43:51.0015 3492  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:43:51.0062 3492  NetTcpPortSharing - ok
18:43:51.0156 3492  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
18:43:51.0250 3492  Nla - ok
18:43:51.0250 3492  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:43:51.0359 3492  Npfs - ok
18:43:51.0500 3492  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:43:51.0812 3492  Ntfs - ok
18:43:51.0859 3492  [ CD2166C9511D336A058CDE91778AAA69 ] NTIOLib_1_0_4   C:\Programme\MSI\Live Update 5\NTIOLib.sys
18:43:51.0859 3492  NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - warning
18:43:51.0859 3492  NTIOLib_1_0_4 - detected UnsignedFile.Multi.Generic (1)
18:43:52.0000 3492  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
18:43:52.0281 3492  NtmsSvc - ok
18:43:52.0281 3492  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:43:52.0406 3492  Null - ok
18:43:55.0890 3492  [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:44:02.0531 3492  nv - ok
18:44:02.0640 3492  [ 0573C75A2895D973EA6EF2495620BA49 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
18:44:02.0750 3492  nvsvc - ok
18:44:03.0390 3492  [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:44:04.0546 3492  nvUpdatusService - ok
18:44:04.0593 3492  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:44:04.0718 3492  NwlnkFlt - ok
18:44:04.0718 3492  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:44:04.0828 3492  NwlnkFwd - ok
18:44:04.0875 3492  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
18:44:05.0000 3492  Parport - ok
18:44:05.0015 3492  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
18:44:05.0125 3492  PartMgr - ok
18:44:05.0187 3492  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:44:05.0328 3492  ParVdm - ok
18:44:05.0359 3492  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
18:44:05.0500 3492  PCI - ok
18:44:05.0500 3492  PCIDump - ok
18:44:05.0500 3492  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:44:05.0578 3492  PCIIde - ok
18:44:05.0625 3492  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
18:44:05.0765 3492  Pcmcia - ok
18:44:05.0765 3492  PDCOMP - ok
18:44:05.0765 3492  PDFRAME - ok
18:44:05.0765 3492  PDRELI - ok
18:44:05.0765 3492  PDRFRAME - ok
18:44:05.0765 3492  perc2 - ok
18:44:05.0765 3492  perc2hib - ok
18:44:05.0828 3492  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
18:44:05.0843 3492  PlugPlay - ok
18:44:05.0890 3492  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
18:44:06.0000 3492  PolicyAgent - ok
18:44:06.0015 3492  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:44:06.0125 3492  PptpMiniport - ok
18:44:06.0140 3492  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:44:06.0234 3492  ProtectedStorage - ok
18:44:06.0250 3492  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:44:06.0359 3492  PSched - ok
18:44:06.0375 3492  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:44:06.0468 3492  Ptilink - ok
18:44:06.0515 3492  [ 90849934D37133E069F31F3E9A66C9BC ] QCEmerald       C:\WINDOWS\system32\DRIVERS\OVCE.sys
18:44:06.0609 3492  QCEmerald - ok
18:44:06.0625 3492  ql1080 - ok
18:44:06.0625 3492  Ql10wnt - ok
18:44:06.0625 3492  ql12160 - ok
18:44:06.0625 3492  ql1240 - ok
18:44:06.0625 3492  ql1280 - ok
18:44:06.0640 3492  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:44:06.0734 3492  RasAcd - ok
18:44:06.0765 3492  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:44:06.0890 3492  RasAuto - ok
18:44:06.0921 3492  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:44:07.0015 3492  Rasl2tp - ok
18:44:07.0093 3492  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:44:07.0250 3492  RasMan - ok
18:44:07.0250 3492  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:44:07.0359 3492  RasPppoe - ok
18:44:07.0375 3492  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:44:07.0468 3492  Raspti - ok
18:44:07.0546 3492  [ 3B2C6A59BE5CAF83B0DF044AD0157893 ] RDID1076        C:\WINDOWS\system32\Drivers\rdwm1076.sys
18:44:07.0609 3492  RDID1076 ( UnsignedFile.Multi.Generic ) - warning
18:44:07.0609 3492  RDID1076 - detected UnsignedFile.Multi.Generic (1)
18:44:07.0609 3492  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:44:07.0718 3492  RDPCDD - ok
18:44:07.0781 3492  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:44:07.0937 3492  rdpdr - ok
18:44:08.0000 3492  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:44:08.0078 3492  RDPWD - ok
18:44:08.0156 3492  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
18:44:08.0296 3492  RDSessMgr - ok
18:44:08.0312 3492  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
18:44:08.0421 3492  redbook - ok
18:44:08.0468 3492  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:44:08.0593 3492  RemoteAccess - ok
18:44:08.0625 3492  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:44:08.0734 3492  RemoteRegistry - ok
18:44:08.0781 3492  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
18:44:08.0890 3492  RFCOMM - ok
18:44:08.0921 3492  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
18:44:09.0015 3492  ROOTMODEM - ok
18:44:09.0140 3492  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:44:09.0250 3492  RpcSs - ok
18:44:09.0296 3492  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
18:44:09.0421 3492  RSVP - ok
18:44:09.0515 3492  [ D3578C3806ED545E5C36B2A20F5C0B5A ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:44:09.0609 3492  RTLE8023xp - ok
18:44:09.0656 3492  [ A0EBC181CAE932989B3884F3B9F7A7DD ] RTLTEAMING      C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
18:44:09.0671 3492  RTLTEAMING - ok
18:44:09.0718 3492  [ 5FFD2AAF467B80FAB34929AFB7702060 ] RtNdPt5x        C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
18:44:09.0765 3492  RtNdPt5x - ok
18:44:09.0781 3492  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:44:09.0890 3492  SamSs - ok
18:44:11.0031 3492  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
18:44:12.0921 3492  SBAMSvc - ok
18:44:12.0984 3492  [ 0505DA5D357F18A5D42FC5DEDE6BC9A0 ] SBRE            C:\WINDOWS\system32\drivers\SBREDrv.sys
18:44:13.0031 3492  SBRE - ok
18:44:13.0078 3492  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:44:13.0218 3492  SCardSvr - ok
18:44:13.0296 3492  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:44:13.0468 3492  Schedule - ok
18:44:13.0468 3492  Scutum50 - ok
18:44:13.0484 3492  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:44:13.0562 3492  Secdrv - ok
18:44:13.0593 3492  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:44:13.0718 3492  seclogon - ok
18:44:13.0765 3492  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
18:44:13.0890 3492  SENS - ok
18:44:13.0906 3492  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
18:44:14.0015 3492  serenum - ok
18:44:14.0046 3492  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
18:44:14.0156 3492  Serial - ok
18:44:14.0281 3492  [ 66EF49622BAA18E4D4F1FE4BAE1D51B8 ] setup_9.0.0.722_07.07.2012_12-34drv C:\WINDOWS\system32\DRIVERS\6369687.sys
18:44:14.0375 3492  setup_9.0.0.722_07.07.2012_12-34drv - ok
18:44:14.0390 3492  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
18:44:14.0484 3492  Sfloppy - ok
18:44:14.0609 3492  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:44:14.0859 3492  SharedAccess - ok
18:44:14.0906 3492  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:44:14.0937 3492  ShellHWDetection - ok
18:44:14.0937 3492  Simbad - ok
18:44:14.0984 3492  [ 6225224B8E846AC230F8D9B343635910 ] sisidex         C:\WINDOWS\system32\drivers\sisidex.sys
18:44:15.0000 3492  sisidex ( UnsignedFile.Multi.Generic ) - warning
18:44:15.0000 3492  sisidex - detected UnsignedFile.Multi.Generic (1)
18:44:15.0015 3492  [ 161811814F04CEB57A51561808888831 ] SISNICXP        C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
18:44:15.0078 3492  SISNICXP - ok
18:44:15.0078 3492  [ 596D4A7052002D2BD344D8937DA6F66D ] sisperf         C:\WINDOWS\system32\drivers\sisperf.sys
18:44:15.0093 3492  sisperf ( UnsignedFile.Multi.Generic ) - warning
18:44:15.0093 3492  sisperf - detected UnsignedFile.Multi.Generic (1)
18:44:15.0968 3492  [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:44:17.0515 3492  Skype C2C Service - ok
18:44:17.0593 3492  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
18:44:17.0640 3492  SkypeUpdate - ok
18:44:17.0671 3492  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:44:17.0781 3492  SLIP - ok
18:44:17.0781 3492  Sparrow - ok
18:44:17.0843 3492  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:44:17.0937 3492  splitter - ok
18:44:17.0984 3492  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
18:44:18.0031 3492  Spooler - ok
18:44:18.0078 3492  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:44:18.0171 3492  sr - ok
18:44:18.0234 3492  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
18:44:18.0375 3492  srservice - ok
18:44:18.0484 3492  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:44:18.0671 3492  Srv - ok
18:44:18.0718 3492  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:44:18.0796 3492  SSDPSRV - ok
18:44:18.0812 3492  [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
18:44:18.0906 3492  StillCam - ok
18:44:19.0000 3492  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:44:19.0281 3492  stisvc - ok
18:44:19.0296 3492  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:44:19.0406 3492  streamip - ok
18:44:19.0421 3492  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:44:19.0515 3492  swenum - ok
18:44:19.0546 3492  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:44:19.0671 3492  swmidi - ok
18:44:19.0687 3492  SwPrv - ok
18:44:19.0687 3492  symc810 - ok
18:44:19.0687 3492  symc8xx - ok
18:44:19.0687 3492  sym_hi - ok
18:44:19.0687 3492  sym_u3 - ok
18:44:19.0718 3492  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:44:19.0843 3492  sysaudio - ok
18:44:19.0875 3492  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
18:44:19.0984 3492  SysmonLog - ok
18:44:20.0062 3492  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:44:20.0265 3492  TapiSrv - ok
18:44:20.0390 3492  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:44:20.0640 3492  Tcpip - ok
18:44:20.0656 3492  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:44:20.0765 3492  TDPIPE - ok
18:44:20.0796 3492  [ F1546D43937E54B8AA416F1831FFF252 ] TdspUsbBus_w732 C:\WINDOWS\system32\DRIVERS\tdspusbbus_w732.sys
18:44:20.0828 3492  TdspUsbBus_w732 - ok
18:44:20.0843 3492  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
18:44:20.0953 3492  TDTCP - ok
18:44:20.0968 3492  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:44:21.0078 3492  TermDD - ok
18:44:21.0187 3492  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:44:21.0359 3492  TermService - ok
18:44:21.0421 3492  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:44:21.0453 3492  Themes - ok
18:44:21.0500 3492  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
18:44:21.0578 3492  TlntSvr - ok
18:44:21.0578 3492  TosIde - ok
18:44:21.0609 3492  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:44:21.0718 3492  TrkWks - ok
18:44:21.0765 3492  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:44:21.0906 3492  Udfs - ok
18:44:21.0906 3492  ultra - ok
18:44:22.0000 3492  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:44:22.0265 3492  Update - ok
18:44:22.0328 3492  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:44:22.0453 3492  upnphost - ok
18:44:22.0468 3492  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
18:44:22.0578 3492  UPS - ok
18:44:22.0609 3492  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
18:44:22.0656 3492  USBAAPL - ok
18:44:22.0687 3492  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
18:44:22.0812 3492  usbaudio - ok
18:44:22.0843 3492  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:44:22.0937 3492  usbccgp - ok
18:44:22.0984 3492  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:44:23.0093 3492  usbehci - ok
18:44:23.0109 3492  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:44:23.0218 3492  usbhub - ok
18:44:23.0250 3492  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:44:23.0359 3492  usbprint - ok
18:44:23.0375 3492  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:44:23.0468 3492  usbscan - ok
18:44:23.0500 3492  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:44:23.0625 3492  USBSTOR - ok
18:44:23.0640 3492  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:44:23.0750 3492  usbuhci - ok
18:44:23.0796 3492  [ 0955553090E0A88614E5B8A02AF9324C ] VComm           C:\WINDOWS\system32\DRIVERS\VComm.sys
18:44:23.0812 3492  VComm - ok
18:44:23.0843 3492  [ EBF022EC5B0E15B4C225F28031E4123A ] VcommMgr        C:\WINDOWS\system32\Drivers\VcommMgr.sys
18:44:23.0859 3492  VcommMgr - ok
18:44:23.0890 3492  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
18:44:23.0984 3492  VgaSave - ok
18:44:23.0984 3492  ViaIde - ok
18:44:24.0015 3492  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
18:44:24.0125 3492  VolSnap - ok
18:44:24.0218 3492  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
18:44:24.0343 3492  VSS - ok
18:44:24.0421 3492  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
18:44:24.0562 3492  W32Time - ok
18:44:24.0578 3492  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:44:24.0718 3492  Wanarp - ok
18:44:24.0843 3492  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
18:44:25.0046 3492  Wdf01000 - ok
18:44:25.0046 3492  WDICA - ok
18:44:25.0109 3492  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:44:25.0250 3492  wdmaud - ok
18:44:25.0281 3492  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:44:25.0390 3492  WebClient - ok
18:44:25.0515 3492  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:44:25.0656 3492  winmgmt - ok
18:44:25.0703 3492  [ D769C645DBB5BA6E468EA79EA7932C11 ] WLAN3DSPUSBXP   C:\WINDOWS\system32\DRIVERS\wlusb732.sys
18:44:25.0765 3492  WLAN3DSPUSBXP - ok
18:44:25.0796 3492  [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
18:44:25.0906 3492  WmdmPmSN - ok
18:44:26.0093 3492  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
18:44:26.0421 3492  Wmi - ok
18:44:26.0500 3492  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:44:26.0625 3492  WmiApSrv - ok
18:44:26.0671 3492  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
18:44:26.0812 3492  wscsvc - ok
18:44:26.0843 3492  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:44:26.0968 3492  WSTCODEC - ok
18:44:26.0968 3492  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:44:27.0078 3492  wuauserv - ok
18:44:27.0234 3492  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:44:27.0515 3492  WZCSVC - ok
18:44:27.0531 3492  XDva397 - ok
18:44:27.0578 3492  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
18:44:27.0734 3492  xmlprov - ok
18:44:27.0750 3492  ================ Scan global ===============================
18:44:27.0765 3492  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
18:44:27.0906 3492  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:44:28.0062 3492  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:44:28.0125 3492  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
18:44:28.0125 3492  [Global] - ok
18:44:28.0125 3492  ================ Scan MBR ==================================
18:44:28.0156 3492  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
18:44:28.0484 3492  \Device\Harddisk0\DR0 - ok
18:44:28.0484 3492  ================ Scan VBR ==================================
18:44:28.0500 3492  [ BC4D642DCB496DC7E25651FABE7FC4AE ] \Device\Harddisk0\DR0\Partition1
18:44:28.0500 3492  \Device\Harddisk0\DR0\Partition1 - ok
18:44:28.0500 3492  ============================================================
18:44:28.0500 3492  Scan finished
18:44:28.0500 3492  ============================================================
18:44:28.0609 3104  Detected object count: 11
18:44:28.0609 3104  Actual detected object count: 11
         

Alt 16.02.2013, 14:48   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Angriff - Standard

GUV Angriff



TDSS Log ist unvollständig denn die untere Zusammenfassung fehlt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.02.2013, 21:57   #15
nerd18
 
GUV Angriff - Standard

GUV Angriff



Code:
ATTFilter
21:52:23.0875 3816  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:52:24.0031 3816  ============================================================
21:52:24.0031 3816  Current date / time: 2013/02/16 21:52:24.0031
21:52:24.0031 3816  SystemInfo:
21:52:24.0031 3816  
21:52:24.0031 3816  OS Version: 5.1.2600 ServicePack: 3.0
21:52:24.0031 3816  Product type: Workstation
21:52:24.0031 3816  ComputerName:
21:52:24.0031 3816  UserName:
21:52:24.0031 3816  Windows directory: C:\WINDOWS
21:52:24.0031 3816  System windows directory: C:\WINDOWS
21:52:24.0031 3816  Processor architecture: Intel x86
21:52:24.0031 3816  Number of processors: 4
21:52:24.0031 3816  Page size: 0x1000
21:52:24.0031 3816  Boot type: Normal boot
21:52:24.0031 3816  ============================================================
21:52:25.0531 3816  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:52:25.0531 3816  ============================================================
21:52:25.0531 3816  \Device\Harddisk0\DR0:
21:52:25.0531 3816  MBR partitions:
21:52:25.0531 3816  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57541401
21:52:25.0546 3816  ============================================================
21:52:25.0578 3816  C: <-> \Device\Harddisk0\DR0\Partition1
21:52:25.0578 3816  ============================================================
21:52:25.0578 3816  Initialize success
21:52:25.0578 3816  ============================================================
21:52:34.0250 4064  ============================================================
21:52:34.0250 4064  Scan started
21:52:34.0250 4064  Mode: Manual; SigCheck; TDLFS; 
21:52:34.0250 4064  ============================================================
21:52:35.0828 4064  ================ Scan system memory ========================
21:52:35.0828 4064  System memory - ok
21:52:35.0828 4064  ================ Scan services =============================
21:52:36.0109 4064  [ 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C ] 63696871        C:\WINDOWS\system32\DRIVERS\63696871.sys
21:52:36.0343 4064  63696871 - ok
21:52:36.0390 4064  [ A305FAD3719C5DB0C13D1C2BFD08A04D ] 63696872        C:\WINDOWS\system32\DRIVERS\63696872.sys
21:52:36.0406 4064  63696872 - ok
21:52:36.0453 4064  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
21:52:36.0484 4064  Aavmker4 - ok
21:52:36.0484 4064  Abiosdsk - ok
21:52:36.0484 4064  abp480n5 - ok
21:52:36.0546 4064  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:52:40.0046 4064  ACPI - ok
21:52:40.0062 4064  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:52:40.0218 4064  ACPIEC - ok
21:52:40.0703 4064  [ A09A61CFDE15E5A67701EA812CE3F43F ] Ad-Aware Service C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
21:52:41.0312 4064  Ad-Aware Service - ok
21:52:41.0437 4064  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:52:41.0515 4064  AdobeFlashPlayerUpdateSvc - ok
21:52:41.0515 4064  adpu160m - ok
21:52:41.0593 4064  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:52:41.0750 4064  aec - ok
21:52:41.0812 4064  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:52:41.0875 4064  AFD - ok
21:52:41.0875 4064  Aha154x - ok
21:52:41.0875 4064  aic78u2 - ok
21:52:41.0875 4064  aic78xx - ok
21:52:41.0937 4064  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
21:52:42.0015 4064  ALG - ok
21:52:42.0015 4064  AliIde - ok
21:52:42.0484 4064  [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
21:52:43.0734 4064  Ambfilt - ok
21:52:43.0734 4064  amsint - ok
21:52:43.0796 4064  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:52:43.0828 4064  Apple Mobile Device - ok
21:52:43.0921 4064  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
21:52:44.0031 4064  AppMgmt - ok
21:52:44.0031 4064  asc - ok
21:52:44.0046 4064  asc3350p - ok
21:52:44.0046 4064  asc3550 - ok
21:52:44.0140 4064  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:52:44.0187 4064  aspnet_state - ok
21:52:44.0203 4064  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:52:44.0234 4064  aswFsBlk - ok
21:52:44.0281 4064  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
21:52:44.0312 4064  aswMon2 - ok
21:52:44.0343 4064  [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
21:52:44.0359 4064  aswRdr - ok
21:52:44.0562 4064  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
21:52:44.0906 4064  aswSnx - ok
21:52:45.0031 4064  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
21:52:45.0203 4064  aswSP - ok
21:52:45.0234 4064  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
21:52:45.0265 4064  aswTdi - ok
21:52:45.0296 4064  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:52:45.0390 4064  AsyncMac - ok
21:52:45.0437 4064  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:52:45.0546 4064  atapi - ok
21:52:45.0562 4064  Atdisk - ok
21:52:45.0640 4064  [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
21:52:45.0718 4064  atksgt ( UnsignedFile.Multi.Generic ) - warning
21:52:45.0718 4064  atksgt - detected UnsignedFile.Multi.Generic (1)
21:52:45.0765 4064  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:52:45.0953 4064  Atmarpc - ok
21:52:45.0984 4064  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:52:46.0093 4064  AudioSrv - ok
21:52:46.0125 4064  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:52:46.0218 4064  audstub - ok
21:52:46.0312 4064  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
21:52:46.0328 4064  avast! Antivirus - ok
21:52:46.0375 4064  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:52:46.0500 4064  Beep - ok
21:52:46.0640 4064  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:52:46.0953 4064  BITS - ok
21:52:47.0250 4064  [ 0241CE991BF44F297866C75216ACF830 ] BlueSoleilCS    C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
21:52:47.0593 4064  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - warning
21:52:47.0593 4064  BlueSoleilCS - detected UnsignedFile.Multi.Generic (1)
21:52:47.0718 4064  [ 1AE68AAF7A3FBA941B3C309DC8E378E6 ] BlueToothUsb_w732 C:\WINDOWS\system32\DRIVERS\BlueToothUsb_w732.sys
21:52:47.0812 4064  BlueToothUsb_w732 ( UnsignedFile.Multi.Generic ) - warning
21:52:47.0812 4064  BlueToothUsb_w732 - detected UnsignedFile.Multi.Generic (1)
21:52:47.0921 4064  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
21:52:48.0109 4064  Bonjour Service - ok
21:52:48.0140 4064  [ 76762D169FFC6727359FD58C8FC00487 ] BsHelpCS        C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe
21:52:48.0203 4064  BsHelpCS ( UnsignedFile.Multi.Generic ) - warning
21:52:48.0203 4064  BsHelpCS - detected UnsignedFile.Multi.Generic (1)
21:52:48.0234 4064  [ 32CCF60F6E491A2A931A63E928677403 ] BT              C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
21:52:48.0250 4064  BT - ok
21:52:48.0281 4064  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:52:48.0390 4064  BthEnum - ok
21:52:48.0421 4064  [ FCF500C9E89E193E038DCFCDBA6AA032 ] BtHidBus        C:\WINDOWS\system32\Drivers\BtHidBus.sys
21:52:48.0437 4064  BtHidBus - ok
21:52:48.0484 4064  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:52:48.0609 4064  BthPan - ok
21:52:48.0703 4064  [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
21:52:48.0859 4064  BTHPORT - ok
21:52:48.0890 4064  [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ         C:\WINDOWS\System32\bthserv.dll
21:52:49.0015 4064  BthServ - ok
21:52:49.0031 4064  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:52:49.0140 4064  BTHUSB - ok
21:52:49.0218 4064  [ 1F0F5603867AB7ED6CF7D0C3CEBA4812 ] BTUSBCARD       C:\WINDOWS\system32\DRIVERS\BtUsbCard.sys
21:52:49.0312 4064  BTUSBCARD - ok
21:52:49.0343 4064  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:52:49.0468 4064  cbidf2k - ok
21:52:49.0515 4064  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:52:49.0625 4064  CCDECODE - ok
21:52:49.0625 4064  cd20xrnt - ok
21:52:49.0656 4064  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:52:49.0765 4064  Cdaudio - ok
21:52:49.0796 4064  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:52:49.0906 4064  Cdfs - ok
21:52:49.0984 4064  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:52:50.0093 4064  Cdrom - ok
21:52:50.0093 4064  Changer - ok
21:52:50.0125 4064  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:52:50.0250 4064  CiSvc - ok
21:52:50.0281 4064  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:52:50.0406 4064  ClipSrv - ok
21:52:50.0453 4064  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:50.0531 4064  clr_optimization_v2.0.50727_32 - ok
21:52:50.0531 4064  CmdIde - ok
21:52:50.0531 4064  COMSysApp - ok
21:52:50.0531 4064  Cpqarray - ok
21:52:50.0578 4064  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:52:50.0703 4064  CryptSvc - ok
21:52:50.0703 4064  dac2w2k - ok
21:52:50.0703 4064  dac960nt - ok
21:52:50.0828 4064  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:52:51.0062 4064  DcomLaunch - ok
21:52:51.0265 4064  [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS          C:\Programme\Ashampoo\Ashampoo WinOptimizer Free\Dfsdks.exe
21:52:51.0453 4064  DfSdkS ( UnsignedFile.Multi.Generic ) - warning
21:52:51.0453 4064  DfSdkS - detected UnsignedFile.Multi.Generic (1)
21:52:51.0515 4064  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:52:51.0640 4064  Dhcp - ok
21:52:51.0656 4064  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:52:51.0781 4064  Disk - ok
21:52:51.0781 4064  dmadmin - ok
21:52:52.0031 4064  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:52:52.0468 4064  dmboot - ok
21:52:52.0515 4064  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\DRIVERS\dmio.sys
21:52:52.0656 4064  dmio - ok
21:52:52.0656 4064  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:52:52.0750 4064  dmload - ok
21:52:52.0765 4064  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:52:52.0875 4064  dmserver - ok
21:52:52.0921 4064  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:52:53.0046 4064  DMusic - ok
21:52:53.0093 4064  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:52:53.0265 4064  Dnscache - ok
21:52:53.0328 4064  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:52:53.0453 4064  Dot3svc - ok
21:52:53.0453 4064  dpti2o - ok
21:52:53.0468 4064  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:52:53.0562 4064  drmkaud - ok
21:52:53.0593 4064  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:52:53.0703 4064  EapHost - ok
21:52:53.0750 4064  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:52:53.0859 4064  ERSvc - ok
21:52:53.0906 4064  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
21:52:53.0953 4064  Eventlog - ok
21:52:54.0062 4064  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
21:52:54.0250 4064  EventSystem - ok
21:52:54.0312 4064  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:52:54.0437 4064  Fastfat - ok
21:52:54.0515 4064  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:52:54.0593 4064  FastUserSwitchingCompatibility - ok
21:52:54.0609 4064  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
21:52:54.0718 4064  Fdc - ok
21:52:54.0734 4064  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:52:54.0843 4064  Fips - ok
21:52:54.0859 4064  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
21:52:54.0968 4064  Flpydisk - ok
21:52:55.0015 4064  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:52:55.0203 4064  FltMgr - ok
21:52:55.0265 4064  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:52:55.0296 4064  FontCache3.0.0.0 - ok
21:52:55.0328 4064  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:52:55.0453 4064  Fs_Rec - ok
21:52:55.0515 4064  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:52:55.0640 4064  Ftdisk - ok
21:52:55.0656 4064  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:52:55.0687 4064  GEARAspiWDM - ok
21:52:55.0718 4064  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
21:52:55.0734 4064  gfibto - ok
21:52:55.0765 4064  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:52:55.0875 4064  Gpc - ok
21:52:55.0968 4064  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
21:52:56.0000 4064  gupdate - ok
21:52:56.0031 4064  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
21:52:56.0046 4064  gupdatem - ok
21:52:56.0078 4064  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:52:56.0093 4064  hamachi - ok
21:52:56.0531 4064  [ F31D7F8A7699575DBB3B3A3AB4AA6216 ] Hamachi2Svc     C:\Programme\LogMeIn Hamachi\hamachi-2.exe
21:52:57.0250 4064  Hamachi2Svc - ok
21:52:57.0281 4064  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:52:57.0421 4064  HDAudBus - ok
21:52:57.0515 4064  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:52:57.0625 4064  helpsvc - ok
21:52:57.0671 4064  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:52:57.0796 4064  HidServ - ok
21:52:57.0812 4064  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:52:57.0921 4064  hidusb - ok
21:52:57.0984 4064  [ 7602D89068E124D55B91ED3072B7F442 ] HitmanProScheduler C:\Programme\HitmanPro\hmpsched.exe
21:52:58.0031 4064  HitmanProScheduler - ok
21:52:58.0062 4064  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:52:58.0203 4064  hkmsvc - ok
21:52:58.0203 4064  hpn - ok
21:52:58.0312 4064  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:52:58.0437 4064  HTTP - ok
21:52:58.0453 4064  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:52:58.0640 4064  HTTPFilter - ok
21:52:58.0640 4064  i2omgmt - ok
21:52:58.0640 4064  i2omp - ok
21:52:58.0656 4064  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:52:58.0796 4064  i8042prt - ok
21:52:58.0875 4064  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:52:58.0921 4064  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:52:58.0921 4064  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:52:59.0203 4064  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:52:59.0687 4064  idsvc - ok
21:52:59.0718 4064  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:52:59.0828 4064  Imapi - ok
21:52:59.0906 4064  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:53:00.0031 4064  ImapiService - ok
21:53:00.0046 4064  ini910u - ok
21:53:01.0984 4064  [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:53:05.0843 4064  IntcAzAudAddService - ok
21:53:05.0843 4064  IntelIde - ok
21:53:05.0906 4064  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:53:06.0015 4064  intelppm - ok
21:53:06.0046 4064  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:53:06.0171 4064  Ip6Fw - ok
21:53:06.0218 4064  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:53:06.0343 4064  IpFilterDriver - ok
21:53:06.0375 4064  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:53:06.0500 4064  IpInIp - ok
21:53:06.0531 4064  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:53:06.0687 4064  IpNat - ok
21:53:06.0921 4064  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
21:53:07.0156 4064  iPod Service - ok
21:53:07.0171 4064  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:53:07.0312 4064  IPSec - ok
21:53:07.0328 4064  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:53:07.0390 4064  IRENUM - ok
21:53:07.0437 4064  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:53:07.0546 4064  isapnp - ok
21:53:07.0578 4064  [ D53D7ED7D85A18B0CD4626B88B6DA52A ] IvtBtBUs        C:\WINDOWS\system32\Drivers\IvtBtBus.sys
21:53:07.0593 4064  IvtBtBUs - ok
21:53:07.0687 4064  [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
21:53:07.0750 4064  JavaQuickStarterService - ok
21:53:07.0750 4064  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:53:07.0859 4064  Kbdclass - ok
21:53:07.0875 4064  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:53:07.0984 4064  kbdhid - ok
21:53:08.0046 4064  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:53:08.0187 4064  kmixer - ok
21:53:08.0234 4064  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:53:08.0296 4064  KSecDD - ok
21:53:08.0359 4064  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:53:08.0437 4064  lanmanserver - ok
21:53:08.0437 4064  Lavasoft Kernexplorer - ok
21:53:08.0453 4064  [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
21:53:08.0468 4064  LBeepKE - ok
21:53:08.0468 4064  lbrtfdc - ok
21:53:08.0609 4064  [ 910344E2A984010435AE84783B25E5EB ] LBTServ         C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
21:53:08.0703 4064  LBTServ - ok
21:53:08.0718 4064  [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb         C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
21:53:08.0750 4064  LEqdUsb - ok
21:53:08.0765 4064  [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd         C:\WINDOWS\system32\Drivers\LHidEqd.Sys
21:53:08.0781 4064  LHidEqd - ok
21:53:08.0796 4064  [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:53:08.0828 4064  LHidFilt - ok
21:53:08.0875 4064  [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
21:53:08.0890 4064  lirsgt ( UnsignedFile.Multi.Generic ) - warning
21:53:08.0890 4064  lirsgt - detected UnsignedFile.Multi.Generic (1)
21:53:08.0906 4064  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:53:09.0000 4064  LmHosts - ok
21:53:09.0015 4064  [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:53:09.0046 4064  LMouFilt - ok
21:53:09.0062 4064  [ 081CAF42D5DB1FCF8794FD77BEFD1B11 ] lusbaudio       C:\WINDOWS\system32\drivers\OVSound2.sys
21:53:09.0171 4064  lusbaudio - ok
21:53:09.0187 4064  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:53:09.0312 4064  mnmdd - ok
21:53:09.0359 4064  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:53:09.0468 4064  mnmsrvc - ok
21:53:09.0484 4064  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:53:09.0609 4064  Modem - ok
21:53:09.0640 4064  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:53:09.0750 4064  MODEMCSA - ok
21:53:10.0125 4064  [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
21:53:10.0843 4064  Monfilt - ok
21:53:10.0859 4064  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:53:10.0968 4064  Mouclass - ok
21:53:10.0968 4064  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:53:11.0062 4064  mouhid - ok
21:53:11.0093 4064  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:53:11.0218 4064  MountMgr - ok
21:53:11.0296 4064  [ 59EA30F848EC832E7CEC6F56F428C24B ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:53:11.0343 4064  MozillaMaintenance - ok
21:53:11.0343 4064  mraid35x - ok
21:53:11.0421 4064  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:53:11.0578 4064  MRxDAV - ok
21:53:11.0593 4064  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:53:11.0703 4064  MSDTC - ok
21:53:11.0718 4064  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:53:11.0828 4064  Msfs - ok
21:53:11.0828 4064  MSIServer - ok
21:53:11.0859 4064  [ 3846C05A66A3F5CD1D33E1A323C1762C ] MSI_MSIBIOS_010507 C:\Programme\MSI\Live Update 5\msibios32_100507.sys
21:53:11.0890 4064  MSI_MSIBIOS_010507 - ok
21:53:11.0906 4064  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:53:12.0015 4064  MSKSSRV - ok
21:53:12.0015 4064  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:53:12.0125 4064  MSPCLOCK - ok
21:53:12.0125 4064  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:53:12.0234 4064  MSPQM - ok
21:53:12.0250 4064  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:53:12.0359 4064  mssmbios - ok
21:53:12.0390 4064  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:53:12.0484 4064  MSTEE - ok
21:53:12.0531 4064  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:53:12.0593 4064  Mup - ok
21:53:12.0640 4064  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:53:12.0796 4064  NABTSFEC - ok
21:53:12.0921 4064  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:53:13.0156 4064  napagent - ok
21:53:13.0203 4064  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:53:13.0359 4064  NDIS - ok
21:53:13.0375 4064  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:53:13.0484 4064  NdisIP - ok
21:53:13.0515 4064  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:53:13.0546 4064  NdisTapi - ok
21:53:13.0562 4064  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:53:13.0656 4064  Ndisuio - ok
21:53:13.0687 4064  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:53:13.0828 4064  NdisWan - ok
21:53:13.0859 4064  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:53:13.0921 4064  NDProxy - ok
21:53:13.0968 4064  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:53:14.0109 4064  NetBT - ok
21:53:14.0156 4064  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:53:14.0296 4064  NetDDE - ok
21:53:14.0328 4064  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:53:14.0437 4064  NetDDEdsdm - ok
21:53:14.0515 4064  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
21:53:14.0703 4064  Netman - ok
21:53:14.0765 4064  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:53:14.0828 4064  NetTcpPortSharing - ok
21:53:14.0937 4064  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:53:15.0015 4064  Nla - ok
21:53:15.0031 4064  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:53:15.0156 4064  Npfs - ok
21:53:15.0296 4064  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:53:15.0625 4064  Ntfs - ok
21:53:15.0656 4064  [ CD2166C9511D336A058CDE91778AAA69 ] NTIOLib_1_0_4   C:\Programme\MSI\Live Update 5\NTIOLib.sys
21:53:15.0687 4064  NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - warning
21:53:15.0687 4064  NTIOLib_1_0_4 - detected UnsignedFile.Multi.Generic (1)
21:53:15.0843 4064  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:53:16.0125 4064  NtmsSvc - ok
21:53:16.0140 4064  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:53:16.0250 4064  Null - ok
21:53:19.0578 4064  [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:53:26.0703 4064  nv - ok
21:53:26.0812 4064  [ 0573C75A2895D973EA6EF2495620BA49 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
21:53:26.0906 4064  nvsvc - ok
21:53:27.0562 4064  [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:53:28.0796 4064  nvUpdatusService - ok
21:53:28.0843 4064  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:53:29.0031 4064  NwlnkFlt - ok
21:53:29.0078 4064  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:53:29.0234 4064  NwlnkFwd - ok
21:53:29.0296 4064  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:53:29.0421 4064  Parport - ok
21:53:29.0437 4064  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:53:29.0562 4064  PartMgr - ok
21:53:29.0609 4064  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:53:29.0718 4064  ParVdm - ok
21:53:29.0765 4064  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:53:29.0890 4064  PCI - ok
21:53:29.0890 4064  PCIDump - ok
21:53:29.0906 4064  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:53:30.0000 4064  PCIIde - ok
21:53:30.0078 4064  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:53:30.0218 4064  Pcmcia - ok
21:53:30.0218 4064  PDCOMP - ok
21:53:30.0218 4064  PDFRAME - ok
21:53:30.0218 4064  PDRELI - ok
21:53:30.0218 4064  PDRFRAME - ok
21:53:30.0234 4064  perc2 - ok
21:53:30.0234 4064  perc2hib - ok
21:53:30.0296 4064  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
21:53:30.0328 4064  PlugPlay - ok
21:53:30.0375 4064  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:53:30.0484 4064  PolicyAgent - ok
21:53:30.0500 4064  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:53:30.0625 4064  PptpMiniport - ok
21:53:30.0640 4064  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:53:30.0750 4064  ProtectedStorage - ok
21:53:30.0781 4064  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:53:30.0937 4064  PSched - ok
21:53:30.0953 4064  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:53:31.0093 4064  Ptilink - ok
21:53:31.0125 4064  [ 90849934D37133E069F31F3E9A66C9BC ] QCEmerald       C:\WINDOWS\system32\DRIVERS\OVCE.sys
21:53:31.0234 4064  QCEmerald - ok
21:53:31.0250 4064  ql1080 - ok
21:53:31.0250 4064  Ql10wnt - ok
21:53:31.0250 4064  ql12160 - ok
21:53:31.0250 4064  ql1240 - ok
21:53:31.0265 4064  ql1280 - ok
21:53:31.0265 4064  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:53:31.0390 4064  RasAcd - ok
21:53:31.0421 4064  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:53:31.0578 4064  RasAuto - ok
21:53:31.0609 4064  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:53:31.0843 4064  Rasl2tp - ok
21:53:31.0921 4064  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:53:32.0093 4064  RasMan - ok
21:53:32.0109 4064  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:53:32.0234 4064  RasPppoe - ok
21:53:32.0250 4064  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:53:32.0343 4064  Raspti - ok
21:53:32.0421 4064  [ 3B2C6A59BE5CAF83B0DF044AD0157893 ] RDID1076        C:\WINDOWS\system32\Drivers\rdwm1076.sys
21:53:32.0500 4064  RDID1076 ( UnsignedFile.Multi.Generic ) - warning
21:53:32.0500 4064  RDID1076 - detected UnsignedFile.Multi.Generic (1)
21:53:32.0500 4064  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:53:32.0609 4064  RDPCDD - ok
21:53:32.0671 4064  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:53:32.0828 4064  rdpdr - ok
21:53:32.0921 4064  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:53:33.0312 4064  RDPWD - ok
21:53:33.0390 4064  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:53:33.0578 4064  RDSessMgr - ok
21:53:33.0593 4064  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:53:33.0734 4064  redbook - ok
21:53:33.0765 4064  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:53:33.0890 4064  RemoteAccess - ok
21:53:33.0921 4064  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:53:34.0078 4064  RemoteRegistry - ok
21:53:34.0125 4064  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:53:34.0250 4064  RFCOMM - ok
21:53:34.0281 4064  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
21:53:34.0421 4064  ROOTMODEM - ok
21:53:34.0578 4064  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:53:34.0687 4064  RpcSs - ok
21:53:34.0765 4064  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:53:34.0921 4064  RSVP - ok
21:53:35.0078 4064  [ D3578C3806ED545E5C36B2A20F5C0B5A ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:53:35.0187 4064  RTLE8023xp - ok
21:53:35.0234 4064  [ A0EBC181CAE932989B3884F3B9F7A7DD ] RTLTEAMING      C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
21:53:35.0250 4064  RTLTEAMING - ok
21:53:35.0296 4064  [ 5FFD2AAF467B80FAB34929AFB7702060 ] RtNdPt5x        C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
21:53:35.0359 4064  RtNdPt5x - ok
21:53:35.0390 4064  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:53:35.0468 4064  SamSs - ok
21:53:36.0750 4064  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
21:53:38.0734 4064  SBAMSvc - ok
21:53:38.0796 4064  [ 0505DA5D357F18A5D42FC5DEDE6BC9A0 ] SBRE            C:\WINDOWS\system32\drivers\SBREDrv.sys
21:53:38.0843 4064  SBRE - ok
21:53:38.0890 4064  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:53:39.0109 4064  SCardSvr - ok
21:53:39.0203 4064  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:53:39.0390 4064  Schedule - ok
21:53:39.0390 4064  Scutum50 - ok
21:53:39.0421 4064  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:53:39.0515 4064  Secdrv - ok
21:53:39.0562 4064  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:53:39.0703 4064  seclogon - ok
21:53:39.0734 4064  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
21:53:39.0875 4064  SENS - ok
21:53:39.0890 4064  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:53:40.0046 4064  serenum - ok
21:53:40.0156 4064  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:53:40.0484 4064  Serial - ok
21:53:40.0640 4064  [ 66EF49622BAA18E4D4F1FE4BAE1D51B8 ] setup_9.0.0.722_07.07.2012_12-34drv C:\WINDOWS\system32\DRIVERS\6369687.sys
21:53:40.0750 4064  setup_9.0.0.722_07.07.2012_12-34drv - ok
21:53:40.0765 4064  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:53:40.0859 4064  Sfloppy - ok
21:53:41.0015 4064  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:53:41.0281 4064  SharedAccess - ok
21:53:41.0328 4064  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:53:41.0359 4064  ShellHWDetection - ok
21:53:41.0359 4064  Simbad - ok
21:53:41.0406 4064  [ 6225224B8E846AC230F8D9B343635910 ] sisidex         C:\WINDOWS\system32\drivers\sisidex.sys
21:53:41.0421 4064  sisidex ( UnsignedFile.Multi.Generic ) - warning
21:53:41.0421 4064  sisidex - detected UnsignedFile.Multi.Generic (1)
21:53:41.0437 4064  [ 161811814F04CEB57A51561808888831 ] SISNICXP        C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
21:53:41.0515 4064  SISNICXP - ok
21:53:41.0515 4064  [ 596D4A7052002D2BD344D8937DA6F66D ] sisperf         C:\WINDOWS\system32\drivers\sisperf.sys
21:53:41.0531 4064  sisperf ( UnsignedFile.Multi.Generic ) - warning
21:53:41.0531 4064  sisperf - detected UnsignedFile.Multi.Generic (1)
21:53:42.0500 4064  [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:53:44.0218 4064  Skype C2C Service - ok
21:53:44.0296 4064  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
21:53:44.0359 4064  SkypeUpdate - ok
21:53:44.0375 4064  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:53:44.0484 4064  SLIP - ok
21:53:44.0484 4064  Sparrow - ok
21:53:44.0531 4064  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:53:44.0625 4064  splitter - ok
21:53:44.0671 4064  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:53:44.0734 4064  Spooler - ok
21:53:44.0781 4064  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:53:44.0875 4064  sr - ok
21:53:44.0937 4064  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:53:45.0093 4064  srservice - ok
21:53:45.0203 4064  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:53:45.0390 4064  Srv - ok
21:53:45.0437 4064  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:53:45.0531 4064  SSDPSRV - ok
21:53:45.0546 4064  [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
21:53:45.0640 4064  StillCam - ok
21:53:45.0750 4064  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:53:46.0031 4064  stisvc - ok
21:53:46.0046 4064  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:53:46.0156 4064  streamip - ok
21:53:46.0171 4064  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:53:46.0281 4064  swenum - ok
21:53:46.0296 4064  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:53:46.0406 4064  swmidi - ok
21:53:46.0406 4064  SwPrv - ok
21:53:46.0421 4064  symc810 - ok
21:53:46.0421 4064  symc8xx - ok
21:53:46.0421 4064  sym_hi - ok
21:53:46.0421 4064  sym_u3 - ok
21:53:46.0437 4064  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:53:46.0562 4064  sysaudio - ok
21:53:46.0609 4064  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:53:46.0734 4064  SysmonLog - ok
21:53:46.0812 4064  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:53:47.0015 4064  TapiSrv - ok
21:53:47.0171 4064  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:53:47.0390 4064  Tcpip - ok
21:53:47.0421 4064  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:53:47.0875 4064  TDPIPE - ok
21:53:47.0890 4064  [ F1546D43937E54B8AA416F1831FFF252 ] TdspUsbBus_w732 C:\WINDOWS\system32\DRIVERS\tdspusbbus_w732.sys
21:53:47.0968 4064  TdspUsbBus_w732 - ok
21:53:47.0984 4064  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:53:48.0187 4064  TDTCP - ok
21:53:48.0203 4064  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:53:48.0421 4064  TermDD - ok
21:53:48.0593 4064  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:53:48.0875 4064  TermService - ok
21:53:48.0921 4064  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:53:48.0953 4064  Themes - ok
21:53:49.0031 4064  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
21:53:49.0218 4064  TlntSvr - ok
21:53:49.0218 4064  TosIde - ok
21:53:49.0265 4064  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:53:49.0390 4064  TrkWks - ok
21:53:49.0437 4064  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:53:49.0578 4064  Udfs - ok
21:53:49.0578 4064  ultra - ok
21:53:49.0687 4064  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:53:49.0968 4064  Update - ok
21:53:50.0031 4064  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:53:50.0156 4064  upnphost - ok
21:53:50.0203 4064  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
21:53:50.0328 4064  UPS - ok
21:53:50.0359 4064  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
21:53:50.0421 4064  USBAAPL - ok
21:53:50.0453 4064  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
21:53:50.0593 4064  usbaudio - ok
21:53:50.0625 4064  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:53:50.0750 4064  usbccgp - ok
21:53:50.0796 4064  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:53:50.0937 4064  usbehci - ok
21:53:50.0953 4064  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:53:51.0109 4064  usbhub - ok
21:53:51.0125 4064  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:53:51.0265 4064  usbprint - ok
21:53:51.0265 4064  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:53:51.0375 4064  usbscan - ok
21:53:51.0406 4064  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:53:51.0562 4064  USBSTOR - ok
21:53:51.0562 4064  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:53:51.0671 4064  usbuhci - ok
21:53:51.0718 4064  [ 0955553090E0A88614E5B8A02AF9324C ] VComm           C:\WINDOWS\system32\DRIVERS\VComm.sys
21:53:51.0734 4064  VComm - ok
21:53:51.0765 4064  [ EBF022EC5B0E15B4C225F28031E4123A ] VcommMgr        C:\WINDOWS\system32\Drivers\VcommMgr.sys
21:53:51.0796 4064  VcommMgr - ok
21:53:51.0828 4064  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:53:51.0937 4064  VgaSave - ok
21:53:51.0937 4064  ViaIde - ok
21:53:51.0968 4064  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:53:52.0093 4064  VolSnap - ok
21:53:52.0187 4064  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
21:53:52.0359 4064  VSS - ok
21:53:52.0421 4064  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
21:53:52.0578 4064  W32Time - ok
21:53:52.0593 4064  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:53:52.0687 4064  Wanarp - ok
21:53:52.0828 4064  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
21:53:53.0062 4064  Wdf01000 - ok
21:53:53.0062 4064  WDICA - ok
21:53:53.0093 4064  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:53:53.0218 4064  wdmaud - ok
21:53:53.0250 4064  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:53:53.0375 4064  WebClient - ok
21:53:53.0500 4064  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:53:53.0640 4064  winmgmt - ok
21:53:53.0687 4064  [ D769C645DBB5BA6E468EA79EA7932C11 ] WLAN3DSPUSBXP   C:\WINDOWS\system32\DRIVERS\wlusb732.sys
21:53:53.0765 4064  WLAN3DSPUSBXP - ok
21:53:53.0796 4064  [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
21:53:53.0906 4064  WmdmPmSN - ok
21:53:54.0109 4064  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
21:53:54.0531 4064  Wmi - ok
21:53:54.0609 4064  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:53:54.0734 4064  WmiApSrv - ok
21:53:54.0781 4064  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:53:54.0906 4064  wscsvc - ok
21:53:54.0921 4064  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:53:55.0062 4064  WSTCODEC - ok
21:53:55.0109 4064  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:53:55.0218 4064  wuauserv - ok
21:53:55.0390 4064  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:53:55.0734 4064  WZCSVC - ok
21:53:55.0750 4064  XDva397 - ok
21:53:55.0781 4064  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:53:55.0953 4064  xmlprov - ok
21:53:55.0968 4064  ================ Scan global ===============================
21:53:55.0984 4064  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:53:56.0218 4064  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:53:56.0359 4064  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:53:56.0421 4064  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:53:56.0437 4064  [Global] - ok
21:53:56.0437 4064  ================ Scan MBR ==================================
21:53:56.0453 4064  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:53:56.0796 4064  \Device\Harddisk0\DR0 - ok
21:53:56.0796 4064  ================ Scan VBR ==================================
21:53:56.0796 4064  [ BC4D642DCB496DC7E25651FABE7FC4AE ] \Device\Harddisk0\DR0\Partition1
21:53:56.0796 4064  \Device\Harddisk0\DR0\Partition1 - ok
21:53:56.0796 4064  ============================================================
21:53:56.0796 4064  Scan finished
21:53:56.0796 4064  ============================================================
21:53:56.0937 3176  Detected object count: 11
21:53:56.0937 3176  Actual detected object count: 11
21:54:10.0875 3176  atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0875 3176  atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0875 3176  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0875 3176  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0875 3176  BlueToothUsb_w732 ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0875 3176  BlueToothUsb_w732 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0875 3176  BsHelpCS ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0875 3176  BsHelpCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0890 3176  DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0890 3176  DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0890 3176  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0890 3176  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0890 3176  lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0890 3176  lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0890 3176  NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0890 3176  NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0890 3176  RDID1076 ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0890 3176  RDID1076 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0890 3176  sisidex ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0890 3176  sisidex ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:10.0890 3176  sisperf ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:10.0890 3176  sisperf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:54:15.0468 3320  Deinitialize success
         

Antwort

Themen zu GUV Angriff
administrator, angrif, angriff, anti-malware, antimalware, autostart, bösartige, dateien, entfernt, explorer, free, griff, laufen, minute, rechner, registrierung, service, service pack 3, speicher, tool, unsicher, version, wiederherstellung, wirklich, überhaupt



Ähnliche Themen: GUV Angriff


  1. DDoS angriff? :(
    Plagegeister aller Art und deren Bekämpfung - 26.10.2014 (7)
  2. erneuter GVU Angriff!
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (16)
  3. Angriff auf zap-hosting.com
    Nachrichten - 02.07.2013 (0)
  4. Und noch ein GVU Angriff :(
    Plagegeister aller Art und deren Bekämpfung - 22.05.2013 (36)
  5. Trojaner angriff
    Log-Analyse und Auswertung - 05.02.2012 (1)
  6. Angriff auf Website
    Diskussionsforum - 26.08.2011 (1)
  7. Win 7 securtiy Angriff
    Log-Analyse und Auswertung - 28.06.2011 (4)
  8. Ddos angriff ?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2011 (12)
  9. SSL-GAU: Ein Angriff im Cyberwar?
    Nachrichten - 24.03.2011 (0)
  10. Dos-Angriff?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2009 (43)
  11. Angriff von: BDS/Ciadoor.N.10
    Log-Analyse und Auswertung - 19.03.2008 (2)
  12. Angriff testen
    Mülltonne - 26.05.2007 (3)
  13. Angriff von IP-Adresse
    Antiviren-, Firewall- und andere Schutzprogramme - 25.01.2007 (6)
  14. Angriff aus dem Internet
    Mülltonne - 19.08.2006 (1)
  15. Angriff via ICQ bekannt
    Log-Analyse und Auswertung - 14.06.2006 (1)
  16. Angriff
    Antiviren-, Firewall- und andere Schutzprogramme - 15.09.2005 (2)
  17. ANGRIFF: Helkern
    Plagegeister aller Art und deren Bekämpfung - 28.12.2004 (2)

Zum Thema GUV Angriff - Hallo, gestern hat mich nun auch erwischt. Ich habe meinen Rechner eigentlich auch wieder hin bekommen. Jedoch bin ich da etwas unsicher ob das Ding wirklich weg ist. Ich habe - GUV Angriff...
Archiv
Du betrachtest: GUV Angriff auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.