Zeus Trojaner??

premutos · 03.11.2012, 23:05

hallo
habe von web.de eine email bekommen dass mein rechner mit zeus infiziert sei.zur zeit benutze ich regelmäßig drei pcs und hab deshalb keine ahnung welcher pc befallen ist oder ob es sogar alle drei sind.ich dachte ich fang einfach mal mit einem an und hoffe dass mir jemand helfen kann.
ich danke schonmal im vorraus.
im anhang hab ich otl und GMER files

cosinus · 05.11.2012, 15:58

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen aufmerksam durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Zitat:

im anhang hab ich otl und GMER files

Auch schon andere Scans gemacht? Wenn ja => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

premutos · 05.11.2012, 18:01

danke dass du dich meines problems annimmst.nein, sonst hab ich keine weiteren scans gemacht. ist das mit dem anhang ok oder soll ich dir die logfiles nochmal extra posten?

cosinus · 06.11.2012, 11:46

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

premutos · 07.11.2012, 10:24

ok hier sind die logfiles der neuen scans.
TDSSKiller:
\System32\xmlprov.dll
10:20:10.0765 2508 xmlprov - ok
10:20:10.0781 2508 ================ Scan global ===============================
10:20:10.0828 2508 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINXP\system32\basesrv.dll
10:20:10.0906 2508 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll
10:20:10.0906 2508 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll
10:20:10.0937 2508 [ 4BB6A83640F1D1792AD21CE767B621C6 ] C:\WINXP\system32\services.exe
10:20:10.0937 2508 [Global] - ok
10:20:10.0937 2508 ================ Scan MBR ==================================
10:20:10.0953 2508 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:20:11.0250 2508 \Device\Harddisk0\DR0 - ok
10:20:11.0250 2508 ================ Scan VBR ==================================
10:20:11.0250 2508 [ EFFFFCD5A090C30D8A1317977671F905 ] \Device\Harddisk0\DR0\Partition1
10:20:11.0250 2508 \Device\Harddisk0\DR0\Partition1 - ok
10:20:11.0265 2508 ============================================================
10:20:11.0265 2508 Scan finished
10:20:11.0265 2508 ============================================================
10:20:11.0375 0980 Detected object count: 15
10:20:11.0375 0980 Actual detected object count: 15
10:20:30.0140 0980 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0140 0980 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0140 0980 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0140 0980 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0140 0980 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0140 0980 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0156 0980 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0156 0980 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0156 0980 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0156 0980 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0156 0980 WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980 WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0156 0980 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0171 0980 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0171 0980 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0171 0980 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0171 0980 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:30.0171 0980 WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0171 0980 WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip http://www.trojaner-board.de/images/editor/menupop.gif

und aswmbr:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-07 10:16:16
-----------------------------
10:16:16.593 OS Version: Windows 5.1.2600 Service Pack 3
10:16:16.593 Number of processors: 2 586 0x6802
10:16:16.593 ComputerName: BEAR-0FA5999299 UserName: protz
10:16:17.265 Initialize success
10:16:21.781 AVAST engine download error: 0
10:16:35.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:16:35.281 Disk 0 Vendor: TOSHIBA_MK1646GSX LB114C Size: 152627MB BusType: 3
10:16:35.296 Disk 0 MBR read successfully
10:16:35.296 Disk 0 MBR scan
10:16:35.296 Disk 0 Windows XP default MBR code
10:16:35.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
10:16:35.312 Disk 0 scanning sectors +312560640
10:16:35.390 Disk 0 scanning C:\WINXP\system32\drivers
10:16:44.562 Service scanning
10:16:59.062 Modules scanning
10:17:11.078 Disk 0 trace - called modules:
10:17:11.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:17:11.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a8fab8]
10:17:11.125 3 CLASSPNP.SYS[f74dcfd7] -> nt!IofCallDriver -> \Device\00000092[0x84b383b8]
10:17:11.125 5 ACPI.sys[f7372620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b42940]
10:17:11.125 Scan finished successfully
10:17:21.187 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\protz\Desktop\MBR.dat"
10:17:21.218 The log file has been saved successfully to "C:\Dokumente und Einstellungen\protz\Desktop\aswMBR.txt"

allerdings hat er hier beim avast download nur Fehlermeldungen gezeigt.

cosinus · 07.11.2012, 12:30

Wir war das bitte mit dem aufmerksamen lesen? Wie solltest du die Logs posten? Halte dich bitte auch daran!

Und das Log vom TDSS-Killer ist zudem noch unvollständig!

premutos · 08.11.2012, 13:55

tut mir leid.ich wollte dich damit nicht verärgern und probiers jetzt nochmal.

Code:

ATTFilter

\System32\xmlprov.dll
10:20:10.0765 2508  xmlprov - ok
10:20:10.0781 2508  ================ Scan global ===============================
10:20:10.0828 2508  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINXP\system32\basesrv.dll
10:20:10.0906 2508  [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll
10:20:10.0906 2508  [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll
10:20:10.0937 2508  [ 4BB6A83640F1D1792AD21CE767B621C6 ] C:\WINXP\system32\services.exe
10:20:10.0937 2508  [Global] - ok
10:20:10.0937 2508  ================ Scan MBR ==================================
10:20:10.0953 2508  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:20:11.0250 2508  \Device\Harddisk0\DR0 - ok
10:20:11.0250 2508  ================ Scan VBR ==================================
10:20:11.0250 2508  [ EFFFFCD5A090C30D8A1317977671F905 ] \Device\Harddisk0\DR0\Partition1
10:20:11.0250 2508  \Device\Harddisk0\DR0\Partition1 - ok
10:20:11.0265 2508  ============================================================
10:20:11.0265 2508  Scan finished
10:20:11.0265 2508  ============================================================
10:20:11.0375 0980  Detected object count: 15
10:20:11.0375 0980  Actual detected object count: 15
10:20:30.0140 0980  atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0171 0980  WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0171 0980  WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0171 0980  WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0171 0980  WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0171 0980  WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0171 0980  WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

die GMER log ist zu lang und deshalb im Anhang.

cosinus · 08.11.2012, 14:26

Log vom TDSS-Killer ist immer noch unvollständig!
Der gesamte Anfang dieses Logs fehlt!

premutos · 08.11.2012, 15:00

verdammt sorry.ich weiß auch nicht was ich da gemacht habe.

Code:

ATTFilter

10:18:57.0062 2560  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:18:57.0359 2560  ============================================================
10:18:57.0359 2560  Current date / time: 2012/11/07 10:18:57.0359
10:18:57.0359 2560  SystemInfo:
10:18:57.0359 2560  
10:18:57.0359 2560  OS Version: 5.1.2600 ServicePack: 3.0
10:18:57.0359 2560  Product type: Workstation
10:18:57.0359 2560  ComputerName: BEAR-0FA5999299
10:18:57.0359 2560  UserName: protz
10:18:57.0359 2560  Windows directory: C:\WINXP
10:18:57.0359 2560  System windows directory: C:\WINXP
10:18:57.0359 2560  Processor architecture: Intel x86
10:18:57.0359 2560  Number of processors: 2
10:18:57.0359 2560  Page size: 0x1000
10:18:57.0359 2560  Boot type: Normal boot
10:18:57.0359 2560  ============================================================
10:18:59.0125 2560  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:18:59.0125 2560  ============================================================
10:18:59.0125 2560  \Device\Harddisk0\DR0:
10:18:59.0125 2560  MBR partitions:
10:18:59.0125 2560  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
10:18:59.0125 2560  ============================================================
10:18:59.0171 2560  C: <-> \Device\Harddisk0\DR0\Partition1
10:18:59.0171 2560  ============================================================
10:18:59.0171 2560  Initialize success
10:18:59.0171 2560  ============================================================
10:19:29.0859 2508  ============================================================
10:19:29.0859 2508  Scan started
10:19:29.0859 2508  Mode: Manual; SigCheck; TDLFS; 
10:19:29.0859 2508  ============================================================
10:19:30.0125 2508  ================ Scan system memory ========================
10:19:30.0125 2508  System memory - ok
10:19:30.0125 2508  ================ Scan services =============================
10:19:30.0234 2508  Abiosdsk - ok
10:19:30.0234 2508  abp480n5 - ok
10:19:30.0296 2508  [ A6FE70357A68AD1E279CD1012419CCE6 ] acedrv11        C:\WINXP\system32\drivers\acedrv11.sys
10:19:33.0000 2508  acedrv11 - ok
10:19:33.0062 2508  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINXP\system32\DRIVERS\ACPI.sys
10:19:33.0203 2508  ACPI - ok
10:19:33.0218 2508  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINXP\system32\DRIVERS\ACPIEC.sys
10:19:33.0359 2508  ACPIEC - ok
10:19:33.0390 2508  [ E850B0A94E8703CCBC980B31594DC408 ] acsint          C:\WINXP\system32\DRIVERS\acsint.sys
10:19:33.0421 2508  acsint - ok
10:19:33.0437 2508  [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux          C:\WINXP\system32\DRIVERS\acsmux.sys
10:19:33.0453 2508  acsmux - ok
10:19:33.0531 2508  [ 4E12C97CBFE99BE15D7680918F9899EC ] ADIHdAudAddService C:\WINXP\system32\drivers\ADIHdAud.sys
10:19:33.0562 2508  ADIHdAudAddService - ok
10:19:33.0562 2508  adpu160m - ok
10:19:33.0609 2508  [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio         C:\WINXP\system32\drivers\AEAudio.sys
10:19:33.0609 2508  AEAudio - ok
10:19:33.0625 2508  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINXP\system32\drivers\aec.sys
10:19:33.0765 2508  aec - ok
10:19:33.0812 2508  [ 322D0E36693D6E24A2398BEE62A268CD ] AFD             C:\WINXP\System32\drivers\afd.sys
10:19:33.0953 2508  AFD - ok
10:19:34.0046 2508  [ 90456051C422E09BC36E6340DD891F0C ] AgereSoftModem  C:\WINXP\system32\DRIVERS\AGRSM.sys
10:19:34.0140 2508  AgereSoftModem - ok
10:19:34.0156 2508  Aha154x - ok
10:19:34.0156 2508  aic78u2 - ok
10:19:34.0156 2508  aic78xx - ok
10:19:34.0187 2508  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINXP\system32\alrsvc.dll
10:19:34.0328 2508  Alerter - ok
10:19:34.0375 2508  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINXP\System32\alg.exe
10:19:34.0437 2508  ALG - ok
10:19:34.0437 2508  AliIde - ok
10:19:34.0484 2508  [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8           C:\WINXP\system32\DRIVERS\AmdK8.sys
10:19:34.0515 2508  AmdK8 - ok
10:19:34.0531 2508  amsint - ok
10:19:34.0656 2508  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
10:19:34.0687 2508  AntiVirSchedulerService - ok
10:19:34.0703 2508  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:19:34.0718 2508  AntiVirService - ok
10:19:34.0750 2508  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINXP\System32\appmgmts.dll
10:19:34.0843 2508  AppMgmt - ok
10:19:34.0843 2508  asc - ok
10:19:34.0843 2508  asc3350p - ok
10:19:34.0843 2508  asc3550 - ok
10:19:34.0921 2508  [ D33C507942299753868204CC7642FA27 ] aspnet_state    C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:19:34.0937 2508  aspnet_state - ok
10:19:34.0953 2508  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINXP\system32\DRIVERS\asyncmac.sys
10:19:35.0109 2508  AsyncMac - ok
10:19:35.0125 2508  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINXP\system32\DRIVERS\atapi.sys
10:19:35.0296 2508  atapi - ok
10:19:35.0296 2508  Atdisk - ok
10:19:35.0343 2508  [ 8AFB4AFF8837254E6D14338B1B11E690 ] Ati HotKey Poller C:\WINXP\system32\Ati2evxx.exe
10:19:35.0421 2508  Ati HotKey Poller - ok
10:19:35.0562 2508  [ D0C00EE032994B698B47837A3561717A ] ati2mtag        C:\WINXP\system32\DRIVERS\ati2mtag.sys
10:19:35.0718 2508  ati2mtag - ok
10:19:35.0781 2508  [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt          C:\WINXP\system32\DRIVERS\atksgt.sys
10:19:35.0812 2508  atksgt ( UnsignedFile.Multi.Generic ) - warning
10:19:35.0812 2508  atksgt - detected UnsignedFile.Multi.Generic (1)
10:19:35.0859 2508  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINXP\system32\DRIVERS\atmarpc.sys
10:19:36.0000 2508  Atmarpc - ok
10:19:36.0015 2508  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINXP\System32\audiosrv.dll
10:19:36.0171 2508  AudioSrv - ok
10:19:36.0234 2508  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINXP\system32\DRIVERS\audstub.sys
10:19:36.0375 2508  audstub - ok
10:19:36.0484 2508  [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio           C:\Programme\Avira\AntiVir Desktop\avgio.sys
10:19:36.0484 2508  avgio - ok
10:19:36.0500 2508  [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt        C:\WINXP\system32\DRIVERS\avgntflt.sys
10:19:36.0531 2508  avgntflt - ok
10:19:36.0546 2508  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb          C:\WINXP\system32\DRIVERS\avipbb.sys
10:19:36.0578 2508  avipbb - ok
10:19:36.0625 2508  [ 133AD3794572BCE689763A8356C7ED06 ] b57w2k          C:\WINXP\system32\DRIVERS\b57xp32.sys
10:19:36.0703 2508  b57w2k - ok
10:19:36.0796 2508  [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX         C:\WINXP\system32\DRIVERS\bcmwl5.sys
10:19:36.0906 2508  BCM43XX - ok
10:19:36.0953 2508  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINXP\system32\drivers\Beep.sys
10:19:37.0093 2508  Beep - ok
10:19:37.0187 2508  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINXP\system32\qmgr.dll
10:19:37.0437 2508  BITS - ok
10:19:37.0468 2508  [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser         C:\WINXP\System32\browser.dll
10:19:37.0625 2508  Browser - ok
10:19:37.0718 2508  [ 3AA4BF555C00C5B87FD48DD7BDBD4E97 ] btaudio         C:\WINXP\system32\drivers\btaudio.sys
10:19:37.0765 2508  btaudio - ok
10:19:37.0828 2508  [ BA57F31EAB93DC597D772F6F5B9ED54F ] BTKRNL          C:\WINXP\system32\DRIVERS\btkrnl.sys
10:19:37.0921 2508  BTKRNL - ok
10:19:37.0984 2508  [ 0ECE2B1910527AE85691151D56621891 ] btwdins         C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
10:19:37.0984 2508  btwdins ( UnsignedFile.Multi.Generic ) - warning
10:19:37.0984 2508  btwdins - detected UnsignedFile.Multi.Generic (1)
10:19:38.0000 2508  [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB          C:\WINXP\system32\Drivers\btwusb.sys
10:19:38.0000 2508  BTWUSB - ok
10:19:38.0046 2508  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINXP\system32\drivers\cbidf2k.sys
10:19:38.0203 2508  cbidf2k - ok
10:19:38.0203 2508  cd20xrnt - ok
10:19:38.0250 2508  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINXP\system32\drivers\Cdaudio.sys
10:19:38.0406 2508  Cdaudio - ok
10:19:38.0437 2508  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINXP\system32\drivers\Cdfs.sys
10:19:38.0593 2508  Cdfs - ok
10:19:38.0625 2508  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINXP\system32\DRIVERS\cdrom.sys
10:19:38.0781 2508  Cdrom - ok
10:19:38.0781 2508  Changer - ok
10:19:38.0828 2508  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINXP\system32\cisvc.exe
10:19:38.0984 2508  CiSvc - ok
10:19:39.0031 2508  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINXP\system32\clipsrv.exe
10:19:39.0171 2508  ClipSrv - ok
10:19:39.0218 2508  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:19:39.0281 2508  clr_optimization_v2.0.50727_32 - ok
10:19:39.0312 2508  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINXP\system32\DRIVERS\CmBatt.sys
10:19:39.0468 2508  CmBatt - ok
10:19:39.0468 2508  CmdIde - ok
10:19:39.0562 2508  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:19:39.0578 2508  Com4QLBEx - ok
10:19:39.0578 2508  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINXP\system32\DRIVERS\compbatt.sys
10:19:39.0734 2508  Compbatt - ok
10:19:39.0734 2508  COMSysApp - ok
10:19:39.0750 2508  Cpqarray - ok
10:19:39.0812 2508  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINXP\System32\cryptsvc.dll
10:19:39.0968 2508  CryptSvc - ok
10:19:39.0968 2508  dac2w2k - ok
10:19:39.0968 2508  dac960nt - ok
10:19:40.0046 2508  [ E970C2296916BF4A2F958680016FE312 ] DcomLaunch      C:\WINXP\system32\rpcss.dll
10:19:40.0187 2508  DcomLaunch - ok
10:19:40.0218 2508  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINXP\System32\dhcpcsvc.dll
10:19:40.0375 2508  Dhcp - ok
10:19:40.0375 2508  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINXP\system32\DRIVERS\disk.sys
10:19:40.0515 2508  Disk - ok
10:19:40.0515 2508  dmadmin - ok
10:19:40.0593 2508  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINXP\system32\drivers\dmboot.sys
10:19:40.0781 2508  dmboot - ok
10:19:40.0843 2508  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINXP\system32\drivers\dmio.sys
10:19:40.0984 2508  dmio - ok
10:19:41.0015 2508  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINXP\system32\drivers\dmload.sys
10:19:41.0156 2508  dmload - ok
10:19:41.0171 2508  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINXP\System32\dmserver.dll
10:19:41.0296 2508  dmserver - ok
10:19:41.0359 2508  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINXP\system32\drivers\DMusic.sys
10:19:41.0500 2508  DMusic - ok
10:19:41.0546 2508  [ 8C9ED3B2834AAE63081AB2DA831C6FE9 ] Dnscache        C:\WINXP\System32\dnsrslvr.dll
10:19:41.0687 2508  Dnscache - ok
10:19:41.0703 2508  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINXP\System32\dot3svc.dll
10:19:41.0843 2508  Dot3svc - ok
10:19:41.0843 2508  dpti2o - ok
10:19:41.0859 2508  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINXP\system32\drivers\drmkaud.sys
10:19:42.0000 2508  drmkaud - ok
10:19:42.0046 2508  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINXP\System32\eapsvc.dll
10:19:42.0203 2508  EapHost - ok
10:19:42.0234 2508  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINXP\System32\ersvc.dll
10:19:42.0375 2508  ERSvc - ok
10:19:42.0421 2508  [ 4BB6A83640F1D1792AD21CE767B621C6 ] Eventlog        C:\WINXP\system32\services.exe
10:19:42.0546 2508  Eventlog - ok
10:19:42.0578 2508  [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C ] EventSystem     C:\WINXP\system32\es.dll
10:19:42.0734 2508  EventSystem - ok
10:19:42.0781 2508  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINXP\system32\drivers\Fastfat.sys
10:19:42.0921 2508  Fastfat - ok
10:19:42.0937 2508  [ 40602EBFBE06AA075C8E4560743F6883 ] FastUserSwitchingCompatibility C:\WINXP\System32\shsvcs.dll
10:19:43.0078 2508  FastUserSwitchingCompatibility - ok
10:19:43.0093 2508  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINXP\system32\drivers\Fdc.sys
10:19:43.0218 2508  Fdc - ok
10:19:43.0234 2508  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINXP\system32\drivers\Fips.sys
10:19:43.0375 2508  Fips - ok
10:19:43.0406 2508  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINXP\system32\drivers\Flpydisk.sys
10:19:43.0531 2508  Flpydisk - ok
10:19:43.0578 2508  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINXP\system32\DRIVERS\fltMgr.sys
10:19:43.0718 2508  FltMgr - ok
10:19:43.0765 2508  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINXP\system32\drivers\Fs_Rec.sys
10:19:43.0906 2508  Fs_Rec - ok
10:19:43.0937 2508  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINXP\system32\DRIVERS\ftdisk.sys
10:19:44.0062 2508  Ftdisk - ok
10:19:44.0093 2508  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINXP\system32\DRIVERS\msgpc.sys
10:19:44.0234 2508  Gpc - ok
10:19:44.0296 2508  [ FC657B7751729EFE54E2FF24F50E5BAB ] HBtnKey         C:\WINXP\system32\DRIVERS\cpqbttn.sys
10:19:44.0328 2508  HBtnKey - ok
10:19:44.0390 2508  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINXP\system32\DRIVERS\HDAudBus.sys
10:19:44.0546 2508  HDAudBus - ok
10:19:44.0640 2508  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:19:44.0765 2508  helpsvc - ok
10:19:44.0796 2508  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINXP\System32\hidserv.dll
10:19:44.0937 2508  HidServ - ok
10:19:44.0984 2508  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINXP\system32\DRIVERS\hidusb.sys
10:19:45.0109 2508  HidUsb - ok
10:19:45.0140 2508  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINXP\System32\kmsvc.dll
10:19:45.0281 2508  hkmsvc - ok
10:19:45.0328 2508  [ 362D8E46B618649591DE2A5C2F0E58E1 ] HP24X           C:\WINXP\system32\DRIVERS\HP24X.sys
10:19:45.0375 2508  HP24X - ok
10:19:45.0375 2508  hpn - ok
10:19:45.0421 2508  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\WINXP\system32\DRIVERS\HpqKbFiltr.sys
10:19:45.0468 2508  HpqKbFiltr - ok
10:19:45.0515 2508  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
10:19:45.0531 2508  hpqwmiex - ok
10:19:45.0578 2508  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINXP\system32\DRIVERS\HPZid412.sys
10:19:45.0718 2508  HPZid412 - ok
10:19:45.0750 2508  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINXP\system32\DRIVERS\HPZipr12.sys
10:19:45.0765 2508  HPZipr12 - ok
10:19:45.0781 2508  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINXP\system32\DRIVERS\HPZius12.sys
10:19:45.0828 2508  HPZius12 - ok
10:19:45.0937 2508  [ BEF7D9760E0B00973E0F7EFCE68875C1 ] hshld           C:\Programme\Hotspot Shield\bin\openvpnas.exe
10:19:45.0968 2508  hshld - ok
10:19:46.0031 2508  [ 6361F419C1DFD5141702A90D93DBF569 ] HssDrv          C:\WINXP\system32\DRIVERS\HssDrv.sys
10:19:46.0046 2508  HssDrv - ok
10:19:46.0109 2508  [ 01947D3CBAFCFEF066E1EB45DADC182D ] HssSrv          C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
10:19:46.0125 2508  HssSrv - ok
10:19:46.0187 2508  [ 5527CF1FF457E819112EAC7DC0AA69CB ] HssTrayService  C:\Programme\Hotspot Shield\bin\HssTrayService.EXE
10:19:46.0187 2508  HssTrayService - ok
10:19:46.0218 2508  [ F4C1B3C4847BBA031ACFDCE5A3F0CFCB ] HssWd           C:\Programme\Hotspot Shield\bin\hsswd.exe
10:19:46.0234 2508  HssWd - ok
10:19:46.0296 2508  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINXP\system32\Drivers\HTTP.sys
10:19:46.0406 2508  HTTP - ok
10:19:46.0453 2508  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINXP\System32\w3ssl.dll
10:19:46.0609 2508  HTTPFilter - ok
10:19:46.0609 2508  i2omgmt - ok
10:19:46.0609 2508  i2omp - ok
10:19:46.0687 2508  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINXP\system32\DRIVERS\i8042prt.sys
10:19:46.0812 2508  i8042prt - ok
10:19:46.0843 2508  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINXP\system32\DRIVERS\imapi.sys
10:19:46.0984 2508  Imapi - ok
10:19:47.0015 2508  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINXP\system32\imapi.exe
10:19:47.0125 2508  ImapiService - ok
10:19:47.0140 2508  ini910u - ok
10:19:47.0140 2508  IntelIde - ok
10:19:47.0187 2508  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINXP\system32\DRIVERS\Ip6Fw.sys
10:19:47.0328 2508  Ip6Fw - ok
10:19:47.0375 2508  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINXP\system32\DRIVERS\ipfltdrv.sys
10:19:47.0500 2508  IpFilterDriver - ok
10:19:47.0515 2508  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINXP\system32\DRIVERS\ipinip.sys
10:19:47.0625 2508  IpInIp - ok
10:19:47.0656 2508  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINXP\system32\DRIVERS\ipnat.sys
10:19:47.0781 2508  IpNat - ok
10:19:47.0796 2508  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINXP\system32\DRIVERS\ipsec.sys
10:19:47.0921 2508  IPSec - ok
10:19:47.0921 2508  IRENUM - ok
10:19:47.0984 2508  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINXP\system32\DRIVERS\isapnp.sys
10:19:48.0109 2508  isapnp - ok
10:19:48.0203 2508  [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
10:19:48.0218 2508  JavaQuickStarterService - ok
10:19:48.0234 2508  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINXP\system32\DRIVERS\kbdclass.sys
10:19:48.0359 2508  Kbdclass - ok
10:19:48.0390 2508  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINXP\system32\DRIVERS\kbdhid.sys
10:19:48.0500 2508  kbdhid - ok
10:19:48.0515 2508  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINXP\system32\drivers\kmixer.sys
10:19:48.0656 2508  kmixer - ok
10:19:48.0703 2508  [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD          C:\WINXP\system32\drivers\KSecDD.sys
10:19:48.0828 2508  KSecDD - ok
10:19:48.0875 2508  [ D6EB4916B203CBE525F8EFF5FD5AB16C ] LanmanServer    C:\WINXP\System32\srvsvc.dll
10:19:48.0984 2508  LanmanServer - ok
10:19:49.0046 2508  [ C0DB1E9367681ECD7ECCA9615C1D0F9B ] lanmanworkstation C:\WINXP\System32\wkssvc.dll
10:19:49.0171 2508  lanmanworkstation - ok
10:19:49.0187 2508  lbrtfdc - ok
10:19:49.0234 2508  [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt          C:\WINXP\system32\DRIVERS\lirsgt.sys
10:19:49.0234 2508  lirsgt ( UnsignedFile.Multi.Generic ) - warning
10:19:49.0234 2508  lirsgt - detected UnsignedFile.Multi.Generic (1)
10:19:49.0250 2508  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINXP\System32\lmhsvc.dll
10:19:49.0359 2508  LmHosts - ok
10:19:49.0375 2508  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINXP\System32\msgsvc.dll
10:19:49.0515 2508  Messenger - ok
10:19:49.0578 2508  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINXP\system32\drivers\mnmdd.sys
10:19:49.0687 2508  mnmdd - ok
10:19:49.0718 2508  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINXP\system32\mnmsrvc.exe
10:19:49.0828 2508  mnmsrvc - ok
10:19:49.0875 2508  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINXP\system32\drivers\Modem.sys
10:19:50.0000 2508  Modem - ok
10:19:50.0046 2508  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINXP\system32\DRIVERS\mouclass.sys
10:19:50.0171 2508  Mouclass - ok
10:19:50.0203 2508  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINXP\system32\DRIVERS\mouhid.sys
10:19:50.0312 2508  mouhid - ok
10:19:50.0359 2508  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINXP\system32\drivers\MountMgr.sys
10:19:50.0468 2508  MountMgr - ok
10:19:50.0515 2508  [ 864C02D08F2F641491FE5B4C004F8980 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:19:50.0531 2508  MozillaMaintenance - ok
10:19:50.0531 2508  mraid35x - ok
10:19:50.0593 2508  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINXP\system32\DRIVERS\mrxdav.sys
10:19:50.0703 2508  MRxDAV - ok
10:19:50.0734 2508  [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb          C:\WINXP\system32\DRIVERS\mrxsmb.sys
10:19:50.0890 2508  MRxSmb - ok
10:19:50.0937 2508  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINXP\system32\msdtc.exe
10:19:51.0046 2508  MSDTC - ok
10:19:51.0062 2508  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINXP\system32\drivers\Msfs.sys
10:19:51.0171 2508  Msfs - ok
10:19:51.0171 2508  MSIServer - ok
10:19:51.0203 2508  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINXP\system32\drivers\MSKSSRV.sys
10:19:51.0328 2508  MSKSSRV - ok
10:19:51.0343 2508  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINXP\system32\drivers\MSPCLOCK.sys
10:19:51.0453 2508  MSPCLOCK - ok
10:19:51.0484 2508  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINXP\system32\drivers\MSPQM.sys
10:19:51.0609 2508  MSPQM - ok
10:19:51.0656 2508  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINXP\system32\DRIVERS\mssmbios.sys
10:19:51.0765 2508  mssmbios - ok
10:19:51.0796 2508  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINXP\system32\drivers\Mup.sys
10:19:51.0906 2508  Mup - ok
10:19:51.0953 2508  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINXP\System32\qagentrt.dll
10:19:52.0093 2508  napagent - ok
10:19:52.0109 2508  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINXP\system32\drivers\NDIS.sys
10:19:52.0218 2508  NDIS - ok
10:19:52.0234 2508  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINXP\system32\DRIVERS\ndistapi.sys
10:19:52.0343 2508  NdisTapi - ok
10:19:52.0375 2508  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINXP\system32\DRIVERS\ndisuio.sys
10:19:52.0500 2508  Ndisuio - ok
10:19:52.0500 2508  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINXP\system32\DRIVERS\ndiswan.sys
10:19:52.0609 2508  NdisWan - ok
10:19:52.0609 2508  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINXP\system32\drivers\NDProxy.sys
10:19:52.0734 2508  NDProxy - ok
10:19:52.0781 2508  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINXP\system32\HPZinw12.dll
10:19:52.0781 2508  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:19:52.0781 2508  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:19:52.0828 2508  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINXP\system32\DRIVERS\netbios.sys
10:19:52.0937 2508  NetBIOS - ok
10:19:52.0953 2508  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINXP\system32\DRIVERS\netbt.sys
10:19:53.0078 2508  NetBT - ok
10:19:53.0109 2508  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINXP\system32\netdde.exe
10:19:53.0218 2508  NetDDE - ok
10:19:53.0218 2508  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINXP\system32\netdde.exe
10:19:53.0328 2508  NetDDEdsdm - ok
10:19:53.0375 2508  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINXP\system32\lsass.exe
10:19:53.0468 2508  Netlogon - ok
10:19:53.0500 2508  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINXP\System32\netman.dll
10:19:53.0609 2508  Netman - ok
10:19:53.0640 2508  [ F12B9D9A069331877D006CC81B4735F9 ] Nla             C:\WINXP\System32\mswsock.dll
10:19:53.0765 2508  Nla - ok
10:19:53.0859 2508  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Programme\CDBurnerXP\NMSAccessU.exe
10:19:53.0859 2508  NMSAccess - ok
10:19:53.0906 2508  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINXP\system32\drivers\Npfs.sys
10:19:54.0031 2508  Npfs - ok
10:19:54.0062 2508  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINXP\system32\drivers\Ntfs.sys
10:19:54.0218 2508  Ntfs - ok
10:19:54.0218 2508  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINXP\system32\lsass.exe
10:19:54.0328 2508  NtLmSsp - ok
10:19:54.0375 2508  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINXP\system32\ntmssvc.dll
10:19:54.0531 2508  NtmsSvc - ok
10:19:54.0562 2508  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINXP\system32\drivers\Null.sys
10:19:54.0671 2508  Null - ok
10:19:54.0703 2508  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINXP\system32\DRIVERS\nwlnkflt.sys
10:19:54.0812 2508  NwlnkFlt - ok
10:19:54.0812 2508  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
10:19:54.0937 2508  NwlnkFwd - ok
10:19:54.0984 2508  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINXP\system32\drivers\Parport.sys
10:19:55.0093 2508  Parport - ok
10:19:55.0109 2508  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINXP\system32\drivers\PartMgr.sys
10:19:55.0218 2508  PartMgr - ok
10:19:55.0265 2508  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINXP\system32\drivers\ParVdm.sys
10:19:55.0390 2508  ParVdm - ok
10:19:55.0390 2508  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINXP\system32\DRIVERS\pci.sys
10:19:55.0515 2508  PCI - ok
10:19:55.0515 2508  PCIDump - ok
10:19:55.0531 2508  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINXP\system32\DRIVERS\pciide.sys
10:19:55.0656 2508  PCIIde - ok
10:19:55.0687 2508  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINXP\system32\DRIVERS\pcmcia.sys
10:19:55.0781 2508  Pcmcia - ok
10:19:55.0796 2508  PDCOMP - ok
10:19:55.0796 2508  PDFRAME - ok
10:19:55.0812 2508  PDRELI - ok
10:19:55.0812 2508  PDRFRAME - ok
10:19:55.0812 2508  perc2 - ok
10:19:55.0828 2508  perc2hib - ok
10:19:55.0875 2508  [ 4BB6A83640F1D1792AD21CE767B621C6 ] PlugPlay        C:\WINXP\system32\services.exe
10:19:55.0984 2508  PlugPlay - ok
10:19:56.0000 2508  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINXP\system32\HPZipm12.dll
10:19:56.0000 2508  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:19:56.0000 2508  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:19:56.0062 2508  [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA        C:\WINXP\system32\PnkBstrA.exe
10:19:56.0062 2508  PnkBstrA - ok
10:19:56.0078 2508  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINXP\system32\lsass.exe
10:19:56.0187 2508  PolicyAgent - ok
10:19:56.0234 2508  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINXP\system32\DRIVERS\raspptp.sys
10:19:56.0359 2508  PptpMiniport - ok
10:19:56.0375 2508  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINXP\system32\DRIVERS\processr.sys
10:19:56.0484 2508  Processor - ok
10:19:56.0484 2508  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINXP\system32\lsass.exe
10:19:56.0578 2508  ProtectedStorage - ok
10:19:56.0593 2508  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINXP\system32\DRIVERS\psched.sys
10:19:56.0703 2508  PSched - ok
10:19:56.0718 2508  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINXP\system32\DRIVERS\ptilink.sys
10:19:56.0828 2508  Ptilink - ok
10:19:56.0859 2508  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINXP\system32\Drivers\PxHelp20.sys
10:19:59.0359 2508  PxHelp20 - ok
10:19:59.0359 2508  ql1080 - ok
10:19:59.0375 2508  Ql10wnt - ok
10:19:59.0375 2508  ql12160 - ok
10:19:59.0375 2508  ql1240 - ok
10:19:59.0390 2508  ql1280 - ok
10:19:59.0437 2508  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINXP\system32\DRIVERS\rasacd.sys
10:19:59.0546 2508  RasAcd - ok
10:19:59.0578 2508  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINXP\System32\rasauto.dll
10:19:59.0687 2508  RasAuto - ok
10:19:59.0718 2508  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINXP\system32\DRIVERS\rasl2tp.sys
10:19:59.0828 2508  Rasl2tp - ok
10:19:59.0859 2508  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINXP\System32\rasmans.dll
10:19:59.0953 2508  RasMan - ok
10:19:59.0984 2508  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINXP\system32\DRIVERS\raspppoe.sys
10:20:00.0093 2508  RasPppoe - ok
10:20:00.0109 2508  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINXP\system32\DRIVERS\raspti.sys
10:20:00.0218 2508  Raspti - ok
10:20:00.0234 2508  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINXP\system32\DRIVERS\rdbss.sys
10:20:00.0343 2508  Rdbss - ok
10:20:00.0359 2508  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINXP\system32\DRIVERS\RDPCDD.sys
10:20:00.0453 2508  RDPCDD - ok
10:20:00.0500 2508  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINXP\system32\DRIVERS\rdpdr.sys
10:20:00.0625 2508  rdpdr - ok
10:20:00.0671 2508  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINXP\system32\drivers\RDPWD.sys
10:20:00.0765 2508  RDPWD - ok
10:20:00.0796 2508  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINXP\system32\sessmgr.exe
10:20:00.0937 2508  RDSessMgr - ok
10:20:00.0937 2508  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINXP\system32\DRIVERS\redbook.sys
10:20:01.0046 2508  redbook - ok
10:20:01.0093 2508  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINXP\System32\mprdim.dll
10:20:01.0203 2508  RemoteAccess - ok
10:20:01.0250 2508  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINXP\system32\regsvc.dll
10:20:01.0359 2508  RemoteRegistry - ok
10:20:01.0390 2508  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINXP\system32\locator.exe
10:20:01.0515 2508  RpcLocator - ok
10:20:01.0531 2508  [ E970C2296916BF4A2F958680016FE312 ] RpcSs           C:\WINXP\system32\rpcss.dll
10:20:01.0640 2508  RpcSs - ok
10:20:01.0687 2508  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINXP\system32\rsvp.exe
10:20:01.0781 2508  RSVP - ok
10:20:01.0812 2508  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINXP\system32\lsass.exe
10:20:01.0906 2508  SamSs - ok
10:20:01.0921 2508  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINXP\System32\SCardSvr.exe
10:20:02.0046 2508  SCardSvr - ok
10:20:02.0093 2508  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINXP\system32\schedsvc.dll
10:20:02.0203 2508  Schedule - ok
10:20:02.0250 2508  [ BA0D892D2F786BCEBDF03B0A252B47F3 ] Secdrv          C:\WINXP\system32\DRIVERS\secdrv.sys
10:20:02.0250 2508  Secdrv ( UnsignedFile.Multi.Generic ) - warning
10:20:02.0250 2508  Secdrv - detected UnsignedFile.Multi.Generic (1)
10:20:02.0265 2508  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINXP\System32\seclogon.dll
10:20:02.0359 2508  seclogon - ok
10:20:02.0390 2508  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINXP\system32\sens.dll
10:20:02.0500 2508  SENS - ok
10:20:02.0515 2508  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINXP\system32\drivers\Serial.sys
10:20:02.0625 2508  Serial - ok
10:20:02.0671 2508  [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01         C:\WINXP\system32\drivers\sfdrv01.sys
10:20:02.0671 2508  sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
10:20:02.0671 2508  sfdrv01 - detected UnsignedFile.Multi.Generic (1)
10:20:02.0671 2508  [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02         C:\WINXP\system32\drivers\sfhlp02.sys
10:20:02.0671 2508  sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
10:20:02.0671 2508  sfhlp02 - detected UnsignedFile.Multi.Generic (1)
10:20:02.0687 2508  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINXP\system32\drivers\Sfloppy.sys
10:20:02.0796 2508  Sfloppy - ok
10:20:02.0828 2508  [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02         C:\WINXP\system32\drivers\sfvfs02.sys
10:20:02.0828 2508  sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
10:20:02.0828 2508  sfvfs02 - detected UnsignedFile.Multi.Generic (1)
10:20:02.0875 2508  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINXP\System32\ipnathlp.dll
10:20:03.0000 2508  SharedAccess - ok
10:20:03.0031 2508  [ 40602EBFBE06AA075C8E4560743F6883 ] ShellHWDetection C:\WINXP\System32\shsvcs.dll
10:20:03.0125 2508  ShellHWDetection - ok
10:20:03.0125 2508  Simbad - ok
10:20:03.0140 2508  Sparrow - ok
10:20:03.0171 2508  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINXP\system32\drivers\splitter.sys
10:20:03.0281 2508  splitter - ok
10:20:03.0328 2508  [ 39356A9CDB6753A6D13A4072A9F5A4BB ] Spooler         C:\WINXP\system32\spoolsv.exe
10:20:03.0453 2508  Spooler - ok
10:20:03.0515 2508  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\WINXP\System32\Drivers\sptd.sys
10:20:03.0562 2508  sptd - ok
10:20:03.0609 2508  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINXP\system32\DRIVERS\sr.sys
10:20:03.0671 2508  sr - ok
10:20:03.0671 2508  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINXP\system32\srsvc.dll
10:20:03.0750 2508  srservice - ok
10:20:03.0750 2508  [ 5252605079810904E31C332E241CD59B ] Srv             C:\WINXP\system32\DRIVERS\srv.sys
10:20:03.0859 2508  Srv - ok
10:20:03.0875 2508  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINXP\System32\ssdpsrv.dll
10:20:03.0937 2508  SSDPSRV - ok
10:20:03.0984 2508  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINXP\system32\DRIVERS\ssmdrv.sys
10:20:03.0984 2508  ssmdrv - ok
10:20:04.0015 2508  [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen        C:\WINXP\system32\drivers\StarOpen.sys
10:20:04.0031 2508  StarOpen ( UnsignedFile.Multi.Generic ) - warning
10:20:04.0031 2508  StarOpen - detected UnsignedFile.Multi.Generic (1)
10:20:04.0078 2508  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINXP\system32\wiaservc.dll
10:20:04.0187 2508  stisvc - ok
10:20:04.0234 2508  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINXP\system32\DRIVERS\swenum.sys
10:20:04.0328 2508  swenum - ok
10:20:04.0390 2508  [ 58C341D38CFA462489B735D89DF6DF12 ] SWIHPWMI        C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
10:20:04.0406 2508  SWIHPWMI - ok
10:20:04.0453 2508  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINXP\system32\drivers\swmidi.sys
10:20:04.0562 2508  swmidi - ok
10:20:04.0562 2508  SwPrv - ok
10:20:04.0562 2508  symc810 - ok
10:20:04.0578 2508  symc8xx - ok
10:20:04.0578 2508  sym_hi - ok
10:20:04.0578 2508  sym_u3 - ok
10:20:04.0609 2508  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINXP\system32\drivers\sysaudio.sys
10:20:04.0718 2508  sysaudio - ok
10:20:04.0765 2508  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINXP\system32\smlogsvc.exe
10:20:04.0890 2508  SysmonLog - ok
10:20:04.0937 2508  [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss          C:\WINXP\system32\DRIVERS\taphss.sys
10:20:04.0984 2508  taphss - ok
10:20:05.0000 2508  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINXP\System32\tapisrv.dll
10:20:05.0109 2508  TapiSrv - ok
10:20:05.0125 2508  [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip           C:\WINXP\system32\DRIVERS\tcpip.sys
10:20:05.0281 2508  Tcpip - ok
10:20:05.0328 2508  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINXP\system32\drivers\TDPIPE.sys
10:20:05.0421 2508  TDPIPE - ok
10:20:05.0453 2508  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINXP\system32\drivers\TDTCP.sys
10:20:05.0578 2508  TDTCP - ok
10:20:05.0593 2508  [ 88155247177638048422893737429D9E ] TermDD          C:\WINXP\system32\DRIVERS\termdd.sys
10:20:05.0687 2508  TermDD - ok
10:20:05.0718 2508  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINXP\System32\termsrv.dll
10:20:05.0828 2508  TermService - ok
10:20:05.0859 2508  [ 40602EBFBE06AA075C8E4560743F6883 ] Themes          C:\WINXP\System32\shsvcs.dll
10:20:06.0109 2508  Themes - ok
10:20:06.0156 2508  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINXP\system32\tlntsvr.exe
10:20:06.0234 2508  TlntSvr - ok
10:20:06.0234 2508  TosIde - ok
10:20:06.0250 2508  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINXP\system32\trkwks.dll
10:20:06.0343 2508  TrkWks - ok
10:20:06.0375 2508  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINXP\system32\drivers\Udfs.sys
10:20:06.0484 2508  Udfs - ok
10:20:06.0500 2508  ultra - ok
10:20:06.0562 2508  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINXP\system32\DRIVERS\update.sys
10:20:06.0718 2508  Update - ok
10:20:06.0750 2508  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINXP\System32\upnphost.dll
10:20:06.0828 2508  upnphost - ok
10:20:06.0843 2508  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINXP\System32\ups.exe
10:20:06.0953 2508  UPS - ok
10:20:06.0984 2508  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINXP\system32\drivers\usbaudio.sys
10:20:07.0078 2508  usbaudio - ok
10:20:07.0125 2508  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINXP\system32\DRIVERS\usbccgp.sys
10:20:07.0218 2508  usbccgp - ok
10:20:07.0234 2508  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINXP\system32\DRIVERS\usbehci.sys
10:20:07.0359 2508  usbehci - ok
10:20:07.0375 2508  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINXP\system32\DRIVERS\usbhub.sys
10:20:07.0484 2508  usbhub - ok
10:20:07.0515 2508  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINXP\system32\DRIVERS\usbohci.sys
10:20:07.0625 2508  usbohci - ok
10:20:07.0671 2508  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINXP\system32\DRIVERS\usbprint.sys
10:20:07.0781 2508  usbprint - ok
10:20:07.0828 2508  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINXP\system32\DRIVERS\usbscan.sys
10:20:07.0921 2508  usbscan - ok
10:20:07.0968 2508  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINXP\system32\DRIVERS\USBSTOR.SYS
10:20:08.0062 2508  USBSTOR - ok
10:20:08.0109 2508  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINXP\System32\drivers\vga.sys
10:20:08.0218 2508  VgaSave - ok
10:20:08.0218 2508  ViaIde - ok
10:20:08.0234 2508  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINXP\system32\drivers\VolSnap.sys
10:20:08.0343 2508  VolSnap - ok
10:20:08.0421 2508  [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:20:08.0453 2508  vpnagent - ok
10:20:08.0515 2508  [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva           C:\WINXP\system32\DRIVERS\vpnva.sys
10:20:08.0546 2508  vpnva - ok
10:20:08.0562 2508  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINXP\System32\vssvc.exe
10:20:08.0625 2508  VSS - ok
10:20:08.0656 2508  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINXP\system32\w32time.dll
10:20:08.0750 2508  W32Time - ok
10:20:08.0781 2508  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINXP\system32\DRIVERS\wanarp.sys
10:20:08.0906 2508  Wanarp - ok
10:20:08.0937 2508  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINXP\system32\DRIVERS\Wdf01000.sys
10:20:08.0968 2508  Wdf01000 - ok
10:20:08.0968 2508  WDICA - ok
10:20:09.0015 2508  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINXP\system32\drivers\wdmaud.sys
10:20:09.0125 2508  wdmaud - ok
10:20:09.0140 2508  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINXP\System32\webclnt.dll
10:20:09.0250 2508  WebClient - ok
10:20:09.0343 2508  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINXP\system32\wbem\WMIsvc.dll
10:20:09.0453 2508  winmgmt - ok
10:20:09.0500 2508  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINXP\system32\mspmsnsv.dll
10:20:09.0531 2508  WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
10:20:09.0531 2508  WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
10:20:09.0593 2508  [ 53E1CCF332A2F40B5E08476921CD8B44 ] Wmi             C:\WINXP\System32\advapi32.dll
10:20:09.0750 2508  Wmi - ok
10:20:09.0765 2508  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINXP\system32\DRIVERS\wmiacpi.sys
10:20:09.0859 2508  WmiAcpi - ok
10:20:09.0875 2508  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINXP\system32\wbem\wmiapsrv.exe
10:20:09.0984 2508  WmiApSrv - ok
10:20:10.0078 2508  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
10:20:10.0109 2508  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
10:20:10.0109 2508  WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
10:20:10.0171 2508  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINXP\system32\wuauserv.dll
10:20:10.0265 2508  wuauserv - ok
10:20:10.0296 2508  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINXP\system32\DRIVERS\WudfPf.sys
10:20:10.0328 2508  WudfPf ( UnsignedFile.Multi.Generic ) - warning
10:20:10.0328 2508  WudfPf - detected UnsignedFile.Multi.Generic (1)
10:20:10.0343 2508  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINXP\system32\DRIVERS\wudfrd.sys
10:20:10.0359 2508  WudfRd ( UnsignedFile.Multi.Generic ) - warning
10:20:10.0359 2508  WudfRd - detected UnsignedFile.Multi.Generic (1)
10:20:10.0390 2508  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINXP\System32\WUDFSvc.dll
10:20:10.0421 2508  WudfSvc ( UnsignedFile.Multi.Generic ) - warning
10:20:10.0421 2508  WudfSvc - detected UnsignedFile.Multi.Generic (1)
10:20:10.0468 2508  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINXP\System32\wzcsvc.dll
10:20:10.0578 2508  WZCSVC - ok
10:20:10.0609 2508  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINXP\System32\xmlprov.dll
10:20:10.0765 2508  xmlprov - ok
10:20:10.0781 2508  ================ Scan global ===============================
10:20:10.0828 2508  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINXP\system32\basesrv.dll
10:20:10.0906 2508  [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll
10:20:10.0906 2508  [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll
10:20:10.0937 2508  [ 4BB6A83640F1D1792AD21CE767B621C6 ] C:\WINXP\system32\services.exe
10:20:10.0937 2508  [Global] - ok
10:20:10.0937 2508  ================ Scan MBR ==================================
10:20:10.0953 2508  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:20:11.0250 2508  \Device\Harddisk0\DR0 - ok
10:20:11.0250 2508  ================ Scan VBR ==================================
10:20:11.0250 2508  [ EFFFFCD5A090C30D8A1317977671F905 ] \Device\Harddisk0\DR0\Partition1
10:20:11.0250 2508  \Device\Harddisk0\DR0\Partition1 - ok
10:20:11.0265 2508  ============================================================
10:20:11.0265 2508  Scan finished
10:20:11.0265 2508  ============================================================
10:20:11.0375 0980  Detected object count: 15
10:20:11.0375 0980  Actual detected object count: 15
10:20:30.0140 0980  atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0140 0980  Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0140 0980  Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0156 0980  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0156 0980  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0171 0980  WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0171 0980  WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0171 0980  WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0171 0980  WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:20:30.0171 0980  WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:30.0171 0980  WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:23:12.0421 3064  Deinitialize success

jetzt ist es hoffentlich vollständig

cosinus · 08.11.2012, 15:16

Jetzt ist richtig

Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

premutos · 08.11.2012, 16:09

super

Code:

ATTFilter

OTL logfile created on: 08.11.2012 15:55:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\protz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,23 Mb Total Physical Memory | 637,95 Mb Available Physical Memory | 71,26% Memory free
2,12 Gb Paging File | 1,62 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 75,81 Gb Free Space | 50,87% Space Free | Partition Type: NTFS
Drive D: | 42,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BEAR-0FA5999299 | User Name: protz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.08 15:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\protz\Desktop\OTL.exe
PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.08.03 02:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe
PRC - [2012.08.03 02:12:18 | 000,387,440 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2012.08.03 02:10:40 | 000,476,016 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.08.03 02:04:48 | 001,242,480 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpntray.exe
PRC - [2011.09.24 17:20:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.24 17:20:28 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.17 13:36:22 | 000,470,320 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe
PRC - [2010.09.20 23:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2008.04.14 13:00:00 | 000,056,832 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe
PRC - [2007.02.06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 15:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.12.04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.03 02:19:06 | 000,009,584 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012.08.03 02:12:18 | 000,387,440 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
MOD - [2012.08.03 02:10:40 | 000,476,016 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
MOD - [2012.08.03 02:08:20 | 000,658,800 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\af_proxy.dll
MOD - [2012.08.03 02:04:48 | 001,242,480 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpntray.exe
MOD - [2010.11.15 15:08:01 | 011,808,768 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Web\45cb4245e169404ebe0b396ebbd35cf7\System.Web.ni.dll
MOD - [2010.11.15 14:24:03 | 001,675,264 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2908.16950__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.11.15 14:24:03 | 000,688,128 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2908.17117__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010.11.15 14:24:03 | 000,364,544 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2908.17139__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010.11.15 14:24:03 | 000,253,952 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2908.16911__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.11.15 14:24:03 | 000,196,608 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2908.16962__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.11.15 14:24:03 | 000,077,824 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2908.17131__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.11.15 14:24:03 | 000,065,536 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2908.17098__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.11.15 14:24:03 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2908.16942__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.11.15 14:24:03 | 000,036,864 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.11.15 14:24:03 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2908.16929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.11.15 14:24:02 | 000,483,328 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2908.17160__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.11.15 14:23:46 | 000,352,256 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2908.17105__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:46 | 000,135,168 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2908.17167__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:46 | 000,102,400 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2908.16956__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:46 | 000,090,112 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2908.17111__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.11.15 14:23:46 | 000,073,728 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2908.16923__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:46 | 000,061,440 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2908.17104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.11.15 14:23:46 | 000,028,672 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2908.16955__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010.11.15 14:23:45 | 000,167,936 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:45 | 000,049,152 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2010.11.15 14:23:44 | 000,901,120 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2908.17132__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:44 | 000,794,624 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:44 | 000,663,552 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2908.17099__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:44 | 000,585,728 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2908.16976__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:44 | 000,434,176 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2908.16930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:44 | 000,401,408 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2908.17124__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.11.15 14:23:44 | 000,401,408 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2908.17092__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:44 | 000,307,200 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.11.15 14:23:44 | 000,217,088 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2908.16969__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:44 | 000,118,784 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:44 | 000,073,728 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.11.15 14:23:44 | 000,057,344 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.11.15 14:23:44 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.11.15 14:23:44 | 000,036,864 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.11.15 14:23:44 | 000,032,768 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2908.17091__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.11.15 14:23:43 | 000,479,232 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2908.17059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.11.15 14:23:43 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2908.17063__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.11.15 14:23:43 | 000,032,768 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.11.15 14:23:43 | 000,024,576 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.11.15 14:23:43 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010.11.15 14:23:43 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.11.15 14:23:43 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.11.15 14:23:43 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.11.15 14:23:43 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll
MOD - [2010.11.15 14:23:43 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.11.15 14:23:43 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.11.15 14:23:43 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.11.15 14:23:43 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.11.15 14:23:43 | 000,006,656 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.11.15 14:23:42 | 000,053,248 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.11.15 14:23:42 | 000,053,248 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,053,248 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,045,056 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.11.15 14:23:42 | 000,045,056 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,028,672 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.11.15 14:23:42 | 000,028,672 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.11.15 14:23:42 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.11.15 14:23:42 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.11.15 14:23:42 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,065,536 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,053,248 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,032,768 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,028,672 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,028,672 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,024,576 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,024,576 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,024,576 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2010.11.15 14:23:41 | 000,024,576 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.11.15 14:23:41 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.11.15 14:23:41 | 000,016,384 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.11.15 14:23:36 | 000,102,400 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\MOM.Implementation\2.0.2908.17152__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.11.15 14:23:36 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2908.17177__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.11.15 14:23:36 | 000,032,768 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.11.15 14:23:36 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.11.15 14:23:36 | 000,006,656 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2908.16901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.11.15 14:23:35 | 000,491,520 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2908.16937__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.11.15 14:23:35 | 000,061,440 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2908.17150__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.11.15 14:23:35 | 000,045,056 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.11.15 14:23:35 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.11.15 14:23:35 | 000,024,576 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.11.15 14:23:34 | 001,507,328 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2908.16918__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.11.15 14:23:34 | 000,073,728 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2908.16903__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.11.15 14:23:34 | 000,065,536 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\ATIDEMOS\2.0.2908.16903__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010.11.15 14:23:34 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.11.15 14:23:34 | 000,032,768 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CCC.Implementation\2.0.2908.17151__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.11.15 14:23:34 | 000,032,768 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.11.15 14:23:34 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.11.15 14:23:34 | 000,020,480 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.11.15 14:23:33 | 000,053,248 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\APM.Server\2.0.2908.16902__90ba9c70f846762e\APM.Server.dll
MOD - [2010.11.15 14:23:33 | 000,045,056 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\AEM.Server\2.0.2908.16901__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.11.15 14:21:50 | 005,640,192 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Xml\9d08e3df32e33b4b98ab74b894fe214f\System.Xml.ni.dll
MOD - [2010.11.15 14:21:43 | 013,107,200 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f7a41019558dc541bd6a874eb609feb6\System.Windows.Forms.ni.dll
MOD - [2010.11.15 14:21:31 | 001,626,112 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Drawing\bcac2def727a3842a0ea025310489140\System.Drawing.ni.dll
MOD - [2010.11.15 14:21:26 | 008,093,696 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System\15c3ffc02f66f14e96bc432e01509342\System.ni.dll
MOD - [2010.11.15 14:21:13 | 011,411,456 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\mscorlib\25f6a09e8534aa43baa354abab999e8c\mscorlib.ni.dll
MOD - [2010.11.15 14:20:47 | 000,299,008 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.14 13:00:00 | 000,056,832 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe
MOD - [2007.02.06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINXP\system32\btwicons.dll
MOD - [2007.02.06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.08.03 02:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.08.03 02:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2012.08.03 02:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.08.03 02:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.07.16 15:03:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.09.24 17:20:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.24 17:20:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006.12.04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\irenum.sys -- (IRENUM)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.09.26 15:47:21 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2012.09.26 15:45:43 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2012.09.26 15:45:43 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\acsint.sys -- (acsint)
DRV - [2012.08.01 19:13:42 | 000,039,656 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012.08.01 19:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\taphss.sys -- (taphss)
DRV - [2011.09.24 17:20:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.09.24 17:20:31 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.03.16 12:55:46 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.16 12:55:46 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.11.30 16:28:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINXP\system32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.15 14:27:08 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.11.12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINXP\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.03.19 10:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2007.12.18 11:46:24 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.07.17 01:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.02.14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.02.14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.02.14 14:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.01.02 15:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.12.15 14:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINXP\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\sfhlp02.sys -- (sfhlp02)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-299502267-839522115-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\S-1-5-21-299502267-839522115-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-839522115-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-299502267-839522115-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-299502267-839522115-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60283
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60283
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2012.06.03 13:43:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Programme\Mozilla Firefox 4.0 Beta 7\components [2012.07.16 15:04:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Programme\Mozilla Firefox 4.0 Beta 7\plugins [2012.10.05 16:27:12 | 000,000,000 | ---D | M]
 
[2010.11.15 16:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Mozilla\Extensions
[2012.10.23 16:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Mozilla\Firefox\Profiles\22wg0tg2.default\extensions
[2012.09.13 15:47:32 | 000,621,521 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Mozilla\Firefox\Profiles\22wg0tg2.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.07.25 09:50:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Mozilla\Firefox\Profiles\22wg0tg2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.12 15:28:04 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\PROGRAMME\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-299502267-839522115-1801674531-1003..\Run: [{8D8FB2E6-4B76-9645-40B7-59959F308116}] C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Umumu\gyhe.exe ()
O4 - HKU\S-1-5-21-299502267-839522115-1801674531-1003..\Run: [SkypeM] C:\Dokumente und Einstellungen\protz\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe ()
O4 - HKU\S-1-5-21-299502267-839522115-1801674531-1003..\Run: [uTorrent] C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\protz\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-839522115-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3422B4FC-7D73-4AB7-80E5-9D50FF3D0D43}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-299502267-839522115-1801674531-1003 Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINXP\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\protz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\protz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.14 17:42:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^protz^Startmenü^Programme^Autostart^Dropbox.lnk - C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 11
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINXP\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINXP\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINXP\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINXP\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINXP\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINXP\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINXP\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINXP\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINXP\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINXP\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINXP\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINXP\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINXP\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.08 15:52:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\protz\Desktop\OTL.exe
[2012.11.07 10:14:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\protz\Desktop\aswMBR.exe
[2012.11.03 22:14:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\protz\Desktop\TB
[2012.10.29 10:39:07 | 000,000,000 | ---D | C] -- C:\Programme\Audacity
[2012.10.26 09:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cisco
[2012.10.23 23:00:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\protz\Recent
[2012.10.09 16:10:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Free PDF to Word Doc Converter
[2012.10.09 16:10:04 | 000,000,000 | ---D | C] -- C:\Programme\Free PDF to Word Doc Converter
[2012.10.09 16:09:42 | 001,128,916 | ---- | C] (www.hellopdf.com                                            ) -- C:\Dokumente und Einstellungen\protz\Desktop\pdf2wordsetup11.exe
[12 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.08 15:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\protz\Desktop\OTL.exe
[2012.11.08 14:20:18 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012.11.08 13:07:10 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012.11.07 10:41:39 | 000,048,375 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\HKL12_Tutor_Aortenstenose.pdf
[2012.11.07 10:18:30 | 002,213,976 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\tdsskiller.exe
[2012.11.07 10:17:21 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\MBR.dat
[2012.11.07 10:14:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\protz\Desktop\aswMBR.exe
[2012.11.03 22:59:38 | 000,023,540 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\TB.7z
[2012.11.03 22:16:33 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\udnekv9d.exe
[2012.11.03 22:09:23 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\defogger_reenable
[2012.11.03 22:08:30 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\Defogger.exe
[2012.11.03 00:03:45 | 000,644,198 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\1351897018856.jpg
[2012.11.02 21:07:44 | 000,000,664 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat
[2012.10.29 10:39:10 | 000,000,610 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\Audacity.lnk
[2012.10.16 14:49:17 | 000,128,220 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\tmp_630b4f8ddb119e466022fd56c58e0a41_507d5751879fb.pdf
[2012.10.15 19:54:16 | 000,100,750 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\plan_121009-074546.pdf
[2012.10.12 09:23:52 | 000,097,792 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.09 16:10:05 | 000,000,720 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\Free PDF to Word Doc Converter.lnk
[2012.10.09 16:09:42 | 001,128,916 | ---- | M] (www.hellopdf.com                                            ) -- C:\Dokumente und Einstellungen\protz\Desktop\pdf2wordsetup11.exe
[2012.10.09 16:06:14 | 000,157,885 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Desktop\DA Einleitung.pdf
[12 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.07 10:41:39 | 000,048,375 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\HKL12_Tutor_Aortenstenose.pdf
[2012.11.07 10:18:30 | 002,213,976 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\tdsskiller.exe
[2012.11.07 10:17:21 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\MBR.dat
[2012.11.03 22:59:38 | 000,023,540 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\TB.7z
[2012.11.03 22:16:33 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\udnekv9d.exe
[2012.11.03 22:09:05 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\defogger_reenable
[2012.11.03 22:08:29 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\Defogger.exe
[2012.11.03 00:03:44 | 000,644,198 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\1351897018856.jpg
[2012.10.29 10:39:10 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Audacity.lnk
[2012.10.29 10:39:10 | 000,000,610 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\Audacity.lnk
[2012.10.16 14:49:15 | 000,128,220 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\tmp_630b4f8ddb119e466022fd56c58e0a41_507d5751879fb.pdf
[2012.10.09 18:45:54 | 000,100,750 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\plan_121009-074546.pdf
[2012.10.09 16:10:05 | 000,000,720 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\Free PDF to Word Doc Converter.lnk
[2012.10.09 16:06:13 | 000,157,885 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Desktop\DA Einleitung.pdf
[2012.09.25 07:06:43 | 000,000,000 | ---- | C] () -- C:\WINXP\System32\cd.dat
[2012.09.08 12:40:07 | 000,000,865 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\.recently-used.xbel
[2012.06.01 15:03:10 | 000,000,604 | ---- | C] () -- C:\WINXP\Sof2.INI
[2011.04.06 12:48:44 | 000,007,168 | ---- | C] () -- C:\WINXP\System32\drivers\StarOpen.sys
[2011.03.16 12:55:46 | 000,271,360 | ---- | C] () -- C:\WINXP\System32\drivers\atksgt.sys
[2011.03.16 12:55:46 | 000,018,048 | ---- | C] () -- C:\WINXP\System32\drivers\lirsgt.sys
[2011.03.01 18:06:57 | 000,000,990 | ---- | C] () -- C:\WINXP\eReg.dat
[2011.01.24 23:55:48 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2010.11.19 14:58:41 | 000,137,176 | ---- | C] () -- C:\WINXP\System32\drivers\PnkBstrK.sys
[2010.11.19 14:58:33 | 000,268,952 | ---- | C] () -- C:\WINXP\System32\PnkBstrB.exe
[2010.11.19 14:58:06 | 000,075,136 | ---- | C] () -- C:\WINXP\System32\PnkBstrA.exe
[2010.11.17 16:26:33 | 000,097,792 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.17 11:28:22 | 000,155,607 | ---- | C] () -- C:\WINXP\hpoins27.dat
[2010.11.17 11:28:22 | 000,000,932 | ---- | C] () -- C:\WINXP\hpomdl27.dat
[2010.11.16 16:07:48 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat
[2010.11.15 16:51:28 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat
[2010.11.15 14:25:17 | 000,000,000 | ---- | C] () -- C:\WINXP\ativpsrm.bin
[2010.11.14 18:38:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\regsvr32.exe
[2010.11.14 18:37:54 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\regsvr32.exe-ibatt.dll
[2010.11.14 18:37:44 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\regsvr32.exe-i
[2010.11.14 18:36:55 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\regsvr.32.exeibatt.dll
[2010.11.14 18:36:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\protz\regsvr.32.exe
[2010.11.14 17:47:00 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2010.11.14 17:39:05 | 000,021,740 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2010.11.14 17:31:41 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2010.11.14 17:30:11 | 000,125,320 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
[2010.11.15 14:20:35 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINXP\system32\wbem\fastprox.dll -- [2008.04.14 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINXP\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.04.06 12:48:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.10.26 09:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2010.11.30 16:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.08.12 15:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hotspot Shield
[2010.11.16 19:06:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2010.11.15 15:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RegCure
[2012.06.03 13:36:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.12.06 18:18:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\3075A
[2011.04.06 12:48:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Canneverbe Limited
[2011.03.01 17:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\DAEMON Tools Lite
[2011.03.15 05:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Dropbox
[2010.04.28 16:21:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Gearbox Software
[2010.12.17 18:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\gtk-2.0
[2010.11.18 22:10:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\ICQ
[2010.11.22 14:06:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\OpenOffice.org
[2011.02.09 12:51:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\ProtectDisc
[2012.11.08 16:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Rysov
[2012.06.20 17:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Spotify
[2011.03.13 20:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Tropico 3
[2010.09.16 14:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Umumu
[2012.11.08 16:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.26 09:38:23 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.11.14 17:50:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.03.15 12:47:03 | 000,000,000 | ---D | M] -- C:\games
[2010.11.14 18:29:20 | 000,000,000 | ---D | M] -- C:\Postinstall
[2012.10.29 10:39:07 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.15 12:45:29 | 000,000,000 | ---D | M] -- C:\programms
[2010.11.15 14:44:41 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.11.15 15:32:53 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.06.14 15:27:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.26 11:47:31 | 000,000,000 | ---D | M] -- C:\WINXP
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.06 18:18:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\3075A
[2010.12.25 19:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Adobe
[2010.11.15 14:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\ATI
[2010.11.18 23:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Avira
[2011.04.06 12:48:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Canneverbe Limited
[2011.03.01 17:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\DAEMON Tools Lite
[2010.11.17 16:25:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\DivX
[2011.03.15 05:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Dropbox
[2010.10.11 11:44:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\dvdcss
[2010.04.28 16:21:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Gearbox Software
[2010.12.17 18:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\gtk-2.0
[2011.11.25 21:02:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Help
[2010.11.15 14:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\hpqLog
[2010.11.18 22:10:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\ICQ
[2010.11.14 17:50:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Identities
[2010.11.15 14:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\InstallShield
[2010.11.15 14:29:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Macromedia
[2011.04.06 13:11:27 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Microsoft
[2010.11.15 16:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Mozilla
[2010.11.22 14:06:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\OpenOffice.org
[2011.02.09 12:51:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\ProtectDisc
[2012.11.08 16:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Rysov
[2012.10.26 13:10:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Skype
[2012.10.26 13:01:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\skypePM
[2012.06.20 17:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Spotify
[2010.11.16 13:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Sun
[2011.03.13 20:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Tropico 3
[2010.09.16 14:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Umumu
[2012.11.08 16:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\uTorrent
[2011.11.04 21:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\vlc
[2012.10.23 23:00:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Winamp
[2011.03.13 21:54:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.01.27 06:40:24 | 023,361,424 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2011.01.27 06:40:30 | 000,153,176 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2010.11.15 15:51:15 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011.11.16 18:12:30 | 003,763,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.04.13 16:33:16 | 000,146,944 | ---- | M] () -- C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Umumu\gyhe.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
[2010.11.14 18:29:27 | 000,094,208 | ---- | M] () -- C:\WINXP\System32\config\default.sav
[2010.11.14 18:29:27 | 001,093,632 | ---- | M] () -- C:\WINXP\System32\config\software.sav
[2010.11.14 18:29:27 | 000,458,752 | ---- | M] () -- C:\WINXP\System32\config\system.sav
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
<           >
[2010.11.14 17:40:46 | 000,000,065 | RH-- | C] () -- C:\WINXP\Tasks\desktop.ini
[2010.11.14 17:48:25 | 000,000,006 | -H-- | C] () -- C:\WINXP\Tasks\SA.DAT

< End of report >

cosinus · 08.11.2012, 17:05

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60283
FF - prefs.js..network.proxy.type: 2
IE - HKU\S-1-5-21-299502267-839522115-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-299502267-839522115-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60283
O4 - HKU\S-1-5-21-299502267-839522115-1801674531-1003..\Run: [{8D8FB2E6-4B76-9645-40B7-59959F308116}] C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Umumu\gyhe.exe ()
:Files
C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Umumu
C:\Dokumente und Einstellungen\protz\Anwendungsdaten\3075A
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

premutos · 08.11.2012, 18:54

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 60283 removed from network.proxy.http_port
Prefs.js: 2 removed from network.proxy.type
HKU\S-1-5-21-299502267-839522115-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-299502267-839522115-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-299502267-839522115-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\{8D8FB2E6-4B76-9645-40B7-59959F308116} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D8FB2E6-4B76-9645-40B7-59959F308116}\ not found.
C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Umumu\gyhe.exe moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\protz\Anwendungsdaten\Umumu folder moved successfully.
C:\Dokumente und Einstellungen\protz\Anwendungsdaten\3075A folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\protz\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\protz\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1831995 bytes
->Flash cache emptied: 456 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: protz
->Temp folder emptied: 120209775 bytes
->Temporary Internet Files folder emptied: 1725932 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65598156 bytes
->Flash cache emptied: 6594938 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2466438 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 834740 bytes
RecycleBin emptied: 602112 bytes
 
Total Files Cleaned = 191,00 mb
 
C:\WINXP\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11082012_184721

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 08.11.2012, 20:30

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

premutos · 08.11.2012, 20:52

Code:

ATTFilter

# AdwCleaner v2.007 - Datei am 08/11/2012 um 20:51:03 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : protz - BEAR-0FA5999299
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\protz\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [935 octets] - [08/11/2012 20:51:03]

########## EOF - C:\AdwCleaner[R1].txt - [994 octets] ##########

07.11.2012, 12:30	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Zeus Trojaner?? Wir war das bitte mit dem aufmerksamen lesen? Wie solltest du die Logs posten? Halte dich bitte auch daran! Und das Log vom TDSS-Killer ist zudem noch unvollständig! __________________ --> Zeus Trojaner??

08.11.2012, 14:26	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Zeus Trojaner?? Log vom TDSS-Killer ist immer noch unvollständig! Der gesamte Anfang dieses Logs fehlt! __________________ Logfiles bitte immer in CODE-Tags posten

Zeus Trojaner??

Plagegeister aller Art und deren Bekämpfung: Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Zeus Trojaner??

Ähnliche Themen: Zeus Trojaner??

03.11.2012, 23:05	#1
premutos	Zeus Trojaner?? hallo habe von web.de eine email bekommen dass mein rechner mit zeus infiziert sei.zur zeit benutze ich regelmäßig drei pcs und hab deshalb keine ahnung welcher pc befallen ist oder ob es sogar alle drei sind.ich dachte ich fang einfach mal mit einem an und hoffe dass mir jemand helfen kann. ich danke schonmal im vorraus. im anhang hab ich otl und GMER files

05.11.2012, 18:01	#3
premutos	Zeus Trojaner?? danke dass du dich meines problems annimmst.nein, sonst hab ich keine weiteren scans gemacht. ist das mit dem anhang ok oder soll ich dir die logfiles nochmal extra posten? __________________